From 72b5e7aad6b8d5db2a2baf1fac349f9465ff9478 Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Fri, 20 Oct 2023 14:01:26 -0400 Subject: [PATCH] kopia/repository/config/aws.go: Set session.Options profile from config Signed-off-by: Tiger Kaovilai --- changelogs/unreleased/6997-kaovilai | 1 + .../velero/v2alpha1/zz_generated.deepcopy.go | 31 +------ pkg/repository/config/aws.go | 3 +- pkg/repository/config/aws_test.go | 81 +++++++++++++++++++ 4 files changed, 86 insertions(+), 30 deletions(-) create mode 100644 changelogs/unreleased/6997-kaovilai diff --git a/changelogs/unreleased/6997-kaovilai b/changelogs/unreleased/6997-kaovilai new file mode 100644 index 0000000000..ef3ab94066 --- /dev/null +++ b/changelogs/unreleased/6997-kaovilai @@ -0,0 +1 @@ +Fix unified repository (kopia) s3 credentials profile selection \ No newline at end of file diff --git a/pkg/apis/velero/v2alpha1/zz_generated.deepcopy.go b/pkg/apis/velero/v2alpha1/zz_generated.deepcopy.go index 6f2f0441f5..9a9afaa6d9 100644 --- a/pkg/apis/velero/v2alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/velero/v2alpha1/zz_generated.deepcopy.go @@ -1,34 +1,17 @@ //go:build !ignore_autogenerated // +build !ignore_autogenerated -/* -Copyright the Velero contributors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. +// Code generated by controller-gen. DO NOT EDIT. package v2alpha1 import ( - runtime "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CSISnapshotSpec) DeepCopyInto(out *CSISnapshotSpec) { *out = *in - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSISnapshotSpec. @@ -48,7 +31,6 @@ func (in *DataDownload) DeepCopyInto(out *DataDownload) { in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) in.Status.DeepCopyInto(&out.Status) - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataDownload. @@ -81,7 +63,6 @@ func (in *DataDownloadList) DeepCopyInto(out *DataDownloadList) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataDownloadList. @@ -114,7 +95,6 @@ func (in *DataDownloadSpec) DeepCopyInto(out *DataDownloadSpec) { } } out.OperationTimeout = in.OperationTimeout - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataDownloadSpec. @@ -139,7 +119,6 @@ func (in *DataDownloadStatus) DeepCopyInto(out *DataDownloadStatus) { *out = (*in).DeepCopy() } out.Progress = in.Progress - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataDownloadStatus. @@ -159,7 +138,6 @@ func (in *DataUpload) DeepCopyInto(out *DataUpload) { in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) in.Status.DeepCopyInto(&out.Status) - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataUpload. @@ -192,7 +170,6 @@ func (in *DataUploadList) DeepCopyInto(out *DataUploadList) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataUploadList. @@ -227,7 +204,6 @@ func (in *DataUploadResult) DeepCopyInto(out *DataUploadResult) { } } } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataUploadResult. @@ -260,7 +236,6 @@ func (in *DataUploadSpec) DeepCopyInto(out *DataUploadSpec) { } } out.OperationTimeout = in.OperationTimeout - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataUploadSpec. @@ -296,7 +271,6 @@ func (in *DataUploadStatus) DeepCopyInto(out *DataUploadStatus) { *out = (*in).DeepCopy() } out.Progress = in.Progress - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataUploadStatus. @@ -312,7 +286,6 @@ func (in *DataUploadStatus) DeepCopy() *DataUploadStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TargetVolumeSpec) DeepCopyInto(out *TargetVolumeSpec) { *out = *in - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetVolumeSpec. diff --git a/pkg/repository/config/aws.go b/pkg/repository/config/aws.go index cc4e14f598..a12d4587c6 100644 --- a/pkg/repository/config/aws.go +++ b/pkg/repository/config/aws.go @@ -64,7 +64,7 @@ func GetS3ResticEnvVars(config map[string]string) (map[string]string, error) { result[awsSecretKeyEnvVar] = creds.SecretAccessKey result[awsSessTokenEnvVar] = creds.SessionToken result[awsCredentialsFileEnvVar] = "" - result[awsProfileEnvVar] = "" + result[awsProfileEnvVar] = "" // profile is not needed since we have the credentials from profile via GetS3Credentials result[awsConfigFileEnvVar] = "" } @@ -87,6 +87,7 @@ func GetS3Credentials(config map[string]string) (*credentials.Value, error) { opts.SharedConfigFiles = append(opts.SharedConfigFiles, credentialsFile) opts.SharedConfigState = session.SharedConfigEnable } + opts.Profile = config[awsProfileKey] sess, err := session.NewSessionWithOptions(opts) if err != nil { diff --git a/pkg/repository/config/aws_test.go b/pkg/repository/config/aws_test.go index bdd3e4fa23..37516971ad 100644 --- a/pkg/repository/config/aws_test.go +++ b/pkg/repository/config/aws_test.go @@ -17,8 +17,11 @@ limitations under the License. package config import ( + "os" + "reflect" "testing" + "github.com/aws/aws-sdk-go/aws/credentials" "github.com/stretchr/testify/require" ) @@ -63,3 +66,81 @@ func TestGetS3ResticEnvVars(t *testing.T) { }) } } + +func TestGetS3CredentialsCorrectlyUseProfile(t *testing.T) { + type args struct { + config map[string]string + secretFileContents string + } + tests := []struct { + name string + args args + want *credentials.Value + wantErr bool + }{ + { + name: "Test GetS3Credentials use profile correctly", + args: args{ + config: map[string]string{ + "profile": "some-profile", + }, + secretFileContents: `[default] + aws_access_key_id = default-access-key-id + aws_secret_access_key = default-secret-access-key + [profile some-profile] + aws_access_key_id = some-profile-access-key-id + aws_secret_access_key = some-profile-secret-access-key + `, + }, + want: &credentials.Value{ + AccessKeyID: "some-profile-access-key-id", + SecretAccessKey: "some-profile-secret-access-key", + }, + }, + { + name: "Test GetS3Credentials default to default profile", + args: args{ + config: map[string]string{}, + secretFileContents: `[default] + aws_access_key_id = default-access-key-id + aws_secret_access_key = default-secret-access-key + [profile some-profile] + aws_access_key_id = some-profile-access-key-id + aws_secret_access_key = some-profile-secret-access-key + `, + }, + want: &credentials.Value{ + AccessKeyID: "default-access-key-id", + SecretAccessKey: "default-secret-access-key", + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + tmpFile, err := os.CreateTemp("", "velero-test-aws-credentials") + defer os.Remove(tmpFile.Name()) + if err != nil { + t.Errorf("GetS3Credentials() error = %v", err) + return + } + // write the contents of the secret file to the temp file + _, err = tmpFile.WriteString(tt.args.secretFileContents) + if err != nil { + t.Errorf("GetS3Credentials() error = %v", err) + return + } + tt.args.config["credentialsFile"] = tmpFile.Name() + got, err := GetS3Credentials(tt.args.config) + if (err != nil) != tt.wantErr { + t.Errorf("GetS3Credentials() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(got.AccessKeyID, tt.want.AccessKeyID) { + t.Errorf("GetS3Credentials() got = %v, want %v", got.AccessKeyID, tt.want.AccessKeyID) + } + if !reflect.DeepEqual(got.SecretAccessKey, tt.want.SecretAccessKey) { + t.Errorf("GetS3Credentials() got = %v, want %v", got.SecretAccessKey, tt.want.SecretAccessKey) + } + }) + } +}