Skip to content

Commit

Permalink
Load credentials and pass through via config
Browse files Browse the repository at this point in the history
Update NewObjectBackupStore to take a CredentialsGetter which can be
used to get the credentials for a BackupStorageLocation if it has been
configured with a Credential. If the BSL has a credential, use that
SecretKeySelector to fetch the secret, write the contents to a temp file
and then pass that file through to the plugin via the config map. This
relies on the plugin being able to use the config field.

This does not yet handle VolumeSnapshotLocations or ResticRepositories.

Signed-off-by: Bridget McErlean <[email protected]>
  • Loading branch information
zubron committed Jan 19, 2021
1 parent c3afb76 commit 8e96722
Show file tree
Hide file tree
Showing 9 changed files with 148 additions and 20 deletions.
15 changes: 12 additions & 3 deletions pkg/cmd/server/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ import (
"github.com/vmware-tanzu/velero/pkg/cmd"
"github.com/vmware-tanzu/velero/pkg/cmd/util/flag"
"github.com/vmware-tanzu/velero/pkg/cmd/util/signals"
"github.com/vmware-tanzu/velero/pkg/credentials"

"github.com/vmware-tanzu/velero/pkg/controller"
velerodiscovery "github.com/vmware-tanzu/velero/pkg/discovery"
Expand Down Expand Up @@ -567,6 +568,8 @@ func (s *server) runControllers(defaultVolumeSnapshotLocations map[string]string
}
csiVSLister, csiVSCLister := s.getCSISnapshotListers()

credentialsGetter := credentials.NewCredentialsGetter(s.kubeClient, s.namespace)

backupSyncControllerRunInfo := func() controllerRunInfo {
backupSyncContoller := controller.NewBackupSyncController(
s.veleroClient.VeleroV1(),
Expand All @@ -579,6 +582,7 @@ func (s *server) runControllers(defaultVolumeSnapshotLocations map[string]string
s.kubeClient,
s.config.defaultBackupLocation,
newPluginManager,
credentialsGetter,
s.logger,
)

Expand Down Expand Up @@ -621,6 +625,7 @@ func (s *server) runControllers(defaultVolumeSnapshotLocations map[string]string
s.config.formatFlag.Parse(),
csiVSLister,
csiVSCLister,
credentialsGetter,
)

return controllerRunInfo{
Expand Down Expand Up @@ -679,6 +684,7 @@ func (s *server) runControllers(defaultVolumeSnapshotLocations map[string]string
newPluginManager,
s.metrics,
s.discoveryHelper,
credentialsGetter,
)

return controllerRunInfo{
Expand Down Expand Up @@ -716,6 +722,7 @@ func (s *server) runControllers(defaultVolumeSnapshotLocations map[string]string
newPluginManager,
s.metrics,
s.config.formatFlag.Parse(),
credentialsGetter,
)

return controllerRunInfo{
Expand Down Expand Up @@ -748,6 +755,7 @@ func (s *server) runControllers(defaultVolumeSnapshotLocations map[string]string
s.mgr.GetClient(),
s.sharedInformerFactory.Velero().V1().Backups().Lister(),
newPluginManager,
credentialsGetter,
s.logger,
)

Expand Down Expand Up @@ -834,9 +842,10 @@ func (s *server) runControllers(defaultVolumeSnapshotLocations map[string]string
StorageLocation: s.config.defaultBackupLocation,
ServerValidationFrequency: s.config.storeValidationFrequency,
},
NewPluginManager: newPluginManager,
NewBackupStore: persistence.NewObjectBackupStore,
Log: s.logger,
NewPluginManager: newPluginManager,
NewBackupStore: persistence.NewObjectBackupStore,
Log: s.logger,
CredentialsGetter: credentialsGetter,
}
if err := bslr.SetupWithManager(s.mgr); err != nil {
s.logger.Fatal(err, "unable to create controller", "controller", controller.BackupStorageLocation)
Expand Down
10 changes: 7 additions & 3 deletions pkg/controller/backup_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ import (
"github.com/vmware-tanzu/velero/internal/storage"
velerov1api "github.com/vmware-tanzu/velero/pkg/apis/velero/v1"
pkgbackup "github.com/vmware-tanzu/velero/pkg/backup"
"github.com/vmware-tanzu/velero/pkg/credentials"
"github.com/vmware-tanzu/velero/pkg/discovery"
"github.com/vmware-tanzu/velero/pkg/features"
velerov1client "github.com/vmware-tanzu/velero/pkg/generated/clientset/versioned/typed/velero/v1"
Expand Down Expand Up @@ -80,10 +81,11 @@ type backupController struct {
snapshotLocationLister velerov1listers.VolumeSnapshotLocationLister
defaultSnapshotLocations map[string]string
metrics *metrics.ServerMetrics
newBackupStore func(*velerov1api.BackupStorageLocation, persistence.ObjectStoreGetter, logrus.FieldLogger) (persistence.BackupStore, error)
newBackupStore func(*velerov1api.BackupStorageLocation, persistence.ObjectStoreGetter, credentials.Getter, logrus.FieldLogger) (persistence.BackupStore, error)
formatFlag logging.Format
volumeSnapshotLister snapshotv1beta1listers.VolumeSnapshotLister
volumeSnapshotContentLister snapshotv1beta1listers.VolumeSnapshotContentLister
credentialsGetter credentials.Getter
}

