Add repositoryServerUserHostname to the kopia repository based functions

docs/functions.rst

@@ -1607,6 +1607,7 @@ Arguments:
    `container`, Yes, `string`, name of the kanister sidecar container
    `includePath`, Yes, `string`, path of the data to be backed up
    `snapshotTags`, No, `string`, custom tags to be provided to the kopia snapshots
+   `repositoryServerUserHostname`, No, `string`, user's hostname to access the kopia repository server. Hostname would be available in the user access credential secret
 
 Outputs:
 
@@ -1669,6 +1670,7 @@ function argument and restores data to the specified path.
    `pod`, No, `string`, pod to which the volumes are attached
    `volumes`, No, `map[string]string`, mapping of `pvcName` to `mountPath` under which the volume will be available
    `podOverride`, No, `map[string]interface{}`, specs to override default pod specs with
+   `repositoryServerUserHostname`, No, `string`, user's hostname to access the kopia repository server. Hostname would be available in the user access credential secret
 
 .. note::
    The ``image`` argument requires the use of ``ghcr.io/kanisterio/kanister-tools``
@@ -1738,6 +1740,7 @@ function. It creates a new Pod that runs ``delete snapshot`` command.
    `namespace`, Yes, `string`, namespace in which to execute the delete job
    `backupID`, Yes, `string`, unique snapshot id generated during backup
    `image`, Yes, `string`, image to be used for running delete job (should contain kopia binary)
+   `repositoryServerUserHostname`, No, `string`, user's hostname to access the kopia repository server. Hostname would be available in the user access credential secret
 
 Example:
 

docs/spelling_wordlist.txt

@@ -62,3 +62,4 @@ Workflow
 webhook
 Kopia
 kopia
+hostname

pkg/function/backup_data_using_kopia_server.go

@@ -38,6 +38,8 @@ const (
 	BackupDataUsingKopiaServerFuncName = "BackupDataUsingKopiaServer"
 	// BackupDataUsingKopiaServerSnapshotTagsArg is the key used for returning snapshot tags
 	BackupDataUsingKopiaServerSnapshotTagsArg = "snapshotTags"
+	// KopiaRepositoryServerUserHostname is the key used for returning the hostname of the user
+	KopiaRepositoryServerUserHostname = "repositoryServerUserHostname"
 )
 
 type backupDataUsingKopiaServerFunc struct{}
@@ -71,17 +73,19 @@ func (*backupDataUsingKopiaServerFunc) Arguments() []string {
 		BackupDataNamespaceArg,
 		BackupDataPodArg,
 		BackupDataUsingKopiaServerSnapshotTagsArg,
+		KopiaRepositoryServerUserHostname,
 	}
 }
 
 func (*backupDataUsingKopiaServerFunc) Exec(ctx context.Context, tp param.TemplateParams, args map[string]any) (map[string]any, error) {
 	var (
-		container   string
-		err         error
-		includePath string
-		namespace   string
-		pod         string
-		tagsStr     string
+		container    string
+		err          error
+		includePath  string
+		namespace    string
+		pod          string
+		tagsStr      string
+		userHostname string
 	)
 	if err = Arg(args, BackupDataContainerArg, &container); err != nil {
 		return nil, err
@@ -98,6 +102,9 @@ func (*backupDataUsingKopiaServerFunc) Exec(ctx context.Context, tp param.Templa
 	if err = OptArg(args, BackupDataUsingKopiaServerSnapshotTagsArg, &tagsStr, ""); err != nil {
 		return nil, err
 	}
+	if err = OptArg(args, KopiaRepositoryServerUserHostname, &userHostname, ""); err != nil {
+		return nil, err
+	}
 
 	var tags []string = nil
 	if tagsStr != "" {
@@ -114,8 +121,7 @@ func (*backupDataUsingKopiaServerFunc) Exec(ctx context.Context, tp param.Templa
 		return nil, errors.Wrap(err, "Failed to fetch Kopia API Server Certificate Secret Data from Certificate")
 	}
 
