Skip to content

Commit

Permalink
BR: support Azure blob storage sas token (pingcap#5720)
Browse files Browse the repository at this point in the history
  • Loading branch information
tennix authored Aug 28, 2024
1 parent 5ba9080 commit ff467a6
Show file tree
Hide file tree
Showing 14 changed files with 233 additions and 75 deletions.
24 changes: 24 additions & 0 deletions docs/api-references/docs.md
Original file line number Diff line number Diff line change
Expand Up @@ -3394,6 +3394,30 @@ azblob service account credentials.</p>
</tr>
<tr>
<td>
<code>storageAccount</code></br>
<em>
string
</em>
</td>
<td>
<p>StorageAccount is the storage account of the azure blob storage
If this field is set, then use this to set backup-manager env
Otherwise retrieve the storage account from secret</p>
</td>
</tr>
<tr>
<td>
<code>sasToken</code></br>
<em>
string
</em>
</td>
<td>
<p>SasToken is the sas token of the storage account</p>
</td>
</tr>
<tr>
<td>
<code>prefix</code></br>
<em>
string
Expand Down
20 changes: 20 additions & 0 deletions manifests/crd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1187,8 +1187,12 @@ spec:
type: string
prefix:
type: string
sasToken:
type: string
secretName:
type: string
storageAccount:
type: string
type: object
backoffRetryPolicy:
properties:
Expand Down Expand Up @@ -3603,8 +3607,12 @@ spec:
type: string
prefix:
type: string
sasToken:
type: string
secretName:
type: string
storageAccount:
type: string
type: object
backoffRetryPolicy:
properties:
Expand Down Expand Up @@ -5832,8 +5840,12 @@ spec:
type: string
prefix:
type: string
sasToken:
type: string
secretName:
type: string
storageAccount:
type: string
type: object
backoffRetryPolicy:
properties:
Expand Down Expand Up @@ -17214,8 +17226,12 @@ spec:
type: string
prefix:
type: string
sasToken:
type: string
secretName:
type: string
storageAccount:
type: string
type: object
backupType:
type: string
Expand Down Expand Up @@ -18101,8 +18117,12 @@ spec:
type: string
prefix:
type: string
sasToken:
type: string
secretName:
type: string
storageAccount:
type: string
type: object
gcs:
properties:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -805,8 +805,12 @@ spec:
type: string
prefix:
type: string
sasToken:
type: string
secretName:
type: string
storageAccount:
type: string
type: object
br:
properties:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -810,8 +810,12 @@ spec:
type: string
prefix:
type: string
sasToken:
type: string
secretName:
type: string
storageAccount:
type: string
type: object
br:
properties:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -61,8 +61,12 @@ spec:
type: string
prefix:
type: string
sasToken:
type: string
secretName:
type: string
storageAccount:
type: string
type: object
gcs:
properties:
Expand Down
4 changes: 4 additions & 0 deletions manifests/crd/v1/pingcap.com_backups.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1187,8 +1187,12 @@ spec:
type: string
prefix:
type: string
sasToken:
type: string
secretName:
type: string
storageAccount:
type: string
type: object
backoffRetryPolicy:
properties:
Expand Down
8 changes: 8 additions & 0 deletions manifests/crd/v1/pingcap.com_backupschedules.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1162,8 +1162,12 @@ spec:
type: string
prefix:
type: string
sasToken:
type: string
secretName:
type: string
storageAccount:
type: string
type: object
backoffRetryPolicy:
properties:
Expand Down Expand Up @@ -3391,8 +3395,12 @@ spec:
type: string
prefix:
type: string
sasToken:
type: string
secretName:
type: string
storageAccount:
type: string
type: object
backoffRetryPolicy:
properties:
Expand Down
8 changes: 8 additions & 0 deletions manifests/crd/v1/pingcap.com_restores.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1160,8 +1160,12 @@ spec:
type: string
prefix:
type: string
sasToken:
type: string
secretName:
type: string
storageAccount:
type: string
type: object
backupType:
type: string
Expand Down Expand Up @@ -2047,8 +2051,12 @@ spec:
type: string
prefix:
type: string
sasToken:
type: string
secretName:
type: string
storageAccount:
type: string
type: object
gcs:
properties:
Expand Down
12 changes: 12 additions & 0 deletions manifests/federation-crd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -805,8 +805,12 @@ spec:
type: string
prefix:
type: string
sasToken:
type: string
secretName:
type: string
storageAccount:
type: string
type: object
br:
properties:
Expand Down Expand Up @@ -2638,8 +2642,12 @@ spec:
type: string
prefix:
type: string
sasToken:
type: string
secretName:
type: string
storageAccount:
type: string
type: object
br:
properties:
Expand Down Expand Up @@ -3674,8 +3682,12 @@ spec:
type: string
prefix:
type: string
sasToken:
type: string
secretName:
type: string
storageAccount:
type: string
type: object
gcs:
properties:
Expand Down
14 changes: 14 additions & 0 deletions pkg/apis/pingcap/v1alpha1/openapi_generated.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions pkg/apis/pingcap/v1alpha1/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -2012,6 +2012,12 @@ type AzblobStorageProvider struct {
// SecretName is the name of secret which stores the
// azblob service account credentials.
SecretName string `json:"secretName,omitempty"`
// StorageAccount is the storage account of the azure blob storage
// If this field is set, then use this to set backup-manager env
// Otherwise retrieve the storage account from secret
StorageAccount string `json:"storageAccount,omitempty"`
// SasToken is the sas token of the storage account
SasToken string `json:"sasToken,omitempty"`
// Prefix of the data path.
Prefix string `json:"prefix,omitempty"`
}
Expand Down
58 changes: 41 additions & 17 deletions pkg/backup/util/remote.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import (
"errors"
"fmt"
"io"
"net/url"
"os"
"path"
"strconv"
Expand Down Expand Up @@ -83,10 +84,12 @@ type gcsConfig struct {
}

