Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow Non-Admin user to create Backup Storage Locations - fixes #36 #115

Draft
wants to merge 4 commits into
base: master
Choose a base branch
from
Draft

Allow Non-Admin user to create Backup Storage Locations - fixes #36 #115

wants to merge 4 commits into from

Conversation

mpryc
Copy link
Collaborator

@mpryc mpryc commented Nov 18, 2024
edited by mateusoliveira43
Loading

Why the changes were made

Fix #36, also #57

How to test the changes made

  1. Create as usual OADP with NAC.
  2. Create user secret in the user's namespace similarly to the S3 secret for DPA:
$ oc create secret generic nac-credentials -n <USERS_NAMESPACE> --from-file cloud=credentials-velero
  1. Create Non Admin BSL pointing to the above credential in the user's namespace, example spec part:
apiVersion: oadp.openshift.io/v1alpha1
kind: NonAdminBackupStorageLocation
metadata:
  name: example
  namespace: nactest
spec:
  config:
    region: eu-central-1
  credential:
    key: cloud
    name: nac-credentials
  objectStorage:
    bucket: my-bucket
    prefix: some-prefix
  provider: aws
  1. Check the NAC logs, the NaBSL object (if it was correctly reconciled and updated with status from Velero BSL)

5...6...7... Do break things, such as improper Secret data, non-existing secret, removal of the secret from the OADP namespace or the user namespace, removal of the BSL from the OADP namespace and see if everything reconciles as expected.

Read design

@mpryc
Generated scaffold for the NonAdminBackupStorageLocation
06026ca 
The scaffold was generated using operator-sdk version 1.37.0:

$ operator-sdk create api --version v1alpha1 --kind NonAdminBackupStorageLocation  --group oadp

Signed-off-by: Michal Pryc <[email protected]>
@mpryc
Generated manifests after scaffold of NABSL
d42f1b9 
Second step to generate scaffold folder for the NABSL
controller with the $ make manifests command

Used controller-gen-v0.14.0 for the above.

Signed-off-by: Michal Pryc <[email protected]>
@mpryc
Rename some of the imports to be consistent from oadpv1alpha1 to nacv…
408f775 
…1alpha1

Signed-off-by: Michal Pryc <[email protected]>
@mpryc
NonAdminBackup BSL - WIP
5464b98 
Signed-off-by: Michal Pryc <[email protected]>
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Nov 18, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Nov 18, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mpryc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@mpryc
Copy link
Collaborator Author

mpryc commented Nov 18, 2024

@mateusoliveira43 @shubham-pampattiwar @weshayutin enjoy playing with it, comments welcome.
Note that tests will be implemented after we agree on the current implementation. This part is for creation/deletion of BSL. Actual use of the BSL from the Non Admin Backup should be in separate PR as it will require some changes in the non-admin Backup reconcile to ensure we are safe-guarding against usage from BSL's which are not allowed for the user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
approved do-not-merge/work-in-progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Ability for non-admin users to create BackupStorageLocations(BSL)
1 participant
@mpryc