From 3ef30897ae094039834b9b42e8baaae27a03e869 Mon Sep 17 00:00:00 2001 From: Lyndon-Li Date: Tue, 21 Apr 2026 14:14:24 +0800 Subject: [PATCH 01/12] CBT bitmap implementation Signed-off-by: Lyndon-Li --- changelogs/unreleased/9736-Lyndon-Li | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelogs/unreleased/9736-Lyndon-Li diff --git a/changelogs/unreleased/9736-Lyndon-Li b/changelogs/unreleased/9736-Lyndon-Li new file mode 100644 index 000000000..ef271b063 --- /dev/null +++ b/changelogs/unreleased/9736-Lyndon-Li @@ -0,0 +1 @@ +Add CBT bitmap implementation for block data mover \ No newline at end of file From a1fd85c79125365806b85646cf00044ca09980a7 Mon Sep 17 00:00:00 2001 From: Lyndon-Li Date: Tue, 21 Apr 2026 16:07:06 +0800 Subject: [PATCH 02/12] add CBT bitmap implementation Signed-off-by: Lyndon-Li --- go.mod | 3 + go.sum | 6 + pkg/cbtservice/mocks/Service.go | 171 ++++++++++++++++ pkg/cbtservice/service.go | 4 +- pkg/uploader/cbt/bitmap.go | 112 ++++++++++- pkg/uploader/cbt/bitmap_test.go | 256 ++++++++++++++++++++++++ pkg/uploader/cbt/mocks/Bitmap.go | 294 +++++++++++++++++++++++++++ pkg/uploader/cbt/mocks/Iterator.go | 309 +++++++++++++++++++++++++++++ pkg/uploader/cbt/set.go | 49 +++-- pkg/uploader/cbt/set_test.go | 150 ++++++++++++++ 10 files changed, 1328 insertions(+), 26 deletions(-) create mode 100644 pkg/cbtservice/mocks/Service.go create mode 100644 pkg/uploader/cbt/bitmap_test.go create mode 100644 pkg/uploader/cbt/mocks/Bitmap.go create mode 100644 pkg/uploader/cbt/mocks/Iterator.go create mode 100644 pkg/uploader/cbt/set_test.go diff --git a/go.mod b/go.mod index e80bfbcf9..efdc3b828 100644 --- a/go.mod +++ b/go.mod @@ -9,6 +9,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.6.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.8.1 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.6.3 + github.com/RoaringBitmap/roaring v1.9.4 github.com/aws/aws-sdk-go-v2 v1.24.1 github.com/aws/aws-sdk-go-v2/config v1.26.3 github.com/aws/aws-sdk-go-v2/credentials v1.16.14 @@ -91,6 +92,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.6 // indirect github.com/aws/smithy-go v1.19.0 // indirect github.com/beorn7/perks v1.0.1 // indirect + github.com/bits-and-blooms/bitset v1.12.0 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chmduquesne/rollinghash v4.0.0+incompatible // indirect @@ -148,6 +150,7 @@ require ( github.com/moby/term v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/mschoch/smat v0.2.0 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/mxk/go-vss v1.2.0 // indirect diff --git a/go.sum b/go.sum index d8ee0cab0..a2196812b 100644 --- a/go.sum +++ b/go.sum @@ -113,6 +113,8 @@ github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb0 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= +github.com/RoaringBitmap/roaring v1.9.4 h1:yhEIoH4YezLYT04s1nHehNO64EKFTop/wBhxv2QzDdQ= +github.com/RoaringBitmap/roaring v1.9.4/go.mod h1:6AXUsoIEzDTFFQCe1RbGA6uFONMhvejWj5rqITANK90= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= @@ -168,6 +170,8 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/bits-and-blooms/bitset v1.12.0 h1:U/q1fAF7xXRhFCrhROzIfffYnu+dlS38vCZtmFVPHmA= +github.com/bits-and-blooms/bitset v1.12.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8= github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= @@ -562,6 +566,8 @@ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3Rllmb github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= +github.com/mschoch/smat v0.2.0 h1:8imxQsjDm8yFEAVBe7azKmKSgzSkZXDuKkSq9374khM= +github.com/mschoch/smat v0.2.0/go.mod h1:kc9mz7DoBKqDyiRL7VZN8KvXQMWeTaVnttLRXOlotKw= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= diff --git a/pkg/cbtservice/mocks/Service.go b/pkg/cbtservice/mocks/Service.go new file mode 100644 index 000000000..f7a9567a8 --- /dev/null +++ b/pkg/cbtservice/mocks/Service.go @@ -0,0 +1,171 @@ +// Code generated by mockery; DO NOT EDIT. +// github.com/vektra/mockery +// template: testify + +package mocks + +import ( + "context" + + mock "github.com/stretchr/testify/mock" + "github.com/vmware-tanzu/velero/pkg/cbtservice" +) + +// NewService creates a new instance of Service. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewService(t interface { + mock.TestingT + Cleanup(func()) +}) *Service { + mock := &Service{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} + +// Service is an autogenerated mock type for the Service type +type Service struct { + mock.Mock +} + +type Service_Expecter struct { + mock *mock.Mock +} + +func (_m *Service) EXPECT() *Service_Expecter { + return &Service_Expecter{mock: &_m.Mock} +} + +// GetAllocatedBlocks provides a mock function for the type Service +func (_mock *Service) GetAllocatedBlocks(ctx context.Context, snapshot string, record func([]cbtservice.Range) error) error { + ret := _mock.Called(ctx, snapshot, record) + + if len(ret) == 0 { + panic("no return value specified for GetAllocatedBlocks") + } + + var r0 error + if returnFunc, ok := ret.Get(0).(func(context.Context, string, func([]cbtservice.Range) error) error); ok { + r0 = returnFunc(ctx, snapshot, record) + } else { + r0 = ret.Error(0) + } + return r0 +} + +// Service_GetAllocatedBlocks_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetAllocatedBlocks' +type Service_GetAllocatedBlocks_Call struct { + *mock.Call +} + +// GetAllocatedBlocks is a helper method to define mock.On call +// - ctx context.Context +// - snapshot string +// - record func([]cbtservice.Range) error +func (_e *Service_Expecter) GetAllocatedBlocks(ctx interface{}, snapshot interface{}, record interface{}) *Service_GetAllocatedBlocks_Call { + return &Service_GetAllocatedBlocks_Call{Call: _e.mock.On("GetAllocatedBlocks", ctx, snapshot, record)} +} + +func (_c *Service_GetAllocatedBlocks_Call) Run(run func(ctx context.Context, snapshot string, record func([]cbtservice.Range) error)) *Service_GetAllocatedBlocks_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 string + if args[1] != nil { + arg1 = args[1].(string) + } + var arg2 func([]cbtservice.Range) error + if args[2] != nil { + arg2 = args[2].(func([]cbtservice.Range) error) + } + run( + arg0, + arg1, + arg2, + ) + }) + return _c +} + +func (_c *Service_GetAllocatedBlocks_Call) Return(err error) *Service_GetAllocatedBlocks_Call { + _c.Call.Return(err) + return _c +} + +func (_c *Service_GetAllocatedBlocks_Call) RunAndReturn(run func(ctx context.Context, snapshot string, record func([]cbtservice.Range) error) error) *Service_GetAllocatedBlocks_Call { + _c.Call.Return(run) + return _c +} + +// GetChangedBlocks provides a mock function for the type Service +func (_mock *Service) GetChangedBlocks(ctx context.Context, snapshot string, changeID string, record func([]cbtservice.Range) error) error { + ret := _mock.Called(ctx, snapshot, changeID, record) + + if len(ret) == 0 { + panic("no return value specified for GetChangedBlocks") + } + + var r0 error + if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, func([]cbtservice.Range) error) error); ok { + r0 = returnFunc(ctx, snapshot, changeID, record) + } else { + r0 = ret.Error(0) + } + return r0 +} + +// Service_GetChangedBlocks_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetChangedBlocks' +type Service_GetChangedBlocks_Call struct { + *mock.Call +} + +// GetChangedBlocks is a helper method to define mock.On call +// - ctx context.Context +// - snapshot string +// - changeID string +// - record func([]cbtservice.Range) error +func (_e *Service_Expecter) GetChangedBlocks(ctx interface{}, snapshot interface{}, changeID interface{}, record interface{}) *Service_GetChangedBlocks_Call { + return &Service_GetChangedBlocks_Call{Call: _e.mock.On("GetChangedBlocks", ctx, snapshot, changeID, record)} +} + +func (_c *Service_GetChangedBlocks_Call) Run(run func(ctx context.Context, snapshot string, changeID string, record func([]cbtservice.Range) error)) *Service_GetChangedBlocks_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 string + if args[1] != nil { + arg1 = args[1].(string) + } + var arg2 string + if args[2] != nil { + arg2 = args[2].(string) + } + var arg3 func([]cbtservice.Range) error + if args[3] != nil { + arg3 = args[3].(func([]cbtservice.Range) error) + } + run( + arg0, + arg1, + arg2, + arg3, + ) + }) + return _c +} + +func (_c *Service_GetChangedBlocks_Call) Return(err error) *Service_GetChangedBlocks_Call { + _c.Call.Return(err) + return _c +} + +func (_c *Service_GetChangedBlocks_Call) RunAndReturn(run func(ctx context.Context, snapshot string, changeID string, record func([]cbtservice.Range) error) error) *Service_GetChangedBlocks_Call { + _c.Call.Return(run) + return _c +} diff --git a/pkg/cbtservice/service.go b/pkg/cbtservice/service.go index 96e43b2c4..3e2a0591d 100644 --- a/pkg/cbtservice/service.go +++ b/pkg/cbtservice/service.go @@ -20,8 +20,8 @@ import "context" // Range defines the range of a change type Range struct { - Offset int64 - Length int64 + Offset uint64 + Length uint64 } // SourceInfo is the information provided to the uploader, the uploader calls CBT service with this information diff --git a/pkg/uploader/cbt/bitmap.go b/pkg/uploader/cbt/bitmap.go index 6cf6e61e0..6defaf8b0 100644 --- a/pkg/uploader/cbt/bitmap.go +++ b/pkg/uploader/cbt/bitmap.go @@ -16,22 +16,29 @@ limitations under the License. package cbt -import "github.com/vmware-tanzu/velero/pkg/cbtservice" +import ( + "math/bits" + + "github.com/RoaringBitmap/roaring" +) // Bitmap defines the methods to store and iterate the CBT bitmap type Bitmap interface { // Set sets bits within the provided range - Set(cbtservice.Range) + Set(uint64, uint64) // SetFull sets all bits to the bitmap SetFull() // Snapshot returns snapshot of the bitmap - SourceID() string + Snapshot() string // ChangeID returns the changeID of the bitmap ChangeID() string + // VolumeID return ID of the volume from which the snapshot is taken + VolumeID() string + // Iterator returns the iterator for the CBT Bitmap Iterator() Iterator } @@ -44,12 +51,107 @@ type Iterator interface { // Snapshot returns snapshot of the bitmap Snapshot() string + // VolumeID return ID of the volume from which the snapshot is taken + VolumeID() string + // BlockSize returns the granularity of the bitmap - BlockSize() int + BlockSize() uint // Count returns the toal number of count in the bitmap Count() uint64 // Next returns the offset of the next set block and whether it comes to the end of the iteration - Next() (int64, bool) + Next() (uint64, bool) +} + +const ( + InvalidOffset64 = ^uint64(0) +) + +type bitmapImpl struct { + bitmap *roaring.Bitmap + blockSize uint + blockSizeLog int + length uint64 + snapshot string + changeID string + volumeID string +} + +type bitmapIterator struct { + bitmapImpl + iterator roaring.IntPeekable +} + +func NewBitmap(blockSize uint, length uint64, snapshot string, changeID string, volumeID string) Bitmap { + return &bitmapImpl{ + bitmap: roaring.New(), + blockSize: blockSize, + blockSizeLog: bits.Len(blockSize) - 1, + length: length, + snapshot: snapshot, + changeID: changeID, + volumeID: volumeID, + } +} + +func (c *bitmapImpl) Set(offset, length uint64) { + if offset >= c.length { + return + } + + if offset+length > c.length { + length = c.length - offset + } + + start := offset >> c.blockSizeLog + end := uint64((offset + length + uint64(c.blockSize) - 1) >> c.blockSizeLog) + + c.bitmap.AddRange(start, end) +} + +func (c *bitmapImpl) SetFull() { + start := uint64(0) + end := uint64((c.length + uint64(c.blockSize) - 1) >> c.blockSizeLog) + + c.bitmap.AddRange(start, end) +} + +func (c *bitmapImpl) Snapshot() string { + return c.snapshot +} + +func (c *bitmapImpl) ChangeID() string { + return c.changeID +} + +func (c *bitmapImpl) VolumeID() string { + return c.volumeID +} + +func (c *bitmapImpl) Iterator() Iterator { + if c.bitmap == nil { + return nil + } + + return &bitmapIterator{ + bitmapImpl: *c, + iterator: c.bitmap.Iterator(), + } +} + +func (c *bitmapIterator) Next() (uint64, bool) { + if !c.iterator.HasNext() { + return InvalidOffset64, false + } + + return uint64(c.iterator.Next()) << c.blockSizeLog, true +} + +func (c *bitmapIterator) Count() uint64 { + return c.bitmap.GetCardinality() +} + +func (c *bitmapIterator) BlockSize() uint { + return c.blockSize } diff --git a/pkg/uploader/cbt/bitmap_test.go b/pkg/uploader/cbt/bitmap_test.go new file mode 100644 index 000000000..9671ad3d9 --- /dev/null +++ b/pkg/uploader/cbt/bitmap_test.go @@ -0,0 +1,256 @@ +/* +Copyright The Velero Contributors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package cbt + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestBitmapProperties(t *testing.T) { + b := NewBitmap(1024*1024, 10000*1024*1024, "snap-1", "change-1", "vol-1") + assert.Equal(t, "snap-1", b.Snapshot()) + assert.Equal(t, "change-1", b.ChangeID()) + assert.Equal(t, "vol-1", b.VolumeID()) +} + +func TestBitmapSet(t *testing.T) { + const mb = 1024 * 1024 + const gb = 1024 * 1024 * 1024 + + tests := []struct { + name string + blockSize uint + totalLength uint64 + setCalls []struct{ offset, length uint64 } + expectedCount uint64 + expectedNext []uint64 + }{ + { + name: "set single block within bounds", + blockSize: mb, + totalLength: 10 * gb, + setCalls: []struct{ offset, length uint64 }{ + {0, 1000}, + }, + expectedCount: 1, + expectedNext: []uint64{0}, + }, + { + name: "set exactly one block", + blockSize: mb, + totalLength: 10 * gb, + setCalls: []struct{ offset, length uint64 }{ + {0, mb}, + }, + expectedCount: 1, + expectedNext: []uint64{0}, + }, + { + name: "set overlapping two blocks", + blockSize: mb, + totalLength: 10 * gb, + setCalls: []struct{ offset, length uint64 }{ + {mb - 1, 2}, + }, + expectedCount: 2, + expectedNext: []uint64{0, mb}, + }, + { + name: "set multiple non-contiguous blocks", + blockSize: mb, + totalLength: 20 * gb, + setCalls: []struct{ offset, length uint64 }{ + {0, 100}, + {2 * mb, 100}, + }, + expectedCount: 2, + expectedNext: []uint64{0, 2 * mb}, + }, + { + name: "set completely out of bounds (offset >= length)", + blockSize: mb, + totalLength: 10 * gb, + setCalls: []struct{ offset, length uint64 }{ + {10 * gb, 100}, + {15 * gb, 100}, + }, + expectedCount: 0, + expectedNext: []uint64{}, + }, + { + name: "set partially out of bounds (truncated)", + blockSize: mb, + totalLength: 10 * gb, + setCalls: []struct{ offset, length uint64 }{ + {10*gb - mb/2, mb}, // Starts in the last block, length pushes it out of bounds + }, + expectedCount: 1, // Only the last block should be set + expectedNext: []uint64{10*gb - mb}, + }, + { + name: "set spanning entire length", + blockSize: mb, + totalLength: 3 * mb, // 3 blocks: 0-1MB, 1MB-2MB, 2MB-3MB + setCalls: []struct{ offset, length uint64 }{ + {0, 3 * mb}, + }, + expectedCount: 3, + expectedNext: []uint64{0, mb, 2 * mb}, + }, + { + name: "set large contiguous range", + blockSize: mb, + totalLength: 100 * gb, + setCalls: []struct{ offset, length uint64 }{ + {10 * mb, 5 * mb}, // Starts at 10MB, spans 5 full blocks + }, + expectedCount: 5, + expectedNext: []uint64{10 * mb, 11 * mb, 12 * mb, 13 * mb, 14 * mb}, + }, + { + name: "set empty length", + blockSize: mb, + totalLength: 10 * gb, + setCalls: []struct{ offset, length uint64 }{ + {mb, 0}, + }, + expectedCount: 0, + expectedNext: []uint64{}, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + b := NewBitmap(tt.blockSize, tt.totalLength, "snap-1", "change-1", "vol-1") + + for _, call := range tt.setCalls { + b.Set(call.offset, call.length) + } + + iter := b.Iterator() + require.NotNil(t, iter) + + assert.Equal(t, tt.expectedCount, iter.Count()) + + var actualNext []uint64 + for { + offset, hasNext := iter.Next() + if !hasNext { + assert.Equal(t, InvalidOffset64, offset) + break + } + actualNext = append(actualNext, offset) + } + + if len(tt.expectedNext) == 0 { + assert.Empty(t, actualNext) + } else { + assert.Equal(t, tt.expectedNext, actualNext) + } + }) + } +} + +func TestBitmapSetFull(t *testing.T) { + const mb = 1024 * 1024 + // Total length 3MB, blockSize 1MB. This means 3 blocks total: + // block 0: 0 - 1MB + // block 1: 1MB - 2MB + // block 2: 2MB - 3MB + b := NewBitmap(mb, 3*mb, "snap-1", "change-1", "vol-1") + b.SetFull() + + iter := b.Iterator() + require.NotNil(t, iter) + + assert.Equal(t, uint64(3), iter.Count()) + + expectedOffsets := []uint64{0, mb, 2 * mb} + var actualOffsets []uint64 + for { + offset, hasNext := iter.Next() + if !hasNext { + break + } + actualOffsets = append(actualOffsets, offset) + } + + assert.Equal(t, expectedOffsets, actualOffsets) +} + +func TestBitmapIterator(t *testing.T) { + const mb = 1024 * 1024 + const gb = 1024 * 1024 * 1024 + + b := NewBitmap(mb, 10*gb, "snap-1", "change-1", "vol-1") + + // Set multiple ranges to test contiguous iteration + b.Set(mb, 100) // Block 1 + b.Set(3*mb, 5*mb) // Blocks 3, 4, 5, 6, 7 + b.Set(10*gb-mb, mb) // Last block + + iter := b.Iterator() + require.NotNil(t, iter) + + // Test iterator properties + assert.Equal(t, "snap-1", iter.Snapshot()) + assert.Equal(t, "change-1", iter.ChangeID()) + assert.Equal(t, "vol-1", iter.VolumeID()) + assert.Equal(t, uint(mb), iter.BlockSize()) + assert.Equal(t, uint64(7), iter.Count()) // 1 + 5 + 1 = 7 blocks + + expectedOffsets := []uint64{ + mb, + 3 * mb, 4 * mb, 5 * mb, 6 * mb, 7 * mb, + 10*gb - mb, + } + + // Test iteration + var actualOffsets []uint64 + for { + offset, hasNext := iter.Next() + if !hasNext { + assert.Equal(t, InvalidOffset64, offset) + break + } + actualOffsets = append(actualOffsets, offset) + } + + assert.Equal(t, expectedOffsets, actualOffsets) + + // Test end of iteration multiple times to ensure it stays exhausted + offset, hasNext := iter.Next() + assert.False(t, hasNext) + assert.Equal(t, InvalidOffset64, offset) + + offset, hasNext = iter.Next() + assert.False(t, hasNext) + assert.Equal(t, InvalidOffset64, offset) +} + +func TestBitmapIteratorNilBitmap(t *testing.T) { + // Directly create bitmapImpl with a nil roaring.Bitmap to test safety + b := &bitmapImpl{ + bitmap: nil, + } + + iter := b.Iterator() + assert.Nil(t, iter) +} diff --git a/pkg/uploader/cbt/mocks/Bitmap.go b/pkg/uploader/cbt/mocks/Bitmap.go new file mode 100644 index 000000000..289c88215 --- /dev/null +++ b/pkg/uploader/cbt/mocks/Bitmap.go @@ -0,0 +1,294 @@ +// Code generated by mockery; DO NOT EDIT. +// github.com/vektra/mockery +// template: testify + +package mocks + +import ( + mock "github.com/stretchr/testify/mock" + "github.com/vmware-tanzu/velero/pkg/uploader/cbt" +) + +// NewBitmap creates a new instance of Bitmap. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewBitmap(t interface { + mock.TestingT + Cleanup(func()) +}) *Bitmap { + mock := &Bitmap{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} + +// Bitmap is an autogenerated mock type for the Bitmap type +type Bitmap struct { + mock.Mock +} + +type Bitmap_Expecter struct { + mock *mock.Mock +} + +func (_m *Bitmap) EXPECT() *Bitmap_Expecter { + return &Bitmap_Expecter{mock: &_m.Mock} +} + +// ChangeID provides a mock function for the type Bitmap +func (_mock *Bitmap) ChangeID() string { + ret := _mock.Called() + + if len(ret) == 0 { + panic("no return value specified for ChangeID") + } + + var r0 string + if returnFunc, ok := ret.Get(0).(func() string); ok { + r0 = returnFunc() + } else { + r0 = ret.Get(0).(string) + } + return r0 +} + +// Bitmap_ChangeID_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ChangeID' +type Bitmap_ChangeID_Call struct { + *mock.Call +} + +// ChangeID is a helper method to define mock.On call +func (_e *Bitmap_Expecter) ChangeID() *Bitmap_ChangeID_Call { + return &Bitmap_ChangeID_Call{Call: _e.mock.On("ChangeID")} +} + +func (_c *Bitmap_ChangeID_Call) Run(run func()) *Bitmap_ChangeID_Call { + _c.Call.Run(func(args mock.Arguments) { + run() + }) + return _c +} + +func (_c *Bitmap_ChangeID_Call) Return(s string) *Bitmap_ChangeID_Call { + _c.Call.Return(s) + return _c +} + +func (_c *Bitmap_ChangeID_Call) RunAndReturn(run func() string) *Bitmap_ChangeID_Call { + _c.Call.Return(run) + return _c +} + +// Iterator provides a mock function for the type Bitmap +func (_mock *Bitmap) Iterator() cbt.Iterator { + ret := _mock.Called() + + if len(ret) == 0 { + panic("no return value specified for Iterator") + } + + var r0 cbt.Iterator + if returnFunc, ok := ret.Get(0).(func() cbt.Iterator); ok { + r0 = returnFunc() + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(cbt.Iterator) + } + } + return r0 +} + +// Bitmap_Iterator_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Iterator' +type Bitmap_Iterator_Call struct { + *mock.Call +} + +// Iterator is a helper method to define mock.On call +func (_e *Bitmap_Expecter) Iterator() *Bitmap_Iterator_Call { + return &Bitmap_Iterator_Call{Call: _e.mock.On("Iterator")} +} + +func (_c *Bitmap_Iterator_Call) Run(run func()) *Bitmap_Iterator_Call { + _c.Call.Run(func(args mock.Arguments) { + run() + }) + return _c +} + +func (_c *Bitmap_Iterator_Call) Return(iterator cbt.Iterator) *Bitmap_Iterator_Call { + _c.Call.Return(iterator) + return _c +} + +func (_c *Bitmap_Iterator_Call) RunAndReturn(run func() cbt.Iterator) *Bitmap_Iterator_Call { + _c.Call.Return(run) + return _c +} + +// Set provides a mock function for the type Bitmap +func (_mock *Bitmap) Set(v uint64, v1 uint64) { + _mock.Called(v, v1) + return +} + +// Bitmap_Set_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Set' +type Bitmap_Set_Call struct { + *mock.Call +} + +// Set is a helper method to define mock.On call +// - v uint64 +// - v1 uint64 +func (_e *Bitmap_Expecter) Set(v interface{}, v1 interface{}) *Bitmap_Set_Call { + return &Bitmap_Set_Call{Call: _e.mock.On("Set", v, v1)} +} + +func (_c *Bitmap_Set_Call) Run(run func(v uint64, v1 uint64)) *Bitmap_Set_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 uint64 + if args[0] != nil { + arg0 = args[0].(uint64) + } + var arg1 uint64 + if args[1] != nil { + arg1 = args[1].(uint64) + } + run( + arg0, + arg1, + ) + }) + return _c +} + +func (_c *Bitmap_Set_Call) Return() *Bitmap_Set_Call { + _c.Call.Return() + return _c +} + +func (_c *Bitmap_Set_Call) RunAndReturn(run func(v uint64, v1 uint64)) *Bitmap_Set_Call { + _c.Run(run) + return _c +} + +// SetFull provides a mock function for the type Bitmap +func (_mock *Bitmap) SetFull() { + _mock.Called() + return +} + +// Bitmap_SetFull_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'SetFull' +type Bitmap_SetFull_Call struct { + *mock.Call +} + +// SetFull is a helper method to define mock.On call +func (_e *Bitmap_Expecter) SetFull() *Bitmap_SetFull_Call { + return &Bitmap_SetFull_Call{Call: _e.mock.On("SetFull")} +} + +func (_c *Bitmap_SetFull_Call) Run(run func()) *Bitmap_SetFull_Call { + _c.Call.Run(func(args mock.Arguments) { + run() + }) + return _c +} + +func (_c *Bitmap_SetFull_Call) Return() *Bitmap_SetFull_Call { + _c.Call.Return() + return _c +} + +func (_c *Bitmap_SetFull_Call) RunAndReturn(run func()) *Bitmap_SetFull_Call { + _c.Run(run) + return _c +} + +// Snapshot provides a mock function for the type Bitmap +func (_mock *Bitmap) Snapshot() string { + ret := _mock.Called() + + if len(ret) == 0 { + panic("no return value specified for Snapshot") + } + + var r0 string + if returnFunc, ok := ret.Get(0).(func() string); ok { + r0 = returnFunc() + } else { + r0 = ret.Get(0).(string) + } + return r0 +} + +// Bitmap_Snapshot_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Snapshot' +type Bitmap_Snapshot_Call struct { + *mock.Call +} + +// Snapshot is a helper method to define mock.On call +func (_e *Bitmap_Expecter) Snapshot() *Bitmap_Snapshot_Call { + return &Bitmap_Snapshot_Call{Call: _e.mock.On("Snapshot")} +} + +func (_c *Bitmap_Snapshot_Call) Run(run func()) *Bitmap_Snapshot_Call { + _c.Call.Run(func(args mock.Arguments) { + run() + }) + return _c +} + +func (_c *Bitmap_Snapshot_Call) Return(s string) *Bitmap_Snapshot_Call { + _c.Call.Return(s) + return _c +} + +func (_c *Bitmap_Snapshot_Call) RunAndReturn(run func() string) *Bitmap_Snapshot_Call { + _c.Call.Return(run) + return _c +} + +// VolumeID provides a mock function for the type Bitmap +func (_mock *Bitmap) VolumeID() string { + ret := _mock.Called() + + if len(ret) == 0 { + panic("no return value specified for VolumeID") + } + + var r0 string + if returnFunc, ok := ret.Get(0).(func() string); ok { + r0 = returnFunc() + } else { + r0 = ret.Get(0).(string) + } + return r0 +} + +// Bitmap_VolumeID_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'VolumeID' +type Bitmap_VolumeID_Call struct { + *mock.Call +} + +// VolumeID is a helper method to define mock.On call +func (_e *Bitmap_Expecter) VolumeID() *Bitmap_VolumeID_Call { + return &Bitmap_VolumeID_Call{Call: _e.mock.On("VolumeID")} +} + +func (_c *Bitmap_VolumeID_Call) Run(run func()) *Bitmap_VolumeID_Call { + _c.Call.Run(func(args mock.Arguments) { + run() + }) + return _c +} + +func (_c *Bitmap_VolumeID_Call) Return(s string) *Bitmap_VolumeID_Call { + _c.Call.Return(s) + return _c +} + +func (_c *Bitmap_VolumeID_Call) RunAndReturn(run func() string) *Bitmap_VolumeID_Call { + _c.Call.Return(run) + return _c +} diff --git a/pkg/uploader/cbt/mocks/Iterator.go b/pkg/uploader/cbt/mocks/Iterator.go new file mode 100644 index 000000000..eeafd0a59 --- /dev/null +++ b/pkg/uploader/cbt/mocks/Iterator.go @@ -0,0 +1,309 @@ +// Code generated by mockery; DO NOT EDIT. +// github.com/vektra/mockery +// template: testify + +package mocks + +import ( + mock "github.com/stretchr/testify/mock" +) + +// NewIterator creates a new instance of Iterator. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewIterator(t interface { + mock.TestingT + Cleanup(func()) +}) *Iterator { + mock := &Iterator{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} + +// Iterator is an autogenerated mock type for the Iterator type +type Iterator struct { + mock.Mock +} + +type Iterator_Expecter struct { + mock *mock.Mock +} + +func (_m *Iterator) EXPECT() *Iterator_Expecter { + return &Iterator_Expecter{mock: &_m.Mock} +} + +// BlockSize provides a mock function for the type Iterator +func (_mock *Iterator) BlockSize() uint { + ret := _mock.Called() + + if len(ret) == 0 { + panic("no return value specified for BlockSize") + } + + var r0 uint + if returnFunc, ok := ret.Get(0).(func() uint); ok { + r0 = returnFunc() + } else { + r0 = ret.Get(0).(uint) + } + return r0 +} + +// Iterator_BlockSize_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'BlockSize' +type Iterator_BlockSize_Call struct { + *mock.Call +} + +// BlockSize is a helper method to define mock.On call +func (_e *Iterator_Expecter) BlockSize() *Iterator_BlockSize_Call { + return &Iterator_BlockSize_Call{Call: _e.mock.On("BlockSize")} +} + +func (_c *Iterator_BlockSize_Call) Run(run func()) *Iterator_BlockSize_Call { + _c.Call.Run(func(args mock.Arguments) { + run() + }) + return _c +} + +func (_c *Iterator_BlockSize_Call) Return(v uint) *Iterator_BlockSize_Call { + _c.Call.Return(v) + return _c +} + +func (_c *Iterator_BlockSize_Call) RunAndReturn(run func() uint) *Iterator_BlockSize_Call { + _c.Call.Return(run) + return _c +} + +// ChangeID provides a mock function for the type Iterator +func (_mock *Iterator) ChangeID() string { + ret := _mock.Called() + + if len(ret) == 0 { + panic("no return value specified for ChangeID") + } + + var r0 string + if returnFunc, ok := ret.Get(0).(func() string); ok { + r0 = returnFunc() + } else { + r0 = ret.Get(0).(string) + } + return r0 +} + +// Iterator_ChangeID_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ChangeID' +type Iterator_ChangeID_Call struct { + *mock.Call +} + +// ChangeID is a helper method to define mock.On call +func (_e *Iterator_Expecter) ChangeID() *Iterator_ChangeID_Call { + return &Iterator_ChangeID_Call{Call: _e.mock.On("ChangeID")} +} + +func (_c *Iterator_ChangeID_Call) Run(run func()) *Iterator_ChangeID_Call { + _c.Call.Run(func(args mock.Arguments) { + run() + }) + return _c +} + +func (_c *Iterator_ChangeID_Call) Return(s string) *Iterator_ChangeID_Call { + _c.Call.Return(s) + return _c +} + +func (_c *Iterator_ChangeID_Call) RunAndReturn(run func() string) *Iterator_ChangeID_Call { + _c.Call.Return(run) + return _c +} + +// Count provides a mock function for the type Iterator +func (_mock *Iterator) Count() uint64 { + ret := _mock.Called() + + if len(ret) == 0 { + panic("no return value specified for Count") + } + + var r0 uint64 + if returnFunc, ok := ret.Get(0).(func() uint64); ok { + r0 = returnFunc() + } else { + r0 = ret.Get(0).(uint64) + } + return r0 +} + +// Iterator_Count_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Count' +type Iterator_Count_Call struct { + *mock.Call +} + +// Count is a helper method to define mock.On call +func (_e *Iterator_Expecter) Count() *Iterator_Count_Call { + return &Iterator_Count_Call{Call: _e.mock.On("Count")} +} + +func (_c *Iterator_Count_Call) Run(run func()) *Iterator_Count_Call { + _c.Call.Run(func(args mock.Arguments) { + run() + }) + return _c +} + +func (_c *Iterator_Count_Call) Return(v uint64) *Iterator_Count_Call { + _c.Call.Return(v) + return _c +} + +func (_c *Iterator_Count_Call) RunAndReturn(run func() uint64) *Iterator_Count_Call { + _c.Call.Return(run) + return _c +} + +// Next provides a mock function for the type Iterator +func (_mock *Iterator) Next() (uint64, bool) { + ret := _mock.Called() + + if len(ret) == 0 { + panic("no return value specified for Next") + } + + var r0 uint64 + var r1 bool + if returnFunc, ok := ret.Get(0).(func() (uint64, bool)); ok { + return returnFunc() + } + if returnFunc, ok := ret.Get(0).(func() uint64); ok { + r0 = returnFunc() + } else { + r0 = ret.Get(0).(uint64) + } + if returnFunc, ok := ret.Get(1).(func() bool); ok { + r1 = returnFunc() + } else { + r1 = ret.Get(1).(bool) + } + return r0, r1 +} + +// Iterator_Next_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Next' +type Iterator_Next_Call struct { + *mock.Call +} + +// Next is a helper method to define mock.On call +func (_e *Iterator_Expecter) Next() *Iterator_Next_Call { + return &Iterator_Next_Call{Call: _e.mock.On("Next")} +} + +func (_c *Iterator_Next_Call) Run(run func()) *Iterator_Next_Call { + _c.Call.Run(func(args mock.Arguments) { + run() + }) + return _c +} + +func (_c *Iterator_Next_Call) Return(v uint64, b bool) *Iterator_Next_Call { + _c.Call.Return(v, b) + return _c +} + +func (_c *Iterator_Next_Call) RunAndReturn(run func() (uint64, bool)) *Iterator_Next_Call { + _c.Call.Return(run) + return _c +} + +// Snapshot provides a mock function for the type Iterator +func (_mock *Iterator) Snapshot() string { + ret := _mock.Called() + + if len(ret) == 0 { + panic("no return value specified for Snapshot") + } + + var r0 string + if returnFunc, ok := ret.Get(0).(func() string); ok { + r0 = returnFunc() + } else { + r0 = ret.Get(0).