Merge https://github.com/vmware-tanzu/velero:main (8f8367b) into oadp-dev #468
+8,740
−2,429
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Azure storage errors include verbose HTTP response details and XML in error messages, making the BSL status.message field cluttered and hard to read. This change adds sanitization to extract only the error code and meaningful message. Before: BackupStorageLocation "test" is unavailable: rpc error: code = Unknown desc = GET https://... RESPONSE 404: 404 The specified container does not exist. ERROR CODE: ContainerNotFound <?xml version="1.0"...> After: BackupStorageLocation "test" is unavailable: rpc error: code = Unknown desc = ContainerNotFound: The specified container does not exist. AWS and GCP error messages are preserved as-is since they don't contain verbose HTTP responses. Fixes vmware-tanzu#8368 Signed-off-by: Shubham Pampattiwar <spampatt@redhat.com>
Signed-off-by: Shubham Pampattiwar <spampatt@redhat.com>
This commit addresses three review comments on PR vmware-tanzu#9321: 1. Keep sanitization in controller (response to @ywk253100) - Maintaining centralized error handling for easier extension - Azure-specific patterns detected and others passed through unchanged 2. Sanitize unavailableErrors array (@priyansh17) - Now using sanitizeStorageError() for both unavailableErrors array and location.Status.Message for consistency 3. Add SAS token scrubbing (@anshulahuja98) - Scrubs Azure SAS token parameters to prevent credential leakage - Redacts: sig, se, st, sp, spr, sv, sr, sip, srt, ss - Example: ?sig=secret becomes ?sig=***REDACTED*** Added comprehensive test coverage for SAS token scrubbing with 4 new test cases covering various scenarios. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Shubham Pampattiwar <spampatt@redhat.com>
Signed-off-by: Micah Nagel <micah.nagel@defenseunicorns.com>
Bumps [actions/stale](https://github.com/actions/stale) from 10.1.0 to 10.1.1. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v10.1.0...v10.1.1) --- updated-dependencies: - dependency-name: actions/stale dependency-version: 10.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Xun Jiang <xun.jiang@broadcom.com>
…hub_actions/actions/stale-10.1.1 Bump actions/stale from 10.1.0 to 10.1.1
feat: add apply flag to install command
|
Important Review skippedBot user detected. To trigger a single review, invoke the You can disable this status message by setting the Comment |
openshift-ci
bot
requested review from
savitharaghunathan and
shubham-pampattiwar
openshift-ci
bot
added
the
needs-ok-to-test
|
Hi @oadp-rebasebot-app[bot]. Thanks for your PR. I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Remove VolumeSnapshotClass from backup sync process. Signed-off-by: Xun Jiang <xun.jiang@broadcom.com>
Remove VolumeSnapshotClass from CSI B/R process.
…re-bsl-status-message-8368 Sanitize Azure HTTP responses in BSL status messages
…support - Introduced `CACertRef` field in `ObjectStorageLocation` to reference a Secret containing the CA certificate, replacing the deprecated `CACert` field. - Implemented validation logic to ensure mutual exclusivity between `CACert` and `CACertRef`. - Updated BSL controller and repository provider to handle the new certificate resolution logic. - Enhanced CLI to support automatic certificate discovery from BSL configurations. - Added unit and integration tests to validate new functionality and ensure backward compatibility. - Documented migration strategy for users transitioning from inline certificates to Secret-based management. Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>
This change enables BSL validation to work when using caCertRef (Secret-based CA certificate) by resolving the certificate from the Secret in velero core before passing it to the object store plugin as 'caCert' in the config map. This approach requires no changes to provider plugins since they already understand the 'caCert' config key. Changes: - Add SecretStore to objectBackupStoreGetter struct - Add NewObjectBackupStoreGetterWithSecretStore constructor - Update Get method to resolve caCertRef from Secret - Update server.go to use new constructor with SecretStore - Add CACertRef builder method and unit tests 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>
Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>
…ersion (vmware-tanzu#9451) Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>
oadp-rebasebot-app
bot
changed the title
oadp-rebasebot-cloner
bot
force-pushed
the
rebase-bot-oadp-dev
branch
from
3f2fc43 to
eaee76c
Compare
sseago
approved these changes
Dec 15, 2025
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: oadp-rebasebot-app[bot], sseago The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
The GetPodsUsingPVC function had O(N*M) complexity - for each PVC, it listed ALL pods in the namespace and iterated through each pod. With many PVCs and pods, this caused significant performance degradation (2+ seconds per PV in some cases). This change introduces a PVC-to-Pod cache that is built once per backup and reused for all PVC lookups, reducing complexity from O(N*M) to O(N+M). Changes: - Add PVCPodCache struct with thread-safe caching in podvolume pkg - Add NewVolumeHelperImplWithCache constructor for cache support - Build cache before backup item processing in backup.go - Add comprehensive unit tests for cache functionality - Graceful fallback to direct lookups if cache fails Fixes vmware-tanzu#9179 Signed-off-by: Shubham Pampattiwar <spampatt@redhat.com>
