From 7cbd004aec3b00307d78953fdb80cb9bdad2a370 Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Sat, 25 Nov 2023 22:51:59 +0200 Subject: [PATCH] backupStorageLocation --- .../ci/backupstoragelocation-values.yaml | 62 ++++++------- .../metadata_test.yaml | 4 +- .../names_test.yaml | 9 +- .../spec_test.yaml | 81 +++++++--------- .../spawner/velero/_backupstoragelocation.tpl | 14 +-- .../lists/_backupStorageLocationList.tpl | 18 ++++ library/common/values.yaml | 92 ++++++++++--------- 7 files changed, 141 insertions(+), 139 deletions(-) create mode 100644 library/common/templates/values/lists/_backupStorageLocationList.tpl diff --git a/library/common-test/ci/backupstoragelocation-values.yaml b/library/common-test/ci/backupstoragelocation-values.yaml index 31f6e9c2..b5e8b6bc 100644 --- a/library/common-test/ci/backupstoragelocation-values.yaml +++ b/library/common-test/ci/backupstoragelocation-values.yaml @@ -42,35 +42,33 @@ manifestManager: # Parameters for the BackupStorageLocation(s). Configure multiple by adding other element(s) to the backupStorageLocation slice. # See https://velero.io/docs/v1.6/api-types/backupstoragelocation/ backupStorageLocation: - # name is the name of the backup storage location where backups should be stored. If a name is not provided, - # a backup storage location will be created with the name "default". Optional. -- name: test - enabled: true - # provider is the name for the backup storage location provider. - provider: aws - objectStorage: - # bucket is the name of the bucket to store backups in. Required. - bucket: test - credential: - # AWS/s3 credentials to be put into secret (mandatory if provider == aws/s3) - aws: - id: fdgsdfghsdfgh - key: dfgdfhsdfgh - # Additional provider-specific configuration. See link above - # for details of required/optional fields for your provider. - config: {} - # region: - # s3ForcePathStyle: - # s3Url: - # kmsKeyId: - # resourceGroup: - # The ID of the subscription containing the storage account, if different from the cluster’s subscription. (Azure only) - # subscriptionId: - # storageAccount: - # publicUrl: - # Name of the GCP service account to use for this backup storage location. Specify the - # service account here if you want to use workload identity instead of providing the key file.(GCP only) - # serviceAccount: - # Option to skip certificate validation or not if insecureSkipTLSVerify is set to be true, the client side should set the - # flag. For Velero client Command like velero backup describe, velero backup logs needs to add the flag --insecure-skip-tls-verify - # insecureSkipTLSVerify: + test: + enabled: true + # provider is the name for the backup storage location provider. + provider: aws + objectStorage: + # bucket is the name of the bucket to store backups in. Required. + bucket: test + credential: + # AWS/s3 credentials to be put into secret (mandatory if provider == aws/s3) + aws: + id: fdgsdfghsdfgh + key: dfgdfhsdfgh + # Additional provider-specific configuration. See link above + # for details of required/optional fields for your provider. + config: {} + # region: + # s3ForcePathStyle: + # s3Url: + # kmsKeyId: + # resourceGroup: + # The ID of the subscription containing the storage account, if different from the cluster’s subscription. (Azure only) + # subscriptionId: + # storageAccount: + # publicUrl: + # Name of the GCP service account to use for this backup storage location. Specify the + # service account here if you want to use workload identity instead of providing the key file.(GCP only) + # serviceAccount: + # Option to skip certificate validation or not if insecureSkipTLSVerify is set to be true, the client side should set the + # flag. For Velero client Command like velero backup describe, velero backup logs needs to add the flag --insecure-skip-tls-verify + # insecureSkipTLSVerify: diff --git a/library/common-test/tests/veleroBackupStorageLocation/metadata_test.yaml b/library/common-test/tests/veleroBackupStorageLocation/metadata_test.yaml index 484360bf..30559b96 100644 --- a/library/common-test/tests/veleroBackupStorageLocation/metadata_test.yaml +++ b/library/common-test/tests/veleroBackupStorageLocation/metadata_test.yaml @@ -21,8 +21,8 @@ tests: g_annotation1: global_annotation1 g_annotation2: "{{ .Values.annotation2 }}" backupStorageLocation: - - enabled: true - name: my-snap + my-snap: + enabled: true labels: label1: "{{ .Values.label1 }}" label2: label2 diff --git a/library/common-test/tests/veleroBackupStorageLocation/names_test.yaml b/library/common-test/tests/veleroBackupStorageLocation/names_test.yaml index d5df5ae3..b1af2919 100644 --- a/library/common-test/tests/veleroBackupStorageLocation/names_test.yaml +++ b/library/common-test/tests/veleroBackupStorageLocation/names_test.yaml @@ -8,8 +8,9 @@ tests: - it: should generate correct name set: backupStorageLocation: - - enabled: true - name: my-snap1 + my-snap1: + enabled: true + objectStorage: bucket: my-bucket provider: aws @@ -17,8 +18,8 @@ tests: aws: id: my-id key: my-key - - enabled: true - name: my-snap2 + my-snap2: + enabled: true objectStorage: bucket: my-bucket provider: aws diff --git a/library/common-test/tests/veleroBackupStorageLocation/spec_test.yaml b/library/common-test/tests/veleroBackupStorageLocation/spec_test.yaml index 8bb6996b..056de01d 100644 --- a/library/common-test/tests/veleroBackupStorageLocation/spec_test.yaml +++ b/library/common-test/tests/veleroBackupStorageLocation/spec_test.yaml @@ -8,8 +8,8 @@ tests: - it: should generate correct spec with aws provider and credential set: backupStorageLocation: - - enabled: true - name: my-snap1 + my-snap1: + enabled: true provider: aws credential: aws: @@ -53,8 +53,8 @@ tests: - it: should generate correct spec with s3 provider and credential set: backupStorageLocation: - - enabled: true - name: my-snap1 + my-snap1: + enabled: true provider: s3 credential: s3: @@ -98,8 +98,8 @@ tests: - it: should generate correct spec with provided provider and credential set: backupStorageLocation: - - enabled: true - name: my-snap1 + my-snap1: + enabled: true provider: my-provider credential: name: my-credential @@ -130,8 +130,8 @@ tests: region: us-east-1 useS3PathStyle: true backupStorageLocation: - - enabled: true - name: my-snap1 + my-snap1: + enabled: true provider: aws objectStorage: bucket: my-bucket @@ -171,8 +171,8 @@ tests: region: us-east-1 useS3PathStyle: true backupStorageLocation: - - enabled: true - name: my-snap1 + my-snap1: + enabled: true provider: aws accessMode: ReadOnly objectStorage: @@ -211,8 +211,8 @@ tests: - it: should generate correct spec with provided objectStorage prefix and caCert set: backupStorageLocation: - - enabled: true - name: my-snap1 + my-snap1: + enabled: true provider: aws accessMode: ReadOnly objectStorage: @@ -247,8 +247,8 @@ tests: - it: should generate correct spec with provided backupSyncPeriod set: backupStorageLocation: - - enabled: true - name: my-snap1 + my-snap1: + enabled: true provider: aws backupSyncPeriod: 1h objectStorage: @@ -280,8 +280,8 @@ tests: - it: should generate correct spec with provided validationFrequency set: backupStorageLocation: - - enabled: true - name: my-snap1 + my-snap1: + enabled: true provider: aws validationFrequency: 1h objectStorage: @@ -311,24 +311,11 @@ tests: bucket: my-bucket # Failures - - it: should fail without name - set: - backupStorageLocation: - - enabled: true - provider: aws - credential: - aws: - id: my-id - key: my-key - asserts: - - failedTemplate: - errorMessage: Backup Storage Location - Expected non-empty [name] - - it: should fail without provider set: backupStorageLocation: - - enabled: true - name: my-snap1 + my-snap1: + enabled: true credential: aws: id: my-id @@ -340,8 +327,8 @@ tests: - it: should fail without credential set: backupStorageLocation: - - enabled: true - name: my-snap1 + my-snap1: + enabled: true provider: my-provider asserts: - failedTemplate: @@ -350,8 +337,8 @@ tests: - it: should fail without credential.name set: backupStorageLocation: - - enabled: true - name: my-snap1 + my-snap1: + enabled: true provider: my-provider credential: key: my-key @@ -362,8 +349,8 @@ tests: - it: should fail without credential.key set: backupStorageLocation: - - enabled: true - name: my-snap1 + my-snap1: + enabled: true provider: my-provider credential: name: my-name @@ -374,8 +361,8 @@ tests: - it: should fail without credential.aws.id with provider aws set: backupStorageLocation: - - enabled: true - name: my-snap1 + my-snap1: + enabled: true provider: aws credential: aws: @@ -387,8 +374,8 @@ tests: - it: should fail without credential.aws.key with provider aws set: backupStorageLocation: - - enabled: true - name: my-snap1 + my-snap1: + enabled: true provider: aws credential: aws: @@ -400,8 +387,8 @@ tests: - it: should fail invalid accessMode set: backupStorageLocation: - - enabled: true - name: my-snap1 + my-snap1: + enabled: true provider: aws accessMode: invalid credential: @@ -415,8 +402,8 @@ tests: - it: should fail without objectStorage set: backupStorageLocation: - - enabled: true - name: my-snap1 + my-snap1: + enabled: true provider: aws credential: aws: @@ -429,8 +416,8 @@ tests: - it: should fail without objectStorage.bucket set: backupStorageLocation: - - enabled: true - name: my-snap1 + my-snap1: + enabled: true provider: aws objectStorage: prefix: my-prefix diff --git a/library/common/templates/spawner/velero/_backupstoragelocation.tpl b/library/common/templates/spawner/velero/_backupstoragelocation.tpl index 8d289de9..a096bc1f 100644 --- a/library/common/templates/spawner/velero/_backupstoragelocation.tpl +++ b/library/common/templates/spawner/velero/_backupstoragelocation.tpl @@ -6,14 +6,14 @@ {{- define "tc.v1.common.spawner.velero.backupstoragelocation" -}} {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} - {{- range $backupStorageLoc := .Values.backupStorageLocation -}} + {{- range $name, $backupStorageLoc := .Values.backupStorageLocation -}} {{- $enabled := false -}} {{- if hasKey $backupStorageLoc "enabled" -}} {{- if not (kindIs "invalid" $backupStorageLoc.enabled) -}} {{- $enabled = $backupStorageLoc.enabled -}} {{- else -}} - {{- fail (printf "Backup Storage Location - Expected the defined key [enabled] in [backupStorageLocation.%s] to not be empty" $backupStorageLoc.name) -}} + {{- fail (printf "Backup Storage Location - Expected the defined key [enabled] in [backupStorageLocation.%s] to not be empty" $name) -}} {{- end -}} {{- end -}} @@ -33,14 +33,10 @@ {{/* Create a copy of the backupstoragelocation */}} {{- $objectData := (mustDeepCopy $backupStorageLoc) -}} - {{- if not $backupStorageLoc.name -}} - {{- fail "Backup Storage Location - Expected non-empty [name]" -}} - {{- end -}} - - {{- $objectName := (printf "%s-%s" $fullname $backupStorageLoc.name) -}} + {{- $objectName := (printf "%s-%s" $fullname $name) -}} {{- if hasKey $objectData "expandObjectName" -}} {{- if not $objectData.expandObjectName -}} - {{- $objectName = $backupStorageLoc.name -}} + {{- $objectName = $name -}} {{- end -}} {{- end -}} @@ -55,7 +51,7 @@ {{/* Set the name of the backupstoragelocation */}} {{- $_ := set $objectData "name" $objectName -}} - {{- $_ := set $objectData "shortName" $backupStorageLoc.name -}} + {{- $_ := set $objectData "shortName" $name -}} {{/* Create secret with creds for provider, if the provider is not matched, it will skip creation */}} {{- include "tc.v1.common.lib.velero.provider.secret" (dict "rootCtx" $ "objectData" $objectData "prefix" "bsl") -}} diff --git a/library/common/templates/values/lists/_backupStorageLocationList.tpl b/library/common/templates/values/lists/_backupStorageLocationList.tpl new file mode 100644 index 00000000..50b4bb4e --- /dev/null +++ b/library/common/templates/values/lists/_backupStorageLocationList.tpl @@ -0,0 +1,18 @@ +{{- define "tc.v1.common.values.backupStorageLocationList" -}} + {{- $rootCtx := . -}} + + {{- range $idx, $bslValues := $rootCtx.Values.backupStorageLocationList -}} + + {{- $name := (printf "bsl-list-%s" (toString $idx)) -}} + + {{- with $bslValues.name -}} + {{- $name = . -}} + {{- end -}} + + {{- if not (hasKey $rootCtx.Values "backupStorageLocation") -}} + {{- $_ := set $rootCtx.Values "backupStorageLocation" dict -}} + {{- end -}} + + {{- $_ := set $rootCtx.Values.backupStorageLocation $name $bslValues -}} + {{- end -}} +{{- end -}} diff --git a/library/common/values.yaml b/library/common/values.yaml index 58788be9..7187b36d 100644 --- a/library/common/values.yaml +++ b/library/common/values.yaml @@ -710,52 +710,54 @@ webhook: # # Parameters for the BackupStorageLocation(s). Configure multiple by adding other element(s) to the backupStorageLocation slice. # # See https://velero.io/docs/v1.6/api-types/backupstoragelocation/ -backupStorageLocation: [] +backupStorageLocationList: [] +# - name: name +# # name is the name of the backup storage location where backups should be stored. If a name is not provided, +# # a backup storage location will be created with the name "default". Optional. +backupStorageLocation: {} # backupStorageLocation: -# # name is the name of the backup storage location where backups should be stored. If a name is not provided, -# # a backup storage location will be created with the name "default". Optional. -# - name: -# # provider is the name for the backup storage location provider. -# provider: -# objectStorage: -# # bucket is the name of the bucket to store backups in. Required. -# bucket: -# # caCert defines a base64 encoded CA bundle to use when verifying TLS connections to the provider. Optional. -# caCert: -# # prefix is the directory under which all Velero data should be stored within the bucket. Optional. -# prefix: -# # validationFrequency defines how frequently Velero should validate the object storage. Optional. -# validationFrequency: -# # accessMode determines if velero can write to this backup storage location. Optional. -# # default to ReadWrite, ReadOnly is used during migrations and restores. -# accessMode: ReadWrite -# credential: -# # AWS/s3 credentials to be put into secret (mandatory if provider == aws/s3) -# aws: -# id: fdgsdfghsdfgh -# key: dfgdfhsdfgh -# # name of the secret used by this backupStorageLocation. -# name: -# # name of key that contains the secret data to be used. -# key: -# # Additional provider-specific configuration. See link above -# # for details of required/optional fields for your provider. -# config: {} -# # region: -# # s3ForcePathStyle: -# # s3Url: -# # kmsKeyId: -# # resourceGroup: -# # The ID of the subscription containing the storage account, if different from the cluster’s subscription. (Azure only) -# # subscriptionId: -# # storageAccount: -# # publicUrl: -# # Name of the GCP service account to use for this backup storage location. Specify the -# # service account here if you want to use workload identity instead of providing the key file.(GCP only) -# # serviceAccount: -# # Option to skip certificate validation or not if insecureSkipTLSVerify is set to be true, the client side should set the -# # flag. For Velero client Command like velero backup describe, velero backup logs needs to add the flag --insecure-skip-tls-verify -# # insecureSkipTLSVerify: +# name: +# # provider is the name for the backup storage location provider. +# provider: +# objectStorage: +# # bucket is the name of the bucket to store backups in. Required. +# bucket: +# # caCert defines a base64 encoded CA bundle to use when verifying TLS connections to the provider. Optional. +# caCert: +# # prefix is the directory under which all Velero data should be stored within the bucket. Optional. +# prefix: +# # validationFrequency defines how frequently Velero should validate the object storage. Optional. +# validationFrequency: +# # accessMode determines if velero can write to this backup storage location. Optional. +# # default to ReadWrite, ReadOnly is used during migrations and restores. +# accessMode: ReadWrite +# credential: +# # AWS/s3 credentials to be put into secret (mandatory if provider == aws/s3) +# aws: +# id: fdgsdfghsdfgh +# key: dfgdfhsdfgh +# # name of the secret used by this backupStorageLocation. +# name: +# # name of key that contains the secret data to be used. +# key: +# # Additional provider-specific configuration. See link above +# # for details of required/optional fields for your provider. +# config: {} +# # region: +# # s3ForcePathStyle: +# # s3Url: +# # kmsKeyId: +# # resourceGroup: +# # The ID of the subscription containing the storage account, if different from the cluster’s subscription. (Azure only) +# # subscriptionId: +# # storageAccount: +# # publicUrl: +# # Name of the GCP service account to use for this backup storage location. Specify the +# # service account here if you want to use workload identity instead of providing the key file.(GCP only) +# # serviceAccount: +# # Option to skip certificate validation or not if insecureSkipTLSVerify is set to be true, the client side should set the +# # flag. For Velero client Command like velero backup describe, velero backup logs needs to add the flag --insecure-skip-tls-verify +# # insecureSkipTLSVerify: # # # Parameters for the VolumeSnapshotLocation(s). Configure multiple by adding other element(s) to the volumeSnapshotLocation slice. # # See https://velero.io/docs/v1.6/api-types/volumesnapshotlocation/