Add support Disabling TLS Certificate Verification for Secure S3 Stor…

…age (#741) (#742)

Signed-off-by: Anisur Rahman <anisur@appscode.com>

go.mod

@@ -15,7 +15,7 @@ require (
 	kmodules.xyz/client-go v0.29.5
 	kmodules.xyz/custom-resources v0.29.0
 	kmodules.xyz/offshoot-api v0.29.0
-	stash.appscode.dev/apimachinery v0.32.1-0.20240101013736-ef308633d8b2
+	stash.appscode.dev/apimachinery v0.32.1-0.20240206075719-41610d0ce38f
 )
 
 require (
@@ -83,7 +83,7 @@ require (
 	k8s.io/kube-openapi v0.0.0-20231129212854-f0671cc7e66a // indirect
 	k8s.io/utils v0.0.0-20231127182322-b307cd553661 // indirect
 	kmodules.xyz/apiversion v0.2.0 // indirect
-	kmodules.xyz/objectstore-api v0.29.0 // indirect
+	kmodules.xyz/objectstore-api v0.29.1-0.20240205052451-a5cf0aa669f1 // indirect
 	kmodules.xyz/prober v0.29.0 // indirect
 	sigs.k8s.io/controller-runtime v0.16.3 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect

go.sum

@@ -543,8 +543,8 @@ kmodules.xyz/client-go v0.29.5 h1:iRl4MoV+96TM1csInOCWjn5xSOXzuYlil6CO40vXLHU=
 kmodules.xyz/client-go v0.29.5/go.mod h1:pHuzpwzEcDUIGjVVvwz9N8lY+6A7HXwvs2d7NtK7Hho=
 kmodules.xyz/custom-resources v0.29.0 h1:RaDM2+wSVXiwIvLqmkTVYpwoH83AC8wruXe2p2rOZNY=
 kmodules.xyz/custom-resources v0.29.0/go.mod h1:MzZyXtxdg1PDxGk3RTTO1Xv3KiVqZnIonSwmxVbagOY=
-kmodules.xyz/objectstore-api v0.29.0 h1:dK53fQXdoboyW/EyBBAMjykT8u7jstKrM1DS4RJvhEU=
-kmodules.xyz/objectstore-api v0.29.0/go.mod h1:Kxmv6F7Kd/7EoKX3X2xIzhHT++zlj2qdXLcp/8avUYI=
+kmodules.xyz/objectstore-api v0.29.1-0.20240205052451-a5cf0aa669f1 h1:k66vcGkx9SNka0tfmbeBiEgwj1E2+EKJHxnifOUsroA=
+kmodules.xyz/objectstore-api v0.29.1-0.20240205052451-a5cf0aa669f1/go.mod h1:Kxmv6F7Kd/7EoKX3X2xIzhHT++zlj2qdXLcp/8avUYI=
 kmodules.xyz/offshoot-api v0.29.0 h1:GHLhxxT9jU1N8+FvOCCeJNyU5g0duYS46UGrs6AHNLY=
 kmodules.xyz/offshoot-api v0.29.0/go.mod h1:5NxhBblXoDHWStx9HCDJR2KFTwYjEZ7i1Id3jelIunw=
 kmodules.xyz/prober v0.29.0 h1:Ex7m4F9rH7uWNNJlLgP63ROOM+nUATJkC2L5OQ7nwMg=
@@ -556,5 +556,5 @@ sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+s
 sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
-stash.appscode.dev/apimachinery v0.32.1-0.20240101013736-ef308633d8b2 h1:dePrbjp7o57sKe33K1ppaWQK/Ely4QgxmCcab0sDOpY=
-stash.appscode.dev/apimachinery v0.32.1-0.20240101013736-ef308633d8b2/go.mod h1:hTslVqyx20fF2i2s/m0rqXD+pZwnI2oG3k5zPzsDnXQ=
+stash.appscode.dev/apimachinery v0.32.1-0.20240206075719-41610d0ce38f h1:0B35Biy3T5cNWlfMKr2LPgDaXv6C7IeDBYHOeqBaLko=
+stash.appscode.dev/apimachinery v0.32.1-0.20240206075719-41610d0ce38f/go.mod h1:5ZunLyvEChKp4LpPJq8mTKQss3bsT93S/Tqu9BRvQTA=

pkg/backup.go

@@ -126,6 +126,7 @@ func NewCmdBackup() *cobra.Command {
 	cmd.Flags().StringVar(&opt.setupOptions.Provider, "provider", opt.setupOptions.Provider, "Backend provider (i.e. gcs, s3, azure etc)")
 	cmd.Flags().StringVar(&opt.setupOptions.Bucket, "bucket", opt.setupOptions.Bucket, "Name of the cloud bucket/container (keep empty for local backend)")
 	cmd.Flags().StringVar(&opt.setupOptions.Endpoint, "endpoint", opt.setupOptions.Endpoint, "Endpoint for s3/s3 compatible backend or REST backend URL")
+	cmd.Flags().BoolVar(&opt.setupOptions.InsecureTLS, "insecure-tls", opt.setupOptions.InsecureTLS, "InsecureTLS for TLS secure s3/s3 compatible backend")
 	cmd.Flags().StringVar(&opt.setupOptions.Region, "region", opt.setupOptions.Region, "Region for s3/s3 compatible backend")
 	cmd.Flags().StringVar(&opt.setupOptions.Path, "path", opt.setupOptions.Path, "Directory inside the bucket where backup will be stored")
 	cmd.Flags().StringVar(&opt.setupOptions.ScratchDir, "scratch-dir", opt.setupOptions.ScratchDir, "Temporary directory")

