Supplement restoring tenant from new types of backup destinations (#586)

powerfooI · web-flow · commit 75da18c9bdd3 · 2024-10-14T20:58:30.000+08:00
diff --git a/api/v1alpha1/obtenant_webhook.go b/api/v1alpha1/obtenant_webhook.go
@@ -18,6 +18,7 @@ package v1alpha1
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"regexp"
 	"strings"
@@ -291,55 +292,13 @@ func (r *OBTenant) validateMutation() error {
 
 		if res.ArchiveSource == nil && res.BakDataSource == nil && res.SourceUri == "" {
 			allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("source").Child("restore"), res, "Restore must have a source option, but both archiveSource, bakDataSource and sourceUri are nil now"))
-		}
-
-		if res.ArchiveSource != nil && res.ArchiveSource.Type == constants.BackupDestTypeOSS {
-			if res.ArchiveSource.OSSAccessSecret == "" {
-				allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("source").Child("restore").Child("archiveSource").Child("ossAccessSecret"), res.ArchiveSource.OSSAccessSecret, "Tenant restoring from OSS type backup data must have a OSSAccessSecret"))
-			} else {
-				secret := &v1.Secret{}
-				err := tenantClt.Get(context.Background(), types.NamespacedName{
-					Namespace: r.GetNamespace(),
-					Name:      res.ArchiveSource.OSSAccessSecret,
-				}, secret)
-				if err != nil {
-					if apierrors.IsNotFound(err) {
-						allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("source").Child("restore").Child("archiveSource").Child("ossAccessSecret"), res.ArchiveSource.OSSAccessSecret, "Given OSSAccessSecret not found"))
-					}
-					allErrs = append(allErrs, field.InternalError(field.NewPath("spec").Child("source").Child("restore").Child("archiveSource").Child("ossAccessSecret"), err))
-				} else {
-					if _, ok := secret.Data["accessId"]; !ok {
-						allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("source").Child("restore").Child("archiveSource").Child("ossAccessSecret"), res.ArchiveSource.OSSAccessSecret, "accessId field not found in given OSSAccessSecret"))
-					}
-					if _, ok := secret.Data["accessKey"]; !ok {
-						allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("source").Child("restore").Child("archiveSource").Child("ossAccessSecret"), res.ArchiveSource.OSSAccessSecret, "accessKey field not found in given OSSAccessSecret"))
-					}
-				}
-			}
-		}
-
-		if res.BakDataSource != nil && res.BakDataSource.Type == constants.BackupDestTypeOSS {
-			if res.BakDataSource.OSSAccessSecret == "" {
-				allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("source").Child("restore").Child("bakDataSource").Child("ossAccessSecret"), res.BakDataSource.OSSAccessSecret, "Tenant restoring from OSS type backup data must have a OSSAccessSecret"))
-			} else {
-				secret := &v1.Secret{}
-				err := tenantClt.Get(context.Background(), types.NamespacedName{
-					Namespace: r.GetNamespace(),
-					Name:      res.BakDataSource.OSSAccessSecret,
-				}, secret)
-				if err != nil {
-					if apierrors.IsNotFound(err) {
-						allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("source").Child("restore").Child("bakDataSource").Child("ossAccessSecret"), res.BakDataSource.OSSAccessSecret, "Given OSSAccessSecret not found"))
-					}
-					allErrs = append(allErrs, field.InternalError(field.NewPath("spec").Child("source").Child("restore").Child("bakDataSource").Child("ossAccessSecret"), err))
-				} else {
-					if _, ok := secret.Data["accessId"]; !ok {
-						allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("source").Child("restore").Child("bakDataSource").Child("ossAccessSecret"), res.BakDataSource.OSSAccessSecret, "accessId field not found in given OSSAccessSecret"))
-					}
-					if _, ok := secret.Data["accessKey"]; !ok {
