Adding ability for a BSL with credentials to pass validation. (#524)

Author: shawn-hurley

controllers/validator_test.go

@@ -50,6 +50,28 @@ func TestDPAReconciler_ValidateDataProtectionCR(t *testing.T) {
 			wantErr: false,
 			want:    true,
 		},
+		{
+			name: "given valid DPA CR, error case",
+			dpa: &oadpv1alpha1.DataProtectionApplication{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "test-DPA-CR",
+					Namespace: "test-ns",
+				},
+				Spec: oadpv1alpha1.DataProtectionApplicationSpec{
+					Configuration: &oadpv1alpha1.ApplicationConfig{
+						Velero: &oadpv1alpha1.VeleroConfig{
+							DefaultPlugins: []oadpv1alpha1.DefaultPlugin{
+								oadpv1alpha1.DefaultPluginAWS,
+							},
+							NoDefaultBackupLocation: true,
+						},
+					},
+				},
+			},
+			objects: []client.Object{},
+			wantErr: true,
+			want:    false,
+		},
 		{
 			name: "given invalid DPA CR, velero configuration is nil, error case",
 			dpa: &oadpv1alpha1.DataProtectionApplication{
@@ -344,6 +366,81 @@ func TestDPAReconciler_ValidateDataProtectionCR(t *testing.T) {
 			wantErr: true,
 			want:    false,
 		},
+		{
+			name: "given valid DPA CR AWS Default Plugin with credentials",
+			dpa: &oadpv1alpha1.DataProtectionApplication{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "test-DPA-CR",
+					Namespace: "test-ns",
+				},
+				Spec: oadpv1alpha1.DataProtectionApplicationSpec{
+					BackupLocations: []oadpv1alpha1.BackupLocation{
+						{
+							Velero: &v1.BackupStorageLocationSpec{
+								Provider: "velero.io/aws",
+								Credential: &corev1.SecretKeySelector{
+									LocalObjectReference: corev1.LocalObjectReference{
+										Name: "Test",
+									},
+									Key:      "Creds",
+									Optional: new(bool),
+								},
+							},
+						},
+					},
+					Configuration: &oadpv1alpha1.ApplicationConfig{
+						Velero: &oadpv1alpha1.VeleroConfig{
+							DefaultPlugins: []oadpv1alpha1.DefaultPlugin{
+								oadpv1alpha1.DefaultPluginAWS,
+							},
+						},
+					},
+				},
+			},
+			objects: []client.Object{},
+			wantErr: false,
+			want:    true,
+		},
+		{
+			name: "given valid DPA CR AWS Default Plugin with credentials and one without",
+			dpa: &oadpv1alpha1.DataProtectionApplication{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "test-DPA-CR",
+					Namespace: "test-ns",
+				},
+				Spec: oadpv1alpha1.DataProtectionApplicationSpec{
+					BackupLocations: []oadpv1alpha1.BackupLocation{
+						{
+							Velero: &v1.BackupStorageLocationSpec{
+								Provider: "velero.io/aws",
+								Credential: &corev1.SecretKeySelector{
+									LocalObjectReference: corev1.LocalObjectReference{
+										Name: "Test",
+									},
+									Key:      "Creds",
+									Optional: new(bool),
+								},
+							},
+						},
+						{
+							Velero: &v1.BackupStorageLocationSpec{
+								Provider: "velero.io/aws",
+							},
+						},
+					},
+					Configuration: &oadpv1alpha1.ApplicationConfig{
+						Velero: &oadpv1alpha1.VeleroConfig{
+							DefaultPlugins: []oadpv1alpha1.DefaultPlugin{
+								oadpv1alpha1.DefaultPluginAWS,
+							},
+						},
+					},
+				},
+			},
+			objects: []client.Object{},
+			wantErr: true,
+			want:    false,
+		},
 	}
 	for _, tt := range tests {
 		tt.objects = append(tt.objects, tt.dpa)

controllers/velero.go

@@ -651,7 +651,14 @@ func (r DPAReconciler) noDefaultCredentials(dpa oadpv1alpha1.DataProtectionAppli
 
 	for _, bsl := range dpa.Spec.BackupLocations {
 		if bsl.Velero != nil && bsl.Velero.Credential == nil {
-			providerNeedsDefaultCreds[strings.TrimPrefix(bsl.Velero.Provider, "velero.io/")] = true
+			bslProvider := strings.TrimPrefix(bsl.Velero.Provider, "velero.io/")
+			providerNeedsDefaultCreds[bslProvider] = true
+		}
+		if bsl.Velero != nil && bsl.Velero.Credential != nil {
+			bslProvider := strings.TrimPrefix(bsl.Velero.Provider, "velero.io/")
+			if found := providerNeedsDefaultCreds[bslProvider]; !found {
+				providerNeedsDefaultCreds[bslProvider] = false
+			}
 		}
 		if bsl.CloudStorage != nil {
 			hasCloudStorage = true