Pass configured BSL credential to plugin via config #3442
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zubron
force-pushed
the
pass-credentials-file-config-for-bsls
branch
3 times, most recently
from
3d29528 to
bb31046
Compare
zubron
changed the title
zubron
changed the title
zubron
force-pushed
the
pass-credentials-file-config-for-bsls
branch
2 times, most recently
from
44accb3 to
c1bba0e
Compare
github-actions
bot
requested review from
ashish-amarnath,
carlisia,
dsu-igeek,
jenting and
nrb
zubron
force-pushed
the
pass-credentials-file-config-for-bsls
branch
2 times, most recently
from
36ac9ef to
5c9fe63
Compare
zubron
added
P1 - Important
kind/release-blocker
nrb
reviewed
Feb 22, 2021
pkg/credentials/file_store.go
Outdated
| } | ||
|
|
||
| keyFilePath := filepath.Join(n.fsRoot, fmt.Sprintf("%s-%s", selector.Name, selector.Key)) | ||
| file, err := n.fs.OpenFile(keyFilePath, os.O_RDWR|os.O_CREATE, 0644) |
There was a problem hiding this comment.
Since this is key data and folks may use sidecars with Velero, is it possible to set the permissions to 0600?
There was a problem hiding this comment.
I'm going to do some further tests this afternoon so I'll try that out, but I initially opted to use 0644 as those are the permissions of the file mounted in from the cloud-credentials secret.
pkg/credentials/file_store.go
Outdated
| } | ||
|
|
||
| func (n *namespacedFileStore) Get(selector *corev1.SecretKeySelector) (string, error) { | ||
| creds, err := kube.GetSecretKey(n.client, n.namespace, selector) |
There was a problem hiding this comment.
Would it make sense to look for an existing file on disk before fetching the key? Or do we always fetch in order to ensure that the key doesn't get stale in case of updates?
There was a problem hiding this comment.
I thought about doing that but opted to always fetch to avoid the credentials being stale. Thankfully we're using the kubebuilder client here so there is caching built in to avoid spamming the API server.
There was a problem hiding this comment.
My intention was that we could use this approach for now but could always optimise it in future. I experimented with creating a controller that would watch for and serialize any secrets from the velero namespace and update them upon change but I didn't think that I could guarantee that the latest version of a secret would always be available. It seemed safest to always refresh it before use.
zubron
added a commit
to zubron/velero
that referenced
this pull request
Feb 22, 2021
This change introduces support for restic to make use of per-BSL credentials. It makes use of the `credentials.FileStore` introduced in PR vmware-tanzu#3442 to write the BSL credentials to disk. To support per-BSL credentials for restic, the environment for the restic commands needs to be modified for each provider to ensure that the credentials are provided via the correct provider specific environment variables. This change introduces a new function `restic.CmdEnv` to check the BSL provider and create the correct mapping of environment variables for each provider. Previously, AWS and GCP could rely on the environment variables in the Velero deployments to obtain the credentials file, but now these environment variables need to be set with the path to the serialized credentials file if a credential is set on the BSL. For Azure, the credentials file is loaded and parsed to set the environment variables for restic. Now, we check if the BSL has a credential, and if it does, load and parse that file instead. This change also introduces a few other small improvements. Now that we are fetching the BSL to check for the `Credential` field, we can use the BSL directly to get the `CACert` which means that we can remove the `GetCACert` function. Also, now that we have a way to serialize secrets to disk, we can use the `credentials.FileStore` to get a temp file for the restic repo password and remove the `restic.TempCredentialsFile` function. Signed-off-by: Bridget McErlean <[email protected]>
zubron
added a commit
to zubron/velero
that referenced
this pull request
Feb 22, 2021
This change introduces support for restic to make use of per-BSL credentials. It makes use of the `credentials.FileStore` introduced in PR vmware-tanzu#3442 to write the BSL credentials to disk. To support per-BSL credentials for restic, the environment for the restic commands needs to be modified for each provider to ensure that the credentials are provided via the correct provider specific environment variables. This change introduces a new function `restic.CmdEnv` to check the BSL provider and create the correct mapping of environment variables for each provider. Previously, AWS and GCP could rely on the environment variables in the Velero deployments to obtain the credentials file, but now these environment variables need to be set with the path to the serialized credentials file if a credential is set on the BSL. For Azure, the credentials file in the environment was loaded and parsed to set the environment variables for restic. Now, we check if the BSL has a credential, and if it does, load and parse that file instead. This change also introduces a few other small improvements. Now that we are fetching the BSL to check for the `Credential` field, we can use the BSL directly to get the `CACert` which means that we can remove the `GetCACert` function. Also, now that we have a way to serialize secrets to disk, we can use the `credentials.FileStore` to get a temp file for the restic repo password and remove the `restic.TempCredentialsFile` function. Signed-off-by: Bridget McErlean <[email protected]>
