feat: support set BackupStorageLocation(BSL) CA certificate (vmware-t…

…anzu#3167) * Rename --cacert-file to --cacert in the CLI design doc Signed-off-by: JenTing Hsiao <jenting.hsiao@suse.com> * Add a new flag --cacert under `velero backup-location set` Signed-off-by: JenTing Hsiao <jenting.hsiao@suse.com> * Add changelog Signed-off-by: JenTing Hsiao <jenting.hsiao@suse.com> * Changelog rewording Signed-off-by: JenTing Hsiao <jenting.hsiao@suse.com> * Revert CLI design doc Signed-off-by: JenTing Hsiao <jenting.hsiao@suse.com>
gyaozhou · May 14, 2022 · 991f34e · 991f34e
1 parent 5285c40
commit 991f34e
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/changelogs/unreleased/3167-jenting b/changelogs/unreleased/3167-jenting
@@ -0,0 +1 @@
+feat: support setting BackupStorageLocation CA certificate via `velero backup-location set --cacert`
diff --git a/pkg/cmd/cli/backuplocation/set.go b/pkg/cmd/cli/backuplocation/set.go
@@ -19,6 +19,8 @@ package backuplocation
 import (
 	"context"
 	"fmt"
+	"io/ioutil"
+	"path/filepath"
 
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
@@ -51,6 +53,7 @@ func NewSetCommand(f client.Factory, use string) *cobra.Command {
 
 type SetOptions struct {
 	Name                         string
+	CACertFile                   string
 	DefaultBackupStorageLocation bool
 }
 
@@ -59,6 +62,7 @@ func NewSetOptions() *SetOptions {
 }
 
 func (o *SetOptions) BindFlags(flags *pflag.FlagSet) {
+	flags.StringVar(&o.CACertFile, "cacert", o.CACertFile, "File containing a certificate bundle to use when verifying TLS connections to the object store. Optional.")
 	flags.BoolVar(&o.DefaultBackupStorageLocation, "default", o.DefaultBackupStorageLocation, "Sets this new location to be the new default backup storage location. Optional.")
 }
 
@@ -82,6 +86,18 @@ func (o *SetOptions) Run(c *cobra.Command, f client.Factory) error {
 		return errors.WithStack(err)
 	}
 
+	var caCertData []byte
+	if o.CACertFile != "" {
+		realPath, err := filepath.Abs(o.CACertFile)
+		if err != nil {
+			return err
+		}
+		caCertData, err = ioutil.ReadFile(realPath)
+		if err != nil {
+			return err
+		}
+	}
+
 	if o.DefaultBackupStorageLocation {
 		// There is one and only one default backup storage location.
 		// Disable the origin default backup storage location.
@@ -106,6 +122,7 @@ func (o *SetOptions) Run(c *cobra.Command, f client.Factory) error {
 	}
 
 	location.Spec.Default = o.DefaultBackupStorageLocation
+	location.Spec.StorageType.ObjectStorage.CACert = caCertData
 	if err := kbClient.Update(context.Background(), location, &kbclient.UpdateOptions{}); err != nil {
 		return errors.WithStack(err)
 	}