From b5c14d90bbcb8c294ddc9f2999edf69383d82329 Mon Sep 17 00:00:00 2001 From: Scott Seago Date: Thu, 14 Jul 2022 16:25:25 -0400 Subject: [PATCH] Modify BackupStoreGetter to avoid BSL spec changes Pass in a new copy of the map of config values rather than modifying the BSL Spec.Config and then pass in that field. Signed-off-by: Scott Seago --- changelogs/unreleased/5134-sseago | 1 + pkg/persistence/object_store.go | 24 +++++++++++++++--------- 2 files changed, 16 insertions(+), 9 deletions(-) create mode 100644 changelogs/unreleased/5134-sseago diff --git a/changelogs/unreleased/5134-sseago b/changelogs/unreleased/5134-sseago new file mode 100644 index 000000000..ec8dc473e --- /dev/null +++ b/changelogs/unreleased/5134-sseago @@ -0,0 +1 @@ +Modify BackupStoreGetter to avoid BSL spec changes diff --git a/pkg/persistence/object_store.go b/pkg/persistence/object_store.go index 20bf9328e..38b78926c 100644 --- a/pkg/persistence/object_store.go +++ b/pkg/persistence/object_store.go @@ -131,19 +131,25 @@ func (b *objectBackupStoreGetter) Get(location *velerov1api.BackupStorageLocatio return nil, errors.Errorf("backup storage location's bucket name %q must not contain a '/' (if using a prefix, put it in the 'Prefix' field instead)", location.Spec.ObjectStorage.Bucket) } + // Pass a new map into the object store rather than modifying the passed-in + // location. This prevents Velero controllers from accidentally modifying + // the in-cluster BSL with data which doesn't belong in Spec.Config + objectStoreConfig := make(map[string]string) + if location.Spec.Config != nil { + for key, val := range location.Spec.Config { + objectStoreConfig[key] = val + } + } + // add the bucket name and prefix to the config map so that object stores // can use them when initializing. The AWS object store uses the bucket // name to determine the bucket's region when setting up its client. - if location.Spec.Config == nil { - location.Spec.Config = make(map[string]string) - } - - location.Spec.Config["bucket"] = bucket - location.Spec.Config["prefix"] = prefix + objectStoreConfig["bucket"] = bucket + objectStoreConfig["prefix"] = prefix // Only include a CACert if it's specified in order to maintain compatibility with plugins that don't expect it. if location.Spec.ObjectStorage.CACert != nil { - location.Spec.Config["caCert"] = string(location.Spec.ObjectStorage.CACert) + objectStoreConfig["caCert"] = string(location.Spec.ObjectStorage.CACert) } // If the BSL specifies a credential, fetch its path on disk and pass to @@ -154,7 +160,7 @@ func (b *objectBackupStoreGetter) Get(location *velerov1api.BackupStorageLocatio return nil, errors.Wrap(err, "unable to get credentials") } - location.Spec.Config["credentialsFile"] = credsFile + objectStoreConfig["credentialsFile"] = credsFile } objectStore, err := objectStoreGetter.GetObjectStore(location.Spec.Provider) @@ -162,7 +168,7 @@ func (b *objectBackupStoreGetter) Get(location *velerov1api.BackupStorageLocatio return nil, err } - if err := objectStore.Init(location.Spec.Config); err != nil { + if err := objectStore.Init(objectStoreConfig); err != nil { return nil, err }