3 tasks
zubron
added a commit
to zubron/velero
that referenced
this pull request
Feb 23, 2021
This change introduces support for restic to make use of per-BSL credentials. It makes use of the `credentials.FileStore` introduced in PR vmware-tanzu#3442 to write the BSL credentials to disk. To support per-BSL credentials for restic, the environment for the restic commands needs to be modified for each provider to ensure that the credentials are provided via the correct provider specific environment variables. This change introduces a new function `restic.CmdEnv` to check the BSL provider and create the correct mapping of environment variables for each provider. Previously, AWS and GCP could rely on the environment variables in the Velero deployments to obtain the credentials file, but now these environment variables need to be set with the path to the serialized credentials file if a credential is set on the BSL. For Azure, the credentials file in the environment was loaded and parsed to set the environment variables for restic. Now, we check if the BSL has a credential, and if it does, load and parse that file instead. This change also introduces a few other small improvements. Now that we are fetching the BSL to check for the `Credential` field, we can use the BSL directly to get the `CACert` which means that we can remove the `GetCACert` function. Also, now that we have a way to serialize secrets to disk, we can use the `credentials.FileStore` to get a temp file for the restic repo password and remove the `restic.TempCredentialsFile` function. Signed-off-by: Bridget McErlean <[email protected]>
zubron
added a commit
to zubron/velero
that referenced
this pull request
Feb 23, 2021
This change introduces support for restic to make use of per-BSL credentials. It makes use of the `credentials.FileStore` introduced in PR vmware-tanzu#3442 to write the BSL credentials to disk. To support per-BSL credentials for restic, the environment for the restic commands needs to be modified for each provider to ensure that the credentials are provided via the correct provider specific environment variables. This change introduces a new function `restic.CmdEnv` to check the BSL provider and create the correct mapping of environment variables for each provider. Previously, AWS and GCP could rely on the environment variables in the Velero deployments to obtain the credentials file, but now these environment variables need to be set with the path to the serialized credentials file if a credential is set on the BSL. For Azure, the credentials file in the environment was loaded and parsed to set the environment variables for restic. Now, we check if the BSL has a credential, and if it does, load and parse that file instead. This change also introduces a few other small improvements. Now that we are fetching the BSL to check for the `Credential` field, we can use the BSL directly to get the `CACert` which means that we can remove the `GetCACert` function. Also, now that we have a way to serialize secrets to disk, we can use the `credentials.FileStore` to get a temp file for the restic repo password and remove the `restic.TempCredentialsFile` function. Signed-off-by: Bridget McErlean <[email protected]>
|
Thanks for the review and feedback, @carlisia! I've addressed your comments, so this is ready for review again :) |
zubron
added a commit
to zubron/velero
that referenced
this pull request
Mar 1, 2021
This change introduces support for restic to make use of per-BSL credentials. It makes use of the `credentials.FileStore` introduced in PR vmware-tanzu#3442 to write the BSL credentials to disk. To support per-BSL credentials for restic, the environment for the restic commands needs to be modified for each provider to ensure that the credentials are provided via the correct provider specific environment variables. This change introduces a new function `restic.CmdEnv` to check the BSL provider and create the correct mapping of environment variables for each provider. Previously, AWS and GCP could rely on the environment variables in the Velero deployments to obtain the credentials file, but now these environment variables need to be set with the path to the serialized credentials file if a credential is set on the BSL. For Azure, the credentials file in the environment was loaded and parsed to set the environment variables for restic. Now, we check if the BSL has a credential, and if it does, load and parse that file instead. This change also introduces a few other small improvements. Now that we are fetching the BSL to check for the `Credential` field, we can use the BSL directly to get the `CACert` which means that we can remove the `GetCACert` function. Also, now that we have a way to serialize secrets to disk, we can use the `credentials.FileStore` to get a temp file for the restic repo password and remove the `restic.TempCredentialsFile` function. Signed-off-by: Bridget McErlean <[email protected]>