-	username := tp.RepositoryServer.Username
-	hostname, userAccessPassphrase, err := hostNameAndUserPassPhraseFromRepoServer(userPassphrase)
+	hostname, userAccessPassphrase, err := hostNameAndUserPassPhraseFromRepoServer(userPassphrase, userHostname)
 	if err != nil {
 		return nil, errors.Wrap(err, "Failed to fetch Hostname/User Passphrase from Secret")
 	}
@@ -134,7 +140,7 @@ func (*backupDataUsingKopiaServerFunc) Exec(ctx context.Context, tp param.Templa
 		pod,
 		tp.RepositoryServer.Address,
 		fingerprint,
-		username,
+		tp.RepositoryServer.Username,
 		userAccessPassphrase,
 		tags,
 	)
@@ -223,24 +229,36 @@ func backupDataUsingKopiaServer(
 	return kopiacmd.ParseSnapshotCreateOutput(stdout, stderr)
 }
 
-func hostNameAndUserPassPhraseFromRepoServer(userCreds string) (string, string, error) {
+func hostNameAndUserPassPhraseFromRepoServer(userCreds, hostname string) (string, string, error) {
 	var userAccessMap map[string]string
 	if err := json.Unmarshal([]byte(userCreds), &userAccessMap); err != nil {
 		return "", "", errors.Wrap(err, "Failed to unmarshal User Credentials Data")
 	}
 
-	var userPassPhrase string
-	var hostName string
+	// Check if hostname provided exists in the User Access Map
+	if hostname != "" {
+		err := checkHostnameExistsInUserAccessMap(userAccessMap, hostname)
+		if err != nil {
+			return "", "", errors.Wrap(err, "Failed to find hostname in the User Access Map")
+		}
+	}
+
+	// Set First Value of hostname and passphrase from the User Access Map
+	// Or if hostname provided by the user, set the hostname and password for hostname provided
+	var userPassphrase string
 	for key, val := range userAccessMap {
-		hostName = key
-		userPassPhrase = val
+		if hostname == "" || hostname == key {
+			hostname = key
+			userPassphrase = val
+			break
+		}
 	}
 
-	decodedUserPassPhrase, err := base64.StdEncoding.DecodeString(userPassPhrase)
+	decodedUserPassphrase, err := base64.StdEncoding.DecodeString(userPassphrase)
 	if err != nil {
 		return "", "", errors.Wrap(err, "Failed to Decode User Passphrase")
 	}
-	return hostName, string(decodedUserPassPhrase), nil
+	return hostname, string(decodedUserPassphrase), nil
 }
 
 func userCredentialsAndServerTLS(tp *param.TemplateParams) (string, string, error) {
@@ -254,3 +272,11 @@ func userCredentialsAndServerTLS(tp *param.TemplateParams) (string, string, erro
 	}
 	return string(userCredJSON), string(certJSON), nil
 }
+
+func checkHostnameExistsInUserAccessMap(userAccessMap map[string]string, hostname string) error {
+	// check if hostname that is provided by the user exists in the user access map
+	if _, ok := userAccessMap[hostname]; !ok {
+		return errors.New("hostname provided in the repository server CR does not exist in the user access map")
+	}
+	return nil
+}

pkg/function/delete_data_using_kopia_server.go

@@ -61,15 +61,17 @@ func (*deleteDataUsingKopiaServerFunc) Arguments() []string {
 		DeleteDataBackupIdentifierArg,
 		DeleteDataNamespaceArg,
 		RestoreDataImageArg,
+		KopiaRepositoryServerUserHostname,
 	}
 }
 
