function

package
v0.0.0-...-2d35685 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 9, 2026 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Overview

Package function provides common utility functions for the OADP VM file restore controller, including metadata validation and logging helpers.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateFileBrowserCredentialsSecret 

func CreateFileBrowserCredentialsSecret(
	generateNamePrefix string,
	namespace string,
	credentials *FileBrowserCredentials,
	vmfrName string,
	vmfrNamespace string,
	vmfrUID apitypes.UID,
	logger logr.Logger,
) *corev1.Secret

CreateFileBrowserCredentialsSecret creates a Kubernetes Secret containing FileBrowser credentials. Uses generateName for automatic unique naming - Kubernetes appends a random suffix. The Secret will contain: - username: FileBrowser username - password: FileBrowser password The Secret can be found later using VMFROriginUUIDLabel and CredentialTypeLabel.

func CreateSSHCredentialsSecret 

func CreateSSHCredentialsSecret(
	generateNamePrefix string,
	namespace string,
	username string,
	keyPair *SSHKeyPair,
	vmfrName string,
	vmfrNamespace string,
	vmfrUID apitypes.UID,
	logger logr.Logger,
) *corev1.Secret

CreateSSHCredentialsSecret creates a Kubernetes Secret containing SSH credentials. Uses generateName for automatic unique naming - Kubernetes appends a random suffix. The Secret will contain: - username: SSH username - privateKey: SSH private key in PEM format - authorized_keys: SSH public key in authorized_keys format The Secret can be found later using VMFROriginUUIDLabel and CredentialTypeLabel.

func FormatSizeHumanReadable 

func FormatSizeHumanReadable(quantity resource.Quantity) string

FormatSizeHumanReadable converts a resource.Quantity to human-readable storage format. It ensures consistent formatting using binary units (Ki, Mi, Gi, Ti) which are standard for storage

func GenerateTemporaryVMFRNamespaceName 

func GenerateTemporaryVMFRNamespaceName(prefix, vmNamespace, vmName, uid string, logger logr.Logger) string

GenerateTemporaryVMFRNamespaceName generates a unique temporary namespace name. Format: [prefix-]<vm-namespace>-<vm-name>-<suffix> - prefix: optional string to prepend (can be empty) - vmNamespace, vmName: names of the VM - uid: UID string for uniqueness

func GenerateVeleroRestorePrefix 

func GenerateVeleroRestorePrefix(vmfrName, backupName string, logger logr.Logger) string

GenerateVeleroRestorePrefix generates a prefix for Velero Restore generateName field. Kubernetes will automatically append a random suffix (5 chars) to ensure uniqueness. Format: vmfr-<vmfr-name>-<backup-name>- - vmfrName: Name of the VirtualMachineFileRestore resource - backupName: Name of the Velero backup

func GetBackupTimestamp 

func GetBackupTimestamp(backup *veleroapi.Backup) *metav1.Time

GetBackupTimestamp returns the authoritative timestamp for when a Velero backup was taken. It prefers CompletionTimestamp (when the backup actually finished) over CreationTimestamp (when the backup object was created/imported). This is critical for synced backups where CreationTimestamp reflects import time, not backup time.

func GetLogger 

func GetLogger(ctx context.Context, obj client.Object, key string) logr.Logger

GetLogger return a logger from input ctx, with additional key/value pairs being input key and input obj name and namespace

func HasVMFRLabel 

func HasVMFRLabel(obj client.Object) bool

HasVMFRLabel checks if an object has the VMFR origin UUID label. This is used by predicates to filter resources owned by VirtualMachineFileRestore.

func NormalizeDNS1123Label 

func NormalizeDNS1123Label(baseName, suffix string) string

NormalizeDNS1123Label generates a normalized name that fits DNS-1123 label constraints (max 63 chars). This is a generic function that can be used for any Kubernetes resource name (Pod, Service, Route, etc.).