func NewBackupController(
Expand All @@ -105,6 +107,7 @@ func NewBackupController(
formatFlag logging.Format,
volumeSnapshotLister snapshotv1beta1listers.VolumeSnapshotLister,
volumeSnapshotContentLister snapshotv1beta1listers.VolumeSnapshotContentLister,
credentialsGetter credentials.Getter,
) Interface {
c := &backupController{
genericController: newGenericController(Backup, logger),
Expand All @@ -126,6 +129,7 @@ func NewBackupController(
formatFlag: formatFlag,
volumeSnapshotLister: volumeSnapshotLister,
volumeSnapshotContentLister: volumeSnapshotContentLister,
credentialsGetter: credentialsGetter,
newBackupStore: persistence.NewObjectBackupStore,
}

Expand Down Expand Up @@ -570,7 +574,7 @@ func (c *backupController) runBackup(backup *pkgbackup.Request) error {
}

backupLog.Info("Setting up backup store to check for backup existence")
backupStore, err := c.newBackupStore(backup.StorageLocation, pluginManager, backupLog)
backupStore, err := c.newBackupStore(backup.StorageLocation, pluginManager, c.credentialsGetter, backupLog)
if err != nil {
return err
}
Expand Down Expand Up @@ -651,7 +655,7 @@ func (c *backupController) runBackup(backup *pkgbackup.Request) error {
// re-instantiate the backup store because credentials could have changed since the original
// instantiation, if this was a long-running backup
backupLog.Info("Setting up backup store to persist the backup")
backupStore, err = c.newBackupStore(backup.StorageLocation, pluginManager, backupLog)
backupStore, err = c.newBackupStore(backup.StorageLocation, pluginManager, c.credentialsGetter, backupLog)
if err != nil {
return err
}
Expand Down
8 changes: 6 additions & 2 deletions pkg/controller/backup_deletion_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ import (
"github.com/vmware-tanzu/velero/internal/delete"
velerov1api "github.com/vmware-tanzu/velero/pkg/apis/velero/v1"
pkgbackup "github.com/vmware-tanzu/velero/pkg/backup"
"github.com/vmware-tanzu/velero/pkg/credentials"
"github.com/vmware-tanzu/velero/pkg/discovery"
"github.com/vmware-tanzu/velero/pkg/features"
velerov1client "github.com/vmware-tanzu/velero/pkg/generated/clientset/versioned/typed/velero/v1"
Expand Down Expand Up @@ -77,9 +78,10 @@ type backupDeletionController struct {
processRequestFunc func(*velerov1api.DeleteBackupRequest) error
clock clock.Clock
newPluginManager func(logrus.FieldLogger) clientmgmt.Manager
newBackupStore func(*velerov1api.BackupStorageLocation, persistence.ObjectStoreGetter, logrus.FieldLogger) (persistence.BackupStore, error)
newBackupStore func(*velerov1api.BackupStorageLocation, persistence.ObjectStoreGetter, credentials.Getter, logrus.FieldLogger) (persistence.BackupStore, error)
metrics *metrics.ServerMetrics
helper discovery.Helper
credentialsGetter credentials.Getter
}

// NewBackupDeletionController creates a new backup deletion controller.
Expand All @@ -101,6 +103,7 @@ func NewBackupDeletionController(
newPluginManager func(logrus.FieldLogger) clientmgmt.Manager,
metrics *metrics.ServerMetrics,
helper discovery.Helper,
credentialsGetter credentials.Getter,
) Interface {
c := &backupDeletionController{
genericController: newGenericController(BackupDeletion, logger),
Expand All @@ -119,6 +122,7 @@ func NewBackupDeletionController(
csiSnapshotClient: csiSnapshotClient,
metrics: metrics,
helper: helper,
credentialsGetter: credentialsGetter,
// use variables to refer to these functions so they can be
// replaced with fakes for testing.
newPluginManager: newPluginManager,
Expand Down Expand Up @@ -290,7 +294,7 @@ func (c *backupDeletionController) processRequest(req *velerov1api.DeleteBackupR
pluginManager := c.newPluginManager(log)
defer pluginManager.CleanupClients()

backupStore, err := c.newBackupStore(location, pluginManager, log)
backupStore, err := c.newBackupStore(location, pluginManager, c.credentialsGetter, log)
if err != nil {
errs = append(errs, err.Error())
}
Expand Down
7 changes: 5 additions & 2 deletions pkg/controller/backup_storage_location_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ import (

