Snapshots - handle minimal RBAC (#1465)

* Snapshots - handle minimal RBAC
replicatedhq · Feb 11, 2021 · 1307dd6 · 1307dd6
1 parent 7227be9
commit 1307dd6
Show file tree

Hide file tree

Showing 25 changed files with 514 additions and 164 deletions.
diff --git a/cmd/kots/cli/backup-ls.go b/cmd/kots/cli/backup-ls.go
diff --git a/cmd/kots/cli/backup.go b/cmd/kots/cli/backup.go
@@ -2,6 +2,7 @@ package cli
 
 import (
 	"github.com/pkg/errors"
+	"github.com/replicatedhq/kots/pkg/print"
 	"github.com/replicatedhq/kots/pkg/snapshot"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -42,3 +43,35 @@ func BackupCmd() *cobra.Command {
 
 	return cmd
 }
+
+func BackupListCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:           "ls",
+		Short:         `List available instance backups (this command is deprecated, please use "kubectl kots get backups" instead)`,
+		Long:          ``,
+		SilenceUsage:  true,
+		SilenceErrors: false,
+		PreRun: func(cmd *cobra.Command, args []string) {
+			viper.BindPFlags(cmd.Flags())
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			v := viper.GetViper()
+
+			options := snapshot.ListInstanceBackupsOptions{
+				Namespace: v.GetString("namespace"),
+			}
+			backups, err := snapshot.ListInstanceBackups(options)
+			if err != nil {
+				return errors.Wrap(err, "failed to list instance backups")
+			}
+
+			print.Backups(backups)
+
+			return nil
+		},
+	}
+
+	cmd.Flags().StringP("namespace", "n", "", "filter by the namespace in which kots/kotsadm is installed")
+
+	return cmd
+}
diff --git a/cmd/kots/cli/get-apps.go → cmd/kots/cli/get.go b/cmd/kots/cli/get-apps.go → cmd/kots/cli/get.go
@@ -1,20 +1,23 @@
 package cli
 
 import (
+	"os"
+
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net/http"
-	"os"
 
 	"github.com/pkg/errors"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+
 	handlertypes "github.com/replicatedhq/kots/pkg/api/handlers/types"
 	"github.com/replicatedhq/kots/pkg/auth"
 	"github.com/replicatedhq/kots/pkg/k8sutil"
 	"github.com/replicatedhq/kots/pkg/logger"
 	"github.com/replicatedhq/kots/pkg/print"
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
+	"github.com/replicatedhq/kots/pkg/snapshot"
 )
 
 func GetCmd() *cobra.Command {
@@ -26,7 +29,6 @@ kubectl kots get apps`,
 
 		SilenceUsage:  true,
 		SilenceErrors: false,
-		Hidden:        true,
 		PreRun: func(cmd *cobra.Command, args []string) {
 			viper.BindPFlags(cmd.Flags())
 		},
@@ -37,6 +39,12 @@ kubectl kots get apps`,
 			}
 
 			switch args[0] {
+			case "backup", "backups":
+				err := getBackupsCmd(cmd, args)
+				return errors.Wrap(err, "failed to get backups")
+			case "restore", "restores":
+				err := getRestoresCmd(cmd, args)
+				return errors.Wrap(err, "failed to get restores")
 			case "app", "apps":
 				err := getAppsCmd(cmd, args)
 				return errors.Wrap(err, "failed to get apps")
@@ -54,6 +62,38 @@ kubectl kots get apps`,
 	return cmd
 }
 
+func getBackupsCmd(cmd *cobra.Command, args []string) error {
+	v := viper.GetViper()
+
+	options := snapshot.ListInstanceBackupsOptions{
+		Namespace: v.GetString("namespace"),
+	}
+	backups, err := snapshot.ListInstanceBackups(options)
+	if err != nil {
+		return errors.Wrap(err, "failed to list instance backups")
+	}
+
+	print.Backups(backups)
+
+	return nil
+}
+
+func getRestoresCmd(cmd *cobra.Command, args []string) error {
+	v := viper.GetViper()
+
+	options := snapshot.ListInstanceRestoresOptions{
+		Namespace: v.GetString("namespace"),
+	}
+	restores, err := snapshot.ListInstanceRestores(options)
+	if err != nil {
+		return errors.Wrap(err, "failed to list instance restores")
+	}
+
+	print.Restores(restores)
+
+	return nil
+}
+
 func getAppsCmd(cmd *cobra.Command, args []string) error {
 	v := viper.GetViper()
 

diff --git a/cmd/kots/cli/restore-ls.go b/cmd/kots/cli/restore-ls.go
diff --git a/cmd/kots/cli/restore.go b/cmd/kots/cli/restore.go
@@ -5,6 +5,7 @@ import (
 	"os"
 
