From 20c0eda9cbadf9b2e8f3acee49387d78fcdf3762 Mon Sep 17 00:00:00 2001 From: lgtm <1gtm@users.noreply.github.com> Date: Fri, 15 Jan 2021 20:29:20 -0800 Subject: [PATCH] [cherry-pick] Use BasicAuth Keys for reading credentials from secret (#543) (#548) Signed-off-by: Emruz Hossain --- Dockerfile.dbg | 3 +-- Dockerfile.in | 3 +-- go.mod | 1 + pkg/backup.go | 10 +++++++++- pkg/restore.go | 10 +++++++++- pkg/utils.go | 7 +++++++ 6 files changed, 28 insertions(+), 6 deletions(-) diff --git a/Dockerfile.dbg b/Dockerfile.dbg index d411f4b77..e6ee189ef 100644 --- a/Dockerfile.dbg +++ b/Dockerfile.dbg @@ -35,8 +35,7 @@ LABEL org.opencontainers.image.source https://github.com/stashed/elasticsearch RUN set -x \ && apk add --update --no-cache bash ca-certificates curl -RUN npm config set unsafe-perm true \ - && npm install elasticdump@4.1.2 -g +RUN npm install elasticdump@6.62.1 -g COPY --from=0 restic /bin/restic COPY bin/{ARG_OS}_{ARG_ARCH}/{ARG_BIN} /{ARG_BIN} diff --git a/Dockerfile.in b/Dockerfile.in index e3080922f..daa0b19d8 100644 --- a/Dockerfile.in +++ b/Dockerfile.in @@ -35,8 +35,7 @@ LABEL org.opencontainers.image.source https://github.com/stashed/elasticsearch RUN set -x \ && apk add --update --no-cache bash ca-certificates curl -RUN npm config set unsafe-perm true \ - && npm install elasticdump@4.1.2 -g +RUN npm install elasticdump@6.62.1 -g COPY --from=0 /restic /bin/restic COPY bin/{ARG_OS}_{ARG_ARCH}/{ARG_BIN} /{ARG_BIN} diff --git a/go.mod b/go.mod index 6ef3ed468..7a99eb62c 100644 --- a/go.mod +++ b/go.mod @@ -8,6 +8,7 @@ require ( github.com/spf13/cobra v1.1.1 go.bytebuilders.dev/license-verifier/kubernetes v0.5.1 gomodules.xyz/x v0.0.0-20201105065653-91c568df6331 + k8s.io/api v0.18.9 k8s.io/apimachinery v0.18.9 k8s.io/client-go v0.18.9 kmodules.xyz/client-go v0.0.0-20210108092221-c3812eb92bd0 diff --git a/pkg/backup.go b/pkg/backup.go index 4f31ad834..e8446fa4b 100644 --- a/pkg/backup.go +++ b/pkg/backup.go @@ -35,9 +35,11 @@ import ( license "go.bytebuilders.dev/license-verifier/kubernetes" "gomodules.xyz/x/flags" "gomodules.xyz/x/log" + core "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" + meta_util "kmodules.xyz/client-go/meta" appcatalog "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1" appcatalog_cs "kmodules.xyz/custom-resources/client/clientset/versioned" v1 "kmodules.xyz/offshoot-api/api/v1" @@ -215,7 +217,13 @@ func (opt *esOptions) backupElasticsearch(targetRef api_v1beta1.TargetRef) (*res } appSVC := appBinding.Spec.ClientConfig.Service - esURL := fmt.Sprintf("%v://%s:%s@%s:%d", appSVC.Scheme, appBindingSecret.Data[ESUser], appBindingSecret.Data[ESPassword], appSVC.Name, appSVC.Port) // TODO: authplugin: none + esURL := fmt.Sprintf("%v://%s:%s@%s:%d", + appSVC.Scheme, + must(meta_util.GetBytesForKeys(appBindingSecret.Data, core.BasicAuthUsernameKey, ESUser)), + must(meta_util.GetBytesForKeys(appBindingSecret.Data, core.BasicAuthPasswordKey, ESPassword)), + appSVC.Name, + appSVC.Port, + ) // TODO: support backup without authentication // wait for DB ready waitForDBReady(appBinding.Spec.ClientConfig.Service.Name, appBinding.Spec.ClientConfig.Service.Port, opt.waitTimeout) diff --git a/pkg/restore.go b/pkg/restore.go index 42e3b1e50..79a0ae387 100644 --- a/pkg/restore.go +++ b/pkg/restore.go @@ -32,9 +32,11 @@ import ( license "go.bytebuilders.dev/license-verifier/kubernetes" "gomodules.xyz/x/flags" "gomodules.xyz/x/log" + core "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" + meta_util "kmodules.xyz/client-go/meta" appcatalog "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1" appcatalog_cs "kmodules.xyz/custom-resources/client/clientset/versioned" v1 "kmodules.xyz/offshoot-api/api/v1" @@ -182,7 +184,13 @@ func (opt *esOptions) restoreElasticsearch(targetRef api_v1beta1.TargetRef) (*re } appSVC := appBinding.Spec.ClientConfig.Service - esURL := fmt.Sprintf("%v://%s:%s@%s:%d", appSVC.Scheme, appBindingSecret.Data[ESUser], appBindingSecret.Data[ESPassword], appSVC.Name, appSVC.Port) // TODO: support for authplugin: none + esURL := fmt.Sprintf("%v://%s:%s@%s:%d", + appSVC.Scheme, + must(meta_util.GetBytesForKeys(appBindingSecret.Data, core.BasicAuthUsernameKey, ESUser)), + must(meta_util.GetBytesForKeys(appBindingSecret.Data, core.BasicAuthPasswordKey, ESPassword)), + appSVC.Name, + appSVC.Port, + ) // TODO: support backup without authentication // wait for DB ready waitForDBReady(appBinding.Spec.ClientConfig.Service.Name, appBinding.Spec.ClientConfig.Service.Port, opt.waitTimeout) diff --git a/pkg/utils.go b/pkg/utils.go index d00ce783c..42004e3ec 100644 --- a/pkg/utils.go +++ b/pkg/utils.go @@ -72,3 +72,10 @@ func clearDir(dir string) error { } return os.MkdirAll(dir, os.ModePerm) } + +func must(v []byte, err error) string { + if err != nil { + panic(err) + } + return string(v) +}