pb-4468: Added support changes to support sseType option of kopia

- Added changes to include sse type in the credential secret used by kopia job pod. - Added --sseType option support of kopia tool to pass the sse type to kopia - Checked in the modified kopia tool binary with sseType option support. - Modified the Dockerfile.kopia to pick up the new modified kopia binary with sseType. Used v0.14.1 version of kopia release.
portworx · Oct 3, 2023 · 9d6097b · 9d6097b
1 parent d543d20
commit 9d6097b
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 3 deletions.
diff --git a/Dockerfile.kopia b/Dockerfile.kopia
@@ -7,10 +7,9 @@ RUN microdnf install -y bash vim make wget gpg ca-certificates yum && \
 
 RUN curl -LJO https://github.com/kopia/kopia/releases/download/v0.14.1/kopia-0.14.1.x86_64.rpm
 
-RUN yum install -y kopia-0.14.1.x86_64.rpm
-
 WORKDIR /
 
 COPY ./bin/kopiaexecutor /
+COPY ./kopia /usr/bin/
 
-ENTRYPOINT ["/kopiaexecutor"] 
+ENTRYPOINT ["/kopiaexecutor"] 
diff --git a/kopia b/kopia
diff --git a/pkg/controllers/dataexport/reconcile.go b/pkg/controllers/dataexport/reconcile.go
@@ -2127,6 +2127,7 @@ func createS3Secret(secretName string, backupLocation *storkapi.BackupLocation,
 	credentialData["type"] = []byte(backupLocation.Location.Type)
 	credentialData["password"] = []byte(backupLocation.Location.RepositoryPassword)
 	credentialData["disablessl"] = []byte(strconv.FormatBool(backupLocation.Location.S3Config.DisableSSL))
+	credentialData["sse"] = []byte(backupLocation.Location.S3Config.SSE)
 	err := utils.CreateJobSecret(secretName, namespace, credentialData, labels)
 
 	return err

diff --git a/pkg/executor/common.go b/pkg/executor/common.go
@@ -37,6 +37,7 @@ const (
 	secretAccessKeyPath   = "/etc/cred-secret/secretAccessKey"
 	bucketPath            = "/etc/cred-secret/path"
 	endpointPath          = "/etc/cred-secret/endpoint"
+	sseTypePath          = "/etc/cred-secret/sse"
 	passwordPath          = "/etc/cred-secret/password"
 	regionPath            = "/etc/cred-secret/region"
 	disableSslPath        = "/etc/cred-secret/disablessl"
@@ -90,6 +91,7 @@ type S3Config struct {
 	// Region will be defaulted to us-east-1 if not provided
 	Region     string
 	DisableSSL bool
+	SseType string
 }
 
 // AzureConfig specifies the config required to connect to Azure Blob Storage
@@ -345,6 +347,13 @@ func parseS3Creds() (*Repository, error) {
 		return nil, fmt.Errorf(errMsg)
 	}
 
+	sseType, err := os.ReadFile(sseTypePath)
+	if err != nil {
+		errMsg := fmt.Sprintf("failed reading data from file %s : %s", sseTypePath, err)
+		logrus.Errorf("%v", errMsg)
+		return nil, fmt.Errorf(errMsg)
+	}
+
 	disableSsl, err := os.ReadFile(disableSslPath)
 	if err != nil {
 		errMsg := fmt.Sprintf("failed reading data from file %s : %s", disableSslPath, err)
@@ -361,6 +370,7 @@ func parseS3Creds() (*Repository, error) {
 	repository.S3Config.AccessKeyID = string(accessKey)
 	repository.S3Config.SecretAccessKey = string(secretAccessKey)
 	repository.S3Config.Endpoint = string(endpoint)
+	repository.S3Config.SseType = string(sseType)
 	repository.S3Config.DisableSSL = isSsl
 	repository.Type = storkapi.BackupLocationS3
 	region, err := os.ReadFile(regionPath)

diff --git a/pkg/executor/kopia/kopiabackup.go b/pkg/executor/kopia/kopiabackup.go
@@ -181,6 +181,13 @@ func populateS3AccessDetails(initCmd *kopia.Command, repository *executor.Reposi
 	initCmd.AddArg(repository.S3Config.AccessKeyID)
 	initCmd.AddArg("--secret-access-key")
 	initCmd.AddArg(repository.S3Config.SecretAccessKey)
+	initCmd.AddArg("--sseType")
+	// At present the backuplocation CR was set with "AES256" value for SSE-S3.
+	// So need to do this conversion.
+	switch repository.S3Config.SseType {
+	case "AES256":
+		initCmd.AddArg("SSE-S3")
+	}
 
 	return initCmd
 }