Skip to content

Commit

Permalink
Merge pull request #599 from jbiers/support-wildcards-in-encryptionco…
Browse files Browse the repository at this point in the history
…nfiguration

Support wildcards in EncryptionConfiguration
  • Loading branch information
jbiers authored Oct 17, 2024
2 parents 5cc7bcc + 3681ecd commit 1295ee3
Show file tree
Hide file tree
Showing 7 changed files with 26 additions and 18 deletions.
7 changes: 3 additions & 4 deletions pkg/controllers/backup/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ import (
"encoding/json"
"errors"
"fmt"
"io/ioutil"
"os"
"path/filepath"
"strings"
Expand Down Expand Up @@ -145,8 +144,8 @@ func (h *handler) OnBackupChange(_ string, backup *v1.Backup) (*v1.Backup, error
logrus.Infof("For backup CR %v, filename: %v", backup.Name, backupFileName)

// create a temp dir to write all backup files to, delete this before returning.
// empty dir param in ioutil.TempDir defaults to os.TempDir
tmpBackupPath, err := ioutil.TempDir("", backupFileName)
// empty dir param in os.MkdirTemp. defaults to os.TempDir
tmpBackupPath, err := os.MkdirTemp("", backupFileName)
if err != nil {
return h.setReconcilingCondition(backup, fmt.Errorf("error creating temp dir: %v", err))
}
Expand Down Expand Up @@ -259,7 +258,7 @@ func (h *handler) performBackup(backup *v1.Backup, tmpBackupPath, backupFileName
if err != nil {
return err
}
err = ioutil.WriteFile(filepath.Join(filtersPath, "filters.json"), filters, os.ModePerm)
err = os.WriteFile(filepath.Join(filtersPath, "filters.json"), filters, os.ModePerm)
if err != nil {
return err
}
Expand Down
3 changes: 1 addition & 2 deletions pkg/controllers/backup/upload.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ import (
"errors"
"fmt"
"io"
"io/ioutil"
"os"
"path/filepath"
"strings"
Expand All @@ -17,7 +16,7 @@ import (
)

func (h *handler) uploadToS3(backup *v1.Backup, objectStore *v1.S3ObjectStore, tmpBackupPath, gzipFile string) error {
tmpBackupGzipFilepath, err := ioutil.TempDir("", "uploadpath")
tmpBackupGzipFilepath, err := os.MkdirTemp("", "uploadpath")
if err != nil {
return err
}
Expand Down
11 changes: 7 additions & 4 deletions pkg/controllers/restore/download.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,16 @@ import (
"encoding/json"
"fmt"
"io"
"io/ioutil"
"os"
"strings"

v1 "github.com/rancher/backup-restore-operator/pkg/apis/resources.cattle.io/v1"
"github.com/rancher/backup-restore-operator/pkg/objectstore"
"github.com/rancher/backup-restore-operator/pkg/util"
"github.com/sirupsen/logrus"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apiserver/pkg/server/options/encryptionconfig"
"k8s.io/apiserver/pkg/storage/value"
)

Expand Down Expand Up @@ -64,7 +65,7 @@ func (h *handler) LoadFromTarGzip(tarGzFilePath string, transformerMap map[schem
if tarContent.Typeflag != tar.TypeReg {
continue
}
readData, err := ioutil.ReadAll(tarball)
readData, err := io.ReadAll(tarball)
if err != nil {
return err
}
Expand Down Expand Up @@ -101,11 +102,13 @@ func (h *handler) loadDataFromFile(tarContent *tar.Header, readData []byte,
namespace = splitPath[1]
additionalAuthenticatedData = fmt.Sprintf("%s#%s", namespace, name)
}

gvrStr := splitPath[0]
gvr := getGVR(gvrStr)

decryptionTransformer := transformerMap[gvr.GroupResource()]
if decryptionTransformer != nil {
var staticTransformers encryptionconfig.StaticTransformers = transformerMap
decryptionTransformer := staticTransformers.TransformerForResource(gvr.GroupResource())
if decryptionTransformer != nil && !util.IsDefaultEncryptionTransformer(decryptionTransformer) {
var encryptedBytes []byte
if err := json.Unmarshal(readData, &encryptedBytes); err != nil {
logrus.Errorf("Error unmarshaling encrypted data for resource [%v]: %v", gvr.GroupResource(), err)
Expand Down
4 changes: 2 additions & 2 deletions pkg/crds/crd.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ package crds
import (
"encoding/json"
"fmt"
"io/ioutil"
"os"
"strings"