"github.com/vmware-tanzu/velero/internal/storage"
velerov1api "github.com/vmware-tanzu/velero/pkg/apis/velero/v1"
"github.com/vmware-tanzu/velero/pkg/credentials"
"github.com/vmware-tanzu/velero/pkg/persistence"
"github.com/vmware-tanzu/velero/pkg/plugin/clientmgmt"
)
Expand All @@ -42,10 +43,12 @@ type BackupStorageLocationReconciler struct {
Client client.Client
Scheme *runtime.Scheme
DefaultBackupLocationInfo storage.DefaultBackupLocationInfo
CredentialsGetter credentials.Getter

// use variables to refer to these functions so they can be
// replaced with fakes for testing.
NewPluginManager func(logrus.FieldLogger) clientmgmt.Manager
NewBackupStore func(*velerov1api.BackupStorageLocation, persistence.ObjectStoreGetter, logrus.FieldLogger) (persistence.BackupStore, error)
NewBackupStore func(*velerov1api.BackupStorageLocation, persistence.ObjectStoreGetter, credentials.Getter, logrus.FieldLogger) (persistence.BackupStore, error)

Log logrus.FieldLogger
}
Expand Down Expand Up @@ -95,7 +98,7 @@ func (r *BackupStorageLocationReconciler) Reconcile(req ctrl.Request) (ctrl.Resu
continue
}

backupStore, err := r.NewBackupStore(location, pluginManager, log)
backupStore, err := r.NewBackupStore(location, pluginManager, r.CredentialsGetter, log)
if err != nil {
log.WithError(err).Error("Error getting a backup store")
continue
Expand Down
8 changes: 6 additions & 2 deletions pkg/controller/backup_sync_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ import (

"github.com/vmware-tanzu/velero/internal/storage"
velerov1api "github.com/vmware-tanzu/velero/pkg/apis/velero/v1"
"github.com/vmware-tanzu/velero/pkg/credentials"
"github.com/vmware-tanzu/velero/pkg/features"
velerov1client "github.com/vmware-tanzu/velero/pkg/generated/clientset/versioned/typed/velero/v1"
velerov1listers "github.com/vmware-tanzu/velero/pkg/generated/listers/velero/v1"
Expand All @@ -54,7 +55,8 @@ type backupSyncController struct {
defaultBackupLocation string
defaultBackupSyncPeriod time.Duration
newPluginManager func(logrus.FieldLogger) clientmgmt.Manager
newBackupStore func(*velerov1api.BackupStorageLocation, persistence.ObjectStoreGetter, logrus.FieldLogger) (persistence.BackupStore, error)
newBackupStore func(*velerov1api.BackupStorageLocation, persistence.ObjectStoreGetter, credentials.Getter, logrus.FieldLogger) (persistence.BackupStore, error)
credentialsGetter credentials.Getter
}

func NewBackupSyncController(
Expand All @@ -68,6 +70,7 @@ func NewBackupSyncController(
kubeClient kubernetes.Interface,
defaultBackupLocation string,
newPluginManager func(logrus.FieldLogger) clientmgmt.Manager,
credentialsGetter credentials.Getter,
logger logrus.FieldLogger,
) Interface {
if syncPeriod <= 0 {
Expand All @@ -86,6 +89,7 @@ func NewBackupSyncController(
backupLister: backupLister,
csiSnapshotClient: csiSnapshotClient,
kubeClient: kubeClient,
credentialsGetter: credentialsGetter,

// use variables to refer to these functions so they can be
// replaced with fakes for testing.
Expand Down Expand Up @@ -169,7 +173,7 @@ func (c *backupSyncController) run() {

log.Debug("Checking backup location for backups to sync into cluster")

backupStore, err := c.newBackupStore(&location, pluginManager, log)
backupStore, err := c.newBackupStore(&location, pluginManager, c.credentialsGetter, log)
if err != nil {
log.WithError(err).Error("Error getting backup store for this location")
continue
Expand Down
8 changes: 6 additions & 2 deletions pkg/controller/download_request_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/client"

velerov1api "github.com/vmware-tanzu/velero/pkg/apis/velero/v1"
"github.com/vmware-tanzu/velero/pkg/credentials"
velerov1client "github.com/vmware-tanzu/velero/pkg/generated/clientset/versioned/typed/velero/v1"
velerov1informers "github.com/vmware-tanzu/velero/pkg/generated/informers/externalversions/velero/v1"
velerov1listers "github.com/vmware-tanzu/velero/pkg/generated/listers/velero/v1"
Expand All @@ -50,8 +51,9 @@ type downloadRequestController struct {
clock clock.Clock
kbClient client.Client
backupLister velerov1listers.BackupLister
credentialsGetter credentials.Getter
newPluginManager func(logrus.FieldLogger) clientmgmt.Manager
newBackupStore func(*velerov1api.BackupStorageLocation, persistence.ObjectStoreGetter, logrus.FieldLogger) (persistence.BackupStore, error)
newBackupStore func(*velerov1api.BackupStorageLocation, persistence.ObjectStoreGetter, credentials.Getter, logrus.FieldLogger) (persistence.BackupStore, error)
}