Signed-off-by: Shubham Pampattiwar <spampatt@redhat.com>
Add TestVolumeHelperImplWithCache_ShouldPerformSnapshot to verify: - Volume policy match with cache returns correct snapshot decision - fs-backup via opt-out with cache properly skips snapshot - Fallback to direct lookup when cache is not built These tests verify the cache-enabled code path added in the previous commit for improved volume policy performance. Signed-off-by: Shubham Pampattiwar <spampatt@redhat.com>
Add TestVolumeHelperImplWithCache_ShouldPerformFSBackup to verify: - Volume policy match with cache returns correct fs-backup decision - Volume policy match with snapshot action skips fs-backup - Fallback to direct lookup when cache is not built Signed-off-by: Shubham Pampattiwar <spampatt@redhat.com>
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
Signed-off-by: allenxu404 <qix2@vmware.com>
add UBI dockerfiles Use numeric user for velero-restic-restore-helper Enable multiarch builds (openshift#135) Use arm64-graviton2 for arm builds (openshift#137) Add required keys for arm builds (openshift#139) Update Travis build job to work w/o changes on new branches Use a full VM for arm Use numeric non-root user for nonroot SCC compatibility
(cherry picked from commit ccb545f) Update PR-BZ automation mapping (openshift#84) (cherry picked from commit aa2b019) Update PR-BZ automation (openshift#92) Co-authored-by: Rayford Johnson <rjohnson@redhat.com> (cherry picked from commit ecc563f) Add publish workflow (openshift#108) (cherry picked from commit f87b779)
Code-gen no longer required on verify due to vmware-tanzu#6039 Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com> oadp-1.2: Update Makefile.prow to velero-restore-helper
…nshift#280) Signed-off-by: Scott Seago <sseago@redhat.com>
Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>
Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>
Signed-off-by: Mateus Oliveira <msouzaol@redhat.com>
* fix: ARM images Signed-off-by: Mateus Oliveira <msouzaol@redhat.com> * fixup! fix: ARM images Signed-off-by: Mateus Oliveira <msouzaol@redhat.com> --------- Signed-off-by: Mateus Oliveira <msouzaol@redhat.com>
…#336) Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>
…openshift#334) (openshift#338) add missing unit test for kopia hashing algo (openshift#337) Introduction of downstream only option to override Kopia default: - hashing algorithm - splitting algorithm - encryption algorithm With introduction of 3 environment variables it is possible to override Kopia algorithms used by Velero: KOPIA_HASHING_ALGORITHM KOPIA_SPLITTER_ALGORITHM KOPIA_ENCRYPTION_ALGORITHM If the env algorithms are not set or they are not within Kopia SupportedAlgorithms, the default algorithm will be used. This behavior is consistent with current behavior without this change. Signed-off-by: Michal Pryc <mpryc@redhat.com> Signed-off-by: Shubham Pampattiwar <shubhampampattiwar7@gmail.com>
The rework of Makefile to make it more readable and inclusion of lint as a target as well extract golangci-lint version from the upstream Dockerfile, so we test in PROW or locally on the same version as upstream. Signed-off-by: Michal Pryc <mpryc@redhat.com>
This fixes the PR openshift#334 where one additional line was in the code. This was not exposed previously as we did not had downstream CI Lint jobs. Signed-off-by: Michal Pryc <mpryc@redhat.com>
* run oadp-operator e2e test from the velero repo execute openshift/oadp-operator e2e tests directly against the velero repo locally or via prow ci Signed-off-by: Wesley Hayutin <weshayutin@gmail.com> * update variable names, add a cleanup * make sure env variable overrides default velero_image Signed-off-by: Wesley Hayutin <weshayutin@gmail.com> * add options to build, push, and only test Signed-off-by: Wesley Hayutin <weshayutin@gmail.com> * add arch to name Signed-off-by: Wesley Hayutin <weshayutin@gmail.com> * remove duplicated clean/rm operator checkout * simplify by dropping export var and use a oneliner Co-authored-by: Tiger Kaovilai <passawit.kaovilai@gmail.com> * drop export and use oneliner Co-authored-by: Tiger Kaovilai <passawit.kaovilai@gmail.com> * just in case, allow oadp to be deployed from makefile Signed-off-by: Wesley Hayutin <weshayutin@gmail.com> * Update Makefile.prow Co-authored-by: Tiger Kaovilai <passawit.kaovilai@gmail.com> --------- Signed-off-by: Wesley Hayutin <weshayutin@gmail.com> Co-authored-by: Tiger Kaovilai <passawit.kaovilai@gmail.com>
…t#436) Signed-off-by: Scott Seago <sseago@redhat.com>
Fixes linting error. Signed-off-by: oadp-team-rebase-bot <oadp-maintainers@redhat.com>
oadp-rebasebot-app
bot
changed the title
oadp-rebasebot-cloner
bot
force-pushed
the
rebase-bot-oadp-dev
branch
from
6f6f020 to
b0be863
Compare
|
@oadp-rebasebot-app[bot]: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
18 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.