Open marratj opened 4 years ago
So is there currently a way to get vSphere SAML token authentication working in Velero or does that require changes in the plugin first?
The plugin doesn't support the SAML token authentication yet. It requires a change in plugin.
Is this planned for the near future from your side?
If not, could you give me a hint where authentication is handled (I figured this is in the astrolabe/ivd/newIVDProtectedEntityTypeManagerFromURL
) so I can take a look if I can add the code to get this to work similar to how it's handled in the CSI plugin?
Is this planned for the near future from your side?
We don't have such a plan in near term.
If not, could you give me a hint where authentication is handled (I figured this is in the
astrolabe/ivd/newIVDProtectedEntityTypeManagerFromURL
) so I can take a look if I can add the code to get this to work similar to how it's handled in the CSI plugin?
That would be great.
You actually looked at the right place. At https://github.com/vmware-tanzu/astrolabe/blob/e69f9550d091d5b4a1c40d682a53cabce692760b/pkg/ivd/ivd_protected_entity_type_manager.go#L78.
In SAML token authentication case, the csi-vsphere.conf
in the vsphere-config-secret
contains SAML token cert& private in the places of the regular username&password. Please feel free to refer to vSphere CSI Driver (https://github.com/kubernetes-sigs/vsphere-csi-driver/blob/master/pkg/common/cns-lib/vsphere/virtualcenter.go#L119-L125) as an example.
Hello,
we currently use the vSphere CSI Driver with SAML Token authentication (using a dedicated vSphere solution user per K8s cluster) in our environment, which is working fine.
However, it seems that the configured solution user cert/key from the
csi-vsphere.conf
in thevsphere-config-secret
is not supported by the Velero vSphere plugin, as the Velero plugin throws aServerFaultCode: Cannot complete login due to an incorrect user name or password
upon trying to create a snapshot, whereas with a "normal" vSphere user/password combo it works.So is there currently a way to get vSphere SAML token authentication working in Velero or does that require changes in the plugin first?