Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support recovering from repository in different namespace #474

Merged
merged 17 commits into from
May 18, 2018
Merged

Support recovering from repository in different namespace #474

merged 17 commits into from
May 18, 2018

Conversation

tamalsaha
Copy link
Member

@tamalsaha tamalsaha commented May 6, 2018
edited by hossainemruz
Loading

  • Load repository secret from right namespace
  • Update docs
  • Update test
    cc: @farcaller

@tamalsaha tamalsaha requested a review from hossainemruz May 6, 2018 00:09
@codecov-io
Copy link

codecov-io commented May 6, 2018
edited
Loading

Codecov Report

Merging #474 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@          Coverage Diff          @@
##           master   #474   +/-   ##
=====================================
  Coverage      84%    84%           
=====================================
  Files           2      2           
  Lines          25     25           
=====================================
  Hits           21     21           
  Misses          2      2           
  Partials        2      2

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4bddc2e...ba88717. Read the comment docs.

@tamalsaha tamalsaha changed the title Support recovering from different namespace Support recovering from repository in different namespace May 6, 2018
tamalsaha
tamalsaha commented May 16, 2018
View reviewed changes
test/e2e/statefulset_test.go
cred = f.SecretForLocalBackend()
restic = f.ResticForHostPathLocalBackend()
recovery = f.RecoveryForRestic(restic)
recoveryNamespace = f.NewNamespace(rand.WithUniqSuffix("recovery"))
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where is this namespace created?

tamalsaha
tamalsaha commented May 16, 2018
View reviewed changes
pkg/controller/rbac.go Outdated
@@ -231,7 +231,7 @@ func (c *StashController) ensureRecoveryRBAC(resource *core.ObjectReference) err
}

// ensure role binding
_, _, err = rbac_util.CreateOrPatchRoleBinding(c.kubeClient, meta, func(in *rbac.RoleBinding) *rbac.RoleBinding {
_, _, err = rbac_util.CreateOrPatchClusterRoleBinding(c.kubeClient, meta, func(in *rbac.ClusterRoleBinding) *rbac.ClusterRoleBinding {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't need to use ClusterRoleBinding. This is what we should do, create a ClusterRole that gives read permission on any Repository object. Then create a RoleBinding in the namespace of the Repository object so that the recovery s/a can read it. This is how the EAS auth configmap is read.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added appscode:stash:repository-reader 085bd16

@tamalsaha
Copy link
Member Author

/lgtm

@tamalsaha tamalsaha merged commit 5dc386d into master May 18, 2018
@tamalsaha tamalsaha deleted the x7 branch May 18, 2018 09:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hossainemruz hossainemruz Awaiting requested review from hossainemruz

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tamalsaha @codecov-io