Update NewObjectBackupStore to take a CredentialsGetter which can be used to get the credentials for a BackupStorageLocation if it has been configured with a Credential. If the BSL has a credential, use that SecretKeySelector to fetch the secret, write the contents to a temp file and then pass that file through to the plugin via the config map using the key `credentialsFile`. This relies on the plugin being able to use this new config field. This does not yet handle VolumeSnapshotLocations or ResticRepositories. Signed-off-by: Bridget McErlean <[email protected]>
zubron
force-pushed
the
pass-credentials-file-config-for-bsls
branch
from
b2ab816 to
1a5be9e
Compare
Add godocs and comments. Improve formatting and test names. Signed-off-by: Bridget McErlean <[email protected]>
zubron
force-pushed
the
pass-credentials-file-config-for-bsls
branch
from
1a5be9e to
fbe4c8c
Compare
jenting
reviewed
Mar 3, 2021
| @@ -678,6 +696,73 @@ func TestNewObjectBackupStoreGetter(t *testing.T) { | |||
| } | |||
| } | |||
|
|
|||
| // TestNewObjectBackupStoreGetterConfig runs the NewObjectBackupStoreGetter constructor and ensures | |||
| // that it initializes the ObjectBackupStore with the correct config. | |||
| func TestNewObjectBackupStoreGetterConfig(t *testing.T) { | |||
There was a problem hiding this comment.
Would it be good to put these test cases under TestNewObjectBackupStoreGetter?
There was a problem hiding this comment.
I thought about that but the logic and set up for these checks seemed different enough that I opted to have a separate test.
jenting
reviewed
Mar 3, 2021
Signed-off-by: Bridget McErlean <[email protected]>
carlisia
approved these changes
Mar 4, 2021
zubron
added a commit
to zubron/velero
that referenced
this pull request
Mar 4, 2021
This change introduces support for restic to make use of per-BSL credentials. It makes use of the `credentials.FileStore` introduced in PR vmware-tanzu#3442 to write the BSL credentials to disk. To support per-BSL credentials for restic, the environment for the restic commands needs to be modified for each provider to ensure that the credentials are provided via the correct provider specific environment variables. This change introduces a new function `restic.CmdEnv` to check the BSL provider and create the correct mapping of environment variables for each provider. Previously, AWS and GCP could rely on the environment variables in the Velero deployments to obtain the credentials file, but now these environment variables need to be set with the path to the serialized credentials file if a credential is set on the BSL. For Azure, the credentials file in the environment was loaded and parsed to set the environment variables for restic. Now, we check if the BSL has a credential, and if it does, load and parse that file instead. This change also introduces a few other small improvements. Now that we are fetching the BSL to check for the `Credential` field, we can use the BSL directly to get the `CACert` which means that we can remove the `GetCACert` function. Also, now that we have a way to serialize secrets to disk, we can use the `credentials.FileStore` to get a temp file for the restic repo password and remove the `restic.TempCredentialsFile` function. Signed-off-by: Bridget McErlean <[email protected]>
zubron
added a commit
to zubron/velero
that referenced
this pull request
Mar 9, 2021
This change introduces support for restic to make use of per-BSL credentials. It makes use of the `credentials.FileStore` introduced in PR vmware-tanzu#3442 to write the BSL credentials to disk. To support per-BSL credentials for restic, the environment for the restic commands needs to be modified for each provider to ensure that the credentials are provided via the correct provider specific environment variables. This change introduces a new function `restic.CmdEnv` to check the BSL provider and create the correct mapping of environment variables for each provider. Previously, AWS and GCP could rely on the environment variables in the Velero deployments to obtain the credentials file, but now these environment variables need to be set with the path to the serialized credentials file if a credential is set on the BSL. For Azure, the credentials file in the environment was loaded and parsed to set the environment variables for restic. Now, we check if the BSL has a credential, and if it does, load and parse that file instead. This change also introduces a few other small improvements. Now that we are fetching the BSL to check for the `Credential` field, we can use the BSL directly to get the `CACert` which means that we can remove the `GetCACert` function. Also, now that we have a way to serialize secrets to disk, we can use the `credentials.FileStore` to get a temp file for the restic repo password and remove the `restic.TempCredentialsFile` function. Signed-off-by: Bridget McErlean <[email protected]>
