-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add credential field to the bsl #3190
Conversation
Not sure if this PR should be scoped to what is in it right now (populating the BSL with the secret), or to push the secret info down to the plugin. |
I don't think we came to a decision on how to make the secret data available to the plugins (at least that's what I am updating the design doc with) so I think what is here is good for now! |
I think this will need to be optional as we currently support the
If you try to create a BSL with a secret that doesn't exist, are any errors thrown when creating/updating the BSL? It's not clear to me if the API will do some validation by using that Secret selector type. I can't think of any other validation that would be needed at the point of adding it. I assume the credential will be checked for validity at the point when we try to use it like our current approach with credentials. |
This would be a good validation. But we are letting ppl create BSLs w/o any type of validation as to if it's a valid store, with it's connection and all. So I say let's add that validation to the BSL controller. It's probably best to add that at the time when we add the code to use it (in the PR that will do the passing of the secret to the plugin). It will become part of the validation for the BSL, in the controller: does the secret exist? Yes? Then instantiate the store passing all the current info + the secret, if there is one (*passing TBD). If we get back an instance, then mark the BSL as valid. |
Yes, new fields should be optional as much as possible in order to retain backwards compatibility. |
pkg/cmd/cli/backuplocation/set.go
Outdated
} | ||
|
||
func (o *SetOptions) BindFlags(flags *pflag.FlagSet) { | ||
flags.Var(&o.Credential, "credential", "Sets the one credential to be used by this location in key-value pair, where key is the secret name, and value is the secret key name. Optional.") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm, I wonder if we could have shared string consts for these help messages. I wouldn't say redo them all in this PR, but maybe it's something we could work towards, as repeating this in 2 files seems prone to error.
We could also populate this info at startup for 1-2 releases. |
Comments have been addressed, ready for review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TBH, if the secret key is fixed to use cloud
before, we could simplify passing the secret name to the --credential
flag.
@jenting that was before. There is a new change (#2403 and 8e96722#diff-1c259cca045064227710d0f341606e8ba73adda92dc126782acf62e2667af5baR44-R55) that will require the user to pass the secret name and the key name, this way we can have multiple secrets. |
This PR is still ready for review. This is a blocker for #3299 (multiple secrets). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @carlisia! This is great, and has worked as expected for the POC 👍 I just have one suggestion based on the comments already made around the validation of the flags.
pkg/cmd/cli/backuplocation/create.go
Outdated
@@ -148,6 +152,16 @@ func (o *CreateOptions) Run(c *cobra.Command, f client.Factory) error { | |||
validationFrequency = &metav1.Duration{Duration: o.ValidationFrequency} | |||
} | |||
|
|||
if len(o.Credential.Data()) > 1 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be better if we could add this check into the Validate
function above. We don't seem to have an equivalent function for the set
command so that would be good to add and use as the place to check in the other file.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since the set
and create
commands have separate Options
types, we'll likely have to split the Credentials
field out somehow to have a shared validation if that's what we want. But I otherwise agree on having a Validate
function that does this!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When I made this comment, introducing an equivalent Validate
function was all I had in mind so I'm happy with that approach!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nolan and I paired and looking into merging some of the code from create and set, and it did not make sense.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
Signed-off-by: Carlisia <carlisia@vmware.com>
Signed-off-by: Carlisia <carlisia@vmware.com>
Signed-off-by: Carlisia <carlisia@vmware.com>
Signed-off-by: Carlisia <carlisia@vmware.com>
5aa980a
to
930508b
Compare
@vmware-tanzu/velero-owners this release blocker is ready for review. |
Partially closes #2425.
Notes:
Signed-off-by: Carlisia carlisia@vmware.com