[cherry-pick] Use BasicAuth Keys for reading credentials from secret (#543) (#548)

1gtm · web-flow · commit 20c0eda9cbad · 2021-01-15T20:29:20.000-08:00
Signed-off-by: Emruz Hossain &lt;emruz@appscode.com&gt;
diff --git a/Dockerfile.dbg b/Dockerfile.dbg
@@ -35,8 +35,7 @@ LABEL org.opencontainers.image.source https://github.com/stashed/elasticsearch
 RUN set -x \
   && apk add --update --no-cache bash ca-certificates curl
 
-RUN npm config set unsafe-perm true \
-  && npm install elasticdump@4.1.2 -g
+RUN npm install elasticdump@6.62.1 -g
 
 COPY --from=0 restic /bin/restic
 COPY bin/{ARG_OS}_{ARG_ARCH}/{ARG_BIN} /{ARG_BIN}
diff --git a/Dockerfile.in b/Dockerfile.in
@@ -35,8 +35,7 @@ LABEL org.opencontainers.image.source https://github.com/stashed/elasticsearch
 RUN set -x \
   && apk add --update --no-cache bash ca-certificates curl
 
-RUN npm config set unsafe-perm true \
-  && npm install elasticdump@4.1.2 -g
+RUN npm install elasticdump@6.62.1 -g
 
 COPY --from=0 /restic /bin/restic
 COPY bin/{ARG_OS}_{ARG_ARCH}/{ARG_BIN} /{ARG_BIN}
diff --git a/go.mod b/go.mod
@@ -8,6 +8,7 @@ require (
 	github.com/spf13/cobra v1.1.1
 	go.bytebuilders.dev/license-verifier/kubernetes v0.5.1
 	gomodules.xyz/x v0.0.0-20201105065653-91c568df6331
+	k8s.io/api v0.18.9
 	k8s.io/apimachinery v0.18.9
 	k8s.io/client-go v0.18.9
 	kmodules.xyz/client-go v0.0.0-20210108092221-c3812eb92bd0
diff --git a/pkg/backup.go b/pkg/backup.go
@@ -35,9 +35,11 @@ import (
 	license "go.bytebuilders.dev/license-verifier/kubernetes"
 	"gomodules.xyz/x/flags"
 	"gomodules.xyz/x/log"
+	core "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"
+	meta_util "kmodules.xyz/client-go/meta"
 	appcatalog "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1"
 	appcatalog_cs "kmodules.xyz/custom-resources/client/clientset/versioned"
 	v1 "kmodules.xyz/offshoot-api/api/v1"
@@ -215,7 +217,13 @@ func (opt *esOptions) backupElasticsearch(targetRef api_v1beta1.TargetRef) (*res
 	}
 
 	appSVC := appBinding.Spec.ClientConfig.Service
-	esURL := fmt.Sprintf("%v://%s:%s@%s:%d", appSVC.Scheme, appBindingSecret.Data[ESUser], appBindingSecret.Data[ESPassword], appSVC.Name, appSVC.Port) // TODO: authplugin: none
+	esURL := fmt.Sprintf("%v://%s:%s@%s:%d",
+		appSVC.Scheme,
+		must(meta_util.GetBytesForKeys(appBindingSecret.Data, core.BasicAuthUsernameKey, ESUser)),
+		must(meta_util.GetBytesForKeys(appBindingSecret.Data, core.BasicAuthPasswordKey, ESPassword)),
+		appSVC.Name,
+		appSVC.Port,
+	) // TODO: support backup without authentication
 
 	// wait for DB ready
 	waitForDBReady(appBinding.Spec.ClientConfig.Service.Name, appBinding.Spec.ClientConfig.Service.Port, opt.waitTimeout)
diff --git a/pkg/restore.go b/pkg/restore.go
@@ -32,9 +32,11 @@ import (
 	license "go.bytebuilders.dev/license-verifier/kubernetes"
 	"gomodules.xyz/x/flags"
 	"gomodules.xyz/x/log"
+	core "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"
+	meta_util "kmodules.xyz/client-go/meta"
 	appcatalog "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1"
 	appcatalog_cs "kmodules.xyz/custom-resources/client/clientset/versioned"
 	v1 "kmodules.xyz/offshoot-api/api/v1"
@@ -182,7 +184,13 @@ func (opt *esOptions) restoreElasticsearch(targetRef api_v1beta1.TargetRef) (*re
 	}
 
 	appSVC := appBinding.Spec.ClientConfig.Service
-	esURL := fmt.Sprintf("%v://%s:%s@%s:%d", appSVC.Scheme, appBindingSecret.Data[ESUser], appBindingSecret.Data[ESPassword], appSVC.Name, appSVC.Port) // TODO: support for authplugin: none
+	esURL := fmt.Sprintf("%v://%s:%s@%s:%d",
+		appSVC.Scheme,
+		must(meta_util.GetBytesForKeys(appBindingSecret.Data, core.BasicAuthUsernameKey, ESUser)),
+		must(meta_util.GetBytesForKeys(appBindingSecret.Data, core.BasicAuthPasswordKey, ESPassword)),
+		appSVC.Name,
+		appSVC.Port,
+	) // TODO: support backup without authentication
 
 	// wait for DB ready
 	waitForDBReady(appBinding.Spec.ClientConfig.Service.Name, appBinding.Spec.ClientConfig.Service.Port, opt.waitTimeout)
diff --git a/pkg/utils.go b/pkg/utils.go
@@ -72,3 +72,10 @@ func clearDir(dir string) error {
 	}
 	return os.MkdirAll(dir, os.ModePerm)
 }
+
+func must(v []byte, err error) string {
+	if err != nil {
+		panic(err)
+	}
+	return string(v)
+}

Original file line number	Diff line number	Diff line change
`@@ -72,3 +72,10 @@ func clearDir(dir string) error {`
`72`	`72`	`}`
`73`	`73`	`return os.MkdirAll(dir, os.ModePerm)`
`74`	`74`	`}`
	`75`	`+`
	`76`	`+func must(v []byte, err error) string {`
	`77`	`+ if err != nil {`
	`78`	`+ panic(err)`
	`79`	`+ }`
	`80`	`+ return string(v)`
	`81`	`+}`