zubron
added a commit
to zubron/velero
that referenced
this pull request
Mar 9, 2021
This change introduces support for restic to make use of per-BSL credentials. It makes use of the `credentials.FileStore` introduced in PR vmware-tanzu#3442 to write the BSL credentials to disk. To support per-BSL credentials for restic, the environment for the restic commands needs to be modified for each provider to ensure that the credentials are provided via the correct provider specific environment variables. This change introduces a new function `restic.CmdEnv` to check the BSL provider and create the correct mapping of environment variables for each provider. Previously, AWS and GCP could rely on the environment variables in the Velero deployments to obtain the credentials file, but now these environment variables need to be set with the path to the serialized credentials file if a credential is set on the BSL. For Azure, the credentials file in the environment was loaded and parsed to set the environment variables for restic. Now, we check if the BSL has a credential, and if it does, load and parse that file instead. This change also introduces a few other small improvements. Now that we are fetching the BSL to check for the `Credential` field, we can use the BSL directly to get the `CACert` which means that we can remove the `GetCACert` function. Also, now that we have a way to serialize secrets to disk, we can use the `credentials.FileStore` to get a temp file for the restic repo password and remove the `restic.TempCredentialsFile` function. Signed-off-by: Bridget McErlean <[email protected]>
zubron
added a commit
to zubron/velero
that referenced
this pull request
Mar 10, 2021
This change introduces support for restic to make use of per-BSL credentials. It makes use of the `credentials.FileStore` introduced in PR vmware-tanzu#3442 to write the BSL credentials to disk. To support per-BSL credentials for restic, the environment for the restic commands needs to be modified for each provider to ensure that the credentials are provided via the correct provider specific environment variables. This change introduces a new function `restic.CmdEnv` to check the BSL provider and create the correct mapping of environment variables for each provider. Previously, AWS and GCP could rely on the environment variables in the Velero deployments to obtain the credentials file, but now these environment variables need to be set with the path to the serialized credentials file if a credential is set on the BSL. For Azure, the credentials file in the environment was loaded and parsed to set the environment variables for restic. Now, we check if the BSL has a credential, and if it does, load and parse that file instead. This change also introduces a few other small improvements. Now that we are fetching the BSL to check for the `Credential` field, we can use the BSL directly to get the `CACert` which means that we can remove the `GetCACert` function. Also, now that we have a way to serialize secrets to disk, we can use the `credentials.FileStore` to get a temp file for the restic repo password and remove the `restic.TempCredentialsFile` function. Signed-off-by: Bridget McErlean <[email protected]>
nrb
pushed a commit
that referenced
this pull request
Mar 11, 2021
* Use Credential from BSL for restic commands This change introduces support for restic to make use of per-BSL credentials. It makes use of the `credentials.FileStore` introduced in PR #3442 to write the BSL credentials to disk. To support per-BSL credentials for restic, the environment for the restic commands needs to be modified for each provider to ensure that the credentials are provided via the correct provider specific environment variables. This change introduces a new function `restic.CmdEnv` to check the BSL provider and create the correct mapping of environment variables for each provider. Previously, AWS and GCP could rely on the environment variables in the Velero deployments to obtain the credentials file, but now these environment variables need to be set with the path to the serialized credentials file if a credential is set on the BSL. For Azure, the credentials file in the environment was loaded and parsed to set the environment variables for restic. Now, we check if the BSL has a credential, and if it does, load and parse that file instead. This change also introduces a few other small improvements. Now that we are fetching the BSL to check for the `Credential` field, we can use the BSL directly to get the `CACert` which means that we can remove the `GetCACert` function. Also, now that we have a way to serialize secrets to disk, we can use the `credentials.FileStore` to get a temp file for the restic repo password and remove the `restic.TempCredentialsFile` function. Signed-off-by: Bridget McErlean <[email protected]> * Add documentation for per-BSL credentials Signed-off-by: Bridget McErlean <[email protected]> * Address review feedback Signed-off-by: Bridget McErlean <[email protected]> * Address review comments Signed-off-by: Bridget McErlean <[email protected]>