(string) + } + return r0 +} + +// Iterator_Snapshot_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Snapshot' +type Iterator_Snapshot_Call struct { + *mock.Call +} + +// Snapshot is a helper method to define mock.On call +func (_e *Iterator_Expecter) Snapshot() *Iterator_Snapshot_Call { + return &Iterator_Snapshot_Call{Call: _e.mock.On("Snapshot")} +} + +func (_c *Iterator_Snapshot_Call) Run(run func()) *Iterator_Snapshot_Call { + _c.Call.Run(func(args mock.Arguments) { + run() + }) + return _c +} + +func (_c *Iterator_Snapshot_Call) Return(s string) *Iterator_Snapshot_Call { + _c.Call.Return(s) + return _c +} + +func (_c *Iterator_Snapshot_Call) RunAndReturn(run func() string) *Iterator_Snapshot_Call { + _c.Call.Return(run) + return _c +} + +// VolumeID provides a mock function for the type Iterator +func (_mock *Iterator) VolumeID() string { + ret := _mock.Called() + + if len(ret) == 0 { + panic("no return value specified for VolumeID") + } + + var r0 string + if returnFunc, ok := ret.Get(0).(func() string); ok { + r0 = returnFunc() + } else { + r0 = ret.Get(0).(string) + } + return r0 +} + +// Iterator_VolumeID_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'VolumeID' +type Iterator_VolumeID_Call struct { + *mock.Call +} + +// VolumeID is a helper method to define mock.On call +func (_e *Iterator_Expecter) VolumeID() *Iterator_VolumeID_Call { + return &Iterator_VolumeID_Call{Call: _e.mock.On("VolumeID")} +} + +func (_c *Iterator_VolumeID_Call) Run(run func()) *Iterator_VolumeID_Call { + _c.Call.Run(func(args mock.Arguments) { + run() + }) + return _c +} + +func (_c *Iterator_VolumeID_Call) Return(s string) *Iterator_VolumeID_Call { + _c.Call.Return(s) + return _c +} + +func (_c *Iterator_VolumeID_Call) RunAndReturn(run func() string) *Iterator_VolumeID_Call { + _c.Call.Return(run) + return _c +} diff --git a/pkg/uploader/cbt/set.go b/pkg/uploader/cbt/set.go index 40e6e331c..93383076f 100644 --- a/pkg/uploader/cbt/set.go +++ b/pkg/uploader/cbt/set.go @@ -19,31 +19,42 @@ package cbt import ( "context" + "github.com/pkg/errors" + "github.com/vmware-tanzu/velero/pkg/cbtservice" ) // SetBitmapOrFull translates the allocated/changed blocks from CBT service to the given bitmap or set the bitmap to full when error happens -func SetBitmapOrFull(ctx context.Context, service cbtservice.Service, bitmap Bitmap) error { - var err error +func SetBitmapOrFull(ctx context.Context, service cbtservice.Service, bitmap Bitmap) (err error) { + defer func() { + if err != nil { + bitmap.SetFull() + } + }() + + if service == nil { + return errors.New("CBT service is absent") + } + + if bitmap.Snapshot() == "" { + return errors.New("invalid snapshot") + } + if bitmap.ChangeID() == "" { - err = setFromAllocatedBlocks(ctx, service, bitmap) - } else { - err = setFromChangedBlocks(ctx, service, bitmap) + return errors.Wrapf(service.GetAllocatedBlocks(ctx, bitmap.Snapshot(), func(blocks []cbtservice.Range) error { + for _, b := range blocks { + bitmap.Set(b.Offset, b.Length) + } + + return nil + }), "error getting allocated blocks from CBT service") } - if err != nil { - bitmap.SetFull() - } + return errors.Wrapf(service.GetChangedBlocks(ctx, bitmap.Snapshot(), bitmap.ChangeID(), func(blocks []cbtservice.Range) error { + for _, b := range blocks { + bitmap.Set(b.Offset, b.Length) + } - return err -} - -// TODO implement in following PRs -func setFromAllocatedBlocks(_ context.Context, _ cbtservice.Service, _ Bitmap) error { - return nil -} - -// TODO implement in following PRs -func setFromChangedBlocks(_ context.Context, _ cbtservice.Service, _ Bitmap) error { - return nil + return nil + }), "error getting changed blocks from CBT service") } diff --git a/pkg/uploader/cbt/set_test.go b/pkg/uploader/cbt/set_test.go new file mode 100644 index 000000000..c4a055cba --- /dev/null +++ b/pkg/uploader/cbt/set_test.go @@ -0,0 +1,150 @@ +/* +Copyright The Velero Contributors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package cbt_test + +import ( + "context" + "errors" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" + + "github.com/vmware-tanzu/velero/pkg/cbtservice" + cbtservicemocks "github.com/vmware-tanzu/velero/pkg/cbtservice/mocks" + "github.com/vmware-tanzu/velero/pkg/uploader/cbt" + cbtmocks "github.com/vmware-tanzu/velero/pkg/uploader/cbt/mocks" +) + +func TestSetBitmapOrFull(t *testing.T) { + tests := []struct { + name string + nilService bool + setupMocks func(*cbtservicemocks.Service, *cbtmocks.Bitmap) + expectedErrStr string + }{ + { + name: "nil service", + nilService: true, + setupMocks: func(svc *cbtservicemocks.Service, bmp *cbtmocks.Bitmap) { + bmp.On("SetFull").Return() + }, + expectedErrStr: "CBT service is absent", + }, + { + name: "invalid snapshot", + setupMocks: func(svc *cbtservicemocks.Service, bmp *cbtmocks.Bitmap) { + bmp.On("Snapshot").Return("") + bmp.On("SetFull").Return() + }, + expectedErrStr: "invalid snapshot", + }, + { + name: "allocated blocks success", + setupMocks: func(svc *cbtservicemocks.Service, bmp *cbtmocks.Bitmap) { + bmp.On("Snapshot").Return("snap-1") + bmp.On("ChangeID").Return("") + + svc.On("GetAllocatedBlocks", mock.Anything, "snap-1", mock.Anything).Run(func(args mock.Arguments) { + record := args.Get(2).(func([]cbtservice.Range) error) + record([]cbtservice.Range{ + {Offset: 0, Length: 4096}, + {Offset: 8192, Length: 4096}, + }) + }).Return(nil) + + bmp.On("Set", uint64(0), uint64(4096)).Return() + bmp.On("Set", uint64(8192), uint64(4096)).Return() + }, + }, + { + name: "allocated blocks error", + setupMocks: func(svc *cbtservicemocks.Service, bmp *cbtmocks.Bitmap) { + bmp.On("Snapshot").Return("snap-1") + bmp.On("ChangeID").Return("") + + svc.On("GetAllocatedBlocks", mock.Anything, "snap-1", mock.Anything).Return(errors.New("mock alloc error")) + bmp.On("SetFull").Return() + }, + expectedErrStr: "error getting allocated blocks from CBT service: mock alloc error", + }, + { + name: "changed blocks success", + setupMocks: func(svc *cbtservicemocks.Service, bmp *cbtmocks.Bitmap) { + bmp.On("Snapshot").Return("snap-1") + bmp.On("ChangeID").Return("change-1") + + svc.On("GetChangedBlocks", mock.Anything, "snap-1", "change-1", mock.Anything).Run(func(args mock.Arguments) { + record := args.Get(3).(func([]cbtservice.Range) error) + record([]cbtservice.Range{ + {Offset: 4096, Length: 4096}, + }) + }).Return(nil) + + bmp.On("Set", uint64(4096), uint64(4096)).Return() + }, + }, + { + name: "changed blocks error", + setupMocks: func(svc *cbtservicemocks.Service, bmp *cbtmocks.Bitmap) { + bmp.On("Snapshot").Return("snap-1") + bmp.On("ChangeID").Return("change-1") + + svc.On("GetChangedBlocks", mock.Anything, "snap-1", "change-1", mock.Anything).Return(errors.New("mock changed error")) + bmp.On("SetFull").Return() + }, + expectedErrStr: "error getting changed blocks from CBT service: mock changed error", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + svcMock := new(cbtservicemocks.Service) + bmpMock := new(cbtmocks.Bitmap) + + if tt.setupMocks != nil { + tt.setupMocks(svcMock, bmpMock) + } + + var svc cbtservice.Service + if !tt.nilService { + svc = svcMock + } + + // Use type assertion to bypass gopls false positive on mock type + var bmp cbt.Bitmap + if bmpMock != nil { + bmp = interface{}(bmpMock).(cbt.Bitmap) + } + + err := cbt.SetBitmapOrFull(context.Background(), svc, bmp) + + if tt.expectedErrStr != "" { + require.Error(t, err) + assert.EqualError(t, err, tt.expectedErrStr) + } else { + require.NoError(t, err) + } + + if !tt.nilService { + svcMock.AssertExpectations(t) + } + bmpMock.AssertExpectations(t) + }) + } +} From 26b125769e65ef036cd0d85d3acd4f6ecea0d370 Mon Sep 17 00:00:00 2001 From: Lyndon-Li Date: Tue, 21 Apr 2026 17:46:29 +0800 Subject: [PATCH 03/12] add CBT bitmap implementation Signed-off-by: Lyndon-Li --- pkg/uploader/cbt/bitmap.go | 52 ++-------------- pkg/uploader/cbt/set.go | 3 +- pkg/uploader/cbt/set_test.go | 13 +--- pkg/uploader/cbt/{ => types}/mocks/Bitmap.go | 14 ++--- .../cbt/{ => types}/mocks/Iterator.go | 0 pkg/uploader/cbt/types/types.go | 59 +++++++++++++++++++ 6 files changed, 77 insertions(+), 64 deletions(-) rename pkg/uploader/cbt/{ => types}/mocks/Bitmap.go (94%) rename pkg/uploader/cbt/{ => types}/mocks/Iterator.go (100%) create mode 100644 pkg/uploader/cbt/types/types.go diff --git a/pkg/uploader/cbt/bitmap.go b/pkg/uploader/cbt/bitmap.go index 6defaf8b0..f26cb22b7 100644 --- a/pkg/uploader/cbt/bitmap.go +++ b/pkg/uploader/cbt/bitmap.go @@ -20,50 +20,10 @@ import ( "math/bits" "github.com/RoaringBitmap/roaring" + + "github.com/vmware-tanzu/velero/pkg/uploader/cbt/types" ) -// Bitmap defines the methods to store and iterate the CBT bitmap -type Bitmap interface { - // Set sets bits within the provided range - Set(uint64, uint64) - - // SetFull sets all bits to the bitmap - SetFull() - - // Snapshot returns snapshot of the bitmap - Snapshot() string - - // ChangeID returns the changeID of the bitmap - ChangeID() string - - // VolumeID return ID of the volume from which the snapshot is taken - VolumeID() string - - // Iterator returns the iterator for the CBT Bitmap - Iterator() Iterator -} - -// Iterator defines the methods to iterate the CBT bitmap and query the associated information -type Iterator interface { - // ChangeID returns the changeID of the bitmap - ChangeID() string - - // Snapshot returns snapshot of the bitmap - Snapshot() string - - // VolumeID return ID of the volume from which the snapshot is taken - VolumeID() string - - // BlockSize returns the granularity of the bitmap - BlockSize() uint - - // Count returns the toal number of count in the bitmap - Count() uint64 - - // Next returns the offset of the next set block and whether it comes to the end of the iteration - Next() (uint64, bool) -} - const ( InvalidOffset64 = ^uint64(0) ) @@ -83,7 +43,7 @@ type bitmapIterator struct { iterator roaring.IntPeekable } -func NewBitmap(blockSize uint, length uint64, snapshot string, changeID string, volumeID string) Bitmap { +func NewBitmap(blockSize uint, length uint64, snapshot string, changeID string, volumeID string) types.Bitmap { return &bitmapImpl{ bitmap: roaring.New(), blockSize: blockSize, @@ -105,14 +65,14 @@ func (c *bitmapImpl) Set(offset, length uint64) { } start := offset >> c.blockSizeLog - end := uint64((offset + length + uint64(c.blockSize) - 1) >> c.blockSizeLog) + end := (offset + length + uint64(c.blockSize) - 1) >> c.blockSizeLog c.bitmap.AddRange(start, end) } func (c *bitmapImpl) SetFull() { start := uint64(0) - end := uint64((c.length + uint64(c.blockSize) - 1) >> c.blockSizeLog) + end := (c.length + uint64(c.blockSize) - 1) >> c.blockSizeLog c.bitmap.AddRange(start, end) } @@ -129,7 +89,7 @@ func (c *bitmapImpl) VolumeID() string { return c.volumeID } -func (c *bitmapImpl) Iterator() Iterator { +func (c *bitmapImpl) Iterator() types.Iterator { if c.bitmap == nil { return nil } diff --git a/pkg/uploader/cbt/set.go b/pkg/uploader/cbt/set.go index 93383076f..5919419e6 100644 --- a/pkg/uploader/cbt/set.go +++ b/pkg/uploader/cbt/set.go @@ -22,10 +22,11 @@ import ( "github.com/pkg/errors" "github.com/vmware-tanzu/velero/pkg/cbtservice" + "github.com/vmware-tanzu/velero/pkg/uploader/cbt/types" ) // SetBitmapOrFull translates the allocated/changed blocks from CBT service to the given bitmap or set the bitmap to full when error happens -func SetBitmapOrFull(ctx context.Context, service cbtservice.Service, bitmap Bitmap) (err error) { +func SetBitmapOrFull(ctx context.Context, service cbtservice.Service, bitmap types.Bitmap) (err error) { defer func() { if err != nil { bitmap.SetFull() diff --git a/pkg/uploader/cbt/set_test.go b/pkg/uploader/cbt/set_test.go index c4a055cba..3bfbde1d4 100644 --- a/pkg/uploader/cbt/set_test.go +++ b/pkg/uploader/cbt/set_test.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package cbt_test +package cbt import ( "context" @@ -27,8 +27,7 @@ import ( "github.com/vmware-tanzu/velero/pkg/cbtservice" cbtservicemocks "github.com/vmware-tanzu/velero/pkg/cbtservice/mocks" - "github.com/vmware-tanzu/velero/pkg/uploader/cbt" - cbtmocks "github.com/vmware-tanzu/velero/pkg/uploader/cbt/mocks" + cbtmocks "github.com/vmware-tanzu/velero/pkg/uploader/cbt/types/mocks" ) func TestSetBitmapOrFull(t *testing.T) { @@ -126,13 +125,7 @@ func TestSetBitmapOrFull(t *testing.T) { svc = svcMock } - // Use type assertion to bypass gopls false positive on mock type - var bmp cbt.Bitmap - if bmpMock != nil { - bmp = interface{}(bmpMock).(cbt.Bitmap) - } - - err := cbt.SetBitmapOrFull(context.Background(), svc, bmp) + err := SetBitmapOrFull(context.Background(), svc, bmpMock) if tt.expectedErrStr != "" { require.Error(t, err) diff --git a/pkg/uploader/cbt/mocks/Bitmap.go b/pkg/uploader/cbt/types/mocks/Bitmap.go similarity index 94% rename from pkg/uploader/cbt/mocks/Bitmap.go rename to pkg/uploader/cbt/types/mocks/Bitmap.go index 289c88215..faa4ee242 100644 --- a/pkg/uploader/cbt/mocks/Bitmap.go +++ b/pkg/uploader/cbt/types/mocks/Bitmap.go @@ -6,7 +6,7 @@ package mocks import ( mock "github.com/stretchr/testify/mock" - "github.com/vmware-tanzu/velero/pkg/uploader/cbt" + "github.com/vmware-tanzu/velero/pkg/uploader/cbt/types" ) // NewBitmap creates a new instance of Bitmap. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. @@ -81,19 +81,19 @@ func (_c *Bitmap_ChangeID_Call) RunAndReturn(run func() string) *Bitmap_ChangeID } // Iterator provides a mock function for the type Bitmap -func (_mock *Bitmap) Iterator() cbt.Iterator { +func (_mock *Bitmap) Iterator() types.Iterator { ret := _mock.Called() if len(ret) == 0 { panic("no return value specified for Iterator") } - var r0 cbt.Iterator - if returnFunc, ok := ret.Get(0).(func() cbt.Iterator); ok { + var r0 types.Iterator + if returnFunc, ok := ret.Get(0).(func() types.Iterator); ok { r0 = returnFunc() } else { if ret.Get(0) != nil { - r0 = ret.Get(0).(cbt.Iterator) + r0 = ret.Get(0).