Fixing and adding unit tests to validate validator logic

Shawn Hurley · Shawn Hurley · commit 780e2f514cea · 2021-11-29T14:25:12.000-05:00
diff --git a/api/v1alpha1/oadp_types.go b/api/v1alpha1/oadp_types.go
@@ -108,7 +108,7 @@ type ApplicationConfig struct {
 	Restic *ResticConfig `json:"restic,omitempty"`
 }
 
-type CloudStoreageLocation struct {
+type CloudStorageLocation struct {
 	CloudStorageRef corev1.LocalObjectReference `json:"cloudStorageRef"`
 
 	// Config is for provider-specific configuration fields.
@@ -135,7 +135,7 @@ type BackupLocation struct {
 	// +optional
 	Velero *velero.BackupStorageLocationSpec `json:"velero,omitempty"`
 	// +optional
-	CloudStorage *CloudStoreageLocation `json:"bucket,omitempty"`
+	CloudStorage *CloudStorageLocation `json:"bucket,omitempty"`
 }
 
 // SnapshotLocation defines the configuration for the DPA snapshot store
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/bundle/manifests/oadp-operator.clusterserviceversion.yaml b/bundle/manifests/oadp-operator.clusterserviceversion.yaml
@@ -448,10 +448,6 @@ spec:
                 - --leader-elect
                 command:
                 - /manager
-                volumeMounts:
-                - mountPath: /var/run/secrets/openshift/serviceaccount
-                  name: bound-sa-token
-                  readOnly: true
                 env:
                 - name: WATCH_NAMESPACE
                   valueFrom:
@@ -527,6 +523,10 @@ spec:
                     path: /healthz
                     port: 8081
                   periodSeconds: 10
+                volumeMounts:
+                - mountPath: /var/run/secrets/openshift/serviceaccount
+                  name: bound-sa-token
+                  readOnly: true
               securityContext:
                 runAsNonRoot: true
               serviceAccountName: openshift-adp-controller-manager
@@ -536,9 +536,9 @@ spec:
                 projected:
                   sources:
                   - serviceAccountToken:
-                      path: token
-                      expirationSeconds: 3600
                       audience: openshift
+                      expirationSeconds: 3600
+                      path: token
       permissions:
       - rules:
         - apiGroups:
diff --git a/bundle/manifests/oadp.openshift.io_cloudstorages.yaml b/bundle/manifests/oadp.openshift.io_cloudstorages.yaml
@@ -59,7 +59,7 @@ spec:
                 type: string
               provider:
                 enum:
-                - AWS
+                - aws
                 type: string
               region:
                 description: Region for the bucket to be in, will be us-east-1 if
diff --git a/bundle/manifests/oadp.openshift.io_dataprotectionapplications.yaml b/bundle/manifests/oadp.openshift.io_dataprotectionapplications.yaml
@@ -56,7 +56,7 @@ spec:
                             0 disables sync.
                           nullable: true
                           type: string
-                        bucketRef:
+                        cloudStorageRef:
                           description: LocalObjectReference contains enough information
                             to let you locate the referenced object inside the same
                             namespace.
@@ -96,7 +96,7 @@ spec:
                             backup storage location.
                           type: boolean
                       required:
-                      - bucketRef
+                      - cloudStorageRef
                       type: object
                     velero:
                       description: 'TODO: Add name/annotations/labels support'
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -27,6 +27,10 @@ spec:
       containers:
       - command:
         - /manager
+        volumeMounts:
+          - mountPath: /var/run/secrets/openshift/serviceaccount
+            name: bound-sa-token
+            readOnly: true
         env:
           - name: WATCH_NAMESPACE
             valueFrom:
@@ -105,4 +109,12 @@ spec:
             cpu: 500m
             memory: 128Mi
       serviceAccountName: controller-manager
+      volumes:
+      - name: bound-sa-token
+        projected:
+          sources:
+          - serviceAccountToken:
+              path: token
+              expirationSeconds: 3600
+              audience: openshift
       terminationGracePeriodSeconds: 10
diff --git a/controllers/bsl_test.go b/controllers/bsl_test.go
@@ -838,7 +838,7 @@ func TestDPAReconciler_ValidateBackupStorageLocations(t *testing.T) {
 									},
 								},
 							},
-							CloudStorage: &oadpv1alpha1.CloudStoreageLocation{
+							CloudStorage: &oadpv1alpha1.CloudStorageLocation{
 								CloudStorageRef:  corev1.LocalObjectReference{},
 								Config:           map[string]string{},
 								Credential:       &corev1.SecretKeySelector{},
@@ -868,7 +868,7 @@ func TestDPAReconciler_ValidateBackupStorageLocations(t *testing.T) {
 				Spec: oadpv1alpha1.DataProtectionApplicationSpec{
 					BackupLocations: []oadpv1alpha1.BackupLocation{
 						{
-							CloudStorage: &oadpv1alpha1.CloudStoreageLocation{
+							CloudStorage: &oadpv1alpha1.CloudStorageLocation{
 								CloudStorageRef:  corev1.LocalObjectReference{},
 								Config:           map[string]string{},
 								Credential:       &corev1.SecretKeySelector{},
@@ -898,7 +898,7 @@ func TestDPAReconciler_ValidateBackupStorageLocations(t *testing.T) {
 				Spec: oadpv1alpha1.DataProtectionApplicationSpec{
 					BackupLocations: []oadpv1alpha1.BackupLocation{
 						{
-							CloudStorage: &oadpv1alpha1.CloudStoreageLocation{
+							CloudStorage: &oadpv1alpha1.CloudStorageLocation{
 								CloudStorageRef: corev1.LocalObjectReference{
 									Name: "testing",
 								},
@@ -930,7 +930,7 @@ func TestDPAReconciler_ValidateBackupStorageLocations(t *testing.T) {
 				Spec: oadpv1alpha1.DataProtectionApplicationSpec{
 					BackupLocations: []oadpv1alpha1.BackupLocation{
 						{
-							CloudStorage: &oadpv1alpha1.CloudStoreageLocation{
+							CloudStorage: &oadpv1alpha1.CloudStorageLocation{
 								CloudStorageRef: corev1.LocalObjectReference{
 									Name: "testing",
 								},
@@ -1020,7 +1020,7 @@ func TestDPAReconciler_ValidateBackupStorageLocations(t *testing.T) {
 							},
 						},
 						{
-							CloudStorage: &oadpv1alpha1.CloudStoreageLocation{
+							CloudStorage: &oadpv1alpha1.CloudStorageLocation{
 								CloudStorageRef: corev1.LocalObjectReference{
 									Name: "testing",
 								},
diff --git a/controllers/validator.go b/controllers/validator.go
@@ -58,32 +58,47 @@ func (r *DPAReconciler) ValidateVeleroPlugins(log logr.Logger) (bool, error) {
 	}
 