 	"github.com/pkg/errors"
+	"github.com/replicatedhq/kots/pkg/print"
 	"github.com/replicatedhq/kots/pkg/snapshot"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -50,3 +51,35 @@ func RestoreCmd() *cobra.Command {
 
 	return cmd
 }
+
+func RestoreListCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:           "ls",
+		Short:         `List available restores (this command is deprecated, please use "kubectl kots get restores" instead)`,
+		Long:          ``,
+		SilenceUsage:  true,
+		SilenceErrors: false,
+		PreRun: func(cmd *cobra.Command, args []string) {
+			viper.BindPFlags(cmd.Flags())
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			v := viper.GetViper()
+
+			options := snapshot.ListInstanceRestoresOptions{
+				Namespace: v.GetString("namespace"),
+			}
+			restores, err := snapshot.ListInstanceRestores(options)
+			if err != nil {
+				return errors.Wrap(err, "failed to list instance restores")
+			}
+
+			print.Restores(restores)
+
+			return nil
+		},
+	}
+
+	cmd.Flags().StringP("namespace", "n", "", "filter by the namespace in which kots/kotsadm is installed")
+
+	return cmd
+}
diff --git a/cmd/kots/cli/root.go b/cmd/kots/cli/root.go
@@ -33,6 +33,7 @@ func RootCmd() *cobra.Command {
 	cmd.AddCommand(AdminConsoleCmd())
 	cmd.AddCommand(ResetPasswordCmd())
 	cmd.AddCommand(VersionCmd())
+	cmd.AddCommand(VeleroCmd())
 	cmd.AddCommand(BackupCmd())
 	cmd.AddCommand(RestoreCmd())
 	cmd.AddCommand(IngressCmd())

diff --git a/cmd/kots/cli/velero.go b/cmd/kots/cli/velero.go
@@ -0,0 +1,49 @@
+package cli
+
+import (
+	"github.com/replicatedhq/kots/pkg/snapshot"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+func VeleroCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "velero",
+		Short: "KOTS Velero interface",
+	}
+
+	cmd.AddCommand(EnsurePermissionsCmd())
+
+	return cmd
+}
+
+func EnsurePermissionsCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:           "ensure-permissions",
+		Short:         "Ensures the necessary permissions that enables the Admin Console to access Velero.",
+		Long:          ``,
+		SilenceUsage:  true,
+		SilenceErrors: false,
+		PreRun: func(cmd *cobra.Command, args []string) {
+			viper.BindPFlags(cmd.Flags())
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			v := viper.GetViper()
+
+			namespace := v.GetString("namespace")
+			if err := validateNamespace(namespace); err != nil {
+				return err
+			}
+
+			if err := snapshot.EnsureVeleroPermissions(namespace); err != nil {
+				return err
+			}
+
+			return nil
+		},
+	}
+
+	cmd.Flags().StringP("namespace", "n", "", "namespace in which kots/kotsadm is installed")
+
+	return cmd
+}
diff --git a/kotsadm/pkg/handlers/backup.go b/kotsadm/pkg/handlers/backup.go
@@ -20,30 +20,42 @@ type CreateApplicationBackupResponse struct {
 	Error   string `json:"error,omitempty"`
 }
 
+type VeleroRBACResponse struct {
+	Success                     bool   `json:"success"`
+	Error                       string `json:"error,omitempty"`
+	KotsadmRequiresVeleroAccess bool   `json:"kotsadmRequiresVeleroAccess,omitempty"`
+	VeleroNamespace             string `json:"veleroNamespace,omitempty"`
+}
+
 func (h *Handler) CreateApplicationBackup(w http.ResponseWriter, r *http.Request) {
 	createApplicationBackupResponse := CreateApplicationBackupResponse{
 		Success: false,
 	}
 
+	// check minimal rbac
+	if err := requiresKotsadmVeleroAccess(w, r); err != nil {
+		return
+	}
+
 	foundApp, err := store.GetStore().GetAppFromSlug(mux.Vars(r)["appSlug"])
 	if err != nil {
 		logger.Error(err)
 		createApplicationBackupResponse.Error = "failed to get app from app slug"
-		JSON(w, 500, createApplicationBackupResponse)
+		JSON(w, http.StatusInternalServerError, createApplicationBackupResponse)
 		return
 	}
 
-	_, err = snapshot.CreateApplicationBackup(context.TODO(), foundApp, false)
+	_, err = snapshot.CreateApplicationBackup(r.Context(), foundApp, false)
 	if err != nil {
 		logger.Error(err)
 		createApplicationBackupResponse.Error = "failed to create backup"
-		JSON(w, 500, createApplicationBackupResponse)
+		JSON(w, http.StatusInternalServerError, createApplicationBackupResponse)
 		return
 	}
 
 	createApplicationBackupResponse.Success = true
 
-	JSON(w, 200, createApplicationBackupResponse)
+	JSON(w, http.StatusOK, createApplicationBackupResponse)
 }
 
 type ListBackupsResponse struct {
@@ -164,6 +176,11 @@ func (h *Handler) CreateInstanceBackup(w http.ResponseWriter, r *http.Request) {
 		Success: false,
 	}
 
+	// check minimal rbac
+	if err := requiresKotsadmVeleroAccess(w, r); err != nil {
+		return
+	}
+
 	clusters, err := store.GetStore().ListClusters()
 	if err != nil {
 		logger.Error(err)