 func (*deleteDataUsingKopiaServerFunc) Exec(ctx context.Context, tp param.TemplateParams, args map[string]any) (map[string]any, error) {
 	var (
-		err       error
-		image     string
-		namespace string
-		snapID    string
+		err          error
+		image        string
+		namespace    string
+		snapID       string
+		userHostname string
 	)
 	if err = Arg(args, DeleteDataBackupIdentifierArg, &snapID); err != nil {
 		return nil, err
@@ -80,6 +82,9 @@ func (*deleteDataUsingKopiaServerFunc) Exec(ctx context.Context, tp param.Templa
 	if err = Arg(args, RestoreDataImageArg, &image); err != nil {
 		return nil, err
 	}
+	if err = OptArg(args, KopiaRepositoryServerUserHostname, &userHostname, ""); err != nil {
+		return nil, err
+	}
 
 	userPassphrase, cert, err := userCredentialsAndServerTLS(&tp)
 	if err != nil {
@@ -91,8 +96,7 @@ func (*deleteDataUsingKopiaServerFunc) Exec(ctx context.Context, tp param.Templa
 		return nil, errors.Wrap(err, "Failed to fetch Kopia API Server Certificate Secret Data from Certificate")
 	}
 
-	username := tp.RepositoryServer.Username
-	hostname, userAccessPassphrase, err := hostNameAndUserPassPhraseFromRepoServer(userPassphrase)
+	hostname, userAccessPassphrase, err := hostNameAndUserPassPhraseFromRepoServer(userPassphrase, userHostname)
 	if err != nil {
 		return nil, errors.Wrap(err, "Failed to get hostname/user passphrase from Options")
 	}
@@ -112,7 +116,7 @@ func (*deleteDataUsingKopiaServerFunc) Exec(ctx context.Context, tp param.Templa
 		tp.RepositoryServer.Address,
 		fingerprint,
 		snapID,
-		username,
+		tp.RepositoryServer.Username,
 		userAccessPassphrase,
 	)
 }

pkg/function/restore_data_using_kopia_server.go

@@ -68,16 +68,18 @@ func (*restoreDataUsingKopiaServerFunc) Arguments() []string {
 		RestoreDataVolsArg,
 		RestoreDataPodOverrideArg,
 		RestoreDataImageArg,
+		KopiaRepositoryServerUserHostname,
 	}
 }
 
 func (*restoreDataUsingKopiaServerFunc) Exec(ctx context.Context, tp param.TemplateParams, args map[string]any) (map[string]any, error) {
 	var (
-		err         error
-		image       string
-		namespace   string
-		restorePath string
-		snapID      string
+		err          error
+		image        string
+		namespace    string
+		restorePath  string
+		snapID       string
+		userHostname string
 	)
 	if err = Arg(args, RestoreDataBackupIdentifierArg, &snapID); err != nil {
 		return nil, err
@@ -91,6 +93,9 @@ func (*restoreDataUsingKopiaServerFunc) Exec(ctx context.Context, tp param.Templ
 	if err = Arg(args, RestoreDataImageArg, &image); err != nil {
 		return nil, err
 	}
+	if err = OptArg(args, KopiaRepositoryServerUserHostname, &userHostname, ""); err != nil {
+		return nil, err
+	}
 
 	userPassphrase, cert, err := userCredentialsAndServerTLS(&tp)
 	if err != nil {
@@ -115,8 +120,7 @@ func (*restoreDataUsingKopiaServerFunc) Exec(ctx context.Context, tp param.Templ
 		}
 	}
 
-	username := tp.RepositoryServer.Username
-	hostname, userAccessPassphrase, err := hostNameAndUserPassPhraseFromRepoServer(userPassphrase)
+	hostname, userAccessPassphrase, err := hostNameAndUserPassPhraseFromRepoServer(userPassphrase, userHostname)
 	if err != nil {
 		return nil, errors.Wrap(err, "Failed to get hostname/user passphrase from Options")
 	}
@@ -139,7 +143,7 @@ func (*restoreDataUsingKopiaServerFunc) Exec(ctx context.Context, tp param.Templ
 		tp.RepositoryServer.Address,
 		fingerprint,
 		snapID,
-		username,
+		tp.RepositoryServer.Username,
 		userAccessPassphrase,
 		sparseRestore,
 		vols,