diff --git a/LICENSE.md b/LICENSE.md index dc16ee168..e53a7ba8a 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -2,4 +2,4 @@ Source code in this repository, Binaries, Docker images and Charts produced by the build process are licensed under the AppsCode Community License 1.0.0. You may obtain a copy of the License at - - [AppsCode-Community-1.0.0](https://github.com/appscode/licenses/raw/1.0.0/AppsCode-Community-1.0.0.md) +- [AppsCode-Community-1.0.0](https://github.com/appscode/licenses/raw/1.0.0/AppsCode-Community-1.0.0.md) \ No newline at end of file diff --git a/go.mod b/go.mod index 4ba6e4973..a1291cf39 100644 --- a/go.mod +++ b/go.mod @@ -211,3 +211,5 @@ replace sigs.k8s.io/controller-runtime => github.com/kmodules/controller-runtime replace github.com/imdario/mergo => github.com/imdario/mergo v0.3.6 replace k8s.io/apiserver => github.com/kmodules/apiserver v0.32.3-0.20250221062720-35dc674c7dd6 + +replace kmodules.xyz/objectstore-api => github.com/anisurrahman75/objectstore-api v0.0.0-20250923125019-7e661dd70060 diff --git a/go.sum b/go.sum index 8c6cefcc9..8f864628f 100644 --- a/go.sum +++ b/go.sum @@ -75,6 +75,8 @@ github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lpr github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/anisurrahman75/objectstore-api v0.0.0-20250923125019-7e661dd70060 h1:SooXahlYDtC7gwwgjxbyJuzwBND/dc+oCwjK2onxuLs= +github.com/anisurrahman75/objectstore-api v0.0.0-20250923125019-7e661dd70060/go.mod h1:LemalivFgrGxl13NsfileTiBje8HjaA1K/rMxmxdozk= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2 h1:7Ip0wMmLHLRJdrloDxZfhMm0xrLXZS8+COSu2bXmEQs= github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= @@ -849,8 +851,6 @@ kmodules.xyz/csi-utils v0.29.1 h1:O0WDb/rsqj+FwT3C/KshB9hhBTh84YCP3fVb1UGMuHw= kmodules.xyz/csi-utils v0.29.1/go.mod h1:tcUPTlt0NSlo0RdsHGvA5+LvXhC1WDloqVUkZrzN9MM= kmodules.xyz/custom-resources v0.30.0 h1:vR3CbseHMLwR4GvtcJJuRuwIV8voKqFqNii27rMcm1o= kmodules.xyz/custom-resources v0.30.0/go.mod h1:ZsTuI2mLG2s3byre7bHmpxJ9w0HDqAkRTL1+izGFI24= -kmodules.xyz/objectstore-api v0.32.1 h1:5Os8XBI3tzie0kj+lijWMDo9fU0Z4SiNrg/yDS3X6PQ= -kmodules.xyz/objectstore-api v0.32.1/go.mod h1:LemalivFgrGxl13NsfileTiBje8HjaA1K/rMxmxdozk= kmodules.xyz/offshoot-api v0.32.0 h1:gogc5scSZe2JoXtZof72UGRl3Tit0kFaFRMkLLT1D8o= kmodules.xyz/offshoot-api v0.32.0/go.mod h1:tled7OxYZ3SkUJcrVFVVYyd+zXjsRSEm1R6Q3k4gcx0= kmodules.xyz/openshift v0.29.0 h1:8PXjeQ+usUGkLnYUMSbZrMg+i1OIYBe9UWOeBf2FRzU= diff --git a/pkg/purge_repos.go b/pkg/purge_repos.go index f96c65a41..d32e2f5d4 100644 --- a/pkg/purge_repos.go +++ b/pkg/purge_repos.go @@ -392,6 +392,9 @@ func (opt *purgeOptions) generateRepoListScript(repoBase string, rw *restic.Rest if rw.GetCaPath() != "" { cmd += fmt.Sprintf(` --cacert "%s"`, rw.GetCaPath()) } + if opt.backendConfig.S3 != nil && opt.backendConfig.S3.InsecureTLS { + cmd += ` --insecure-tls` + } cmd += fmt.Sprintf(` || echo "Failed to access repository %s"`, dir) lines = append(lines, cmd) } @@ -676,36 +679,41 @@ func (opt *purgeOptions) generateRepoPurgeScript(rw *restic.ResticWrapper, repoB cacertFlag = fmt.Sprintf(` --cacert "%s"`, rw.GetCaPath()) } + insecureTLSFlag := "" + if opt.backendConfig.S3 != nil && opt.backendConfig.S3.InsecureTLS { + insecureTLSFlag = ` --insecure-tls` + } + purgeFunction := fmt.Sprintf(`purge_repo() { repo=$1 export RESTIC_REPOSITORY="$repo" - if ! restic forget --keep-last 1 --group-by '' --prune --no-cache --json%s >/dev/null 2>&1; then + if ! restic forget --keep-last 1 --group-by '' --prune --no-cache --json%s %s >/dev/null 2>&1; then echo "Failed forget (keep-last) for $repo" results="$results\n❌ $repo: failed at keep-last" return 1 fi - ID=$(restic snapshots --latest 1 --no-cache --json%s | jq -r '.[0].id // empty') + ID=$(restic snapshots --latest 1 --no-cache --json%s %s | jq -r '.