Format: <base-name>-<suffix> If the combined name exceeds 63 characters, the base-name portion is truncated.

The function ensures the result is valid for DNS-1123 labels: - Maximum 63 characters - Lowercase letters, numbers, and hyphens only - Must start and end with alphanumeric character

Parameters: - baseName: The primary name component (e.g., VMFR name, VM name) - suffix: The suffix to append (e.g., "filebrowser", "ssh", "restore")

Example: 

NormalizeDNS1123Label("my-restore", "filebrowser") -> "my-restore-filebrowser"
NormalizeDNS1123Label("very-long-vmfr-name-that-exceeds-maximum-length-limits", "filebrowser")
  -> "very-long-vmfr-name-that-exceeds-maximum-length-lim-filebrowser"

func ValidateFileBrowserSecret 

func ValidateFileBrowserSecret(secret *corev1.Secret, logger logr.Logger) error

ValidateFileBrowserSecret validates that a Secret contains the required FileBrowser credential fields. Required fields: - password: FileBrowser password Optional fields: - username: FileBrowser username (defaults to "oadp" if not provided)

func ValidateSSHPublicKey 

func ValidateSSHPublicKey(publicKey []byte) error

ValidateSSHPublicKey validates an SSH public key format using the crypto/ssh parser. This provides robust validation by actually parsing the key rather than simple string checks.

Security policy: Allows modern secure key types. For RSA keys, we allow "ssh-rsa" (the key type identifier in authorized_keys format) because: 1. All RSA keys in authorized_keys format are labeled "ssh-rsa" regardless of signature algorithm 2. Modern OpenSSH (7.2+) automatically negotiates SHA-2 signatures (rsa-sha2-256/512) at runtime 3. If ParseAuthorizedKey succeeds on an RSA key, it's already RSA2 (protocol v2), not the deprecated RSA1

Note: "rsa-sha2-256" and "rsa-sha2-512" are signature algorithm names negotiated during authentication, not key type identifiers that appear in the public key itself.

Allowed key types: - ssh-ed25519 (recommended - most secure) - ssh-rsa (RSA keys - modern SSH uses SHA-2 signatures) - ecdsa-sha2-nistp256/384/521 (ECDSA variants) - FIDO/U2F hardware key variants

func ValidateSSHSecret 

func ValidateSSHSecret(secret *corev1.Secret, logger logr.Logger) error

ValidateSSHSecret validates that a Secret contains the required SSH credential fields. Required fields: - authorized_keys: SSH public key in authorized_keys format Optional fields: - username: SSH username (defaults to "oadp" if not provided) - privateKey: SSH private key (only for user reference, not used by server)

Types

type FileBrowserCredentials 

type FileBrowserCredentials struct {
	// Username for FileBrowser access
	Username string
	// Password for FileBrowser access
	Password string
}

FileBrowserCredentials represents username/password credentials for FileBrowser

func GenerateFileBrowserCredentials 

func GenerateFileBrowserCredentials(username string, logger logr.Logger) (*FileBrowserCredentials, error)

GenerateFileBrowserCredentials generates random FileBrowser credentials. The password is a cryptographically secure random string (32 bytes, base64 encoded). Uses the provided username or defaults to constant.DefaultFileBrowserUsername ("oadp").

type SSHKeyPair 

type SSHKeyPair struct {
	// PrivateKey is the SSH private key in OpenSSH PEM format
	PrivateKey string
	// PublicKey is the SSH public key in OpenSSH authorized_keys format
	PublicKey string
}

SSHKeyPair represents an SSH public/private keypair

func GenerateSSHKeyPair 

func GenerateSSHKeyPair(logger logr.Logger) (*SSHKeyPair, error)

GenerateSSHKeyPair generates a new ED25519 SSH keypair. Returns an SSHKeyPair with PrivateKey in OpenSSH PEM format and PublicKey in authorized_keys format. ED25519 is chosen for its security, small key size, and fast operations.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.