From 5390d93cce396424a8d649fdc2858cf7172b9aad Mon Sep 17 00:00:00 2001 From: zerospiel Date: Tue, 10 Dec 2024 17:39:31 +0100 Subject: [PATCH] Fix backups absent permissions * added required permission to the mgr role * disabled ctrl until the actual implementation * fixes to the API regarding discussion Closes #759 --- api/v1alpha1/backup_types.go | 20 ++++---------- api/v1alpha1/management_types.go | 7 +++++ api/v1alpha1/zz_generated.deepcopy.go | 4 +++ cmd/main.go | 15 ++++++----- .../crds/hmc.mirantis.com_backups.yaml | 27 +++++++------------ .../crds/hmc.mirantis.com_managements.yaml | 7 +++++ .../hmc/templates/rbac/controller/roles.yaml | 19 +++++++++++++ 7 files changed, 59 insertions(+), 40 deletions(-) diff --git a/api/v1alpha1/backup_types.go b/api/v1alpha1/backup_types.go index c10ac476..71dc17fc 100644 --- a/api/v1alpha1/backup_types.go +++ b/api/v1alpha1/backup_types.go @@ -22,22 +22,8 @@ import ( // BackupSpec defines the desired state of Backup type BackupSpec struct { - // +kubebuilder:default="0 */6 * * *" - - // Schedule is a Cron expression defining when to run the Backup. - // A shortcut instead of filling the .customSchedule field up. - // Default value is to backup every 6 hours. - // If both this field and the .customSchedule field - // are given, the schedule from the latter will be utilized. - Schedule string `json:"schedule"` - // Oneshot indicates whether the Backup should not be scheduled // and rather created immediately and only once. - // If set to true, the .schedule field is ignored. - // If set to true and the .customSchedule field is given, - // the .spec.template from the latter will be utilized, - // the HMC-required options still might override or precede the options - // from the field. Oneshot bool `json:"oneshot,omitempty"` } @@ -46,8 +32,12 @@ type BackupStatus struct { // Reference to the underlying Velero object being managed. // Might be either Velero Backup or Schedule. Reference *corev1.ObjectReference `json:"reference,omitempty"` - // Status of the Velero Schedule if .spec.oneshot is set to false. + // Status of the Velero Schedule for the Management scheduled backups. + // Always absent for the Backups with the .spec.oneshot set to true. Schedule *velerov1.ScheduleStatus `json:"schedule,omitempty"` + // NextAttempt indicates the time when the next scheduled backup will be performed. + // Always absent for the Backups with the .spec.oneshot set to true. + NextAttempt *metav1.Time `json:"nextAttempt,omitempty"` // Last Velero Backup that has been created. LastBackup *velerov1.BackupStatus `json:"lastBackup,omitempty"` } diff --git a/api/v1alpha1/management_types.go b/api/v1alpha1/management_types.go index 3d3605d3..31251478 100644 --- a/api/v1alpha1/management_types.go +++ b/api/v1alpha1/management_types.go @@ -57,6 +57,13 @@ type Core struct { // ManagementBackup enables a feature to backup HMC objects into a cloud. type ManagementBackup struct { + // +kubebuilder:default="0 */6 * * *" + + // Schedule is a Cron expression defining when to run the scheduled Backup. + // A shortcut instead of filling the .customSchedule field up. + // Default value is to backup every 6 hours. + Schedule string `json:"schedule,omitempty"` + // +kubebuilder:default=false // Flag to indicate whether the backup feature is enabled. diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 2012e36e..059d6037 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -264,6 +264,10 @@ func (in *BackupStatus) DeepCopyInto(out *BackupStatus) { *out = new(velerov1.ScheduleStatus) (*in).DeepCopyInto(*out) } + if in.NextAttempt != nil { + in, out := &in.NextAttempt, &out.NextAttempt + *out = (*in).DeepCopy() + } if in.LastBackup != nil { in, out := &in.LastBackup, &out.LastBackup *out = new(velerov1.BackupStatus) diff --git a/cmd/main.go b/cmd/main.go index a341a5e0..35c8e2c2 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -302,13 +302,14 @@ func main() { setupLog.Error(err, "unable to create controller", "controller", "MultiClusterService") os.Exit(1) } - if err = (&controller.BackupReconciler{ - Client: mgr.GetClient(), - Scheme: mgr.GetScheme(), - }).