From c14db6a23aa31011abbf60a97c78ead698e1e787 Mon Sep 17 00:00:00 2001
From: Ayush Rangwala <arangwala@vmware.com>
Date: Wed, 24 Feb 2021 15:39:23 +0530
Subject: [PATCH] Add support for caCert in VolumeSnapshotLocation

Signed-off-by: Ayush Rangwala <arangwala@vmware.com>
---
 pkg/apis/velero/v1/volume_snapshot_location.go | 4 ++++
 pkg/backup/item_backupper.go                   | 4 ++++
 pkg/controller/backup_deletion_controller.go   | 4 ++++
 pkg/install/resources.go                       | 5 +++--
 pkg/install/resources_test.go                  | 3 ++-
 pkg/restore/pv_restorer.go                     | 4 ++++
 6 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/pkg/apis/velero/v1/volume_snapshot_location.go b/pkg/apis/velero/v1/volume_snapshot_location.go
index 080832e8d8..14b5ea9d0c 100644
--- a/pkg/apis/velero/v1/volume_snapshot_location.go
+++ b/pkg/apis/velero/v1/volume_snapshot_location.go
@@ -57,6 +57,10 @@ type VolumeSnapshotLocationSpec struct {
 	// Provider is the provider of the volume storage.
 	Provider string `json:"provider"`
 
+	// CACert defines a CA bundle to use when verifying TLS connections to the provider.
+	// +optional
+	CACert []byte `json:"caCert,omitempty"`
+
 	// Config is for provider-specific configuration fields.
 	// +optional
 	Config map[string]string `json:"config,omitempty"`
diff --git a/pkg/backup/item_backupper.go b/pkg/backup/item_backupper.go
index 4f5c7ca8b7..c0064b3565 100644
--- a/pkg/backup/item_backupper.go
+++ b/pkg/backup/item_backupper.go
@@ -377,6 +377,10 @@ func (ib *itemBackupper) volumeSnapshotter(snapshotLocation *velerov1api.VolumeS
 		return nil, err
 	}
 
+	if snapshotLocation.Spec.CACert != nil {
+		snapshotLocation.Spec.Config["caCert"] = string(snapshotLocation.Spec.CACert)
+	}
+
 	if err := bs.Init(snapshotLocation.Spec.Config); err != nil {
 		return nil, err
 	}
diff --git a/pkg/controller/backup_deletion_controller.go b/pkg/controller/backup_deletion_controller.go
index 3b85b4bb25..dfaa1cc208 100644
--- a/pkg/controller/backup_deletion_controller.go
+++ b/pkg/controller/backup_deletion_controller.go
@@ -462,6 +462,10 @@ func volumeSnapshotterForSnapshotLocation(
 		return nil, errors.Wrapf(err, "error getting volume snapshotter for provider %s", snapshotLocation.Spec.Provider)
 	}
 
+	if snapshotLocation.Spec.CACert != nil {
+		snapshotLocation.Spec.Config["caCert"] = string(snapshotLocation.Spec.CACert)
+	}
+
 	if err = volumeSnapshotter.Init(snapshotLocation.Spec.Config); err != nil {
 		return nil, errors.Wrapf(err, "error initializing volume snapshotter for volume snapshot location %s", snapshotLocationName)
 	}
diff --git a/pkg/install/resources.go b/pkg/install/resources.go
index 885232045f..1e5c720382 100644
--- a/pkg/install/resources.go
+++ b/pkg/install/resources.go
@@ -165,7 +165,7 @@ func BackupStorageLocation(namespace, provider, bucket, prefix string, config ma
 	}
 }
 
-func VolumeSnapshotLocation(namespace, provider string, config map[string]string) *velerov1api.VolumeSnapshotLocation {
+func VolumeSnapshotLocation(namespace, provider string, config map[string]string, caCert []byte) *velerov1api.VolumeSnapshotLocation {
 	return &velerov1api.VolumeSnapshotLocation{
 		ObjectMeta: objectMeta(namespace, "default"),
 		TypeMeta: metav1.TypeMeta{
@@ -174,6 +174,7 @@ func VolumeSnapshotLocation(namespace, provider string, config map[string]string
 		},
 		Spec: velerov1api.VolumeSnapshotLocationSpec{
 			Provider: provider,
+			CACert:   caCert,
 			Config:   config,
 		},
 	}
@@ -269,7 +270,7 @@ func AllResources(o *VeleroOptions) (*unstructured.UnstructuredList, error) {
 
 	// A snapshot location may not be desirable for users relying on restic
 	if o.UseVolumeSnapshots {
-		vsl := VolumeSnapshotLocation(o.Namespace, o.ProviderName, o.VSLConfig)
+		vsl := VolumeSnapshotLocation(o.Namespace, o.ProviderName, o.VSLConfig, o.CACertData)
 		appendUnstructured(resources, vsl)
 	}
 
diff --git a/pkg/install/resources_test.go b/pkg/install/resources_test.go
index 748d70defe..ead9cd6315 100644
--- a/pkg/install/resources_test.go
+++ b/pkg/install/resources_test.go
@@ -31,11 +31,12 @@ func TestResources(t *testing.T) {
 	assert.Equal(t, make(map[string]string), bsl.Spec.Config)
 	assert.Equal(t, []byte("test"), bsl.Spec.ObjectStorage.CACert)
 
-	vsl := VolumeSnapshotLocation(DefaultVeleroNamespace, "test", make(map[string]string))
+	vsl := VolumeSnapshotLocation(DefaultVeleroNamespace, "test", make(map[string]string), []byte("test"))
 
 	assert.Equal(t, "velero", vsl.ObjectMeta.Namespace)
 	assert.Equal(t, "test", vsl.Spec.Provider)
 	assert.Equal(t, make(map[string]string), vsl.Spec.Config)
+	assert.Equal(t, []byte("test"), vsl.Spec.CACert)
 
 	ns := Namespace("velero")
 
diff --git a/pkg/restore/pv_restorer.go b/pkg/restore/pv_restorer.go
index ff8d36b347..f89b12211f 100644
--- a/pkg/restore/pv_restorer.go
+++ b/pkg/restore/pv_restorer.go
@@ -73,6 +73,10 @@ func (r *pvRestorer) executePVAction(obj *unstructured.Unstructured) (*unstructu
 		return nil, errors.WithStack(err)
 	}
 
+	if snapshotInfo.location.Spec.CACert != nil {
+		snapshotInfo.location.Spec.Config["caCert"] = string(snapshotInfo.location.Spec.CACert)
+	}
+
 	if err := volumeSnapshotter.Init(snapshotInfo.location.Spec.Config); err != nil {
 		return nil, errors.WithStack(err)
 	}