(types.Iterator) } } return r0 @@ -116,12 +116,12 @@ func (_c *Bitmap_Iterator_Call) Run(run func()) *Bitmap_Iterator_Call { return _c } -func (_c *Bitmap_Iterator_Call) Return(iterator cbt.Iterator) *Bitmap_Iterator_Call { +func (_c *Bitmap_Iterator_Call) Return(iterator types.Iterator) *Bitmap_Iterator_Call { _c.Call.Return(iterator) return _c } -func (_c *Bitmap_Iterator_Call) RunAndReturn(run func() cbt.Iterator) *Bitmap_Iterator_Call { +func (_c *Bitmap_Iterator_Call) RunAndReturn(run func() types.Iterator) *Bitmap_Iterator_Call { _c.Call.Return(run) return _c } diff --git a/pkg/uploader/cbt/mocks/Iterator.go b/pkg/uploader/cbt/types/mocks/Iterator.go similarity index 100% rename from pkg/uploader/cbt/mocks/Iterator.go rename to pkg/uploader/cbt/types/mocks/Iterator.go diff --git a/pkg/uploader/cbt/types/types.go b/pkg/uploader/cbt/types/types.go new file mode 100644 index 000000000..f512d7a8a --- /dev/null +++ b/pkg/uploader/cbt/types/types.go @@ -0,0 +1,59 @@ +/* +Copyright The Velero Contributors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package types + +// Bitmap defines the methods to store and iterate the CBT bitmap +type Bitmap interface { + // Set sets bits within the provided range + Set(uint64, uint64) + + // SetFull sets all bits to the bitmap + SetFull() + + // Snapshot returns snapshot of the bitmap + Snapshot() string + + // ChangeID returns the changeID of the bitmap + ChangeID() string + + // VolumeID return ID of the volume from which the snapshot is taken + VolumeID() string + + // Iterator returns the iterator for the CBT Bitmap + Iterator() Iterator +} + +// Iterator defines the methods to iterate the CBT bitmap and query the associated information +type Iterator interface { + // ChangeID returns the changeID of the bitmap + ChangeID() string + + // Snapshot returns snapshot of the bitmap + Snapshot() string + + // VolumeID return ID of the volume from which the snapshot is taken + VolumeID() string + + // BlockSize returns the granularity of the bitmap + BlockSize() uint + + // Count returns the toal number of count in the bitmap + Count() uint64 + + // Next returns the offset of the next set block and whether it comes to the end of the iteration + Next() (uint64, bool) +} From 6b7df3ef4c25865d0d2b9a745ce6f6c4145d6abe Mon Sep 17 00:00:00 2001 From: Lyndon-Li Date: Tue, 21 Apr 2026 17:52:06 +0800 Subject: [PATCH 04/12] add CBT bitmap implementation Signed-off-by: Lyndon-Li --- pkg/uploader/cbt/set_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/uploader/cbt/set_test.go b/pkg/uploader/cbt/set_test.go index 3bfbde1d4..55701dedd 100644 --- a/pkg/uploader/cbt/set_test.go +++ b/pkg/uploader/cbt/set_test.go @@ -21,7 +21,6 @@ import ( "errors" "testing" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" @@ -129,7 +128,7 @@ func TestSetBitmapOrFull(t *testing.T) { if tt.expectedErrStr != "" { require.Error(t, err) - assert.EqualError(t, err, tt.expectedErrStr) + require.EqualError(t, err, tt.expectedErrStr) } else { require.NoError(t, err) } From 35e1e1f988998d19c674db3e6e6f48be7fe99993 Mon Sep 17 00:00:00 2001 From: Xun Jiang Date: Mon, 11 May 2026 11:33:08 +0800 Subject: [PATCH 05/12] Fix unstable UT in pvc_action_test.go's TestExectue(). * Move the error assert out of goroutine. * Create the VSC before patching VS status to ReadyToUse. Signed-off-by: Xun Jiang --- pkg/backup/actions/csi/pvc_action_test.go | 36 ++++++++++++++++------- 1 file changed, 25 insertions(+), 11 deletions(-) diff --git a/pkg/backup/actions/csi/pvc_action_test.go b/pkg/backup/actions/csi/pvc_action_test.go index 274371db3..629c5e9cd 100644 --- a/pkg/backup/actions/csi/pvc_action_test.go +++ b/pkg/backup/actions/csi/pvc_action_test.go @@ -227,33 +227,43 @@ func TestExecute(t *testing.T) { pvcMap, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&tc.pvc) require.NoError(t, err) + var reconcileErrCh chan error if tc.pvc != nil && !tc.failVSCreate && !tc.skipVSReadyUpdate { + reconcileErrCh = make(chan error, 1) go func() { var vsList snapshotv1api.VolumeSnapshotList err := wait.PollUntilContextTimeout(t.Context(), 1*time.Second, 10*time.Second, true, func(ctx context.Context) (bool, error) { - err = pvcBIA.crClient.List(ctx, &vsList, &crclient.ListOptions{Namespace: tc.pvc.Namespace}) - - require.NoError(t, err) - if err != nil || len(vsList.Items) == 0 { + if err := pvcBIA.crClient.List(ctx, &vsList, &crclient.ListOptions{Namespace: tc.pvc.Namespace}); err != nil { return false, err } + if len(vsList.Items) == 0 { + return false, nil + } + return true, nil }) - require.NoError(t, err) + if err != nil { + reconcileErrCh <- err + return + } + vscName := "testVSC" + handleName := "testHandle" + vsc := builder.ForVolumeSnapshotContent("testVSC").Status(&snapshotv1api.VolumeSnapshotContentStatus{SnapshotHandle: &handleName}).Result() + err = pvcBIA.crClient.Create(t.Context(), vsc) + if err != nil { + reconcileErrCh <- err + return + } + readyToUse := true vsList.Items[0].Status = &snapshotv1api.VolumeSnapshotStatus{ BoundVolumeSnapshotContentName: &vscName, ReadyToUse: &readyToUse, } err = pvcBIA.crClient.Update(t.Context(), &vsList.Items[0]) - require.NoError(t, err) - - handleName := "testHandle" - vsc := builder.ForVolumeSnapshotContent("testVSC").Status(&snapshotv1api.VolumeSnapshotContentStatus{SnapshotHandle: &handleName}).Result() - err = pvcBIA.crClient.Create(t.Context(), vsc) - require.NoError(t, err) + reconcileErrCh <- err }() } @@ -274,6 +284,10 @@ func TestExecute(t *testing.T) { require.NoError(t, err) } + if reconcileErrCh != nil { + require.NoError(t, <-reconcileErrCh) + } + if tc.expectedDataUpload != nil { dataUploadList := new(velerov2alpha1.DataUploadList) err := crClient.List(t.Context(), dataUploadList, &crclient.ListOptions{LabelSelector: labels.SelectorFromSet(map[string]string{velerov1api.BackupNameLabel: tc.backup.Name})}) From e78ec188704d1355ba407fb367f1faabfe5c5cc8 Mon Sep 17 00:00:00 2001 From: Lyndon-Li Date: Tue, 12 May 2026 11:31:40 +0800 Subject: [PATCH 06/12] bump up kopia 1.23.0 Signed-off-by: Lyndon-Li --- go.mod | 48 ++++++++++---------- go.sum | 139 +++++++++++++++++++++++++++------------------------------ 2 files changed, 90 insertions(+), 97 deletions(-) diff --git a/go.mod b/go.mod index 81bf85c8d..114e9f652 100644 --- a/go.mod +++ b/go.mod @@ -3,12 +3,12 @@ module github.com/vmware-tanzu/velero go 1.26.0 require ( - cloud.google.com/go/storage v1.57.2 - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0 + cloud.google.com/go/storage v1.62.1 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.1 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.6.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.8.1 - github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.6.3 + github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.6.4 github.com/aws/aws-sdk-go-v2 v1.24.1 github.com/aws/aws-sdk-go-v2/config v1.26.3 github.com/aws/aws-sdk-go-v2/credentials v1.16.14 @@ -18,7 +18,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 github.com/bombsimon/logrusr/v3 v3.0.0 github.com/evanphx/json-patch/v5 v5.9.11 - github.com/fatih/color v1.18.0 + github.com/fatih/color v1.19.0 github.com/gobwas/glob v0.2.3 github.com/google/go-cmp v0.7.0 github.com/google/uuid v1.6.0 @@ -40,7 +40,7 @@ require ( github.com/spf13/pflag v1.0.10 github.com/stretchr/testify v1.11.1 github.com/vmware-tanzu/crash-diagnostics v0.3.7 - go.uber.org/zap v1.27.1 + go.uber.org/zap v1.28.0 golang.org/x/mod v0.35.0 golang.org/x/oauth2 v0.36.0 golang.org/x/sys v0.43.0 @@ -65,18 +65,18 @@ require ( require ( cel.dev/expr v0.25.1 // indirect - cloud.google.com/go v0.121.6 // indirect + cloud.google.com/go v0.123.0 // indirect cloud.google.com/go/auth v0.20.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect cloud.google.com/go/compute/metadata v0.9.0 // indirect - cloud.google.com/go/iam v1.5.3 // indirect + cloud.google.com/go/iam v1.7.0 // indirect cloud.google.com/go/monitoring v1.24.3 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.12.0 // indirect github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.31.0 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.53.0 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.53.0 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.55.0 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.55.0 // indirect github.com/Masterminds/semver/v3 v3.4.0 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.4 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect @@ -94,7 +94,7 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chmduquesne/rollinghash v4.0.0+incompatible // indirect - github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 // indirect + github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/dustin/go-humanize v1.0.1 // indirect github.com/edsrzf/mmap-go v1.2.0 // indirect @@ -105,7 +105,7 @@ require ( github.com/fsnotify/fsnotify v1.9.0 // indirect github.com/fxamacker/cbor/v2 v2.9.0 // indirect github.com/go-ini/ini v1.67.0 // indirect - github.com/go-jose/go-jose/v4 v4.1.3 // indirect + github.com/go-jose/go-jose/v4 v4.1.4 // indirect github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-ole/go-ole v1.3.0 // indirect @@ -114,7 +114,7 @@ require ( github.com/go-openapi/swag v0.23.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/gofrs/flock v0.13.0 // indirect - github.com/golang-jwt/jwt/v5 v5.3.0 // indirect + github.com/golang-jwt/jwt/v5 v5.3.1 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/gnostic-models v0.7.0 // indirect github.com/google/pprof v0.0.0-20260402051712-545e8a4df936 // indirect @@ -128,30 +128,29 @@ require ( github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.18.2 // indirect + github.com/klauspost/compress v1.18.6 // indirect github.com/klauspost/cpuid/v2 v2.3.0 // indirect github.com/klauspost/crc32 v1.3.0 // indirect github.com/klauspost/pgzip v1.2.6 // indirect - github.com/klauspost/reedsolomon v1.12.6 // indirect + github.com/klauspost/reedsolomon v1.14.0 // indirect github.com/kylelemons/godebug v1.1.0 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.14 // indirect - github.com/mattn/go-isatty v0.0.20 // indirect - github.com/minio/crc64nvme v1.1.0 // indirect + github.com/mattn/go-isatty v0.0.21 // indirect + github.com/minio/crc64nvme v1.1.1 // indirect github.com/minio/md5-simd v1.1.2 // indirect - github.com/minio/minio-go/v7 v7.0.97 // indirect + github.com/minio/minio-go/v7 v7.1.0 // indirect github.com/moby/spdystream v0.5.1 // indirect github.com/moby/term v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/mxk/go-vss v1.2.0 // indirect + github.com/mxk/go-vss v1.2.1 // indirect github.com/natefinch/atomic v1.0.1 // indirect github.com/nxadm/tail v1.4.8 // indirect github.com/oklog/run v1.1.0 // indirect github.com/philhofer/fwd v1.2.0 // indirect - github.com/pierrec/lz4 v2.6.1+incompatible // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect @@ -160,10 +159,11 @@ require ( github.com/rs/xid v1.6.0 // indirect github.com/spiffe/go-spiffe/v2 v2.6.0 // indirect github.com/stretchr/objx v0.5.2 // indirect - github.com/tinylib/msgp v1.3.0 // indirect + github.com/tinylib/msgp v1.6.1 // indirect github.com/vladimirvivien/gexe v0.1.1 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/zeebo/blake3 v0.2.4 // indirect + github.com/zeebo/xxh3 v1.1.0 // indirect go.opentelemetry.io/auto/sdk v1.2.1 // indirect go.opentelemetry.io/contrib/detectors/gcp v1.39.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.67.0 // indirect @@ -178,7 +178,7 @@ require ( go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/crypto v0.50.0 // indirect - golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93 // indirect + golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f // indirect golang.org/x/net v0.53.0 // indirect golang.org/x/sync v0.20.0 // indirect golang.org/x/term v0.42.0 // indirect @@ -186,7 +186,7 @@ require ( golang.org/x/tools v0.44.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/genproto v0.0.0-20260319201613-d00831a3d3e7 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20260319201613-d00831a3d3e7 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20260427160629-7cedc36a6bc4 // indirect gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect @@ -196,4 +196,4 @@ require ( sigs.k8s.io/structured-merge-diff/v6 v6.3.2 // indirect ) -replace github.com/kopia/kopia => github.com/project-velero/kopia v0.0.0-20251230033609-d946b1e75197 +replace github.com/kopia/kopia => github.com/project-velero/kopia v0.0.0-20260512025144-908c5c098101 diff --git a/go.sum b/go.sum index f7f6521df..3d8e58fcc 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,3 @@ -al.essio.dev/pkg/shellescape v1.5.1 h1:86HrALUujYS/h+GtqoB26SBEdkWfmMI6FubjXlsXyho= -al.essio.dev/pkg/shellescape v1.5.1/go.mod h1:6sIqp7X2P6mThCQ7twERpZTuigpr6KbZWtls1U8I890= cel.dev/expr v0.25.1 h1:1KrZg61W6TWSxuNZ37Xy49ps13NUovb66QLprthtwi4= cel.dev/expr v0.25.1/go.mod h1:hrXvqGP6G6gyx8UAHSHJ5RGk//1Oj5nXQ2NI02Nrsg4= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= @@ -24,8 +22,8 @@ cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPT cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.121.6 h1:waZiuajrI28iAf40cWgycWNgaXPO06dupuS+sgibK6c= -cloud.google.com/go v0.121.6/go.mod h1:coChdst4Ea5vUpiALcYKXEpR1S9ZgXbhEzzMcMR66vI= +cloud.google.com/go v0.123.0 h1:2NAUJwPR47q+E35uaJeYoNhuNEM9kM8SjgRgdeOJUSE= +cloud.google.com/go v0.123.0/go.mod h1:xBoMV08QcqUGuPW65Qfm1o9Y4zKZBpGS+7bImXLTAZU= cloud.google.com/go/auth v0.20.0 h1:kXTssoVb4azsVDoUiF8KvxAqrsQcQtB53DcSgta74CA= cloud.google.com/go/auth v0.20.0/go.mod h1:942/yi/itH1SsmpyrbnTMDgGfdy2BUqIKyd0cyYLc5Q= cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc= @@ -41,12 +39,12 @@ cloud.google.com/go/compute/metadata v0.9.0/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCB cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= -cloud.google.com/go/iam v1.5.3 h1:+vMINPiDF2ognBJ97ABAYYwRgsaqxPbQDlMnbHMjolc= -cloud.google.com/go/iam v1.5.3/go.mod h1:MR3v9oLkZCTlaqljW6Eb2d3HGDGK5/bDv93jhfISFvU= +cloud.google.com/go/iam v1.7.0 h1:JD3zh0C6LHl16aCn5Akff0+GELdp1+4hmh6ndoFLl8U= +cloud.google.com/go/iam v1.7.0/go.mod h1:tetWZW1PD/m6vcuY2Zj/aU0eCHNPuxedbnbRTyKXvdY= cloud.google.com/go/logging v1.13.2 h1:qqlHCBvieJT9Cdq4QqYx1KPadCQ2noD4FK02eNqHAjA= cloud.google.com/go/logging v1.13.2/go.mod h1:zaybliM3yun1J8mU2dVQ1/qDzjbOqEijZCn6hSBtKak= -cloud.google.com/go/longrunning v0.8.0 h1:LiKK77J3bx5gDLi4SMViHixjD2ohlkwBi+mKA7EhfW8= -cloud.google.com/go/longrunning v0.8.0/go.mod h1:UmErU2Onzi+fKDg2gR7dusz11Pe26aknR4kHmJJqIfk= +cloud.google.com/go/longrunning v0.9.0 h1:0EzbDEGsAvOZNbqXopgniY0w0a1phvu5IdUFq8grmqY= +cloud.google.com/go/longrunning v0.9.0/go.mod h1:pkTz846W7bF4o2SzdWJ40Hu0Re+UoNT6Q5t+igIcb8E= cloud.google.com/go/monitoring v1.24.3 h1:dde+gMNc0UhPZD1Azu6at2e79bfdztVDS5lvhOdsgaE= cloud.google.com/go/monitoring v1.24.3/go.mod h1:nYP6W0tm3N9H/bOw8am7t62YTzZY+zUeQ+Bi6+2eonI= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= @@ -59,19 +57,19 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= -cloud.google.com/go/storage v1.57.2 h1:sVlym3cHGYhrp6XZKkKb+92I1V42ks2qKKpB0CF5Mb4= -cloud.google.com/go/storage v1.57.2/go.mod h1:n5ijg4yiRXXpCu0sJTD6k+eMf7GRrJmPyr9YxLXGHOk= +cloud.google.com/go/storage v1.62.1 h1:Os0G3XbUbjZumkpDUf2Y0rLoXJTCF1kU2kWUujKYXD8= +cloud.google.com/go/storage v1.62.1/go.mod h1:cpYz/kRVZ+UQAF1uHeea10/9ewcRbxGoGNKsS9daSXA= cloud.google.com/go/trace v1.11.7 h1:kDNDX8JkaAG3R2nq1lIdkb7FCSi1rCmsEtKVsty7p+U= cloud.google.com/go/trace v1.11.7/go.mod h1:TNn9d5V3fQVf6s4SCveVMIBS2LJUqo73GACmq/Tky0s= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0 h1:JXg2dwJUmPB9JmtVmdEB16APJ7jurfbY5jnfXpJoRMc= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0/go.mod h1:YD5h/ldMsG0XiIw7PdyNhLxaM317eFh5yNLccNfGdyw= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.1 h1:jHb/wfvRikGdxMXYV3QG/SzUOPYN9KEUUuC0Yd0/vC0= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.1/go.mod h1:pzBXCYn05zvYIrwLgtK8Ap8QcjRg+0i76tMQdWN6wOk= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 h1:Hk5QBxZQC1jb2Fwj6mpzme37xbCDdNTxU7O9eb5+LB4= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1/go.mod h1:IYus9qsFobWIc2YVwe/WPjcnyCkPKtnHAqUYeebc8z0= github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY= github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 h1:9iefClla7iYpfYWdzPCRDozdmndjTm8DXdpCzPajMgA= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2/go.mod h1:XtLgD3ZD34DAaVIIAyG3objl5DynM3CQ/vMcbBNJZGI= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.12.0 h1:fhqpLE3UEXi9lPaBRpQ6XuRW0nU7hgg4zlmZZa+a9q4= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.12.0/go.mod h1:7dCRMLwisfRH3dBupKeNCioWYUZ4SS09Z14H+7i8ZoY= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.6.0 h1:ui3YNbxfW7J3tTFIZMH6LIGRjCngp+J+nIFlnizfNTE= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.6.0/go.mod h1:gZmgV+qBqygoznvqo2J9oKZAFziqhLZ2xE/WVUmzkHA= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do= @@ -82,8 +80,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1. github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.8.1 h1:/Zt+cDPnpC3OVDm/JKLOs7M2DKmLRIIp3XIx9pHHiig= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.8.1/go.mod h1:Ng3urmn6dYe8gnbCMoHHVl5APYz2txho3koEkV2o2HA= -github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.6.3 h1:ZJJNFaQ86GVKQ9ehwqyAFE6pIfyicpuJ8IkVaPBc6/4= -github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.6.3/go.mod h1:URuDvhmATVKqHBH9/0nOiNKk0+YcwfQ3WkK5PqHKxc8= +github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.6.4 h1:jWQK1GI+LeGGUKBADtcH2rRqPxYB1Ljwms5gFA2LqrM= +github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.6.4/go.mod h1:8mwH4klAm9DUgR2EEHyEEAQlRDvLPyg5fQry3y+cDew= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= @@ -103,12 +101,12 @@ github.com/GehirnInc/crypt v0.0.0-20230320061759-8cc1b52080c5 h1:IEjq88XO4PuBDcv github.com/GehirnInc/crypt v0.0.0-20230320061759-8cc1b52080c5/go.mod h1:exZ0C/1emQJAw5tHOaUDyY1ycttqBAPcxuzf7QbY6ec= github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.31.0 h1:DHa2U07rk8syqvCge0QIGMCE1WxGj9njT44GH7zNJLQ= github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.31.0/go.mod h1:P4WPRUkOhJC13W//jWpyfJNDAIpvRbAUIYLX/4jtlE0= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.53.0 h1:owcC2UnmsZycprQ5RfRgjydWhuoxg71LUfyiQdijZuM= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.53.0/go.mod h1:ZPpqegjbE99EPKsu3iUWV22A04wzGPcAY/ziSIQEEgs= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.53.0 h1:4LP6hvB4I5ouTbGgWtixJhgED6xdf67twf9PoY96Tbg= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.53.0/go.mod h1:jUZ5LYlw40WMd07qxcQJD5M40aUxrfwqQX1g7zxYnrQ= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.53.0 h1:Ron4zCA/yk6U7WOBXhTJcDpsUBG9npumK6xw2auFltQ= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.53.0/go.mod h1:cSgYe11MCNYunTnRXrKiR/tHc0eoKjICUuWpNZoVCOo= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.55.0 h1:UnDZ/zFfG1JhH/DqxIZYU/1CUAlTUScoXD/LcM2Ykk8= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.55.0/go.mod h1:IA1C1U7jO/ENqm/vhi7V9YYpBsp+IMyqNrEN94N7tVc= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.55.0 h1:7t/qx5Ost0s0wbA/VDrByOooURhp+ikYwv20i9Y07TQ= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.55.0/go.mod h1:vB2GH9GAYYJTO3mEn8oYwzEdhlayZIdQz6zdzgUIRvA= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.55.0 h1:0s6TxfCu2KHkkZPnBfsQ2y5qia0jl3MMrmBhu3nCOYk= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.55.0/go.mod h1:Mf6O40IAyB9zR/1J8nGDDPirZQQPbYJni8Yisy7NTMc= github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= @@ -189,8 +187,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 h1:6xNmx7iTtyBRev0+D/Tv1FZd4SCg8axKApyNyRsAt/w= -github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5/go.mod h1:KdCmV+x/BuvyMxRnYBlmVaq4OLiKW6iRQfvC62cvdkI= +github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2 h1:aBangftG7EVZoUb69Os8IaYg++6uMOdKK83QtkkvJik= +github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2/go.mod h1:qwXFYgsP6T7XnJtbKlf1HP8AjxZZyzxMmc+Lq5GjlU4= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= @@ -204,8 +202,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6N github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= -github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7nd/ogr0Uh8= +github.com/danieljoos/wincred v1.2.3 h1:v7dZC2x32Ut3nEfRH+vhoZGvN72+dQ/snVXo/vMFLdQ= +github.com/danieljoos/wincred v1.2.3/go.mod h1:6qqX0WNrS4RzPZ1tnroDzq9kY3fu1KwE7MRLQK4X0bs= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -243,14 +241,12 @@ github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjT github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= -github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= -github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= +github.com/fatih/color v1.19.0 h1:Zp3PiM21/9Ld6FzSKyL5c/BULoe/ONr9KlbYVOfG8+w= +github.com/fatih/color v1.19.0/go.mod h1:zNk67I0ZUT1bEGsSGyCZYZNrHuTkJJB+r6Q9VuMi0LE= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/frankban/quicktest v1.13.1 h1:xVm/f9seEhZFL9+n5kv5XLrGwy6elc4V9v/XFY2vmd8= -github.com/frankban/quicktest v1.13.1/go.mod h1:NeW+ay9A/U67EYXNFA1nPE8e/tnQv/09mUdL/ijj8og= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= @@ -271,8 +267,8 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= -github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs= -github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= +github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA= +github.com/go-jose/go-jose/v4 v4.1.4/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= @@ -309,17 +305,15 @@ github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJA github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw= github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= -github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/godbus/dbus/v5 v5.2.2 h1:TUR3TgtSVDmjiXOgAAyaZbYmIeP3DPkld3jgKGV8mXQ= +github.com/godbus/dbus/v5 v5.2.2/go.mod h1:3AAv2+hPq5rdnr5txxxRwiGjPXamgoIHgz9FPBfOp3c= github.com/gofrs/flock v0.13.0 h1:95JolYOvGMqeH31+FC7D2+uULf6mG61mEZ/A8dRYMzw= github.com/gofrs/flock v0.13.0/go.mod h1:jxeyy9R1auM5S6JYDBhDt+E2TCo7DkratH4Pgi8P+Z0= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI= -github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo= -github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE= +github.com/golang-jwt/jwt/v5 v5.3.1 h1:kYf81DTWFe7t+1VvL7eS+jKFVWaUnK9cB1qbwn63YCY= +github.com/golang-jwt/jwt/v5 v5.3.1/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -425,8 +419,8 @@ github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmg github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/hanwen/go-fuse/v2 v2.9.0 h1:0AOGUkHtbOVeyGLr0tXupiid1Vg7QB7M6YUcdmVdC58= -github.com/hanwen/go-fuse/v2 v2.9.0/go.mod h1:yE6D2PqWwm3CbYRxFXV9xUd8Md5d6NG0WBs5spCswmI= +github.com/hanwen/go-fuse/v2 v2.10.1 h1:QAqZuc9+aBtTou+OPruU/hkYQYCkgPtQd2QaepHkTTs= +github.com/hanwen/go-fuse/v2 v2.10.1/go.mod h1:aU7NkGYZUmuJrZapoI3mEcNve7PZTySUOLBuch/vR6U= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/cronexpr v1.1.3 h1:rl5IkxXN2m681EfivTlccqIryzYJSXRGRNa0xeG7NA4= @@ -489,8 +483,8 @@ github.com/keybase/go-keychain v0.0.1/go.mod h1:PdEILRW3i9D8JcdM+FmY6RwkHGnhHxXw github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk= -github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4= +github.com/klauspost/compress v1.18.6 h1:2jupLlAwFm95+YDR+NwD2MEfFO9d4z4Prjl1XXDjuao= +github.com/klauspost/compress v1.18.6/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ= github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y= github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0= @@ -498,11 +492,11 @@ github.com/klauspost/crc32 v1.3.0 h1:sSmTt3gUt81RP655XGZPElI0PelVTZ6YwCRnPSupoFM github.com/klauspost/crc32 v1.3.0/go.mod h1:D7kQaZhnkX/Y0tstFGf8VUzv2UofNGqCjnC3zdHB0Hw= github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU= github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= -github.com/klauspost/reedsolomon v1.12.6 h1:8pqE9aECQG/ZFitiUD1xK/E83zwosBAZtE3UbuZM8TQ= -github.com/klauspost/reedsolomon v1.12.6/go.mod h1:ggJT9lc71Vu+cSOPBlxGvBN6TfAS77qB4fp8vJ05NSA= +github.com/klauspost/reedsolomon v1.14.0 h1:5YSZeclzSYg5nl349+GDG/agDtQ6MZiwUYXvVKN1Jx0= +github.com/klauspost/reedsolomon v1.14.0/go.mod h1:yjqqjgMTQkBUHSG97/rm4zipffCNbCiZcB3kTqr++sQ= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kopia/htmluibuild v0.0.1-0.20251125011029-7f1c3f84f29d h1:U3VB/cDMsPW4zB4JRFbVRDzIpPytt889rJUKAG40NPA= -github.com/kopia/htmluibuild v0.0.1-0.20251125011029-7f1c3f84f29d/go.mod h1:h53A5JM3t2qiwxqxusBe+PFgGcgZdS+DWCQvG5PTlto= +github.com/kopia/htmluibuild v0.0.1-0.20260502040510-a4505d4145ae h1:igSzPZDDs3icBsXWC/2zRFBRlzelXcBSODpxpORf6s8= +github.com/kopia/htmluibuild v0.0.1-0.20260502040510-a4505d4145ae/go.mod h1:h53A5JM3t2qiwxqxusBe+PFgGcgZdS+DWCQvG5PTlto= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -539,18 +533,18 @@ github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stg github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= -github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= -github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-isatty v0.0.21 h1:xYae+lCNBP7QuW4PUnNG61ffM4hVIfm+zUzDuSzYLGs= +github.com/mattn/go-isatty v0.0.21/go.mod h1:ZXfXG4SQHsB/w3ZeOYbR0PrPwLy+n6xiMrJlRFqopa4= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mfridman/tparse v0.18.0 h1:wh6dzOKaIwkUGyKgOntDW4liXSo37qg5AXbIhkMV3vE= github.com/mfridman/tparse v0.18.0/go.mod h1:gEvqZTuCgEhPbYk/2lS3Kcxg1GmTxxU7kTC8DvP0i/A= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= -github.com/minio/crc64nvme v1.1.0 h1:e/tAguZ+4cw32D+IO/8GSf5UVr9y+3eJcxZI2WOO/7Q= -github.com/minio/crc64nvme v1.1.0/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg= +github.com/minio/crc64nvme v1.1.1 h1:8dwx/Pz49suywbO+auHCBpCtlW1OfpcLN7wYgVR6wAI= +github.com/minio/crc64nvme v1.1.1/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg= github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34= github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM= -github.com/minio/minio-go/v7 v7.0.97 h1:lqhREPyfgHTB/ciX8k2r8k0D93WaFqxbJX36UZq5occ= -github.com/minio/minio-go/v7 v7.0.97/go.mod h1:re5VXuo0pwEtoNLsNuSr0RrLfT/MBtohwdaSmPPSRSk= +github.com/minio/minio-go/v7 v7.1.0 h1:QEt5IStDpxgGjEdtOgpiZ5QhmSl3ax7qy61vi2SwHO8= +github.com/minio/minio-go/v7 v7.1.0/go.mod h1:Dm7WS1AgLmBa0NcQD6SeJnJf+K/EUW3GR7Ks6olB3OA= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= @@ -579,8 +573,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/mxk/go-vss v1.2.0 h1:JpdOPc/P6B3XyRoddn0iMiG/ADBi3AuEsv8RlTb+JeE= -github.com/mxk/go-vss v1.2.0/go.mod h1:ZQ4yFxCG54vqPnCd+p2IxAe5jwZdz56wSjbwzBXiFd8= +github.com/mxk/go-vss v1.2.1 h1:shspH0qgqZ9l5sfIRsXS5BgZXz25/BY+ZQsW0HlD0fM= +github.com/mxk/go-vss v1.2.1/go.mod h1:ZQ4yFxCG54vqPnCd+p2IxAe5jwZdz56wSjbwzBXiFd8= github.com/natefinch/atomic v1.0.1 h1:ZPYKxkqQOx3KZ+RsbnP/YsgvxWQPGxjC0oBt2AhwV0A= github.com/natefinch/atomic v1.0.1/go.mod h1:N/D/ELrljoqDyT3rZrsUmtsuzvHkeB/wWjHV22AZRbM= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= @@ -610,8 +604,6 @@ github.com/petar/GoLLRB v0.0.0-20210522233825-ae3b015fd3e9/go.mod h1:x3N5drFsm2u github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/philhofer/fwd v1.2.0 h1:e6DnBTl7vGY+Gz322/ASL4Gyp1FspeMvx1RNDoToZuM= github.com/philhofer/fwd v1.2.0/go.mod h1:RqIHx9QI14HlwKwm98g9Re5prTQ6LdeRQn+gXJFxsJM= -github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM= -github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -626,8 +618,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/project-velero/kopia v0.0.0-20251230033609-d946b1e75197 h1:iGkfuELGvFCqW+zcrhf2GsOwNH1nWYBsC69IOc57KJk= -github.com/project-velero/kopia v0.0.0-20251230033609-d946b1e75197/go.mod h1:RL4KehCNKEIDNltN7oruSa3ldwBNVPmQbwmN3Schbjc= +github.com/project-velero/kopia v0.0.0-20260512025144-908c5c098101 h1:bTzkHkWqMM2Zp942BqDQ3TMrfAKZ6tRTG6vcRBlObps= +github.com/project-velero/kopia v0.0.0-20260512025144-908c5c098101/go.mod h1:VxeLQ3AfxPMOraxoEqzbsOrHPSohTc6CWGs5PgMvtDs= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o= @@ -725,8 +717,8 @@ github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4= github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY= github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28= -github.com/tinylib/msgp v1.3.0 h1:ULuf7GPooDaIlbyvgAxBV/FI7ynli6LZ1/nVUNu+0ww= -github.com/tinylib/msgp v1.3.0/go.mod h1:ykjzy2wzgrlvpDCRc4LA8UXy6D8bzMSuAF3WD57Gok0= +github.com/tinylib/msgp v1.6.1 h1:ESRv8eL3u+DNHUoSAAQRE50Hm162zqAnBoGv9PzScPY= +github.com/tinylib/msgp v1.6.1/go.mod h1:RSp0LW9oSxFut3KzESt5Voq4GVWyS+PSulT77roAqEA= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/vladimirvivien/gexe v0.1.1 h1:2A0SBaOSKH+cwLVdt6H+KkHZotZWRNLlWygANGw5DxE= @@ -743,14 +735,16 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/zalando/go-keyring v0.2.6 h1:r7Yc3+H+Ux0+M72zacZoItR3UDxeWfKTcabvkI8ua9s= -github.com/zalando/go-keyring v0.2.6/go.mod h1:2TCrxYrbUNYfNS/Kgy/LSrkSQzZ5UPVH85RwfczwvcI= -github.com/zeebo/assert v1.1.0 h1:hU1L1vLTHsnO8x8c9KAR5GmM5QscxHg5RNU5z5qbUWY= -github.com/zeebo/assert v1.1.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0= +github.com/zalando/go-keyring v0.2.8 h1:6sD/Ucpl7jNq10rM2pgqTs0sZ9V3qMrqfIIy5YPccHs= +github.com/zalando/go-keyring v0.2.8/go.mod h1:tsMo+VpRq5NGyKfxoBVjCuMrG47yj8cmakZDO5QGii0= +github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ= +github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0= github.com/zeebo/blake3 v0.2.4 h1:KYQPkhpRtcqh0ssGYcKLG1JYvddkEA8QwCM/yBqhaZI= github.com/zeebo/blake3 v0.2.4/go.mod h1:7eeQ6d2iXWRGF6npfaxl2CU+xy2Fjo2gxeyZGCRUjcE= github.com/zeebo/pcg v1.0.1 h1:lyqfGeWiv4ahac6ttHs+I5hwtH/+1mrhlCtVNQM2kHo= github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4= +github.com/zeebo/xxh3 v1.1.0 h1:s7DLGDK45Dyfg7++yxI0khrfwq9661w9EN78eP/UZVs= +github.com/zeebo/xxh3 v1.1.0/go.mod h1:IisAie1LELR4xhVinxWS5+zf1lA4p0MW4T+w+W07F5s= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= @@ -772,8 +766,8 @@ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 h1:Oyrsyzu go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0/go.mod h1:C2NGBr+kAB4bk3xtMXfZ94gqFDtg/GkI7e9zqGh5Beg= go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I= go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0= -go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.36.0 h1:rixTyDGXFxRy1xzhKrotaHy3/KXdPhlWARrCgK+eqUY= -go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.36.0/go.mod h1:dowW6UsM9MKbJq5JTz2AMVp3/5iW5I/TStsk8S+CfHw= +go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.43.0 h1:TC+BewnDpeiAmcscXbGMfxkO+mwYUwE/VySwvw88PfA= +go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.43.0/go.mod h1:J/ZyF4vfPwsSr9xJSPyQ4LqtcTPULFR64KwTikGLe+A= go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM= go.opentelemetry.io/otel/metric v1.43.0/go.mod h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY= go.opentelemetry.io/otel/sdk v1.43.0 h1:pi5mE86i5rTeLXqoF/hhiBtUNcrAGHLKQdhg4h4V9Dg= @@ -796,8 +790,8 @@ go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc= -go.uber.org/zap v1.27.1/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= +go.uber.org/zap v1.28.0 h1:IZzaP1Fv73/T/pBMLk4VutPl36uNC+OSUh3JLG3FIjo= +go.uber.org/zap v1.28.0/go.mod h1:rDLpOi171uODNm/mxFcuYWxDsqWSAVkFdX4XojSKg/Q= go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= @@ -826,8 +820,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93 h1:fQsdNF2N+/YewlRZiricy4P1iimyPKZ/xwniHj8Q2a0= -golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93/go.mod h1:EPRbTFwzwjXj9NpYyyrvenVh9Y+GFeEvMNh7Xuz7xgU= +golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f h1:W3F4c+6OLc6H2lb//N1q4WpJkhzJCK5J6kUi1NTVXfM= +golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f/go.mod h1:J1xhfL/vlindoeF/aINzNzt2Bket5bjo9sdOYzOsU80= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -993,7 +987,6 @@ golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI= golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= @@ -1159,8 +1152,8 @@ google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaE google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20260319201613-d00831a3d3e7 h1:XzmzkmB14QhVhgnawEVsOn6OFsnpyxNPRY9QV01dNB0= google.golang.org/genproto v0.0.0-20260319201613-d00831a3d3e7/go.mod