// NewDownloadRequestController creates a new DownloadRequestController.
Expand All @@ -62,6 +64,7 @@ func NewDownloadRequestController(
kbClient client.Client,
backupLister velerov1listers.BackupLister,
newPluginManager func(logrus.FieldLogger) clientmgmt.Manager,
credentialsGetter credentials.Getter,
logger logrus.FieldLogger,
) Interface {
c := &downloadRequestController{
Expand All @@ -71,6 +74,7 @@ func NewDownloadRequestController(
restoreLister: restoreLister,
kbClient: kbClient,
backupLister: backupLister,
credentialsGetter: credentialsGetter,

// use variables to refer to these functions so they can be
// replaced with fakes for testing.
Expand Down Expand Up @@ -172,7 +176,7 @@ func (c *downloadRequestController) generatePreSignedURL(downloadRequest *velero
pluginManager := c.newPluginManager(log)
defer pluginManager.CleanupClients()

backupStore, err := c.newBackupStore(backupLocation, pluginManager, log)
backupStore, err := c.newBackupStore(backupLocation, pluginManager, c.credentialsGetter, log)
if err != nil {
return errors.WithStack(err)
}
Expand Down
10 changes: 7 additions & 3 deletions pkg/controller/restore_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ import (

api "github.com/vmware-tanzu/velero/pkg/apis/velero/v1"
velerov1api "github.com/vmware-tanzu/velero/pkg/apis/velero/v1"
"github.com/vmware-tanzu/velero/pkg/credentials"
velerov1client "github.com/vmware-tanzu/velero/pkg/generated/clientset/versioned/typed/velero/v1"
velerov1informers "github.com/vmware-tanzu/velero/pkg/generated/informers/externalversions/velero/v1"
velerov1listers "github.com/vmware-tanzu/velero/pkg/generated/listers/velero/v1"
Expand Down Expand Up @@ -91,9 +92,10 @@ type restoreController struct {
metrics *metrics.ServerMetrics
logFormat logging.Format
clock clock.Clock
credentialsGetter credentials.Getter

newPluginManager func(logger logrus.FieldLogger) clientmgmt.Manager
newBackupStore func(*velerov1api.BackupStorageLocation, persistence.ObjectStoreGetter, logrus.FieldLogger) (persistence.BackupStore, error)
newBackupStore func(*velerov1api.BackupStorageLocation, persistence.ObjectStoreGetter, credentials.Getter, logrus.FieldLogger) (persistence.BackupStore, error)
}

func NewRestoreController(
Expand All @@ -110,6 +112,7 @@ func NewRestoreController(
newPluginManager func(logrus.FieldLogger) clientmgmt.Manager,
metrics *metrics.ServerMetrics,
logFormat logging.Format,
credentialsGetter credentials.Getter,
) Interface {
c := &restoreController{
genericController: newGenericController(Restore, logger),
Expand All @@ -125,6 +128,7 @@ func NewRestoreController(
metrics: metrics,
logFormat: logFormat,
clock: &clock.RealClock{},
credentialsGetter: credentialsGetter,

// use variables to refer to these functions so they can be
// replaced with fakes for testing.
Expand Down Expand Up @@ -410,7 +414,7 @@ func (c *restoreController) fetchBackupInfo(backupName string, pluginManager cli
return backupInfo{}, errors.WithStack(err)
}

backupStore, err := c.newBackupStore(location, pluginManager, c.logger)
backupStore, err := c.newBackupStore(location, pluginManager, c.credentialsGetter, c.logger)
if err != nil {
return backupInfo{}, err
}
Expand Down Expand Up @@ -480,7 +484,7 @@ func (c *restoreController) runValidatedRestore(restore *api.Restore, info backu

// re-instantiate the backup store because credentials could have changed since the original
// instantiation, if this was a long-running restore
info.backupStore, err = c.newBackupStore(info.location, pluginManager, c.logger)
info.backupStore, err = c.newBackupStore(info.location, pluginManager, c.credentialsGetter, c.logger)
if err != nil {
return errors.Wrap(err, "error setting up backup store to persist log and results files")
}
Expand Down
Loading

0 comments on commit 8e96722

Please sign in to comment.