-						allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("source").Child("restore").Child("bakDataSource").Child("ossAccessSecret"), res.BakDataSource.OSSAccessSecret, "accessKey field not found in given OSSAccessSecret"))
-					}
-				}
+		} else {
+			destErrs := errors.Join(
+				validateBackupDestination(cluster, res.ArchiveSource, "spec", "source", "restore", "archiveSource"),
+				validateBackupDestination(cluster, res.BakDataSource, "spec", "source", "restore", "bakDataSource"),
+			)
+			if destErrs != nil {
+				return destErrs
 			}
 		}
 	}
@@ -355,3 +314,68 @@ func (r *OBTenant) ValidateDelete() (admission.Warnings, error) {
 	// TODO(user): fill in your validation logic upon object deletion.
 	return nil, nil
 }
+
+func validateBackupDestination(cluster *OBCluster, dest *apitypes.BackupDestination, paths ...string) error {
+	var errorPath *field.Path
+	if len(paths) == 0 {
+		errorPath = field.NewPath("spec").Child("destination")
+	} else {
+		errorPath = field.NewPath("spec").Child(paths[0])
+		for _, p := range paths[1:] {
+			errorPath = errorPath.Child(p)
+		}
+	}
+	if dest.Type == constants.BackupDestTypeNFS && cluster.Spec.BackupVolume == nil {
+		return field.Invalid(errorPath, cluster.Spec.BackupVolume, "backupVolume of obcluster is required when backing up data to NFS")
+	}
+	pattern, ok := constants.DestPathPatternMapping[dest.Type]
+	if !ok {
+		return field.Invalid(errorPath.Child("destination").Child("type"), dest.Type, "invalid backup destination type")
+	}
+	if !pattern.MatchString(dest.Path) {
+		return field.Invalid(errorPath.Child("destination").Child("path"), dest.Path, "invalid backup destination path, the path format should be "+pattern.String())
+	}
+	if dest.Type != constants.BackupDestTypeNFS {
+		if dest.OSSAccessSecret == "" {
+			return field.Invalid(errorPath.Child("destination"), dest.OSSAccessSecret, "OSSAccessSecret is required when backing up data to OSS, COS or S3")
+		}
+		secret := &v1.Secret{}
+		err := bakClt.Get(context.Background(), types.NamespacedName{
+			Namespace: cluster.GetNamespace(),
+			Name:      dest.OSSAccessSecret,
+		}, secret)
+		fieldPath := errorPath.Child("destination").Child("ossAccessSecret")
+		if err != nil {
+			if apierrors.IsNotFound(err) {
+				return field.Invalid(fieldPath, dest.OSSAccessSecret, "Given OSSAccessSecret not found")
+			}
+			return field.InternalError(fieldPath, err)
+		}
+		// All the following types need accessId and accessKey
+		switch dest.Type {
+		case
+			constants.BackupDestTypeCOS,
+			constants.BackupDestTypeOSS,
+			constants.BackupDestTypeS3,
+			constants.BackupDestTypeS3Compatible:
+			if _, ok := secret.Data["accessId"]; !ok {
+				return field.Invalid(fieldPath, dest.OSSAccessSecret, "accessId field not found in given OSSAccessSecret")
+			}
+			if _, ok := secret.Data["accessKey"]; !ok {
+				return field.Invalid(fieldPath, dest.OSSAccessSecret, "accessKey field not found in given OSSAccessSecret")
+			}
+		}
+		// The following types need additional fields
+		switch dest.Type {
+		case constants.BackupDestTypeCOS:
+			if _, ok := secret.Data["appId"]; !ok {
+				return field.Invalid(fieldPath, dest.OSSAccessSecret, "appId field not found in given OSSAccessSecret")
+			}
+		case constants.BackupDestTypeS3:
+			if _, ok := secret.Data["s3Region"]; !ok {
+				return field.Invalid(fieldPath, dest.OSSAccessSecret, "s3Region field not found in given OSSAccessSecret")
+			}
+		}
+	}
+	return nil
+}
diff --git a/build/Dockerfile.dashboard b/build/Dockerfile.dashboard
@@ -1,11 +1,11 @@
-FROM node:18-alpine as builder-fe
+FROM node:18-alpine AS builder-fe
 WORKDIR /workspace
 COPY ./ui .
 ENV NODE_OPTIONS=--max_old_space_size=5120
 RUN yarn
 RUN yarn build
 
