Revert secret cred changes (#311)

* Revert "Update getOSSecret to use Secret credentials in AWS (#309)" This reverts commit 2192605. * Revert "Add secret type credential to validation code (#308)" This reverts commit 9178d4c. * Revert "Support creating S3 args from Secret type Credential (#305)" This reverts commit d8f7d76. * Revert "Add secret type for Param.Credentials (#300)" This reverts commit ad3cbce.
kanisterio · Sep 20, 2019 · a4ea06c · a4ea06c
1 parent 2192605
commit a4ea06c
Show file tree

Hide file tree

Showing 12 changed files with 71 additions and 442 deletions.
diff --git a/pkg/function/backup_data.go b/pkg/function/backup_data.go
@@ -146,10 +146,7 @@ func backupData(ctx context.Context, cli kubernetes.Interface, namespace, pod, c
 
 	// Create backup and dump it on the object store
 	backupTag := rand.String(10)
-	cmd, err := restic.BackupCommandByTag(tp.Profile, backupArtifactPrefix, backupTag, includePath, encryptionKey)
-	if err != nil {
-		return "", "", err
-	}
+	cmd := restic.BackupCommandByTag(tp.Profile, backupArtifactPrefix, backupTag, includePath, encryptionKey)
 	stdout, stderr, err := kube.Exec(cli, namespace, pod, container, cmd, nil)
 	format.Log(pod, container, stdout)
 	format.Log(pod, container, stderr)

diff --git a/pkg/function/copy_volume_data.go b/pkg/function/copy_volume_data.go
@@ -19,7 +19,7 @@ import (
 	"fmt"
 
 	"github.com/pkg/errors"
-	v1 "k8s.io/api/core/v1"
+	"k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/rand"
 	"k8s.io/client-go/kubernetes"
@@ -93,10 +93,7 @@ func copyVolumeDataPodFunc(cli kubernetes.Interface, tp param.TemplateParams, na
 		}
 		// Copy data to object store
 		backupTag := rand.String(10)
-		cmd, err := restic.BackupCommandByTag(tp.Profile, targetPath, backupTag, mountPoint, encryptionKey)
-		if err != nil {
-			return nil, err
-		}
+		cmd := restic.BackupCommandByTag(tp.Profile, targetPath, backupTag, mountPoint, encryptionKey)
 		stdout, stderr, err := kube.Exec(cli, namespace, pod.Name, pod.Spec.Containers[0].Name, cmd, nil)
 		format.Log(pod.Name, pod.Spec.Containers[0].Name, stdout)
 		format.Log(pod.Name, pod.Spec.Containers[0].Name, stderr)

diff --git a/pkg/function/delete_data.go b/pkg/function/delete_data.go
@@ -19,10 +19,10 @@ import (
 	"strings"
 
 	"github.com/pkg/errors"
-	v1 "k8s.io/api/core/v1"
+	"k8s.io/api/core/v1"
 	"k8s.io/client-go/kubernetes"
 
-	kanister "github.com/kanisterio/kanister/pkg"
+	"github.com/kanisterio/kanister/pkg"
 	"github.com/kanisterio/kanister/pkg/format"
 	"github.com/kanisterio/kanister/pkg/kube"
 	"github.com/kanisterio/kanister/pkg/param"
@@ -84,10 +84,7 @@ func deleteDataPodFunc(cli kubernetes.Interface, tp param.TemplateParams, reclai
 		}
 		defer cleanUpCredsFile(ctx, pw, pod.Namespace, pod.Name, pod.Spec.Containers[0].Name)
 		for i, deleteTag := range deleteTags {
-			cmd, err := restic.SnapshotsCommandByTag(tp.Profile, targetPaths[i], deleteTag, encryptionKey)
-			if err != nil {
-				return nil, err
-			}
+			cmd := restic.SnapshotsCommandByTag(tp.Profile, targetPaths[i], deleteTag, encryptionKey)
 			stdout, stderr, err := kube.Exec(cli, namespace, pod.Name, pod.Spec.Containers[0].Name, cmd, nil)
 			format.Log(pod.Name, pod.Spec.Containers[0].Name, stdout)
 			format.Log(pod.Name, pod.Spec.Containers[0].Name, stderr)
@@ -101,10 +98,7 @@ func deleteDataPodFunc(cli kubernetes.Interface, tp param.TemplateParams, reclai
 			deleteIdentifiers = append(deleteIdentifiers, deleteIdentifier)
 		}
 		for i, deleteIdentifier := range deleteIdentifiers {
-			cmd, err := restic.ForgetCommandByID(tp.Profile, targetPaths[i], deleteIdentifier, encryptionKey)
-			if err != nil {
-				return nil, err
-			}
+			cmd := restic.ForgetCommandByID(tp.Profile, targetPaths[i], deleteIdentifier, encryptionKey)
 			stdout, stderr, err := kube.Exec(cli, namespace, pod.Name, pod.Spec.Containers[0].Name, cmd, nil)
 			format.Log(pod.Name, pod.Spec.Containers[0].Name, stdout)
 			format.Log(pod.Name, pod.Spec.Containers[0].Name, stderr)
@@ -124,10 +118,7 @@ func deleteDataPodFunc(cli kubernetes.Interface, tp param.TemplateParams, reclai
 }
 