dharmab
pushed a commit
to dharmab/velero
that referenced
this pull request
May 25, 2021
* Load credentials and pass to ObjectStorage plugins Update NewObjectBackupStore to take a CredentialsGetter which can be used to get the credentials for a BackupStorageLocation if it has been configured with a Credential. If the BSL has a credential, use that SecretKeySelector to fetch the secret, write the contents to a temp file and then pass that file through to the plugin via the config map using the key `credentialsFile`. This relies on the plugin being able to use this new config field. This does not yet handle VolumeSnapshotLocations or ResticRepositories. Signed-off-by: Bridget McErlean <[email protected]> * Address code reviews Add godocs and comments. Improve formatting and test names. Signed-off-by: Bridget McErlean <[email protected]> * Address code reviews Signed-off-by: Bridget McErlean <[email protected]>
dharmab
pushed a commit
to dharmab/velero
that referenced
this pull request
May 25, 2021
* Use Credential from BSL for restic commands This change introduces support for restic to make use of per-BSL credentials. It makes use of the `credentials.FileStore` introduced in PR vmware-tanzu#3442 to write the BSL credentials to disk. To support per-BSL credentials for restic, the environment for the restic commands needs to be modified for each provider to ensure that the credentials are provided via the correct provider specific environment variables. This change introduces a new function `restic.CmdEnv` to check the BSL provider and create the correct mapping of environment variables for each provider. Previously, AWS and GCP could rely on the environment variables in the Velero deployments to obtain the credentials file, but now these environment variables need to be set with the path to the serialized credentials file if a credential is set on the BSL. For Azure, the credentials file in the environment was loaded and parsed to set the environment variables for restic. Now, we check if the BSL has a credential, and if it does, load and parse that file instead. This change also introduces a few other small improvements. Now that we are fetching the BSL to check for the `Credential` field, we can use the BSL directly to get the `CACert` which means that we can remove the `GetCACert` function. Also, now that we have a way to serialize secrets to disk, we can use the `credentials.FileStore` to get a temp file for the restic repo password and remove the `restic.TempCredentialsFile` function. Signed-off-by: Bridget McErlean <[email protected]> * Add documentation for per-BSL credentials Signed-off-by: Bridget McErlean <[email protected]> * Address review feedback Signed-off-by: Bridget McErlean <[email protected]> * Address review comments Signed-off-by: Bridget McErlean <[email protected]>
ywk253100
pushed a commit
to ywk253100/velero
that referenced
this pull request
Jun 29, 2021
* Load credentials and pass to ObjectStorage plugins Update NewObjectBackupStore to take a CredentialsGetter which can be used to get the credentials for a BackupStorageLocation if it has been configured with a Credential. If the BSL has a credential, use that SecretKeySelector to fetch the secret, write the contents to a temp file and then pass that file through to the plugin via the config map using the key `credentialsFile`. This relies on the plugin being able to use this new config field. This does not yet handle VolumeSnapshotLocations or ResticRepositories. Signed-off-by: Bridget McErlean <[email protected]> * Address code reviews Add godocs and comments. Improve formatting and test names. Signed-off-by: Bridget McErlean <[email protected]> * Address code reviews Signed-off-by: Bridget McErlean <[email protected]>
ywk253100
pushed a commit
to ywk253100/velero
that referenced
this pull request
Jun 29, 2021