resources "github.com/rancher/backup-restore-operator/pkg/apis/resources.cattle.io/v1"
Expand Down Expand Up @@ -42,7 +42,7 @@ func WriteCRD() error {
}

filename := fmt.Sprintf("./charts/rancher-backup-crd/templates/%s.yaml", strings.ToLower(crd.Spec.Names.Kind))
err = ioutil.WriteFile(filename, yamlBytes, 0644)
err = os.WriteFile(filename, yamlBytes, 0644)
if err != nil {
return err
}
Expand Down
3 changes: 1 addition & 2 deletions pkg/objectstore/s3minio.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ import (
"encoding/pem"
"fmt"
"io"
"io/ioutil"
"net/http"
"os"
"path"
Expand Down Expand Up @@ -266,7 +265,7 @@ func readS3EndpointCA(endpointCA string) ([]byte, error) {
if err == nil {
log.Info("reading s3-endpoint-ca as a base64 string")
} else {
ca, err = ioutil.ReadFile(endpointCA)
ca, err = os.ReadFile(endpointCA)
log.Infof("reading s3-endpoint-ca from [%v]", endpointCA)
}
return ca, err
Expand Down
8 changes: 6 additions & 2 deletions pkg/resourcesets/collector.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,13 @@ import (
"strings"

v1 "github.com/rancher/backup-restore-operator/pkg/apis/resources.cattle.io/v1"
"github.com/rancher/backup-restore-operator/pkg/util"
"github.com/sirupsen/logrus"
apierrors "k8s.io/apimachinery/pkg/api/errors"
k8sv1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apiserver/pkg/server/options/encryptionconfig"
"k8s.io/apiserver/pkg/storage/value"
"k8s.io/client-go/discovery"
"k8s.io/client-go/dynamic"
Expand Down Expand Up @@ -387,7 +389,8 @@ func (h *ResourceHandler) WriteBackupObjects(backupPath string) error {
}

gr := schema.ParseGroupResource(gvResource.Name + "." + gv.Group)
encryptionTransformer := h.TransformerMap[gr]
var staticTransformers encryptionconfig.StaticTransformers = h.TransformerMap
encryptionTransformer := staticTransformers.TransformerForResource(gr)
additionalAuthenticatedData := objName
if gvResource.Namespaced {
additionalAuthenticatedData = fmt.Sprintf("%s#%s", metadata["namespace"].(string), additionalAuthenticatedData)
Expand Down Expand Up @@ -433,11 +436,12 @@ func writeToBackup(ctx context.Context, resource map[string]interface{}, backupP
if err != nil {
return fmt.Errorf("error converting resource to JSON: %v", err)
}
if transformer != nil {
if transformer != nil && !util.IsDefaultEncryptionTransformer(transformer) {
encrypted, err := transformer.TransformToStorage(ctx, resourceBytes, value.DefaultContext(additionalAuthenticatedData))
if err != nil {
return fmt.Errorf("error converting resource to JSON: %v", err)
}

resourceBytes, err = json.Marshal(encrypted)
if err != nil {
return fmt.Errorf("error converting encrypted resource to JSON: %v", err)
Expand Down
8 changes: 6 additions & 2 deletions pkg/util/util.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package util
import (
"context"
"fmt"
"io/ioutil"
"os"
"reflect"

Expand All @@ -13,6 +12,7 @@ import (
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apiserver/pkg/server/options/encryptionconfig"
"k8s.io/apiserver/pkg/storage/value"
"k8s.io/apiserver/pkg/storage/value/encrypt/identity"
)

const (
Expand All @@ -36,7 +36,7 @@ func GetEncryptionTransformers(encryptionConfigSecretName string, secrets v1core
if !ok {
return nil, fmt.Errorf("no encryptionConfig provided")
}
err = ioutil.WriteFile(encryptionProviderConfigKey, encryptionConfigBytes, os.ModePerm)
err = os.WriteFile(encryptionProviderConfigKey, encryptionConfigBytes, os.ModePerm)
defer os.Remove(encryptionProviderConfigKey)

if err != nil {
Expand All @@ -60,6 +60,10 @@ func GetObjectQueue(l interface{}, capacity int) chan interface{} {
return c
}

func IsDefaultEncryptionTransformer(transformer value.Transformer) bool {
return transformer == identity.NewEncryptCheckTransformer()
}

func ErrList(e []error) error {
if len(e) > 0 {
return fmt.Errorf("%v", e)
Expand Down

0 comments on commit 1295ee3

Please sign in to comment.