 func pruneData(cli kubernetes.Interface, tp param.TemplateParams, pod *v1.Pod, namespace, encryptionKey, targetPath string) error {
-	cmd, err := restic.PruneCommand(tp.Profile, targetPath, encryptionKey)
-	if err != nil {
-		return err
-	}
+	cmd := restic.PruneCommand(tp.Profile, targetPath, encryptionKey)
 	stdout, stderr, err := kube.Exec(cli, namespace, pod.Name, pod.Spec.Containers[0].Name, cmd, nil)
 	format.Log(pod.Name, pod.Spec.Containers[0].Name, stdout)
 	format.Log(pod.Name, pod.Spec.Containers[0].Name, stderr)

diff --git a/pkg/function/restore_data.go b/pkg/function/restore_data.go
@@ -18,7 +18,7 @@ import (
 	"context"
 
 	"github.com/pkg/errors"
-	v1 "k8s.io/api/core/v1"
+	"k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 
@@ -147,12 +147,9 @@ func restoreDataPodFunc(cli kubernetes.Interface, tp param.TemplateParams, names
 		var cmd []string
 		// Generate restore command based on the identifier passed
 		if backupTag != "" {
-			cmd, err = restic.RestoreCommandByTag(tp.Profile, backupArtifactPrefix, backupTag, restorePath, encryptionKey)
+			cmd = restic.RestoreCommandByTag(tp.Profile, backupArtifactPrefix, backupTag, restorePath, encryptionKey)
 		} else if backupID != "" {
-			cmd, err = restic.RestoreCommandByID(tp.Profile, backupArtifactPrefix, backupID, restorePath, encryptionKey)
-		}
-		if err != nil {
-			return nil, err
+			cmd = restic.RestoreCommandByID(tp.Profile, backupArtifactPrefix, backupID, restorePath, encryptionKey)
 		}
 		stdout, stderr, err := kube.Exec(cli, namespace, pod.Name, pod.Spec.Containers[0].Name, cmd, nil)
 		format.Log(pod.Name, pod.Spec.Containers[0].Name, stdout)

diff --git a/pkg/location/location.go b/pkg/location/location.go
@@ -24,13 +24,11 @@ import (
 	crv1alpha1 "github.com/kanisterio/kanister/pkg/apis/cr/v1alpha1"
 	"github.com/kanisterio/kanister/pkg/objectstore"
 	"github.com/kanisterio/kanister/pkg/param"
-	"github.com/kanisterio/kanister/pkg/secrets"
 )
 
