Secret credentials support for BackupData (#310)

* Make backupData support secret credentials for S3 * Add test case * Gofmt
kanisterio · Sep 23, 2019 · 02da4f8 · 02da4f8
1 parent 0f8fa1a
commit 02da4f8
Show file tree

Hide file tree

Showing 3 changed files with 59 additions and 8 deletions.
diff --git a/pkg/function/backup_data.go b/pkg/function/backup_data.go
@@ -68,14 +68,8 @@ func validateProfile(profile *param.Profile) error {
 	if profile == nil {
 		return errors.New("Profile must be non-nil")
 	}
-	if profile.Credential.Type != param.CredentialTypeKeyPair {
-		return errors.New("Credential type not supported")
-	}
-	if len(profile.Credential.KeyPair.ID) == 0 {
-		return errors.New("Access key ID is not set")
-	}
-	if len(profile.Credential.KeyPair.Secret) == 0 {
-		return errors.New("Secret access key is not set")
+	if err := ValidateCredentials(&profile.Credential); err != nil {
+		return err
 	}
 	switch profile.Location.Type {
 	case crv1alpha1.LocationTypeS3Compliant:

diff --git a/pkg/function/backup_data_test.go b/pkg/function/backup_data_test.go
@@ -16,9 +16,11 @@ package function
 
 import (
 	. "gopkg.in/check.v1"
+	v1 "k8s.io/api/core/v1"
 
 	crv1alpha1 "github.com/kanisterio/kanister/pkg/apis/cr/v1alpha1"
 	"github.com/kanisterio/kanister/pkg/param"
+	"github.com/kanisterio/kanister/pkg/secrets"
 )
 
 type BackupDataSuite struct {
@@ -46,6 +48,29 @@ func newValidProfile() *param.Profile {
 	}
 }
 
+func newValidProfileWithSecretCredentials() *param.Profile {
+	return &param.Profile{
+		Location: crv1alpha1.Location{
+			Type:     crv1alpha1.LocationTypeS3Compliant,
+			Bucket:   "test-bucket",
+			Endpoint: "",
+			Prefix:   "",
+			Region:   "us-west-1",
+		},
+		Credential: param.Credential{
+			Type: param.CredentialTypeSecret,
+			Secret: &v1.Secret{
+				Type: v1.SecretType(secrets.AWSSecretType),
+				Data: map[string][]byte{
+					secrets.AWSAccessKeyID:     []byte("key-id"),
+					secrets.AWSSecretAccessKey: []byte("access-key"),
+					secrets.AWSSessionToken:    []byte("session-token"),
+				},
+			},
+		},
+	}
+}
+
 func newInvalidProfile() *param.Profile {
 	return &param.Profile{
 		Location: crv1alpha1.Location{
@@ -73,6 +98,7 @@ func (s *BackupDataSuite) TestValidateProfile(c *C) {
 		errChecker Checker
 	}{
 		{"Valid Profile", newValidProfile(), IsNil},
+		{"Valid Profile with Secret Credentials", newValidProfileWithSecretCredentials(), IsNil},
 		{"Invalid Profile", newInvalidProfile(), NotNil},
 		{"Nil Profile", nil, NotNil},
 	}

diff --git a/pkg/function/helpers.go b/pkg/function/helpers.go
@@ -0,0 +1,31 @@
+package function
+
+import (
+	"github.com/pkg/errors"
+
+	"github.com/kanisterio/kanister/pkg/param"
+	"github.com/kanisterio/kanister/pkg/secrets"
+)
+
+func ValidateCredentials(creds *param.Credential) error {
+	if creds == nil {
+		return errors.New("Empty credentials")
+	}
+	switch creds.Type {
+	case param.CredentialTypeKeyPair:
+		if creds.KeyPair == nil {
+			return errors.New("Empty KeyPair field")
+		}
+		if len(creds.KeyPair.ID) == 0 {
+			return errors.New("Access key ID is not set")
+		}
+		if len(creds.KeyPair.Secret) == 0 {
+			return errors.New("Secret access key is not set")
+		}
+		return nil
+	case param.CredentialTypeSecret:
+		return secrets.ValidateCredentials(creds.Secret)
+	default:
+		return errors.Errorf("Unsupported type '%s' for credentials", creds.Type)
+	}
+}