Prepare for release v0.3.0 (#20)

ProductLine: KubeStash
Release: v2024.1.31
Release-tracker: kubestash/CHANGELOG#9
Signed-off-by: 1gtm <1gtm@appscode.com>

go.mod

@@ -21,7 +21,7 @@ require (
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
 	kmodules.xyz/client-go v0.29.6
 	kmodules.xyz/offshoot-api v0.29.0
-	kubestash.dev/apimachinery v0.4.0-rc.2
+	kubestash.dev/apimachinery v0.4.0
 	sigs.k8s.io/controller-runtime v0.17.0
 )
 

go.sum

@@ -738,8 +738,8 @@ kmodules.xyz/offshoot-api v0.29.0 h1:GHLhxxT9jU1N8+FvOCCeJNyU5g0duYS46UGrs6AHNLY
 kmodules.xyz/offshoot-api v0.29.0/go.mod h1:5NxhBblXoDHWStx9HCDJR2KFTwYjEZ7i1Id3jelIunw=
 kmodules.xyz/prober v0.29.0 h1:Ex7m4F9rH7uWNNJlLgP63ROOM+nUATJkC2L5OQ7nwMg=
 kmodules.xyz/prober v0.29.0/go.mod h1:UtK+HKyI1lFLEKX+HFLyOCVju6TO93zv3kwGpzqmKOo=
-kubestash.dev/apimachinery v0.4.0-rc.2 h1:BSThxK1vQ0wp4JtO5HCVLvEqTP0TJuTqmEmeQOyK738=
-kubestash.dev/apimachinery v0.4.0-rc.2/go.mod h1:ysktK/jLtv5SnFgyxmBZmSFDZmD03lFwEF/8bG/VoF8=
+kubestash.dev/apimachinery v0.4.0 h1:FH4gS7hWwGeY0MdWyMwAZYF43xXj3q/dNlMApiVYPz4=
+kubestash.dev/apimachinery v0.4.0/go.mod h1:ysktK/jLtv5SnFgyxmBZmSFDZmD03lFwEF/8bG/VoF8=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=

vendor/kubestash.dev/apimachinery/apis/constant.go

@@ -97,12 +97,12 @@ const (
 
 // RBAC related
 const (
-	KubeStashBackupJobClusterRole       = "kubestash-backup-job"
-	KubeStashRestoreJobClusterRole      = "kubestash-restore-job"
-	KubeStashCronJobClusterRole         = "kubestash-cron-job"
-	KubeStashBackendJobClusterRole      = "kubestash-backend-job"
-	KubeStashBackendAccessorClusterRole = "kubestash-backend-accessor"
-	KubeStashPopulatorJobRole           = "kubestash-populator-job"
+	KubeStashBackupJobClusterRole          = "kubestash-backup-job"
+	KubeStashRestoreJobClusterRole         = "kubestash-restore-job"
+	KubeStashCronJobClusterRole            = "kubestash-cron-job"
+	KubeStashBackendJobClusterRole         = "kubestash-backend-job"
+	KubeStashStorageInitializerClusterRole = "kubestash-storage-initializer-job"
+	KubeStashPopulatorJobClusterRole       = "kubestash-populator-job"
 )
 
 // Reconciliation related

vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/types.go

@@ -107,6 +107,14 @@ type S3Spec struct {
 	// SecretName specifies the name of the Secret that contains the access credential for this storage.
 	// +optional
 	SecretName string `json:"secretName,omitempty"`
+
+	// InsecureTLS controls whether a client should skip TLS certificate verification.
+	// Setting this field to true disables verification, which might be necessary in cases
+	// where the server uses self-signed certificates or certificates from an untrusted CA.
+	// Use this option with caution, as it can expose the client to man-in-the-middle attacks
+	// and other security risks. Only use it when absolutely necessary.
+	// +optional
+	InsecureTLS bool `json:"insecureTLS,omitempty"`
 }
 
 type GCSSpec struct {

vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_backupstorages.yaml

@@ -4488,6 +4488,16 @@ spec:
                         description: Endpoint specifies the URL of the S3 or S3 compatible
                           storage bucket.
                         type: string
+                      insecureTLS:
+                        description: InsecureTLS controls whether a client should
+                          skip TLS certificate verification. Setting this field to
+                          true disables verification, which might be necessary in
+                          cases where the server uses self-signed certificates or
+                          certificates from an untrusted CA. Use this option with
+                          caution, as it can expose the client to man-in-the-middle
+                          attacks and other security risks. Only use it when absolutely
+                          necessary.
+                        type: boolean
                       prefix:
                         description: Prefix specifies a directory inside the bucket/container
                           where the data for this backend will be stored.

vendor/kubestash.dev/apimachinery/pkg/restic/commands.go

@@ -79,6 +79,7 @@ func (w *ResticWrapper) listSnapshots(snapshotIDs []string) ([]Snapshot, error)
 	result := make([]Snapshot, 0)
 	args := w.appendCacheDirFlag([]interface{}{"snapshots", "--json", "--quiet", "--no-lock"})
 	args = w.appendCaCertFlag(args)
+	args = w.appendInsecureTLSFlag(args)
 	args = w.appendMaxConnectionsFlag(args)
 	for _, id := range snapshotIDs {
 		args = append(args, id)
@@ -94,6 +95,7 @@ func (w *ResticWrapper) listSnapshots(snapshotIDs []string) ([]Snapshot, error)
 func (w *ResticWrapper) tryDeleteSnapshots(snapshotIDs []string) ([]byte, error) {
 	args := w.appendCacheDirFlag([]interface{}{"forget", "--quiet", "--prune"})
 	args = w.appendCaCertFlag(args)
+	args = w.appendInsecureTLSFlag(args)
 	args = w.appendMaxConnectionsFlag(args)
 	for _, id := range snapshotIDs {
 		args = append(args, id)
@@ -118,6 +120,7 @@ func (w *ResticWrapper) repositoryExist() bool {
 	klog.Infoln("Checking whether the backend repository exist or not....")
 	args := w.appendCacheDirFlag([]interface{}{"snapshots", "--json", "--no-lock"})
 	args = w.appendCaCertFlag(args)
+	args = w.appendInsecureTLSFlag(args)
 	args = w.appendMaxConnectionsFlag(args)
 	if _, err := w.run(Command{Name: ResticCMD, Args: args}); err == nil {
 		return true
@@ -133,6 +136,7 @@ func (w *ResticWrapper) initRepository() error {
 
 	args := w.appendCacheDirFlag([]interface{}{"init"})
 	args = w.appendCaCertFlag(args)
+	args = w.appendInsecureTLSFlag(args)
 	args = w.appendMaxConnectionsFlag(args)
 	_, err := w.run(Command{Name: ResticCMD, Args: args})
 	return err
@@ -169,6 +173,7 @@ func (w *ResticWrapper) backup(params backupParams) ([]byte, error) {
 	args = w.appendCacheDirFlag(args)
 	args = w.appendCleanupCacheFlag(args)
 	args = w.appendCaCertFlag(args)
+	args = w.appendInsecureTLSFlag(args)
 	args = w.appendMaxConnectionsFlag(args)
 
 	return w.run(Command{Name: ResticCMD, Args: args})
@@ -192,6 +197,7 @@ func (w *ResticWrapper) backupFromStdin(options BackupOptions) ([]byte, error) {
 	args = w.appendCacheDirFlag(args)
 	args = w.appendCleanupCacheFlag(args)
 	args = w.appendCaCertFlag(args)
+	args = w.appendInsecureTLSFlag(args)
 	args = w.appendMaxConnectionsFlag(args)
 
 	commands = append(commands, Command{Name: ResticCMD, Args: args})
@@ -237,6 +243,7 @@ func (w *ResticWrapper) restore(params restoreParams) ([]byte, error) {
 	}
 	args = w.appendCacheDirFlag(args)
 	args = w.appendCaCertFlag(args)
+	args = w.appendInsecureTLSFlag(args)
 	args = w.appendMaxConnectionsFlag(args)
 
 	return w.run(Command{Name: ResticCMD, Args: args})
@@ -268,6 +275,7 @@ func (w *ResticWrapper) DumpOnce(dumpOptions DumpOptions) ([]byte, error) {
 	args = w.appendCacheDirFlag(args)
 	args = w.appendCaCertFlag(args)
 	args = w.appendMaxConnectionsFlag(args)
+	args = w.appendInsecureTLSFlag(args)
 