 const (
 	AWSAccessKeyID      = "AWS_ACCESS_KEY_ID"
 	AWSSecretAccessKey  = "AWS_SECRET_ACCESS_KEY"
-	AWSSessionToken     = "AWS_SESSION_TOKEN"
 	GoogleCloudCreds    = "GOOGLE_APPLICATION_CREDENTIALS"
 	GoogleProjectId     = "GOOGLE_PROJECT_ID"
 	AzureStorageAccount = "AZURE_ACCOUNT_NAME"
@@ -145,7 +143,11 @@ func getOSSecret(pType objectstore.ProviderType, cred param.Credential) (*object
 	secret := &objectstore.Secret{}
 	switch pType {
 	case objectstore.ProviderTypeS3:
-		return getAWSSecret(cred)
+		secret.Type = objectstore.SecretTypeAwsAccessKey
+		secret.Aws = &objectstore.SecretAws{
+			AccessKeyID:     cred.KeyPair.ID,
+			SecretAccessKey: cred.KeyPair.Secret,
+		}
 	case objectstore.ProviderTypeGCS:
 		secret.Type = objectstore.SecretTypeGcpServiceAccountKey
 		secret.Gcp = &objectstore.SecretGcp{
@@ -163,30 +165,3 @@ func getOSSecret(pType objectstore.ProviderType, cred param.Credential) (*object
 	}
 	return secret, nil
 }
-
-func getAWSSecret(cred param.Credential) (*objectstore.Secret, error) {
-	os := &objectstore.Secret{
-		Type: objectstore.SecretTypeAwsAccessKey,
-	}
-	switch cred.Type {
-	case param.CredentialTypeKeyPair:
-		os.Aws = &objectstore.SecretAws{
-			AccessKeyID:     cred.KeyPair.ID,
-			SecretAccessKey: cred.KeyPair.Secret,
-		}
-		return os, nil
-	case param.CredentialTypeSecret:
-		creds, err := secrets.ExtractAWSCredentials(cred.Secret)
-		if err != nil {
-			return nil, err
-		}
-		os.Aws = &objectstore.SecretAws{
-			AccessKeyID:     creds.AccessKeyID,
-			SecretAccessKey: creds.SecretAccessKey,
-			SessionToken:    creds.SessionToken,
-		}
-		return os, nil
-	default:
-		return nil, errors.Errorf("Unsupported type '%s' for credential", cred.Type)
-	}
-}
diff --git a/pkg/param/param.go b/pkg/param/param.go
@@ -29,7 +29,6 @@ import (
 	crv1alpha1 "github.com/kanisterio/kanister/pkg/apis/cr/v1alpha1"
 	"github.com/kanisterio/kanister/pkg/client/clientset/versioned"
 	"github.com/kanisterio/kanister/pkg/kube"
-	"github.com/kanisterio/kanister/pkg/secrets"
 )
 
 const timeFormat = time.RFC3339Nano
@@ -91,14 +90,12 @@ type CredentialType string
 
 const (
 	CredentialTypeKeyPair CredentialType = "keyPair"
-	CredentialTypeSecret  CredentialType = "secret"
 )
 
 // Credential resolves the storage
 type Credential struct {
 	Type    CredentialType
 	KeyPair *KeyPair
-	Secret  *v1.Secret
 }
 
 // KeyPair is a credential that contains two strings: an ID and a secret.
@@ -212,8 +209,6 @@ func fetchCredential(ctx context.Context, cli kubernetes.Interface, c crv1alpha1
 	switch c.Type {
 	case crv1alpha1.CredentialTypeKeyPair:
 		return fetchKeyPairCredential(ctx, cli, c.KeyPair)
-	case crv1alpha1.CredentialTypeSecret:
-		return fetchSecretCredential(ctx, cli, c.Secret)
 	default:
 		return nil, errors.Errorf("CredentialType '%s' not supported", c.Type)
 	}
@@ -242,23 +237,6 @@ func fetchKeyPairCredential(ctx context.Context, cli kubernetes.Interface, c *cr
 	}, nil
 }
 
-func fetchSecretCredential(ctx context.Context, cli kubernetes.Interface, sr *crv1alpha1.ObjectReference) (*Credential, error) {
-	if sr == nil {
-		return nil, errors.New("Secret reference cannot be nil")
-	}
-	s, err := cli.CoreV1().Secrets(sr.Namespace).Get(sr.Name, metav1.GetOptions{})
-	if err != nil {
-		return nil, errors.Wrap(err, "Failed to fetch the secret")
-	}
-	if err = secrets.ValidateCredentials(s); err != nil {
-		return nil, err
-	}
-	return &Credential{
-		Type:   CredentialTypeSecret,
-		Secret: s,
-	}, nil
-}
-
 func filterByKind(refs map[string]crv1alpha1.ObjectReference, kind string) map[string]crv1alpha1.ObjectReference {
 	filtered := make(map[string]crv1alpha1.ObjectReference, len(refs))
 	for name, ref := range refs {