 	providerNeedsDefaultCreds := map[string]bool{}
+	hasCloudStorage := false
 
 	for _, bsl := range dpa.Spec.BackupLocations {
 		if bsl.Velero != nil && bsl.Velero.Credential == nil {
 			providerNeedsDefaultCreds[strings.TrimPrefix(bsl.Velero.Provider, "velero.io/")] = true
 		}
-		if bsl.CloudStorage != nil && bsl.CloudStorage.Credential == nil {
-			cloudStroage := oadpv1alpha1.CloudStorage{}
-			err := r.Get(r.Context, types.NamespacedName{Name: bsl.CloudStorage.CloudStorageRef.Name, Namespace: dpa.Namespace}, &cloudStroage)
-			if err != nil {
-				return false, err
+		if bsl.CloudStorage != nil {
+			hasCloudStorage = true
+			if bsl.CloudStorage.Credential == nil {
+				cloudStroage := oadpv1alpha1.CloudStorage{}
+				err := r.Get(r.Context, types.NamespacedName{Name: bsl.CloudStorage.CloudStorageRef.Name, Namespace: dpa.Namespace}, &cloudStroage)
+				if err != nil {
+					return false, err
+				}
+				providerNeedsDefaultCreds[string(cloudStroage.Spec.Provider)] = true
 			}
-			providerNeedsDefaultCreds[string(cloudStroage.Spec.Provider)] = true
 		}
 	}
 
 	for _, vsl := range dpa.Spec.SnapshotLocations {
 		if vsl.Velero != nil {
-			providerNeedsDefaultCreds[vsl.Velero.Provider] = true
+			// To handle the case where we want to manually hand the credentials for a cloud storage created
+			// Bucket credententials via configuration. Only AWS is supported
+			provider := strings.TrimPrefix(vsl.Velero.Provider, "velero.io")
+			if provider != string(oadpv1alpha1.AWSBucketProvider) {
+				providerNeedsDefaultCreds[provider] = true
+			}
 		}
 	}
 
 	var defaultPlugin oadpv1alpha1.DefaultPlugin
 	for _, plugin := range dpa.Spec.Configuration.Velero.DefaultPlugins {
 
 		pluginSpecificMap, ok := credentials.PluginSpecificFields[plugin]
-		if ok && pluginSpecificMap.IsCloudProvider && providerNeedsDefaultCreds[string(plugin)] {
+		pluginNeedsCheck, foundInBSLorVSL := providerNeedsDefaultCreds[string(plugin)]
+
+		if !foundInBSLorVSL && !hasCloudStorage {
+			pluginNeedsCheck = true
+		}
+
+		if ok && pluginSpecificMap.IsCloudProvider && pluginNeedsCheck {
 			secretName := pluginSpecificMap.SecretName
 			_, err := r.getProviderSecret(secretName)
 			if err != nil {
diff --git a/controllers/validator_test.go b/controllers/validator_test.go
diff --git a/controllers/velero_test.go b/controllers/velero_test.go

Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,7 @@ type ApplicationConfig struct {`
`108`	`108`	Restic *ResticConfig `json:"restic,omitempty"`
`109`	`109`	`}`
`110`	`110`
`111`		`-type CloudStoreageLocation struct {`
	`111`	`+type CloudStorageLocation struct {`
`112`	`112`	CloudStorageRef corev1.LocalObjectReference `json:"cloudStorageRef"`
`113`	`113`
`114`	`114`	`// Config is for provider-specific configuration fields.`
`@@ -135,7 +135,7 @@ type BackupLocation struct {`
`135`	`135`	`// +optional`
`136`	`136`	Velero *velero.BackupStorageLocationSpec `json:"velero,omitempty"`
`137`	`137`	`// +optional`
`138`		- CloudStorage *CloudStoreageLocation `json:"bucket,omitempty"`
	`138`	+ CloudStorage *CloudStorageLocation `json:"bucket,omitempty"`
`139`	`139`	`}`
`140`	`140`
`141`	`141`	`// SnapshotLocation defines the configuration for the DPA snapshot store`