OADP-1057: CloudStorageLocation Prefix/CACert support (#1126)

* validator and type updates

* validator and type updates

Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>

* CloudStorageLocation prefix is added to BSL

* clarify backupImages error

Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>

* validator refactor returns err from validating funcs

Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>

* unit tests fix

* simplify expression

Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>

* Add ignorable restore error logs and unit test

Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>

* consistent error string across bl.velero and bl.cloudstorage

---------

Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>

api/v1alpha1/cloud_storage_types.go

@@ -5,6 +5,8 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+// CloudStorage types are APIs for automatic bucket creation at cloud providers if defined name do not exists.
+
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
 
@@ -19,9 +21,9 @@ type CloudStorage struct {
 type CloudStorageProvider string
 
 const (
-	AWSBucketProvider   CloudStorageProvider = "aws"
-	AzureBucketProvider CloudStorageProvider = "azure"
-	GCPBucketProvider   CloudStorageProvider = "gcp"
+	AWSBucketProvider   CloudStorageProvider = CloudStorageProvider(DefaultPluginAWS)
+	AzureBucketProvider CloudStorageProvider = CloudStorageProvider(DefaultPluginMicrosoftAzure)
+	GCPBucketProvider   CloudStorageProvider = CloudStorageProvider(DefaultPluginGCP)
 )
 
 type CloudStorageSpec struct {

api/v1alpha1/oadp_types.go

@@ -152,6 +152,7 @@ type ApplicationConfig struct {
 	Restic *ResticConfig `json:"restic,omitempty"`
 }
 
+// CloudStorageLocation defines BackupStorageLocation using bucket referenced by CloudStorage CR.
 type CloudStorageLocation struct {
 	CloudStorageRef corev1.LocalObjectReference `json:"cloudStorageRef"`
 
@@ -171,6 +172,16 @@ type CloudStorageLocation struct {
 	// +optional
 	// +nullable
 	BackupSyncPeriod *metav1.Duration `json:"backupSyncPeriod,omitempty"`
+
+	// Prefix and CACert are copied from velero/pkg/apis/v1/backupstoragelocation_types.go under ObjectStorageLocation
+
+	// Prefix is the path inside a bucket to use for Velero storage. Optional.
+	// +optional
+	Prefix string `json:"prefix,omitempty"`
+
+	// CACert defines a CA bundle to use when verifying TLS connections to the provider.
+	// +optional
+	CACert []byte `json:"caCert,omitempty"`
 }
 
 // BackupLocation defines the configuration for the DPA backup storage

bundle/manifests/oadp.openshift.io_dataprotectionapplications.yaml

@@ -41,11 +41,16 @@ spec:
                     description: BackupLocation defines the configuration for the DPA backup storage
                     properties:
                       bucket:
+                        description: CloudStorageLocation defines BackupStorageLocation using bucket referenced by CloudStorage CR.
                         properties:
                           backupSyncPeriod:
                             description: backupSyncPeriod defines how frequently to sync backup API objects from object storage. A value of 0 disables sync.
                             nullable: true
                             type: string
+                          caCert:
+                            description: CACert defines a CA bundle to use when verifying TLS connections to the provider.
+                            format: byte
+                            type: string
                           cloudStorageRef:
                             description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
                             properties:
@@ -76,6 +81,9 @@ spec:
                           default:
                             description: default indicates this location is the default backup storage location.
                             type: boolean
+                          prefix:
+                            description: Prefix is the path inside a bucket to use for Velero storage. Optional.
+                            type: string
                         required:
                           - cloudStorageRef
                         type: object

config/crd/bases/oadp.openshift.io_dataprotectionapplications.yaml

@@ -41,11 +41,16 @@ spec:
                     description: BackupLocation defines the configuration for the DPA backup storage
                     properties:
                       bucket:
+                        description: CloudStorageLocation defines BackupStorageLocation using bucket referenced by CloudStorage CR.
                         properties:
                           backupSyncPeriod:
                             description: backupSyncPeriod defines how frequently to sync backup API objects from object storage. A value of 0 disables sync.
                             nullable: true
                             type: string
+                          caCert:
+                            description: CACert defines a CA bundle to use when verifying TLS connections to the provider.
+                            format: byte
+                            type: string
                           cloudStorageRef:
                             description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
                             properties:
@@ -76,6 +81,9 @@ spec:
                           default:
                             description: default indicates this location is the default backup storage location.
                             type: boolean
+                          prefix:
+                            description: Prefix is the path inside a bucket to use for Velero storage. Optional.
+                            type: string
                         required:
                           - cloudStorageRef
                         type: object

controllers/bsl.go

@@ -14,11 +14,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 )
 
-func (r *DPAReconciler) ValidateBackupStorageLocations(log logr.Logger) (bool, error) {
-	dpa := oadpv1alpha1.DataProtectionApplication{}
-	if err := r.Get(r.Context, r.NamespacedName, &dpa); err != nil {
-		return false, err
-	}
+func (r *DPAReconciler) ValidateBackupStorageLocations(dpa oadpv1alpha1.DataProtectionApplication) (bool, error) {
 	if dpa.Spec.Configuration == nil || dpa.Spec.Configuration.Velero == nil {
 		return false, errors.New("DPA CR Velero configuration cannot be nil")
 	}
@@ -146,6 +142,8 @@ func (r *DPAReconciler) ReconcileBackupStorageLocations(log logr.Logger) (bool,
 				bsl.Spec.Default = bslSpec.CloudStorage.Default
 				bsl.Spec.ObjectStorage = &velerov1.ObjectStorageLocation{
 					Bucket: bucket.Spec.Name,
+					Prefix: bslSpec.CloudStorage.Prefix,
+					CACert: bslSpec.CloudStorage.CACert,
 				}
 				switch bucket.Spec.Provider {
 				case oadpv1alpha1.AWSBucketProvider:
@@ -256,7 +254,7 @@ func (r *DPAReconciler) validateAWSBackupStorageLocation(bslSpec velerov1.Backup
 	if len(bslSpec.StorageType.ObjectStorage.Prefix) == 0 && dpa.BackupImages() {
 		return fmt.Errorf("prefix for AWS backupstoragelocation object storage cannot be empty. It is required for backing up images")
 	}
-	// BSL region is required when s3ForcePathStyle is true AND BackupImages is false
+	// BSL region is required when s3ForcePathStyle is true AND BackupImages is true
 	if (bslSpec.Config == nil || len(bslSpec.Config[Region]) == 0 && bslSpec.Config[S3ForcePathStyle] == "true") && dpa.BackupImages() {
 		return fmt.Errorf("region for AWS backupstoragelocation cannot be empty when s3ForcePathStyle is true or when backing up images")
 	}
@@ -329,6 +327,9 @@ func pluginExistsInVeleroCR(configuredPlugins []oadpv1alpha1.DefaultPlugin, expe
 }
 
 func (r *DPAReconciler) validateProviderPluginAndSecret(bslSpec velerov1.BackupStorageLocationSpec, dpa *oadpv1alpha1.DataProtectionApplication) error {
+	if dpa.Spec.Configuration.Velero.HasFeatureFlag("no-secret") {
+		return nil
+	}
 	// check for existence of provider plugin and warn if the plugin is absent
 	if !pluginExistsInVeleroCR(dpa.Spec.Configuration.Velero.DefaultPlugins, oadpv1alpha1.DefaultPlugin(bslSpec.Provider)) {
 		r.Log.Info(fmt.Sprintf("%s backupstoragelocation is configured but velero plugin for %s is not present", bslSpec.Provider, bslSpec.Provider))