 	// first add restic command, then add StdoutPipeCommands
 	commands := []Command{
@@ -282,6 +290,7 @@ func (w *ResticWrapper) check() ([]byte, error) {
 	args := w.appendCacheDirFlag([]interface{}{"check", "--no-lock"})
 	args = w.appendCaCertFlag(args)
 	args = w.appendMaxConnectionsFlag(args)
+	args = w.appendInsecureTLSFlag(args)
 
 	return w.run(Command{Name: ResticCMD, Args: args})
 }
@@ -295,6 +304,7 @@ func (w *ResticWrapper) stats(snapshotID string) ([]byte, error) {
 	args = w.appendMaxConnectionsFlag(args)
 	args = append(args, "--quiet", "--json", "--mode", "raw-data", "--no-lock")
 	args = w.appendCaCertFlag(args)
+	args = w.appendInsecureTLSFlag(args)
 
 	return w.run(Command{Name: ResticCMD, Args: args})
 }
@@ -304,6 +314,7 @@ func (w *ResticWrapper) unlock() ([]byte, error) {
 	args := w.appendCacheDirFlag([]interface{}{"unlock", "--remove-all"})
 	args = w.appendMaxConnectionsFlag(args)
 	args = w.appendCaCertFlag(args)
+	args = w.appendInsecureTLSFlag(args)
 
 	return w.run(Command{Name: ResticCMD, Args: args})
 }
@@ -457,6 +468,7 @@ func (w *ResticWrapper) addKey(params keyParams) ([]byte, error) {
 	args = w.appendCacheDirFlag(args)
 	args = w.appendMaxConnectionsFlag(args)
 	args = w.appendCaCertFlag(args)
+	args = w.appendInsecureTLSFlag(args)
 
 	return w.run(Command{Name: ResticCMD, Args: args})
 }
@@ -469,6 +481,7 @@ func (w *ResticWrapper) listKey() ([]byte, error) {
 	args = w.appendCacheDirFlag(args)
 	args = w.appendMaxConnectionsFlag(args)
 	args = w.appendCaCertFlag(args)
+	args = w.appendInsecureTLSFlag(args)
 
 	return w.run(Command{Name: ResticCMD, Args: args})
 }
@@ -485,6 +498,7 @@ func (w *ResticWrapper) updateKey(params keyParams) ([]byte, error) {
 	args = w.appendCacheDirFlag(args)
 	args = w.appendMaxConnectionsFlag(args)
 	args = w.appendCaCertFlag(args)
+	args = w.appendInsecureTLSFlag(args)
 
 	return w.run(Command{Name: ResticCMD, Args: args})
 }
@@ -497,6 +511,7 @@ func (w *ResticWrapper) removeKey(params keyParams) ([]byte, error) {
 	args = w.appendCacheDirFlag(args)
 	args = w.appendMaxConnectionsFlag(args)
 	args = w.appendCaCertFlag(args)
+	args = w.appendInsecureTLSFlag(args)
 
 	return w.run(Command{Name: ResticCMD, Args: args})
 }

vendor/kubestash.dev/apimachinery/pkg/restic/config.go

@@ -84,6 +84,7 @@ type backend struct {
 	bucket         string
 	endpoint       string
 	region         string
+	insecureTLS    bool
 	path           string
 	storageAccount string
 }
@@ -225,3 +226,10 @@ func (w *ResticWrapper) Copy() *ResticWrapper {
 	out.config = w.config
 	return out
 }
+
+func (w *ResticWrapper) appendInsecureTLSFlag(args []interface{}) []interface{} {
+	if w.config.insecureTLS {
+		return append(args, "--insecure-tls")
+	}
+	return args
+}

vendor/kubestash.dev/apimachinery/pkg/restic/setup.go

@@ -377,6 +377,7 @@ func (w *ResticWrapper) setBackupStorageVariables() error {
 		w.config.bucket = s3.Bucket
 		w.config.endpoint = s3.Endpoint
 		w.config.path = s3.Prefix
+		w.config.insecureTLS = s3.InsecureTLS
 		secret = s3.SecretName
 	}
 

vendor/modules.txt

@@ -823,7 +823,7 @@ kmodules.xyz/offshoot-api/api/v1
 # kmodules.xyz/prober v0.29.0
 ## explicit; go 1.21.5
 kmodules.xyz/prober/api/v1
-# kubestash.dev/apimachinery v0.4.0-rc.2
+# kubestash.dev/apimachinery v0.4.0
 ## explicit; go 1.21.5
 kubestash.dev/apimachinery/apis
 kubestash.dev/apimachinery/apis/addons/v1alpha1