h1:L43LFes82YgSonw6iTXTxXUX1OlULt4AQtkik4ULL/I= -google.golang.org/genproto/googleapis/api v0.0.0-20260319201613-d00831a3d3e7 h1:41r6JMbpzBMen0R/4TZeeAmGXSJC7DftGINUodzTkPI= -google.golang.org/genproto/googleapis/api v0.0.0-20260319201613-d00831a3d3e7/go.mod h1:EIQZ5bFCfRQDV4MhRle7+OgjNtZ6P1PiZBgAKuxXu/Y= +google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 h1:VPWxll4HlMw1Vs/qXtN7BvhZqsS9cdAittCNvVENElA= +google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:7QBABkRtR8z+TEnmXTqIqwJLlzrZKVfAUm7tY3yGv0M= google.golang.org/genproto/googleapis/rpc v0.0.0-20260427160629-7cedc36a6bc4 h1:tEkOQcXgF6dH1G+MVKZrfpYvozGrzb91k6ha7jireSM= google.golang.org/genproto/googleapis/rpc v0.0.0-20260427160629-7cedc36a6bc4/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= From 68fa6f4ee9edadb82ccd1d5899d9320d95d7e9f7 Mon Sep 17 00:00:00 2001 From: Adam Zhang Date: Fri, 24 Apr 2026 15:15:56 +0800 Subject: [PATCH 07/12] backup filter enhancement enhance backup filter with resource policies, extend resource policies with fine-grained control for backup resources, both cluster scoped resources and namespace scoped resources, with labels, names include/exclude support with glob patterns. Signed-off-by: Adam Zhang --- .../fine-grained-backup-filters-design.md | 834 ++++++++++++++++++ 1 file changed, 834 insertions(+) create mode 100644 design/backup-filter-enhancement/fine-grained-backup-filters-design.md diff --git a/design/backup-filter-enhancement/fine-grained-backup-filters-design.md b/design/backup-filter-enhancement/fine-grained-backup-filters-design.md new file mode 100644 index 000000000..284ded16d --- /dev/null +++ b/design/backup-filter-enhancement/fine-grained-backup-filters-design.md @@ -0,0 +1,834 @@ +# Fine Grained Backup Filters via Resource Policies + +## Glossary & Abbreviation + +**Backup Filter**: The mechanism in Velero that determines which Kubernetes resources are collected from the cluster and written into the backup archive. Backup filters currently operate on four dimensions: namespace, resource type, label, and cluster scope. +**Global Filter**: A filter that applies uniformly across all namespaces in a backup. All existing Velero backup filters are global filters. +**Namespace-Scoped Filter**: A filter that applies only within specific namespaces, overriding the global filter for those namespaces. This is the capability introduced by this design. +**FineGrainedGlobalFilterPolicy**: A global filter for cluster-scoped resources that allows per-kind label selectors and name patterns, functioning similarly to `NamespacedFilterPolicy` but applied to cluster-scoped resources globally. +**Resource Filter**: A filter rule that pairs one or more resource kinds with their own label selector and/or name patterns. Multiple resource filters within a namespace-scoped policy allow different filtering criteria for different resource types. +**Resource Name Filter**: A filter that matches individual resource instances by their metadata.name, using glob patterns. This is a new filter dimension introduced by this design. +**Resource Policy**: An existing Velero mechanism where backup behavior rules are defined in a ConfigMap and referenced from `BackupSpec.ResourcePolicy`. Currently used for volume policies and global include/exclude policies. + +## Background + +Velero's backup filter system allows users to specify which resources to include or exclude from a backup. The filters operate on three dimensions: + +1. **Namespace** — `IncludedNamespaces`/`ExcludedNamespaces` select which namespaces to back up +2. **Resource Type** — `IncludedResources`/`ExcludedResources` (or the newer scoped variants `Included/ExcludedClusterScopedResources`, `Included/ExcludedNamespaceScopedResources`) select which Kubernetes resource types to back up +3. **Labels** — `LabelSelector`/`OrLabelSelectors` filter individual objects by their labels + +All three dimensions are applied **globally** — the same resource type filter, the same label selector, and the same namespace list apply uniformly throughout the entire backup operation. Specifically: + +- In `item_collector.go`, the `ResourceIncludesExcludes.ShouldInclude()` check is a single global check applied to every resource type across all namespaces. +- In `listResourceByLabelsPerNamespace()`, the same `LabelSelector` is passed to every Kubernetes API list call regardless of namespace. +- There is no mechanism to filter resources by their individual `metadata.name`. + +This creates three critical gaps for common backup scenarios: + +**Gap 1: Different resource needs per namespace.** When multiple applications share the same cluster, different namespaces often require different backup strategies. For example, a namespace running a database workload may need all resource types backed up, while a namespace running a stateless frontend may only need Deployments, ConfigMaps, and Services. Setting `IncludedResources: [configmaps]` means *all* ConfigMaps in *all* included namespaces — you cannot say "only ConfigMaps in namespace-a but everything in namespace-b." + +**Gap 2: Same resource type, different workloads.** Resources of the same type (e.g., ConfigMaps or Secrets) in the same namespace may belong to different workloads. For instance, a namespace may contain `app-config`, `app-secret`, `monitoring-config`, and `monitoring-secret`. Without name-based filtering, you cannot selectively back up only the `app-*` resources — the only option is label-based selection, which requires workloads to have been pre-labeled appropriately. + +**Gap 3: Different kinds need different selectors.** Within a single namespace, different resource types may belong to different workloads with different labels. For example, Deployments labeled `app=workload-1` and StatefulSets labeled `app=workload-2` in the same namespace. The current single-label-selector-per-namespace model cannot express this — the label selector applies identically to all resource types. + +## Goals + +- Extend the `ResourcePolicies` ConfigMap format with a `namespacedFilterPolicies` section that allows per-namespace, per-kind resource filtering with independent label selectors and name patterns for each resource type +- Extend the `ResourcePolicies` ConfigMap format with a `fineGrainedGlobalFilterPolicy` section that allows per-kind resource filtering with independent label selectors and name patterns for cluster-scoped resources globally +- Support resource name filtering by glob patterns using the same `gobwas/glob` library that Velero uses for namespace patterns, ensuring consistency across the codebase +- Support per-kind label selectors, so that different resource types within the same namespace can be filtered with different labels +- Maintain full backward compatibility — existing backups with no `namespacedFilterPolicies` behave exactly as they do today +- Define clear precedence rules for how per-namespace filters interact with global filters +- Add corresponding validation within the Resource Policies validation pipeline using existing Velero wildcard validation functions +- Update `velero backup describe` output to display per-namespace filter information when present +- Ensure the restore process works correctly with backups produced by namespace-scoped filters, without requiring restore-side code changes in the initial phase + +## Non-Goals + +- Adding namespace-scoped filters to `RestoreSpec` or the restore pipeline is not part of the initial implementation. Restore from a namespace-filtered backup works automatically because the restore process reads whatever is in the backup archive. Restore-side namespace filters will be addressed in a follow-up. +- Changing existing `BackupSpec` fields (`IncludedResources`, `LabelSelector`, etc.) or adding new CRD fields is explicitly avoided by this design. +- Supporting regex patterns for resource names is not included. Glob patterns (already used throughout Velero) are sufficient and consistent. +- Modifying the plugin `ResourceSelector` system (`AppliesTo()` / `resolvedAction.ShouldUse()`) is not part of this design. +- CLI flags for inline specification of namespace-scoped filters are not part of the initial implementation. The configuration is expressed in the ResourcePolicy ConfigMap YAML. + +## Architecture of Namespace-Scoped Filters + +### Configuration Model + +The namespace-scoped filters and fine-grained global filters are defined in the same ResourcePolicy ConfigMap that is already referenced by `BackupSpec.ResourcePolicy`. The YAML format is extended with two new top-level keys: + +```yaml +version: v1 +volumePolicies: + # existing volume policies (unchanged) + - conditions: + capacity: "0,100Gi" + action: + type: skip +includeExcludePolicy: + # existing global include/exclude policy (unchanged) + includedNamespaceScopedResources: + - configmaps +fineGrainedGlobalFilterPolicy: + # NEW: global overrides for cluster-scoped resources + resourceFilters: + - kinds: [ClusterRole, ClusterRoleBinding] + names: ["my-app-*"] + - kinds: [CustomResourceDefinition] + labelSelector: + app: my-app +namespacedFilterPolicies: + # NEW: per-namespace filter overrides + - namespaces: + - ns-a + resourceFilters: + - kinds: [ConfigMap, Secret, Deployment] + labelSelector: + app: my-app + - namespaces: + - ns-b + resourceFilters: + - kinds: [Deployment] + names: [app-1, app-2] + - kinds: [ConfigMap] + labelSelector: + app: my-service +``` + +All four sections coexist in the same ConfigMap. They are independent — `volumePolicies` handles volume backup strategy, `includeExcludePolicy` handles global resource type filtering, `fineGrainedGlobalFilterPolicy` handles cluster-scoped resource filtering by kind/name/label, and `namespacedFilterPolicies` handles per-namespace, per-kind overrides. + +### The `resourceFilters` Model + +Each `namespacedFilterPolicies` entry targets one or more namespaces and contains a `resourceFilters` array. Each entry in `resourceFilters` pairs one or more resource kinds with their own label selector and name patterns: + +```yaml +namespacedFilterPolicies: + - namespaces: [ns-a] + resourceFilters: + - kinds: [ConfigMap, Secret] # these kinds share a selector + labelSelector: {app: my-app} + names: ["app-*"] + - kinds: [Deployment] # this kind has its own selector + names: [workload-1, workload-2] + - kinds: [StatefulSet] # this kind has no extra filtering +``` + +This model has one way to express filters — there is no ambiguity about how to structure the configuration. Only resource kinds listed in `resourceFilters` entries are included in the backup for the matched namespaces; unlisted kinds are implicitly excluded. + +#### Catch-All Resource Filter (Empty `kinds` or `["*"]`) + +A `ResourceFilter` entry with an empty (or omitted) `kinds` field, or a field explicitly set to `["*"]`, acts as a **catch-all**. Its `labelSelector` or `orLabelSelectors` (if provided) is applied to **all resource types in the namespace that are not already matched by a kind-specific filter entry**. If no selectors are provided, all unlisted resources are included. Using `["*"]` is highly recommended as it makes the catch-all intention explicit and self-documenting. + +**Rules for catch-all entries:** +- At most **one** catch-all entry is allowed per `NamespacedFilterPolicy`. +- `names` and `excludedNames` are **not** supported on catch-all entries. Name patterns are kind-specific by nature and cannot be applied across arbitrary kinds; use kind-specific entries for name-based filtering. +- The catch-all applies to kinds that are **not listed in any other `resourceFilters` entry** in the same policy. Kind-specific entries take precedence over the catch-all. + +**Evaluation order within a namespace filter policy:** +1. For each resource kind encountered during backup, the system first checks whether a kind-specific `resourceFilters` entry exists for that kind. +2. If a kind-specific entry exists, it is used exclusively (its label selectors and name patterns apply). +3. If no kind-specific entry exists but a catch-all entry is present, the catch-all's `labelSelector`/`orLabelSelectors` is applied to that kind. +4. If neither a kind-specific entry nor a catch-all entry exists, the kind is excluded from the backup for that namespace. + +### Filter Precedence Model + +The namespace-scoped filter system and fine-grained global filter system layer on top of the existing global filter system. They intentionally behave differently: +- **`namespacedFilterPolicies`** acts as an **exclusive allowlist (boundary)**. Only kinds explicitly listed (or matched by a catch-all) are backed up from that namespace. This gives namespace owners complete and isolated control over their namespace's backup contents, preventing unexpected data spillage from global fallbacks. +- **`fineGrainedGlobalFilterPolicy`** acts as a **refinement overlay (tweak)**. Unlisted cluster-scoped kinds fall back to the standard global filters. This allows administrators to selectively adjust filtering for a few specific cluster-scoped kinds without rewriting the entire global inclusion list. + +**For Namespace-Scoped Resources:** + +The evaluation order is: + +1. **Global namespace filter** (`BackupSpec.IncludedNamespaces`/`ExcludedNamespaces`) is checked first. A namespace must pass this filter to be considered at all. `namespacedFilterPolicies` cannot override namespace exclusion — if a namespace is excluded globally, no filter policy entry can bring it back. + +2. **Per-namespace filter lookup.** For each namespace that passes the global namespace filter, the system checks whether any `namespacedFilterPolicies` entry matches (by namespace name or glob pattern). If a match is found, the `resourceFilters` array determines what gets backed up for that namespace: + - Only resource kinds listed in `resourceFilters[].kinds` are included + - Each kind uses its own `labelSelector`/`orLabelSelectors` (if specified) + - Each kind uses its own `names`/`excludedNames` patterns (if specified) + +3. **Namespaces without a matching filter policy** continue to use the global filters (`BackupSpec.IncludedResources`, `BackupSpec.LabelSelector`, etc., combined with `includeExcludePolicy`) exactly as they do today. + +4. **If multiple filter policy entries could match the same namespace** (e.g., `team-*` and `team-frontend-*` both matching `team-frontend-prod`), the **first matching policy in the list** is used. **Important: Place more specific patterns before broader patterns** to achieve the intended filtering behavior. + +5. **The `velero.io/exclude-from-backup=true` label** always takes precedence over all filters, regardless of whether the item matches global or per-namespace filters. + +6. **Interaction with `includeExcludePolicy`**: `namespacedFilterPolicies` is a **refinement** of the global resource filter system, not a replacement. Global exclusions defined in `includeExcludePolicy` (e.g., `excludedNamespaceScopedResources: [secrets]`) are applied first at the resource-type level before per-namespace filter policies are consulted. A namespace-scoped filter policy cannot re-include a resource kind that has been globally excluded by `includeExcludePolicy`. For example, if `secrets` is listed under `excludedNamespaceScopedResources`, no `Secret` resources will be backed up from any namespace, even if a `namespacedFilterPolicies` entry explicitly lists `Secret` for that namespace. Users who need per-namespace secret selection must remove `secrets` from the global exclusion list. + +**For Cluster-Scoped Resources:** + +1. If `fineGrainedGlobalFilterPolicy` is present, it acts as a **refinement overlay** over the existing global filters for cluster-scoped resources. It is NOT an exclusive allowlist. + - To back up cluster-scoped resources in a namespace-filtered backup, you must still explicitly include them via `BackupSpec.IncludedClusterScopedResources`. + - If a cluster-scoped kind is listed in its `resourceFilters`, its specific `labelSelector`/`orLabelSelectors` and `names`/`excludedNames` patterns are applied. + - If a cluster-scoped kind is **not listed**, it falls back to the standard global filters (`BackupSpec.LabelSelector`, etc.) and is included in the backup. + +2. If `fineGrainedGlobalFilterPolicy` is absent, Velero falls back to the existing global filters (`IncludedClusterScopedResources`, `IncludedResources`, `LabelSelector`, etc.) for cluster-scoped resources. + +3. **The `velero.io/exclude-from-backup=true` label** always takes precedence over all filters. + +```mermaid +flowchart TD + A["BackupSpec Global
IncludedNamespaces / ExcludedNamespaces"] + B{Namespace passes
global filter?} + C[Namespace excluded
from backup] + D{namespacedFilterPolicies
lookup by namespace} + E{"For each resource kind:
is kind in resourceFilters?"} + F["Apply kind-specific filters:
- labelSelector / orLabelSelectors
- names / excludedNames"] + G[Kind skipped for
this namespace] + H["Use global filters:
- BackupSpec IncludedResources
- BackupSpec LabelSelector
- includeExcludePolicy"] + + I{"Is resource
cluster-scoped?"} + J{"Is fineGrainedGlobalFilterPolicy
present?"} + K{"Is kind in resourceFilters?"} + L["Apply kind-specific filters:
- labelSelector / orLabelSelectors
- names / excludedNames"] + + I -- Yes --> J + J -- Yes --> K + K -- Yes --> L + K -- No --> H + J -- No --> H + + I -- No --> A + A --> B + B -- No --> C + B -- Yes --> D + D -- Match found --> E + E -- Yes --> F + E -- No --> G + D -- No match found --> H +``` + +### Data Flow in the Backup Pipeline + +The existing backup pipeline has two stages: item collection and item backup. Namespace-scoped filters and fine-grained global filters are applied at both stages: + +**Stage 1 — Item Collection (`item_collector.go`).** Resources are listed from the Kubernetes API. + +- **Resource type check** in `getResourceItems()`: Before iterating namespaces, the global resource type check still applies. + - **For Cluster-Scoped Resources:** The global resource type check (`ShouldInclude`) determines if the kind is collected. `FineGrainedGlobalFilterPolicy` does not skip unlisted cluster-scoped kinds at this stage. + - **For Namespace-Scoped Resources:** Within the namespace loop, a per-namespace resource type check is added. If a filter policy matches the current namespace, only resource kinds listed in `resourceFilters[].kinds` are included — if the current resource type is not listed, it is skipped for that namespace. +- **Label selector** in `listResourceByLabelsPerNamespace()` and `listResourceByLabelsGlobally()`: The function looks up the filter policy (either the namespace-specific one or the fine-grained global one). If found, it retrieves the `ResourceFilter` entry for the current resource kind and uses that entry's `labelSelector`/`orLabelSelectors` for the Kubernetes API list call. If no filter policy is found, the global selectors are used as before. + +**Stage 2 — Item Backup (`item_backupper.go`).** Collected items are validated and written to the archive. + +- **Name pattern check** in `itemInclusionChecks()`: After the existing namespace and resource type re-validation, the item's `metadata.name` is checked against the `ResourceFilter` entry's `names`/`excludedNames` glob patterns for the item's kind (checking the cluster-scoped map for cluster resources and namespace map for namespace resources). If the name doesn't match, the item is excluded. + - **Important:** If the item's kind is not listed in the namespace filter map **and** there is no catch-all entry, the item passes through Stage 2 without a name check. This is intentional — see [Plugin AdditionalItems and Auto-Backed Up CRDs](#edge-cases-and-behavior-documentation) below. + +### Impact on Restore + +The restore process (`pkg/restore/restore.go`) is **not modified** in this design. The reason: + +- Restore reads the backup archive as-is. Items excluded by namespace-scoped filter policies during backup are simply absent from the archive. The restore process iterates what's in the tarball and applies `RestoreSpec` filters on top. No items excluded during backup will appear during restore. +- Restore plugins that request "additional items" (via `RestoreItemAction`) may reference items excluded from the backup. These items won't be in the archive, so the restore will skip them silently. This is the same behavior that occurs today with any incomplete backup — no new risk is introduced. +- Users can still use `RestoreSpec.IncludedNamespaces` to selectively restore from a namespace-filtered backup. + +A follow-up design will add namespace-scoped filters to the restore pipeline. + +### Edge Cases and Behavior Documentation + +This section documents the system behavior in edge cases and error conditions: + +**Plugin AdditionalItems and Auto-Backed Up CRDs:** +Cluster-scoped resources injected dynamically (such as `VolumeSnapshotClass` from the CSI plugin or `CustomResourceDefinition` from Velero's auto-backup loop) do not require hardcoded exceptions. In `itemInclusionChecks()`, Velero natively allows unlisted cluster-scoped resources to pass through unless explicitly excluded by the user. `FineGrainedGlobalFilterPolicy` preserves this permissive behavior: if a dynamically injected cluster-scoped resource is NOT listed in the policy, it passes through untouched. If it IS listed, its specific `names` and `excludedNames` filters are strictly enforced. + +**Plugin-injected namespace-scoped additional items** follow the same permissive principle. When a `BackupItemAction` returns additional items whose kind is not listed in the matched `namespacedFilterPolicies` entry and there is no catch-all entry, those items still pass through Stage 2 (`itemInclusionChecks`). This is intentional: blocking plugin-injected items at Stage 2 would break backup completeness — for example, a CSI plugin may inject a `VolumeSnapshotContent` that is required for a correct restore even when the user's filter policy only lists application resource types. + +The kind-level exclusion that makes `namespacedFilterPolicies` an exclusive allowlist applies only during **Stage 1** (the primary collection pass in `item_collector.go`). At Stage 2, `itemInclusionChecks` enforces only: +- The `velero.io/exclude-from-backup=true` label (always takes precedence). +- The `names`/`excludedNames` patterns for **listed** kinds. + +Plugin-injected items of unlisted kinds are therefore included as long as they are not explicitly excluded by label. Users who need to suppress a specific plugin-injected kind should apply the `velero.io/exclude-from-backup=true` label to those resources. + +**Multiple Glob Patterns Matching Same Namespace (Incorrect Order):** +```yaml +namespacedFilterPolicies: + - namespaces: ["team-*"] # Broader pattern listed first + resourceFilters: + - kinds: [Deployment, Service] + - namespaces: ["team-frontend-*"] # More specific pattern listed second + resourceFilters: + - kinds: [ConfigMap, Secret, Deployment, Service] +``` +**Behavior:** For namespace `team-frontend-prod`, the broader `team-*` pattern matches first, so only `Deployment` and `Service` are backed up. The more specific `team-frontend-*` rule is never reached. + +**Multiple Glob Patterns Matching Same Namespace (Correct Order):** +```yaml +namespacedFilterPolicies: + - namespaces: ["team-frontend-*"] # More specific pattern listed first + resourceFilters: + - kinds: [ConfigMap, Secret, Deployment, Service] + - namespaces: ["team-*"] # Broader pattern listed second + resourceFilters: + - kinds: [Deployment, Service] +``` +**Behavior:** For namespace `team-frontend-prod`, the specific `team-frontend-*` pattern matches first, backing up all specified resources. For `team-backend-dev`, the broader `team-*` pattern matches, backing up only `Deployment` and `Service`. This achieves the intended behavior. + +**Namespace Included Globally But No Matching Filter Policy:** +```yaml +# BackupSpec includes "production" namespace +# ResourcePolicy has no namespacedFilterPolicies entry for "production" +``` +**Behavior:** The namespace uses global filters exactly as it does today. This is the backward compatibility behavior — only namespaces with explicit filter policies get namespace-scoped filtering. + + +**Empty ResourceFilters Array:** +```yaml +namespacedFilterPolicies: + - namespaces: ["test-namespace"] + resourceFilters: [] # empty array +``` +**Behavior:** Validation error during backup creation: +``` +namespacedFilterPolicies[0]: at least one resourceFilter must be specified +``` + +**Namespace Pattern with No Matches:** +```yaml +namespacedFilterPolicies: + - namespaces: ["nonexistent-*"] + resourceFilters: [...] +``` +**Behavior:** No error. The filter policy is loaded but never applied since no namespaces match the pattern. This allows for conditional filtering based on namespace existence. + +**Resource Kind Not Present in Target Namespaces:** +```yaml +resourceFilters: + - kinds: ["StatefulSet"] # namespace has no StatefulSets + names: ["workload-1"] +``` +**Behavior:** No error. The filter is applied but finds no matching resources. Empty result set is valid. + +**Conflicting Name Patterns:** +```yaml +resourceFilters: + - kinds: ["ConfigMap"] + names: ["app-*"] + excludedNames: ["app-config"] # conflicts with names pattern +``` +**Behavior:** The `excludedNames` takes precedence. Resources matching `app-*` are included, then `app-config` is excluded. Net result: includes `app-secret`, `app-data`, etc., but excludes `app-config`. + +**Invalid Label Selector Syntax:** +```yaml +resourceFilters: + - kinds: ["Pod"] + labelSelector: + "invalid label key!": "value" # invalid key syntax +``` +**Behavior:** Validation error during backup creation when `labels.SelectorFromSet()` fails: +``` +namespacedFilterPolicies[0].resourceFilters[0]: invalid label selector: "invalid label key!" is not a valid label key +``` + +**Out-of-Scope Kinds in Filter Entries:** +A user may accidentally list a cluster-scoped kind (e.g., `ClusterRole`) inside a `namespacedFilterPolicies` entry, or a namespace-scoped kind (e.g., `ConfigMap`) inside `fineGrainedGlobalFilterPolicy`. The system silently ignores such entries at the Kubernetes API level — namespace-scoped items are never listed globally, and cluster-scoped items are never listed per-namespace, so no matching resources will ever be found. A warning is logged at backup start to help the user detect the misconfiguration. No validation error is raised — the entry is harmless but ineffective. + +**Discovery Helper Unavailable:** +If the discovery helper is completely unavailable during backup initialization, the backup fails with: +``` +failed to resolve namespace filter policies: discovery client unavailable +``` +This is consistent with how other discovery-dependent features handle this error condition. + +# Detailed Design + +## ResourceFilter Field Notes + +**`labelSelector`** supports equality-based selectors only (`key=value`). Set-based requirements (e.g., `environment in (prod, staging)`) are not supported. To match resources with any of several label combinations, use `orLabelSelectors` with multiple maps — each map is AND-evaluated internally, and the maps are OR-evaluated across the list. `labelSelector` and `orLabelSelectors` cannot co-exist in the same entry. + +**`names` / `excludedNames`** accept exact resource names or glob patterns. If `names` is empty, all resource names are included (subject to label filters). `excludedNames` takes precedence over `names` when a name matches both. + +## Validation + +**Validation functions for `namespacedFilterPolicies`:** + +1. **Each filter policy must specify at least one namespace:** + ``` + namespacedFilterPolicies[N]: at least one namespace must be specified + ``` + +2. **Each filter policy must specify at least one resource filter:** + ``` + namespacedFilterPolicies[N]: at least one resourceFilter must be specified + ``` + +3. **Each resource filter without kinds can only be defined once, and cannot specify names/excludedNames. Additionally, it must specify either labelSelector or orLabelSelectors:** + ``` + namespacedFilterPolicies[N]: only one resource filter with empty kinds is allowed + namespacedFilterPolicies[N].resourceFilters[M]: names or excludedNames cannot be specified when kinds is empty + namespacedFilterPolicies[N].resourceFilters[M]: labelSelector or orLabelSelectors must be specified when kinds is empty + ``` + +4. **No duplicate kinds across resource filter entries** within the same namespace filter: + ``` + namespacedFilterPolicies[N]: kind "Pod" appears in both resourceFilters[0] and resourceFilters[2] + ``` + +5. **`labelSelector` and `orLabelSelectors` mutual exclusion** within each resource filter: + ``` + namespacedFilterPolicies[N].resourceFilters[M]: labelSelector and orLabelSelectors cannot co-exist + ``` + +6. **No duplicate namespace patterns across filter policies.** This validates only exact duplicates - runtime behavior handles overlapping patterns. + + **Rationale:** Detecting all possible pattern overlaps (like `team-*` vs `team-frontend-*`) is computationally complex and may reject valid configurations. Instead, the runtime uses first-match semantics - the first matching filter policy in the list is applied. This allows users flexibility while preventing obvious configuration errors. + +7. **Namespace patterns must be valid globs.** + +8. **Resource name patterns must be valid globs.** + +9. **Resource kind validation with discovery helper** (performed during backup initialization). + +**Validation functions for `fineGrainedGlobalFilterPolicy`:** + +1. **At least one resourceFilter must be specified.** + ``` + fineGrainedGlobalFilterPolicy: at least one resourceFilter must be specified + ``` + +2. **No duplicate kinds across resource filters.** + +3. **`labelSelector` and `orLabelSelectors` mutual exclusion.** + +4. **Resource name patterns must be valid globs.