[0].id // empty') if [ -z "$ID" ]; then echo "Repo $repo is already empty" results="$results\n⚠️ $repo: already empty" return 0 fi - if ! restic forget "$ID" --prune --no-cache%s >/dev/null 2>&1; then + if ! restic forget "$ID" --prune --no-cache%s %s >/dev/null 2>&1; then echo "Failed final forget for $repo" results="$results\n❌ $repo: failed at final forget" return 1 fi - if restic snapshots --json --no-cache%s | jq -e 'length==0' >/dev/null; then + if restic snapshots --json --no-cache%s %s | jq -e 'length==0' >/dev/null; then results="$results\n✅ $repo: all snapshots purged" else echo "Repo $repo: some snapshots remain" results="$results\n⚠️ $repo: not fully purged" fi - }`, cacertFlag, cacertFlag, cacertFlag, cacertFlag) + }`, cacertFlag, insecureTLSFlag, cacertFlag, insecureTLSFlag, cacertFlag, insecureTLSFlag, cacertFlag, insecureTLSFlag) lines = append(lines, purgeFunction) diff --git a/vendor/kmodules.xyz/objectstore-api/api/v1/generated.pb.go b/vendor/kmodules.xyz/objectstore-api/api/v1/generated.pb.go index 8fda32292..61b390510 100644 --- a/vendor/kmodules.xyz/objectstore-api/api/v1/generated.pb.go +++ b/vendor/kmodules.xyz/objectstore-api/api/v1/generated.pb.go @@ -21,6 +21,7 @@ package v1 import ( fmt "fmt" + io "io" math "math" math_bits "math/bits" diff --git a/vendor/kmodules.xyz/objectstore-api/pkg/blob/blob.go b/vendor/kmodules.xyz/objectstore-api/pkg/blob/blob.go index 1f5c5a216..70df17146 100644 --- a/vendor/kmodules.xyz/objectstore-api/pkg/blob/blob.go +++ b/vendor/kmodules.xyz/objectstore-api/pkg/blob/blob.go @@ -30,6 +30,7 @@ import ( api "kmodules.xyz/objectstore-api/api/v1" aws2 "github.com/aws/aws-sdk-go-v2/aws" + awshttp "github.com/aws/aws-sdk-go-v2/aws/transport/http" "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/credentials" "github.com/aws/aws-sdk-go-v2/service/s3" @@ -503,7 +504,7 @@ func (b *Blob) getS3Config(ctx context.Context, debug bool) (aws2.Config, error) return config.LoadDefaultConfig(ctx, loadOptions...) } -func configureTLS(caCert []byte, insecureTLS bool) (*http.Client, error) { +func configureTLS(caCert []byte, insecureTLS bool) (*awshttp.BuildableClient, error) { tlsConfig := &tls.Config{ InsecureSkipVerify: insecureTLS, } @@ -514,12 +515,12 @@ func configureTLS(caCert []byte, insecureTLS bool) (*http.Client, error) { } tlsConfig.RootCAs = caCertPool } - rt := http.DefaultTransport.(*http.Transport).Clone() - rt.TLSClientConfig = tlsConfig + buildableClient := awshttp.NewBuildableClient().WithTransportOptions(func(tr *http.Transport) { + tr.TLSClientConfig = tlsConfig + }) + // https://docs.aws.amazon.com/sdk-for-go/v2/developer-guide/configure-http.html#transport - return &http.Client{ - Transport: rt, - }, nil + return buildableClient, nil } func (b *Blob) SetPathAsDir(ctx context.Context, path string) error { diff --git a/vendor/modules.txt b/vendor/modules.txt index b67c80b86..05cd3d88d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1765,7 +1765,7 @@ kmodules.xyz/custom-resources/client/clientset/versioned/scheme kmodules.xyz/custom-resources/client/clientset/versioned/typed/appcatalog/v1alpha1 kmodules.xyz/custom-resources/client/clientset/versioned/typed/metrics/v1alpha1 kmodules.xyz/custom-resources/crds -# kmodules.xyz/objectstore-api v0.32.1 +# kmodules.xyz/objectstore-api v0.32.1 => github.com/anisurrahman75/objectstore-api v0.0.0-20250923125019-7e661dd70060 ## explicit; go 1.24 kmodules.xyz/objectstore-api/api/v1 kmodules.xyz/objectstore-api/pkg/blob @@ -1968,3 +1968,4 @@ stash.appscode.dev/stash/pkg/util # sigs.k8s.io/controller-runtime => github.com/kmodules/controller-runtime v0.20.3-0.20250221050548-8eabe54e7dda # github.com/imdario/mergo => github.com/imdario/mergo v0.3.6 # k8s.io/apiserver => github.com/kmodules/apiserver v0.32.3-0.20250221062720-35dc674c7dd6 +# kmodules.xyz/objectstore-api => github.com/anisurrahman75/objectstore-api v0.0.0-20250923125019-7e661dd70060