pkg/restore.go

@@ -114,6 +114,7 @@ func NewCmdRestore() *cobra.Command {
 	cmd.Flags().StringVar(&opt.setupOptions.Provider, "provider", opt.setupOptions.Provider, "Backend provider (i.e. gcs, s3, azure etc)")
 	cmd.Flags().StringVar(&opt.setupOptions.Bucket, "bucket", opt.setupOptions.Bucket, "Name of the cloud bucket/container (keep empty for local backend)")
 	cmd.Flags().StringVar(&opt.setupOptions.Endpoint, "endpoint", opt.setupOptions.Endpoint, "Endpoint for s3/s3 compatible backend or REST backend URL")
+	cmd.Flags().BoolVar(&opt.setupOptions.InsecureTLS, "insecure-tls", opt.setupOptions.InsecureTLS, "InsecureTLS for TLS secure s3/s3 compatible backend")
 	cmd.Flags().StringVar(&opt.setupOptions.Region, "region", opt.setupOptions.Region, "Region for s3/s3 compatible backend")
 	cmd.Flags().StringVar(&opt.setupOptions.Path, "path", opt.setupOptions.Path, "Directory inside the bucket where backup will be stored")
 	cmd.Flags().StringVar(&opt.storageSecret.Name, "storage-secret-name", opt.storageSecret.Name, "Name of the storage secret")

vendor/kmodules.xyz/objectstore-api/api/v1/types.go

@@ -98,10 +98,11 @@ type LocalSpec struct {
 }
 
 type S3Spec struct {
-	Endpoint string `json:"endpoint" protobuf:"bytes,1,opt,name=endpoint"`
-	Bucket   string `json:"bucket" protobuf:"bytes,2,opt,name=bucket"`
-	Prefix   string `json:"prefix,omitempty" protobuf:"bytes,3,opt,name=prefix"`
-	Region   string `json:"region,omitempty" protobuf:"bytes,4,opt,name=region"`
+	Endpoint    string `json:"endpoint" protobuf:"bytes,1,opt,name=endpoint"`
+	Bucket      string `json:"bucket" protobuf:"bytes,2,opt,name=bucket"`
+	Prefix      string `json:"prefix,omitempty" protobuf:"bytes,3,opt,name=prefix"`
+	Region      string `json:"region,omitempty" protobuf:"bytes,4,opt,name=region"`
+	InsecureTLS bool   `json:"insecureTLS,omitempty" protobuf:"varint,5,opt,name=insecureTLS"`
 }
 
 type GCSSpec struct {

vendor/modules.txt

@@ -671,7 +671,7 @@ kmodules.xyz/custom-resources/client/clientset/versioned/typed/appcatalog/v1alph
 kmodules.xyz/custom-resources/client/clientset/versioned/typed/auditor/v1alpha1
 kmodules.xyz/custom-resources/client/clientset/versioned/typed/metrics/v1alpha1
 kmodules.xyz/custom-resources/crds
-# kmodules.xyz/objectstore-api v0.29.0
+# kmodules.xyz/objectstore-api v0.29.1-0.20240205052451-a5cf0aa669f1
 ## explicit; go 1.21
 kmodules.xyz/objectstore-api/api/v1
 # kmodules.xyz/offshoot-api v0.29.0
@@ -701,7 +701,7 @@ sigs.k8s.io/structured-merge-diff/v4/value
 ## explicit; go 1.12
 sigs.k8s.io/yaml
 sigs.k8s.io/yaml/goyaml.v2
-# stash.appscode.dev/apimachinery v0.32.1-0.20240101013736-ef308633d8b2
+# stash.appscode.dev/apimachinery v0.32.1-0.20240206075719-41610d0ce38f
 ## explicit; go 1.21.5
 stash.appscode.dev/apimachinery/apis
 stash.appscode.dev/apimachinery/apis/repositories

vendor/stash.appscode.dev/apimachinery/apis/constants.go

@@ -78,6 +78,7 @@ const (
 	RepositoryPrefix          = "REPOSITORY_PREFIX"
 	RepositoryEndpoint        = "REPOSITORY_ENDPOINT"
 	RepositoryRegion          = "REPOSITORY_REGION"
+	RepositoryInsecureTLS     = "REPOSITORY_INSECURE_TLS"
 
 	Hostname       = "HOSTNAME"
 	SourceHostname = "SOURCE_HOSTNAME"

vendor/stash.appscode.dev/apimachinery/crds/stash.appscode.com_backupblueprints.yaml

@@ -1794,6 +1794,8 @@ spec:
                         type: string
                       endpoint:
                         type: string
+                      insecureTLS:
+                        type: boolean
                       prefix:
                         type: string
                       region:

vendor/stash.appscode.dev/apimachinery/crds/stash.appscode.com_repositories.yaml

@@ -1801,6 +1801,8 @@ spec:
                         type: string
                       endpoint:
                         type: string
+                      insecureTLS:
+                        type: boolean
                       prefix:
                         type: string
                       region: