search

vmware-tanzu / velero-plugin-for-vsphere

Plugin to support Velero on vSphere
Other
58 stars 50 forks source link

Modify parsing behavior of login credentials to handle Go escape characters #564

Closed varunsrinivasan2 closed 4 months ago

varunsrinivasan2 commented 5 months ago

What this PR does / why we need it: This PR addresses the issue when vSphere login credentials contain Go escape characters (e.g. \ or \n). The credentials are read from a configuration file where the keys, such user and password, are stored with values that are quoted. The values need to be read without quotes, but when the value contains a Go escape character, the strconv.Unquote method may fail in certain cases causing cascading errors due to login failures. In this change, the ParseLines function is removed and a ParseConfig function is introduced. The ParseConfig function takes in the Kubernetes Secret and the empty map of params from the original caller. To be consistent with vSphere's CSI plugin, a new VCConfig struct is introduced to hold the configuration data and the function will use the gcfg package to read the configuration data which will handle unquoting the strings. It will then iterate over the VCConfig struct to assign the values to the necessary keys to allow the plugin to connect to VC.

Example: If VC password is }sso\d$2!UsO Configuration file should escape with \\ as such:

password = "}sso\\d$2!UsO"

Testing:

Pods are in running state when using password with escape character, tested with passwords escaped in conf file as described in this Github Issue from vSphere's CSI plugin: https://github.com/kubernetes-sigs/vsphere-csi-driver/issues/121 

root@k8s-control-807-1707807050:~# kubectl -n velero get all
NAME                                   READY   STATUS    RESTARTS   AGE
pod/backup-driver-7c9798458f-2hl4t     1/1     Running   0          25m
pod/datamgr-for-vsphere-plugin-42265   1/1     Running   0          24m
pod/datamgr-for-vsphere-plugin-4ltd9   1/1     Running   0          24m
pod/datamgr-for-vsphere-plugin-z5wvh   1/1     Running   0          24m
pod/velero-66c7fbb8c7-bkr9m            1/1     Running   0          27m

NAME                                        DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.apps/datamgr-for-vsphere-plugin   3         3         3       3            3           <none>          24m

NAME                            READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/backup-driver   1/1     1            1           25m
deployment.apps/velero          1/1     1            1           27m

NAME                                       DESIRED   CURRENT   READY   AGE
replicaset.apps/backup-driver-7c9798458f   1         1         1       25m
replicaset.apps/velero-66c7fbb8c7          1         1         1       27m

Successful backup:

root@k8s-control-807-1707807050:~# velero backup describe test-config3
Name:         test-config3
Namespace:    velero
Labels:       velero.io/storage-location=default
Annotations:  velero.io/source-cluster-k8s-gitversion=v1.29.1
              velero.io/source-cluster-k8s-major-version=1
              velero.io/source-cluster-k8s-minor-version=29

Phase:  Completed

Warnings:
  Velero:     <none>
  Cluster:   resource: /persistentvolumes name: /pvc-a6049ba0-1b29-406e-864c-aa7e39e85495
  Namespaces: <none>

Namespaces:
  Included:  demo-app
  Excluded:  <none>

Resources:
  Included:        *
  Excluded:        <none>
  Cluster-scoped:  auto

Label selector:  <none>

Storage Location:  default

Velero-Native Snapshot PVs:  auto

TTL:  720h0m0s

CSISnapshotTimeout:    10m0s
ItemOperationTimeout:  1h0m0s

Hooks:  <none>

Backup Format Version:  1.1.0

Started:    2024-02-17 15:54:12 +0000 UTC
Completed:  2024-02-17 15:54:40 +0000 UTC

Expiration:  2024-03-18 15:54:12 +0000 UTC

Total items to be backed up:  11
Items backed up:              11

Succesful restore:

root@k8s-control-807-1707807050:~# velero restore describe restore-test-config3
Name:         restore-test-config3
Namespace:    velero
Labels:       <none>
Annotations:  <none>

Phase:                       Completed
Total items to be restored:  11
Items restored:              11

Started:    2024-02-17 15:56:16 +0000 UTC
Completed:  2024-02-17 15:57:00 +0000 UTC

Warnings:
  Velero:     <none>
  Cluster:    <none>
  Namespaces:
    demo-app:  could not restore, ConfigMap "kube-root-ca.crt" already exists. Warning: the in-cluster version is different than the backed-up version.

Backup:  test-config3

Namespaces:
  Included:  all namespaces found in the backup
  Excluded:  <none>

Resources:
  Included:        *
  Excluded:        nodes, events, events.events.k8s.io, backups.velero.io, restores.velero.io, resticrepositories.velero.io, csinodes.storage.k8s.io, volumeattachments.storage.k8s.io, backuprepositories.velero.io
  Cluster-scoped:  auto

Namespace mappings:  <none>

Label selector:  <none>

Restore PVs:  auto

Existing Resource Policy:   <none>
ItemOperationTimeout:       1h0m0s

Preserve Service NodePorts:  auto

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

With this change, when a Go special character is in the password, they will have to escape the character just as they would for vSphere CSI plugin.
xing-yang commented 4 months ago

Please add a release note.

xing-yang commented 4 months ago

Can you give an example on what the user should set in the configmap?

xing-yang commented 4 months ago

@varunsrinivasan2 Can you update the documentation?

varunsrinivasan2 commented 4 months ago

Can you give an example on what the user should set in the configmap?

@xing-yang updated comment with example.

@varunsrinivasan2 Can you update the documentation?

Will do.