-FROM golang:1.22 as builder-be
+FROM golang:1.22 AS builder-be
 ARG GOPROXY=https://goproxy.io,direct
 ARG GOSUMDB=sum.golang.org
 ARG COMMIT_HASH=unknown
diff --git a/build/Dockerfile.obhelper b/build/Dockerfile.obhelper
@@ -1,4 +1,4 @@
-FROM golang:1.22 as builder
+FROM golang:1.22 AS builder
 ARG GOPROXY=https://goproxy.io,direct
 WORKDIR /workspace
 COPY . .
diff --git a/build/Dockerfile.operator b/build/Dockerfile.operator
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.22 as builder
+FROM golang:1.22 AS builder
 
 ARG GOPROXY
 ARG GOSUMDB
diff --git a/internal/resource/obtenantrestore/utils.go b/internal/resource/obtenantrestore/utils.go
@@ -21,6 +21,7 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 
 	"github.com/oceanbase/ob-operator/api/constants"
+	apitypes "github.com/oceanbase/ob-operator/api/types"
 	v1alpha1 "github.com/oceanbase/ob-operator/api/v1alpha1"
 	oceanbaseconst "github.com/oceanbase/ob-operator/internal/const/oceanbase"
 	resourceutils "github.com/oceanbase/ob-operator/internal/resource/utils"
@@ -49,25 +50,8 @@ func (m *ObTenantRestoreManager) getSourceUri() (string, error) {
 		return source.SourceUri, nil
 	}
 	var bakPath, archivePath string
-	if source.BakDataSource != nil && source.BakDataSource.Type == constants.BackupDestTypeOSS {
-		accessId, accessKey, err := m.readAccessCredentials(source.BakDataSource.OSSAccessSecret)
-		if err != nil {
-			return "", err
-		}
-		bakPath = strings.Join([]string{source.BakDataSource.Path, "access_id=" + accessId, "access_key=" + accessKey}, "&")
-	} else {
-		bakPath = "file://" + path.Join(oceanbaseconst.BackupPath, source.BakDataSource.Path)
-	}
-
-	if source.ArchiveSource != nil && source.ArchiveSource.Type == constants.BackupDestTypeOSS {
-		accessId, accessKey, err := m.readAccessCredentials(source.ArchiveSource.OSSAccessSecret)
-		if err != nil {
-			return "", err
-		}
-		archivePath = strings.Join([]string{source.ArchiveSource.Path, "access_id=" + accessId, "access_key=" + accessKey}, "&")
-	} else {
-		archivePath = "file://" + path.Join(oceanbaseconst.BackupPath, source.ArchiveSource.Path)
-	}
+	bakPath = m.getDestPath(source.BakDataSource)
+	archivePath = m.getDestPath(source.ArchiveSource)
 
 	if bakPath == "" || archivePath == "" {
 		return "", errors.New("Unexpected error: both bakPath and archivePath must be set")
@@ -76,16 +60,27 @@ func (m *ObTenantRestoreManager) getSourceUri() (string, error) {
 	return strings.Join([]string{bakPath, archivePath}, ","), nil
 }
 
-func (m *ObTenantRestoreManager) readAccessCredentials(secretName string) (accessId, accessKey string, err error) {
+func (m *ObTenantRestoreManager) getDestPath(dest *apitypes.BackupDestination) string {
+	if dest.Type == constants.BackupDestTypeNFS || resourceutils.IsZero(dest.Type) {
+		return "file://" + path.Join(oceanbaseconst.BackupPath, dest.Path)
+	}
+	if dest.OSSAccessSecret == "" {
+		return ""
+	}
 	secret := &v1.Secret{}
-	err = m.Client.Get(m.Ctx, types.NamespacedName{
-		Namespace: m.Resource.Namespace,
-		Name:      secretName,
+	err := m.Client.Get(m.Ctx, types.NamespacedName{
+		Namespace: m.Resource.GetNamespace(),
+		Name:      dest.OSSAccessSecret,
 	}, secret)
 	if err != nil {
-		return "", "", err
+		m.PrintErrEvent(err)
+		return ""
+	}
+	destPath := strings.Join([]string{dest.Path, "access_id=" + string(secret.Data["accessId"]), "access_key=" + string(secret.Data["accessKey"])}, "&")
+	if dest.Type == constants.BackupDestTypeCOS {
+		destPath += ("&appid=" + string(secret.Data["appId"]))
+	} else if dest.Type == constants.BackupDestTypeS3 {
+		destPath += ("&s3_region=" + string(secret.Data["s3Region"]))
 	}
-	accessId = string(secret.Data["accessId"])
-	accessKey = string(secret.Data["accessKey"])
-	return accessId, accessKey, nil
+	return destPath
 }

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM golang:1.22 as builder`
	`1`	`+FROM golang:1.22 AS builder`
`2`	`2`	`ARG GOPROXY=https://goproxy.io,direct`
`3`	`3`	`WORKDIR /workspace`
`4`	`4`	`COPY . .`