cli: create backups for CRDs and their resources

These backups could be used in case an upgrade misbehaves after helm declared it as successful. The manual backups are required as helm-rollback won't touch custom resources and changes to CRDs delete resources of the old version.
2025-05-04 15:25:00 -04:00 · 2022-12-19 08:08:46 +01:00 · 2022-12-19 08:08:46 +01:00 · e7c7e35f51
commit e7c7e35f51
parent afbd4a3dc1
11 changed files with 397 additions and 87 deletions
--- a/cli/internal/helm/backup_test.go
+++ b/cli/internal/helm/backup_test.go
@ -0,0 +1,168 @@
+/*
+Copyright (c) Edgeless Systems GmbH
+
+SPDX-License-Identifier: AGPL-3.0-only
+*/
+
+package helm
+
+import (
+	"context"
+	"path/filepath"
+	"testing"
+
+	"github.com/edgelesssys/constellation/v2/internal/file"
+	"github.com/pkg/errors"
+	"github.com/spf13/afero"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/yaml"
+)
+
+func TestBackupCRDs(t *testing.T) {
+	testCases := map[string]struct {
+		crd          string
+		expectedFile string
+		getCRDsError error
+		wantError    bool
+	}{
+		"success": {
+			crd:          "apiVersion: \nkind: \nmetadata:\n  name: foobar\n  creationTimestamp: null\nspec:\n  group: \"\"\n  names:\n    kind: \"somename\"\n    plural: \"somenames\"\n  scope: \"\"\n  versions: null\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: null\n  storedVersions: null\n",
+			expectedFile: "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  name: foobar\n  creationTimestamp: null\nspec:\n  group: \"\"\n  names:\n    kind: \"somename\"\n    plural: \"somenames\"\n  scope: \"\"\n  versions: null\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: null\n  storedVersions: null\n",
+		},
+		"api request fails": {
+			getCRDsError: errors.New("api error"),
+			wantError:    true,
+		},
+	}
+
+	for name, tc := range testCases {
+		t.Run(name, func(t *testing.T) {
+			assert := assert.New(t)
+			require := require.New(t)
+			memFs := afero.NewMemMapFs()
+
+			crd := apiextensionsv1.CustomResourceDefinition{}
+			err := yaml.Unmarshal([]byte(tc.crd), &crd)
+			require.NoError(err)
+			client := Client{
+				config:  nil,
+				kubectl: stubCrdClient{crds: []apiextensionsv1.CustomResourceDefinition{crd}, getCRDsError: tc.getCRDsError},
+				fs:      file.NewHandler(memFs),
+				log:     stubLog{},
+			}
+
+			_, err = client.backupCRDs(context.Background())
+			if tc.wantError {
+				assert.Error(err)
+				return
+			}
+			assert.NoError(err)
+
+			data, err := afero.ReadFile(memFs, filepath.Join(crdBackupFolder, crd.Name+".yaml"))
+			require.NoError(err)
+			assert.YAMLEq(tc.expectedFile, string(data))
+		})
+	}
+}
+
+func TestBackupCRs(t *testing.T) {
+	testCases := map[string]struct {
+		crd          apiextensionsv1.CustomResourceDefinition
+		resource     unstructured.Unstructured
+		expectedFile string
+		getCRsError  error
+		wantError    bool
+	}{
+		"success": {
+			crd: apiextensionsv1.CustomResourceDefinition{
+				Spec: apiextensionsv1.CustomResourceDefinitionSpec{
+					Names: apiextensionsv1.CustomResourceDefinitionNames{
+						Plural: "foobars",
+					},
+					Group: "some.group",
+					Versions: []apiextensionsv1.CustomResourceDefinitionVersion{
+						{
+							Name: "versionZero",
+						},
+					},
+				},
+			},
+			resource:     unstructured.Unstructured{Object: map[string]any{"metadata": map[string]any{"name": "foobar"}}},
+			expectedFile: "metadata:\n  name: foobar\n",
+		},
+		"api request fails": {
+			crd: apiextensionsv1.CustomResourceDefinition{
+				Spec: apiextensionsv1.CustomResourceDefinitionSpec{
+					Names: apiextensionsv1.CustomResourceDefinitionNames{
+						Plural: "foobars",
+					},
+					Group: "some.group",
+					Versions: []apiextensionsv1.CustomResourceDefinitionVersion{
+						{
+							Name: "versionZero",
+						},
+					},
+				},
+			},
+			getCRsError: errors.New("api error"),
+			wantError:   true,
+		},
+	}
+
+	for name, tc := range testCases {
+		t.Run(name, func(t *testing.T) {
+			assert := assert.New(t)
+			require := require.New(t)
+			memFs := afero.NewMemMapFs()
+
+			client := Client{
+				config:  nil,
+				kubectl: stubCrdClient{crs: []unstructured.Unstructured{tc.resource}, getCRsError: tc.getCRsError},
+				fs:      file.NewHandler(memFs),
+				log:     stubLog{},
+			}
+
+			err := client.backupCRs(context.Background(), []apiextensionsv1.CustomResourceDefinition{tc.crd})
+			if tc.wantError {
+				assert.Error(err)
+				return
+			}
+			assert.NoError(err)
+
+			data, err := afero.ReadFile(memFs, filepath.Join(backupFolder, tc.resource.GetName()+".yaml"))
+			require.NoError(err)
+			assert.YAMLEq(tc.expectedFile, string(data))
+		})
+	}
+}
+
+type stubLog struct{}
+
+func (s stubLog) Debugf(format string, args ...any) {}
+func (s stubLog) Sync()                             {}
+
+type stubCrdClient struct {
+	crds         []apiextensionsv1.CustomResourceDefinition
+	getCRDsError error
+	crs          []unstructured.Unstructured
+	getCRsError  error
+	crdClient
+}
+
+func (c stubCrdClient) GetCRDs(ctx context.Context) ([]apiextensionsv1.CustomResourceDefinition, error) {
+	if c.getCRDsError != nil {
+		return nil, c.getCRDsError
+	}
+	return c.crds, nil
+}
+
+func (c stubCrdClient) GetCRs(ctx context.Context, gvr schema.GroupVersionResource) ([]unstructured.Unstructured, error) {
+	if c.getCRsError != nil {
+		return nil, c.getCRsError
+	}
+	return c.crs, nil
+}