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "Backup") - os.Exit(1) - } + // TODO (zerospiel): disabled until the #605 + // if err = (&controller.BackupReconciler{ + // Client: mgr.GetClient(), + // Scheme: mgr.GetScheme(), + // }).SetupWithManager(mgr); err != nil { + // setupLog.Error(err, "unable to create controller", "controller", "Backup") + // os.Exit(1) + // } // +kubebuilder:scaffold:builder if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { diff --git a/templates/provider/hmc/templates/crds/hmc.mirantis.com_backups.yaml b/templates/provider/hmc/templates/crds/hmc.mirantis.com_backups.yaml index 8de58b19..2cf4717b 100644 --- a/templates/provider/hmc/templates/crds/hmc.mirantis.com_backups.yaml +++ b/templates/provider/hmc/templates/crds/hmc.mirantis.com_backups.yaml @@ -43,23 +43,7 @@ spec: description: |- Oneshot indicates whether the Backup should not be scheduled and rather created immediately and only once. - If set to true, the .schedule field is ignored. - If set to true and the .customSchedule field is given, - the .spec.template from the latter will be utilized, - the HMC-required options still might override or precede the options - from the field. type: boolean - schedule: - default: 0 */6 * * * - description: |- - Schedule is a Cron expression defining when to run the Backup. - A shortcut instead of filling the .customSchedule field up. - Default value is to backup every 6 hours. - If both this field and the .customSchedule field - are given, the schedule from the latter will be utilized. - type: string - required: - - schedule type: object status: description: BackupStatus defines the observed state of Backup @@ -210,6 +194,12 @@ spec: file in object storage. type: integer type: object + nextAttempt: + description: |- + NextAttempt indicates the time when the next scheduled backup will be performed. + Always absent for the Backups with the .spec.oneshot set to true. + format: date-time + type: string reference: description: |- Reference to the underlying Velero object being managed. @@ -256,8 +246,9 @@ spec: type: object x-kubernetes-map-type: atomic schedule: - description: Status of the Velero Schedule if .spec.oneshot is set - to false. + description: |- + Status of the Velero Schedule for the Management scheduled backups. + Always absent for the Backups with the .spec.oneshot set to true. properties: lastBackup: description: |- diff --git a/templates/provider/hmc/templates/crds/hmc.mirantis.com_managements.yaml b/templates/provider/hmc/templates/crds/hmc.mirantis.com_managements.yaml index 5f9c5e6e..e644c929 100644 --- a/templates/provider/hmc/templates/crds/hmc.mirantis.com_managements.yaml +++ b/templates/provider/hmc/templates/crds/hmc.mirantis.com_managements.yaml @@ -55,6 +55,13 @@ spec: [Velero]: https://velero.io type: boolean + schedule: + default: 0 */6 * * * + description: |- + Schedule is a Cron expression defining when to run the scheduled Backup. + A shortcut instead of filling the .customSchedule field up. + Default value is to backup every 6 hours. + type: string required: - enabled type: object diff --git a/templates/provider/hmc/templates/rbac/controller/roles.yaml b/templates/provider/hmc/templates/rbac/controller/roles.yaml index 4d8be955..638b63e5 100644 --- a/templates/provider/hmc/templates/rbac/controller/roles.yaml +++ b/templates/provider/hmc/templates/rbac/controller/roles.yaml @@ -215,6 +215,25 @@ rules: resources: - secrets verbs: {{ include "rbac.viewerVerbs" . | nindent 4 }} +- apiGroups: + - hmc.mirantis.com + resources: + - backups + verbs: {{ include "rbac.editorVerbs" . | nindent 4 }} +- apiGroups: + - hmc.mirantis.com + resources: + - backups/finalizers + verbs: + - update +- apiGroups: + - hmc.mirantis.com + resources: + - backups/status + verbs: + - get + - patch + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role