OADP-1057: AWS STS Creds support for internal image backup

Dockerfile

@@ -16,9 +16,9 @@ ENV GOPATH=$APP_ROOT
 ENV BUILDTAGS containers_image_ostree_stub exclude_graphdriver_devicemapper exclude_graphdriver_btrfs containers_image_openpgp exclude_graphdriver_overlay include_gcs include_oss
 ENV BIN velero-plugins
 WORKDIR $APP_ROOT/src/github.com/konveyor/openshift-velero-plugin
-COPY --chown=1001 go.mod go.sum $APP_ROOT/src/github.com/konveyor/openshift-velero-plugin/
+COPY go.mod go.sum $APP_ROOT/src/github.com/konveyor/openshift-velero-plugin/
 RUN go mod download
-COPY --chown=1001 . $APP_ROOT/src/github.com/konveyor/openshift-velero-plugin
+COPY . $APP_ROOT/src/github.com/konveyor/openshift-velero-plugin
 RUN go build -installsuffix "static" -tags "$BUILDTAGS" -o _output/$BIN ./$BIN
 
 FROM registry.access.redhat.com/ubi8-minimal

velero-plugins/imagestream/registry.go

@@ -52,38 +52,9 @@ const (
 	ResourceGroup         = "resourceGroup"
 )
 
+// TODO: remove this map and just define them in each function
 // creating skeleton for provider based env var map
 var cloudProviderEnvVarMap = map[string][]corev1.EnvVar{
-	"aws": {
-		{
-			Name:  RegistryStorageEnvVarKey,
-			Value: S3,
-		},
-		{
-			Name:  RegistryStorageS3AccesskeyEnvVarKey,
-			Value: "",
-		},
-		{
-			Name:  RegistryStorageS3BucketEnvVarKey,
-			Value: "",
-		},
-		{
-			Name:  RegistryStorageS3RegionEnvVarKey,
-			Value: "",
-		},
-		{
-			Name:  RegistryStorageS3SecretkeyEnvVarKey,
-			Value: "",
-		},
-		{
-			Name:  RegistryStorageS3RegionendpointEnvVarKey,
-			Value: "",
-		},
-		{
-			Name:  RegistryStorageS3SkipverifyEnvVarKey,
-			Value: "",
-		},
-	},
 	"azure": {
 		{
 			Name:  RegistryStorageEnvVarKey,
@@ -154,7 +125,7 @@ func getRegistryEnvVars(bsl *velerov1.BackupStorageLocation) ([]corev1.EnvVar, e
 	var err error
 	switch provider {
 	case AWSProvider:
-		envVar, err = getAWSRegistryEnvVars(bsl, cloudProviderEnvVarMap[AWSProvider])
+		envVar, err = getAWSRegistryEnvVars(bsl)
 
 	case AzureProvider:
 		envVar, err = getAzureRegistryEnvVars(bsl, cloudProviderEnvVarMap[AzureProvider])
@@ -170,51 +141,54 @@ func getRegistryEnvVars(bsl *velerov1.BackupStorageLocation) ([]corev1.EnvVar, e
 	return envVar, nil
 }
 
-func getAWSRegistryEnvVars(bsl *velerov1.BackupStorageLocation, awsEnvVars []corev1.EnvVar) ([]corev1.EnvVar, error) {
-
+func getAWSRegistryEnvVars(bsl *velerov1.BackupStorageLocation) ([]corev1.EnvVar, error) {
+	// validation
+	bslSpecRegion, regionInConfig := bsl.Spec.Config[Region]
+	if !regionInConfig {
+		return nil, errors.New("region not found in backupstoragelocation spec")
+	}
 	// create secret data and fill up the values and return from here
-	for i := range awsEnvVars {
-		if awsEnvVars[i].Name == RegistryStorageS3AccesskeyEnvVarKey {
-			awsEnvVars[i].ValueFrom = &corev1.EnvVarSource{
+	awsEnvs := []corev1.EnvVar{
+		{
+			Name:  RegistryStorageEnvVarKey,
+			Value: S3,
+		},
+		{
+			Name: RegistryStorageS3AccesskeyEnvVarKey,
+			ValueFrom: &corev1.EnvVarSource{
 				SecretKeyRef: &corev1.SecretKeySelector{
 					LocalObjectReference: corev1.LocalObjectReference{Name: "oadp-" + bsl.Name + "-" + bsl.Spec.Provider + "-registry-secret"},
 					Key:                  "access_key",
 				},
-			}
-		}
-
-		if awsEnvVars[i].Name == RegistryStorageS3BucketEnvVarKey {
-			awsEnvVars[i].Value = bsl.Spec.StorageType.ObjectStorage.Bucket
-		}
-
-		if awsEnvVars[i].Name == RegistryStorageS3RegionEnvVarKey {
-			bslSpecRegion, regionInConfig := bsl.Spec.Config[Region]
-			if regionInConfig {
-				awsEnvVars[i].Value = bslSpecRegion
-			} else {
-				return nil, errors.New("region not found in backupstoragelocation spec")
-			}
-		}
-
-		if awsEnvVars[i].Name == RegistryStorageS3SecretkeyEnvVarKey {
-			awsEnvVars[i].ValueFrom = &corev1.EnvVarSource{
+			},
+		},
+		{
+			Name: RegistryStorageS3BucketEnvVarKey,
+			Value: bsl.Spec.StorageType.ObjectStorage.Bucket,
+		},
+		{
+			Name: RegistryStorageS3RegionEnvVarKey,
+			Value: bslSpecRegion,
+		},
+		{
+			Name: RegistryStorageS3SecretkeyEnvVarKey,
+			ValueFrom: &corev1.EnvVarSource{
 				SecretKeyRef: &corev1.SecretKeySelector{
 					LocalObjectReference: corev1.LocalObjectReference{Name: "oadp-" + bsl.Name + "-" + bsl.Spec.Provider + "-registry-secret"},
 					Key:                  "secret_key",
 				},
-			}
-		}
-
-		if awsEnvVars[i].Name == RegistryStorageS3RegionendpointEnvVarKey {
-			awsEnvVars[i].Value = bsl.Spec.Config[S3URL]
-		}
-
-		if awsEnvVars[i].Name == RegistryStorageS3SkipverifyEnvVarKey {
-			awsEnvVars[i].Value = bsl.Spec.Config[InsecureSkipTLSVerify]
-		}
-
+			},
+		},
+		{
+			Name: RegistryStorageS3RegionendpointEnvVarKey,
+			Value: bsl.Spec.Config[S3URL],
+		},
+		{
+			Name: RegistryStorageS3SkipverifyEnvVarKey,
+			Value: bsl.Spec.Config[InsecureSkipTLSVerify],
+		},
 	}
-	return awsEnvVars, nil
+	return awsEnvs, nil
 }
 
 func getAzureRegistryEnvVars(bsl *velerov1.BackupStorageLocation, azureEnvVars []corev1.EnvVar) ([]corev1.EnvVar, error) {

velero-plugins/imagestream/registry_test.go

@@ -358,7 +358,7 @@ func Test_getAWSRegistryEnvVars(t *testing.T) {
 				}
 			}
 
-			gotRegistryContainerEnvVar, gotErr := getAWSRegistryEnvVars(tt.bsl, testAWSEnvVar)
+			gotRegistryContainerEnvVar, gotErr := getAWSRegistryEnvVars(tt.bsl)
 
 			if tt.matchProfile && (gotErr != nil) != tt.wantErr {
 				t.Errorf("ValidateBackupStorageLocations() gotErr = %v, wantErr %v", gotErr, tt.wantErr)

velero-plugins/main.go

@@ -44,7 +44,6 @@ func main() {
 		RegisterRestoreItemActionV2("openshift.io/04-imagestreamtag-restore-plugin", newImageStreamTagRestorePlugin).
 		RegisterRestoreItemAction("openshift.io/05-route-restore-plugin", newRouteRestorePlugin).
 		RegisterRestoreItemAction("openshift.io/06-build-restore-plugin", newBuildRestorePlugin).
-		RegisterBackupItemAction("openshift.io/07-pod-backup-plugin", newPodBackupPlugin).
 		RegisterRestoreItemAction("openshift.io/07-pod-restore-plugin", newPodRestorePlugin).
 		RegisterRestoreItemAction("openshift.io/08-deploymentconfig-restore-plugin", newDeploymentConfigRestorePlugin).
 		RegisterBackupItemAction("openshift.io/09-replicationcontroller-backup-plugin", newReplicationControllerBackupPlugin).
@@ -105,10 +104,6 @@ func newCronJobRestorePlugin(logger logrus.FieldLogger) (interface{}, error) {
 	return &cronjob.RestorePlugin{Log: logger}, nil
 }
 
-func newPodBackupPlugin(logger logrus.FieldLogger) (interface{}, error) {
-	return &pod.BackupPlugin{Log: logger}, nil
-}
-
 func newPodRestorePlugin(logger logrus.FieldLogger) (interface{}, error) {
 	return &pod.RestorePlugin{Log: logger}, nil
 }