type azblobConfig struct {
container string
accessTier string
secretName string
prefix string
storageAccount string
sasToken string
container string
accessTier string
secretName string
prefix string
}

type localConfig struct {
Expand Down Expand Up @@ -525,38 +528,46 @@ func newAzblobStorage(conf *azblobConfig) (*blob.Bucket, error) {
// Azure shared key with access to the storage account
accountKey := os.Getenv("AZURE_STORAGE_KEY")

// check condition for using AAD credentials first
var usingAAD bool
if len(clientID) != 0 && len(clientSecret) != 0 && len(tenantID) != 0 {
usingAAD = true
} else if len(accountKey) != 0 {
usingAAD = false
} else {
return nil, errors.New("Missing necessary key(s) for credentials")
}
// Azure Storage Account Shared Access Signature Token
sasToken := conf.sasToken

// initialize a new azblob storage using AAD or shared key credentials
var bucket *blob.Bucket
var err error
if usingAAD {
if len(sasToken) != 0 {
bucket, err = newAzblobStorageUsingSasToken(conf, account, sasToken)
} else if len(clientID) != 0 && len(clientSecret) != 0 && len(tenantID) != 0 {
bucket, err = newAzblobStorageUsingAAD(conf, &azblobAADCred{
account: account,
clientID: clientID,
clientSecret: clientSecret,
tenantID: tenantID,
})
} else {
} else if len(accountKey) != 0 {
bucket, err = newAzblobStorageUsingSharedKey(conf, &azblobSharedKeyCred{
account: account,
sharedKey: accountKey,
})
} else {
return nil, errors.New("Missing necessary key(s) for credentials")
}

if err != nil {
return nil, err
}
return blob.PrefixedBucket(bucket, strings.Trim(conf.prefix, "/")+"/"), nil
}

func newAzblobStorageUsingSasToken(conf *azblobConfig, account, token string) (*blob.Bucket, error) {
// Azure Storage Account.
accountName := azureblob.AccountName(account)
sasToken := azureblob.SASToken(token)
cred := azblob.NewAnonymousCredential()
pipeline := azureblob.NewPipeline(cred, azblob.PipelineOptions{})
// Create a *blob.Bucket.
ctx := context.Background()
return azureblob.OpenBucket(ctx, pipeline, accountName, conf.container, &azureblob.Options{SASToken: sasToken})
}

// newAzblobStorageUsingAAD initialize a new azblob storage using AAD credentials
func newAzblobStorageUsingAAD(conf *azblobConfig, cred *azblobAADCred) (*blob.Bucket, error) {
// Azure Storage Account.
Expand Down Expand Up @@ -634,6 +645,16 @@ func newGcsStorageOptionForFlag(conf *gcsConfig, flag string) []string {
func newAzblobStorageOptionForFlag(conf *azblobConfig, flag string) []string {
var azblobOptions []string
path := fmt.Sprintf("azure://%s/", path.Join(conf.container, conf.prefix))
values := url.Values{}
if conf.storageAccount != "" {
values.Add("account-name", conf.storageAccount)
}
if conf.sasToken != "" {
values.Add("sas-token", conf.sasToken)
}
if v := values.Encode(); v != "" {
path = path + "?" + v
}
if flag != "" && flag != defaultStorageFlag {
// now just set path to special flag
azblobOptions = append(azblobOptions, fmt.Sprintf("--%s=%s", flag, path))
Expand Down Expand Up @@ -697,7 +718,10 @@ func makeGcsConfig(gcs *v1alpha1.GcsStorageProvider, fakeRegion bool) *gcsConfig

// makeAzblobConfig constructs azblobConfig parameters
func makeAzblobConfig(azblob *v1alpha1.AzblobStorageProvider) *azblobConfig {
conf := azblobConfig{}
conf := azblobConfig{
storageAccount: azblob.StorageAccount,
sasToken: azblob.SasToken,
}

path := strings.Trim(azblob.Container, "/") + "/" + strings.Trim(azblob.Prefix, "/")
fields := strings.SplitN(path, "/", 2)
Expand Down
Loading

0 comments on commit ff467a6

Please sign in to comment.