diff --git a/pkg/controllers/backup/controller.go b/pkg/controllers/backup/controller.go index 6a8b69f5..e5d5451f 100644 --- a/pkg/controllers/backup/controller.go +++ b/pkg/controllers/backup/controller.go @@ -5,7 +5,6 @@ import ( "encoding/json" "errors" "fmt" - "io/ioutil" "os" "path/filepath" "strings" @@ -145,8 +144,8 @@ func (h *handler) OnBackupChange(_ string, backup *v1.Backup) (*v1.Backup, error logrus.Infof("For backup CR %v, filename: %v", backup.Name, backupFileName) // create a temp dir to write all backup files to, delete this before returning. - // empty dir param in ioutil.TempDir defaults to os.TempDir - tmpBackupPath, err := ioutil.TempDir("", backupFileName) + // empty dir param in os.MkdirTemp. defaults to os.TempDir + tmpBackupPath, err := os.MkdirTemp("", backupFileName) if err != nil { return h.setReconcilingCondition(backup, fmt.Errorf("error creating temp dir: %v", err)) } @@ -259,7 +258,7 @@ func (h *handler) performBackup(backup *v1.Backup, tmpBackupPath, backupFileName if err != nil { return err } - err = ioutil.WriteFile(filepath.Join(filtersPath, "filters.json"), filters, os.ModePerm) + err = os.WriteFile(filepath.Join(filtersPath, "filters.json"), filters, os.ModePerm) if err != nil { return err } diff --git a/pkg/controllers/backup/upload.go b/pkg/controllers/backup/upload.go index e068680c..78a8e7c7 100644 --- a/pkg/controllers/backup/upload.go +++ b/pkg/controllers/backup/upload.go @@ -6,7 +6,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "os" "path/filepath" "strings" @@ -17,7 +16,7 @@ import ( ) func (h *handler) uploadToS3(backup *v1.Backup, objectStore *v1.S3ObjectStore, tmpBackupPath, gzipFile string) error { - tmpBackupGzipFilepath, err := ioutil.TempDir("", "uploadpath") + tmpBackupGzipFilepath, err := os.MkdirTemp("", "uploadpath") if err != nil { return err } diff --git a/pkg/controllers/restore/download.go b/pkg/controllers/restore/download.go index ca7cec10..c003a3a7 100644 --- a/pkg/controllers/restore/download.go +++ b/pkg/controllers/restore/download.go @@ -6,15 +6,16 @@ import ( "encoding/json" "fmt" "io" - "io/ioutil" "os" "strings" v1 "github.com/rancher/backup-restore-operator/pkg/apis/resources.cattle.io/v1" "github.com/rancher/backup-restore-operator/pkg/objectstore" + "github.com/rancher/backup-restore-operator/pkg/util" "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apiserver/pkg/server/options/encryptionconfig" "k8s.io/apiserver/pkg/storage/value" ) @@ -64,7 +65,7 @@ func (h *handler) LoadFromTarGzip(tarGzFilePath string, transformerMap map[schem if tarContent.Typeflag != tar.TypeReg { continue } - readData, err := ioutil.ReadAll(tarball) + readData, err := io.ReadAll(tarball) if err != nil { return err } @@ -101,11 +102,13 @@ func (h *handler) loadDataFromFile(tarContent *tar.Header, readData []byte, namespace = splitPath[1] additionalAuthenticatedData = fmt.Sprintf("%s#%s", namespace, name) } + gvrStr := splitPath[0] gvr := getGVR(gvrStr) - decryptionTransformer := transformerMap[gvr.GroupResource()] - if decryptionTransformer != nil { + var staticTransformers encryptionconfig.StaticTransformers = transformerMap + decryptionTransformer := staticTransformers.TransformerForResource(gvr.GroupResource()) + if decryptionTransformer != nil && !util.IsDefaultEncryptionTransformer(decryptionTransformer) { var encryptedBytes []byte if err := json.Unmarshal(readData, &encryptedBytes); err != nil { logrus.Errorf("Error unmarshaling encrypted data for resource [%v]: %v", gvr.GroupResource(), err) diff --git a/pkg/crds/crd.go b/pkg/crds/crd.go index d82ac1e8..b04b1156 100644 --- a/pkg/crds/crd.go +++ b/pkg/crds/crd.go @@ -3,7 +3,7 @@ package crds import ( "encoding/json" "fmt" - "io/ioutil" + "os" "strings" resources "github.com/rancher/backup-restore-operator/pkg/apis/resources.cattle.io/v1" @@ -42,7 +42,7 @@ func WriteCRD() error { } filename := fmt.Sprintf("./charts/rancher-backup-crd/templates/%s.yaml", strings.ToLower(crd.Spec.Names.Kind)) - err = ioutil.WriteFile(filename, yamlBytes, 0644) + err = os.WriteFile(filename, yamlBytes, 0644) if err != nil { return err } diff --git a/pkg/objectstore/s3minio.go b/pkg/objectstore/s3minio.go index 243bb3c0..8691149a 100644 --- a/pkg/objectstore/s3minio.go +++ b/pkg/objectstore/s3minio.go @@ -8,7 +8,6 @@ import ( "encoding/pem" "fmt" "io" - "io/ioutil" "net/http" "os" "path" @@ -266,7 +265,7 @@ func readS3EndpointCA(endpointCA string) ([]byte, error) { if err == nil { log.Info("reading s3-endpoint-ca as a base64 string") } else { - ca, err = ioutil.ReadFile(endpointCA) + ca, err = os.ReadFile(endpointCA) log.Infof("reading s3-endpoint-ca from [%v]", endpointCA) } return ca, err diff --git a/pkg/resourcesets/collector.go b/pkg/resourcesets/collector.go index 20f42297..512cb63b 100644 --- a/pkg/resourcesets/collector.go +++ b/pkg/resourcesets/collector.go @@ -10,11 +10,13 @@ import ( "strings" v1 "github.com/rancher/backup-restore-operator/pkg/apis/resources.cattle.io/v1" + "github.com/rancher/backup-restore-operator/pkg/util" "github.com/sirupsen/logrus" apierrors "k8s.io/apimachinery/pkg/api/errors" k8sv1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apiserver/pkg/server/options/encryptionconfig" "k8s.io/apiserver/pkg/storage/value" "k8s.io/client-go/discovery" "k8s.io/client-go/dynamic" @@ -387,7 +389,8 @@ func (h *ResourceHandler) WriteBackupObjects(backupPath string) error { } gr := schema.ParseGroupResource(gvResource.Name + "." + gv.Group) - encryptionTransformer := h.TransformerMap[gr] + var staticTransformers encryptionconfig.StaticTransformers = h.TransformerMap + encryptionTransformer := staticTransformers.TransformerForResource(gr) additionalAuthenticatedData := objName if gvResource.Namespaced { additionalAuthenticatedData = fmt.Sprintf("%s#%s", metadata["namespace"].(string), additionalAuthenticatedData) @@ -433,11 +436,12 @@ func writeToBackup(ctx context.Context, resource map[string]interface{}, backupP if err != nil { return fmt.Errorf("error converting resource to JSON: %v", err) } - if transformer != nil { + if transformer != nil && !util.IsDefaultEncryptionTransformer(transformer) { encrypted, err := transformer.TransformToStorage(ctx, resourceBytes, value.DefaultContext(additionalAuthenticatedData)) if err != nil { return fmt.Errorf("error converting resource to JSON: %v", err) } + resourceBytes, err = json.Marshal(encrypted) if err != nil { return fmt.Errorf("error converting encrypted resource to JSON: %v", err) diff --git a/pkg/util/util.go b/pkg/util/util.go index a337d996..608fb749 100644 --- a/pkg/util/util.go +++ b/pkg/util/util.go @@ -3,7 +3,6 @@ package util import ( "context" "fmt" - "io/ioutil" "os" "reflect" @@ -13,6 +12,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apiserver/pkg/server/options/encryptionconfig" "k8s.io/apiserver/pkg/storage/value" + "k8s.io/apiserver/pkg/storage/value/encrypt/identity" ) const ( @@ -36,7 +36,7 @@ func GetEncryptionTransformers(encryptionConfigSecretName string, secrets v1core if !ok { return nil, fmt.Errorf("no encryptionConfig provided") } - err = ioutil.WriteFile(encryptionProviderConfigKey, encryptionConfigBytes, os.ModePerm) + err = os.WriteFile(encryptionProviderConfigKey, encryptionConfigBytes, os.ModePerm) defer os.Remove(encryptionProviderConfigKey) if err != nil { @@ -60,6 +60,10 @@ func GetObjectQueue(l interface{}, capacity int) chan interface{} { return c } +func IsDefaultEncryptionTransformer(transformer value.Transformer) bool { + return transformer == identity.NewEncryptCheckTransformer() +} + func ErrList(e []error) error { if len(e) > 0 { return fmt.Errorf("%v", e)