* Use Credential from BSL for restic commands This change introduces support for restic to make use of per-BSL credentials. It makes use of the `credentials.FileStore` introduced in PR vmware-tanzu#3442 to write the BSL credentials to disk. To support per-BSL credentials for restic, the environment for the restic commands needs to be modified for each provider to ensure that the credentials are provided via the correct provider specific environment variables. This change introduces a new function `restic.CmdEnv` to check the BSL provider and create the correct mapping of environment variables for each provider. Previously, AWS and GCP could rely on the environment variables in the Velero deployments to obtain the credentials file, but now these environment variables need to be set with the path to the serialized credentials file if a credential is set on the BSL. For Azure, the credentials file in the environment was loaded and parsed to set the environment variables for restic. Now, we check if the BSL has a credential, and if it does, load and parse that file instead. This change also introduces a few other small improvements. Now that we are fetching the BSL to check for the `Credential` field, we can use the BSL directly to get the `CACert` which means that we can remove the `GetCACert` function. Also, now that we have a way to serialize secrets to disk, we can use the `credentials.FileStore` to get a temp file for the restic repo password and remove the `restic.TempCredentialsFile` function. Signed-off-by: Bridget McErlean <[email protected]> * Add documentation for per-BSL credentials Signed-off-by: Bridget McErlean <[email protected]> * Address review feedback Signed-off-by: Bridget McErlean <[email protected]> * Address review comments Signed-off-by: Bridget McErlean <[email protected]>
gyaozhou
pushed a commit
to gyaozhou/velero-read
that referenced
this pull request
May 14, 2022
* Load credentials and pass to ObjectStorage plugins Update NewObjectBackupStore to take a CredentialsGetter which can be used to get the credentials for a BackupStorageLocation if it has been configured with a Credential. If the BSL has a credential, use that SecretKeySelector to fetch the secret, write the contents to a temp file and then pass that file through to the plugin via the config map using the key `credentialsFile`. This relies on the plugin being able to use this new config field. This does not yet handle VolumeSnapshotLocations or ResticRepositories. Signed-off-by: Bridget McErlean <[email protected]> * Address code reviews Add godocs and comments. Improve formatting and test names. Signed-off-by: Bridget McErlean <[email protected]> * Address code reviews Signed-off-by: Bridget McErlean <[email protected]>
gyaozhou
pushed a commit
to gyaozhou/velero-read
that referenced
this pull request
May 14, 2022
* Use Credential from BSL for restic commands This change introduces support for restic to make use of per-BSL credentials. It makes use of the `credentials.FileStore` introduced in PR vmware-tanzu#3442 to write the BSL credentials to disk. To support per-BSL credentials for restic, the environment for the restic commands needs to be modified for each provider to ensure that the credentials are provided via the correct provider specific environment variables. This change introduces a new function `restic.CmdEnv` to check the BSL provider and create the correct mapping of environment variables for each provider. Previously, AWS and GCP could rely on the environment variables in the Velero deployments to obtain the credentials file, but now these environment variables need to be set with the path to the serialized credentials file if a credential is set on the BSL. For Azure, the credentials file in the environment was loaded and parsed to set the environment variables for restic. Now, we check if the BSL has a credential, and if it does, load and parse that file instead. This change also introduces a few other small improvements. Now that we are fetching the BSL to check for the `Credential` field, we can use the BSL directly to get the `CACert` which means that we can remove the `GetCACert` function. Also, now that we have a way to serialize secrets to disk, we can use the `credentials.FileStore` to get a temp file for the restic repo password and remove the `restic.TempCredentialsFile` function. Signed-off-by: Bridget McErlean <[email protected]> * Add documentation for per-BSL credentials Signed-off-by: Bridget McErlean <[email protected]> * Address review feedback Signed-off-by: Bridget McErlean <[email protected]> * Address review comments Signed-off-by: Bridget McErlean <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Please add a summary of your change
Update NewObjectBackupStore to take a CredentialsGetter which can be
used to get the credentials for a BackupStorageLocation if it has been
configured with a Credential. If the BSL has a credential, use that
SecretKeySelector to fetch the secret, write the contents to a temp file
and then pass that file through to the plugin via the config map using
the key
credentialsFile. This relies on the plugin being able to usethis new config field.
This does not yet handle ResticRepositories.
The documentation for this feature will be updated in the follow up
PR that adds support for Restic.
Signed-off-by: Bridget McErlean [email protected]
Does your change fix a particular issue?
Part of fixing #3304.
Please indicate you've done the following:
/kind changelog-not-required.