** + +Additionally, in `backup_controller.go`, a validation check ensures that `namespacedFilterPolicies` and `fineGrainedGlobalFilterPolicy` are not used with old-style resource filters (`IncludedResources`/`ExcludedResources`/`IncludeClusterResources`), similar to the existing check for `includeExcludePolicy`. + +## ConfigMap Examples + +### Per-Namespace Resource Type Filtering + +Back up only ConfigMaps, Secrets, and Deployments (with label `app=my-app`) from `ns-a`, but everything from `ns-b`: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: backup-filter-policy + namespace: velero +data: + policy: | + version: v1 + namespacedFilterPolicies: + - namespaces: + - ns-a + resourceFilters: + - kinds: [ConfigMap, Secret, Deployment] + labelSelector: + app: my-app + # ns-b has no filter policy entry, so global filters apply (include everything) +``` + +Backup CR referencing it: + +```yaml +apiVersion: velero.io/v1 +kind: Backup +metadata: + name: selective-backup + namespace: velero +spec: + includedNamespaces: + - ns-a + - ns-b + resourcePolicy: + kind: configmap + name: backup-filter-policy + storageLocation: default + ttl: 720h0m0s +``` + +### Per-Kind Label Selectors (Different Labels per Kind) + +Back up Deployments with one label and StatefulSets with a different label from the same namespace: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: vm-filter-policy + namespace: velero +data: + policy: | + version: v1 + namespacedFilterPolicies: + - namespaces: + - target-namespace + resourceFilters: + - kinds: [Deployment] + labelSelector: + app: production-workload-1 + - kinds: [StatefulSet] + labelSelector: + app: production-workload-2 +``` + +### Per-Kind Exact Names + +Back up specific Deployments, Configmaps, and Secrets by name: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: named-resource-filter + namespace: velero +data: + policy: | + version: v1 + namespacedFilterPolicies: + - namespaces: + - target-namespace + resourceFilters: + - kinds: [Deployment] + names: [workload-1, workload-2] + - kinds: [ConfigMap] + names: [p1, p2] + - kinds: [Secret] + names: [c1, c2] +``` + +### Name Pattern Filtering with Exclusion + +Back up only `app-*` ConfigMaps and Secrets from `production`, excluding temporary and debug resources: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: app-config-filter-policy + namespace: velero +data: + policy: | + version: v1 + namespacedFilterPolicies: + - namespaces: + - production + resourceFilters: + - kinds: [ConfigMap, Secret] + names: ["app-*"] + excludedNames: ["*-tmp", "*-debug"] +``` + +### Catch-All with No Label Selector (Override-Only) + +A user may want to use the global configuration for 99% of resources in a namespace, but only apply a specific name filter to a single kind. To achieve this without explicitly listing all other kinds or adding dummy labels, a catch-all filter without a label selector can be used: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: override-only-filter-policy + namespace: velero +data: + policy: | + version: v1 + namespacedFilterPolicies: + - namespaces: + - ns-a + resourceFilters: + - kinds: [Secret] + names: [my-secret] # Specific override for Secrets + - kinds: ["*"] # Catch-all: NO label selector + # Includes all other kinds unconditionally +``` + +**Result:** +- `Secret` resources: only `my-secret` is backed up. +- All other resource types: backed up unconditionally (acting like a global fallback). + +### Catch-All Label Selector (Back Up Everything with a Specific Label) + +When a user wants to back up any resource type in a namespace that carries a particular label — without enumerating every kind — the catch-all entry (empty `kinds` or `["*"]`) achieves this with a single rule: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: label-based-filter-policy + namespace: velero +data: + policy: | + version: v1 + namespacedFilterPolicies: + - namespaces: + - production + resourceFilters: + - kinds: ["*"] # catch-all: applies to every kind not listed below + labelSelector: + backup: "true" # back up any resource carrying this label +``` + +**Result:** Every resource type in `production` that has the label `backup=true` is backed up. Resources without that label are excluded. No kind enumeration is required. + +### Catch-All with Per-Kind Name Overrides + +A more advanced pattern: use exact names for specific kinds and fall back to a label selector for all remaining kinds. Kind-specific entries take precedence over the catch-all: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: mixed-filter-policy + namespace: velero +data: + policy: | + version: v1 + namespacedFilterPolicies: + - namespaces: + - production + resourceFilters: + - kinds: [Deployment] + names: [api-server, worker] # these exact Deployments by name + - kinds: [Secret] + names: [db-credentials, tls-cert] # these exact Secrets by name + - kinds: ["*"] # catch-all for all other kinds + labelSelector: + backup: "true" # back up by label +``` + +**Result:** +- `Deployment` resources: only `api-server` and `worker` are backed up (name filter; the catch-all does not apply). +- `Secret` resources: only `db-credentials` and `tls-cert` are backed up (name filter; the catch-all does not apply). +- All other resource types (ConfigMap, StatefulSet, Service, etc.): backed up only if they carry `backup=true`. + +This pattern is useful when certain high-value resources need precise name-based selection, while the rest of the namespace is covered by a label convention. + +### Glob Namespace Patterns and Ordering + +Apply filters to namespaces matching patterns. **Critical: Order patterns from most specific to least specific:** + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: team-filter-policy + namespace: velero +data: + policy: | + version: v1 + namespacedFilterPolicies: + # More specific patterns first + - namespaces: + - "team-frontend-prod" # Most specific (exact match) + resourceFilters: + - kinds: [Deployment, Service, ConfigMap, Secret, PVC] + - namespaces: + - "team-frontend-*" # Less specific (pattern match) + resourceFilters: + - kinds: [Deployment, Service, ConfigMap] + - namespaces: + - "team-*" # Least specific (broad pattern) + resourceFilters: + - kinds: [Deployment, Service] +``` + +**Pattern Matching Results:** +- `team-frontend-prod` → Uses exact match policy (backs up 5 resource types) +- `team-frontend-dev` → Uses `team-frontend-*` policy (backs up 3 resource types) +- `team-backend-test` → Uses `team-*` policy (backs up 2 resource types) +- `app-namespace` → No match, uses global filters + +### Combined with Volume Policies + +Both volume policies and namespace-scoped filters in the same ConfigMap: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: combined-policy + namespace: velero +data: + policy: | + version: v1 + volumePolicies: + - conditions: + capacity: "0,10Gi" + storageClass: + - standard + action: + type: fs-backup + - conditions: + capacity: "10Gi,100Gi" + action: + type: snapshot + namespacedFilterPolicies: + - namespaces: + - production + resourceFilters: + - kinds: [Deployment] + names: [workload-1, workload-2] + - kinds: [StatefulSet] + labelSelector: + app: my-app + - kinds: [ConfigMap, Secret] + names: ["app-*"] + excludedNames: ["*-tmp", "*-debug"] +``` + +### Backup CR — No ResourcePolicy (backward compatible) + +Existing backups continue to work exactly as before: + +```yaml +apiVersion: velero.io/v1 +kind: Backup +metadata: + name: full-backup + namespace: velero +spec: + includedNamespaces: + - "*" + includedResources: + - "*" + labelSelector: + matchLabels: + backup: "true" + storageLocation: default +``` + +## CLI + +### `velero backup describe` + +The output is extended to display namespace-scoped filter policies when present in the ResourcePolicy ConfigMap: + +``` +Name: selective-backup +Namespace: velero +Labels: +Annotations: + +Phase: Completed + +Errors: 0 +Warnings: 0 + +Namespaces: + Included: ns-a, ns-b + Excluded: + +Resources: + Included: * + Excluded: + Cluster-scoped: auto + +Label selector: + +Resource Policy: backup-filter-policy + +Namespace-Scoped Filter Policies: + ns-a: + Resource Filters: + ConfigMap, Secret, Deployment: + Label selector: app=my-app + Included names: + Excluded names: + target-namespace: + Resource Filters: + Deployment: + Label selector: app=production-workload-1 + Included names: + Excluded names: + StatefulSet: + Label selector: app=production-workload-2 + Included names: + Excluded names: + production: + Resource Filters: + Deployment: + Label selector: + Included names: [api-server, worker] + Excluded names: + (all other kinds): + Label selector: backup=true + Included names: + Excluded names: + +Fine-Grained Global Filter Policy: + Resource Filters: + ClusterRole, ClusterRoleBinding: + Label selector: + Included names: [my-app-*] + Excluded names: + CustomResourceDefinition: + Label selector: app=my-app + Included names: + Excluded names: + +Storage Location: default + +... +``` + +### `velero backup create` + +No new CLI flags are added. The namespace-scoped filter policies are specified in the ResourcePolicy ConfigMap, which is already referenced via the existing `--resource-policies-configmap` flag: + +```bash +velero backup create selective-backup \ + --include-namespaces ns-a,ns-b \ + --resource-policies-configmap backup-filter-policy +``` + +The `--help` output for `velero backup create` is updated to clarify the interaction between global and namespace-scoped filters: + +``` +Backup Filtering Options: + --include-namespaces stringArray namespaces to include in the backup (use '*' for all namespaces) + --exclude-namespaces stringArray namespaces to exclude from the backup + --include-resources stringArray resources to include in the backup, formatted as resource.group + --exclude-resources stringArray resources to exclude from the backup, formatted as resource.group + --include-cluster-resources optionalBool[=true] include cluster-scoped resources + --exclude-cluster-resources exclude cluster-scoped resources + --selector labelSelector only back up resources matching this label selector + --or-selector labelSelector back up resources matching any of the label selectors (can be repeated) + --resource-policies-configmap string reference to a configmap containing resource policies for volume snapshots and namespace-scoped filtering + +Notes: +- Global filters (--include-resources, --selector, etc.) apply to all included namespaces +- Namespace-scoped filters defined in --resource-policies-configmap override global filters for matching namespaces +- Fine-grained global filter policies defined in --resource-policies-configmap override global filters for cluster-scoped resources +- Use 'velero backup describe' to view resolved filter policies after backup creation +``` + +### CLI Integration Points + +**Backup Creation Workflow:** +1. User creates ResourcePolicy ConfigMap with `namespacedFilterPolicies` +2. User references ConfigMap via `--resource-policies-configmap` flag +3. Backup controller validates policies during backup initialization +4. Validation errors are reported immediately with specific line/field references + +**Help and Discovery:** +- `velero backup create --help` includes updated filtering documentation +- `velero backup describe` shows resolved filter policies for troubleshooting +- Validation errors include ConfigMap field references for easy debugging + +**Configuration Discovery:** +- `velero backup create --help` includes namespace-scoped filtering documentation +- `velero backup describe` shows resolved filter policies for verification + +## User Perspective + +This design provides fine-grained, per-namespace, per-kind control over backup filtering. Key user-facing aspects: + +- **For users not using namespace-scoped filter policies**: Zero changes. All existing backups and workflows continue to work identically. The new YAML key is optional. +- **For users adopting namespace-scoped filter policies**: Create a ConfigMap with the `namespacedFilterPolicies` section and reference it via `BackupSpec.ResourcePolicy` (or the existing `--resource-policies-configmap` flag). The backup will selectively include/exclude resources per namespace based on the filter rules. +- **For users already using ResourcePolicy for volume policies**: Add the `namespacedFilterPolicies` section to the same ConfigMap. Both volume policies and namespace-scoped filters coexist. +- **For restore from a namespace-filtered backup**: No changes to restore workflow. Restore processes whatever is in the archive. Users can use existing `RestoreSpec.IncludedNamespaces` for additional filtering at restore time. +- **`velero backup describe` output**: Extended to show per-namespace, per-kind filter details when the ResourcePolicy ConfigMap contains `namespacedFilterPolicies`. +- **Validation errors**: Reported at backup start when the ResourcePolicy ConfigMap contains invalid `namespacedFilterPolicies` configurations. Consistent with how volume policy validation errors are reported today. + +## Alternatives Considered + +1. **CRD-Based `NamespacedFilters` Field**: Add `NamespacedFilters []NamespaceFilter` directly to `BackupSpec`. Rejected for this iteration due to heavy CRD change overhead. The ResourcePolicy approach achieves the same functionality with less API surface change. + +2. **Flat Fields on NamespacedFilterPolicy (No Per-Kind Selectors)**: Use flat fields (`includedResources`, `labelSelector`, `includedResourceNames`) shared across all kinds within a namespace. Rejected because it cannot express per-kind label selectors or per-kind name lists — a critical requirement for workloads where different resource types have different labels or naming conventions. + +3. **Scoped Label Selectors Only**: Augment existing label selectors with an optional namespace scope. Rejected because it only addresses label-scoped filtering and does not support per-namespace resource type filtering or name filtering. + +4. **Global Name Filter Only**: Add only global name filter fields. Rejected because it only addresses name filtering globally and does not address namespace-scoped or kind-scoped filtering. + +5. **Separate ConfigMap for Namespace Filters**: Use a new `BackupSpec` field pointing to a different ConfigMap (separate from volume policies). Rejected because it adds a new CRD field (which has similar reasons with #1) and splits configuration across multiple ConfigMaps. From 8ef7e36054b745f9040120b4d1689c3b0d2872e6 Mon Sep 17 00:00:00 2001 From: Adam Zhang Date: Fri, 15 May 2026 23:34:17 +0800 Subject: [PATCH 08/12] Update design/backup-filter-enhancement/fine-grained-backup-filters-design.md Co-authored-by: Tiger Kaovilai Signed-off-by: Adam Zhang --- .../fine-grained-backup-filters-design.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/design/backup-filter-enhancement/fine-grained-backup-filters-design.md b/design/backup-filter-enhancement/fine-grained-backup-filters-design.md index 284ded16d..a54663a1f 100644 --- a/design/backup-filter-enhancement/fine-grained-backup-filters-design.md +++ b/design/backup-filter-enhancement/fine-grained-backup-filters-design.md @@ -56,7 +56,7 @@ This creates three critical gaps for common backup scenarios: ### Configuration Model -The namespace-scoped filters and fine-grained global filters are defined in the same ResourcePolicy ConfigMap that is already referenced by `BackupSpec.ResourcePolicy`. The YAML format is extended with two new top-level keys: +The namespace-scoped filters and fine-grained global filters are defined in the same ResourcePolicy ConfigMap that is already referenced by `BackupSpec.ResourcePolicy`. The YAML format is extended with two new top-level keys: `fineGrainedGlobalFilterPolicy` and `namespacedFilterPolicies` ```yaml version: v1 From 174d76c197a456bfcfa5c78310ba7817654355f4 Mon Sep 17 00:00:00 2001 From: Xun Jiang Date: Mon, 18 May 2026 17:42:02 +0800 Subject: [PATCH 09/12] Update the Linux's base image from Ubuntu jammy to noble. Signed-off-by: Xun Jiang --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index dfd95683f..12306fad2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,9 +49,9 @@ RUN mkdir -p /output/usr/bin && \ go clean -modcache -cache # Velero image packing section -FROM paketobuildpacks/run-jammy-tiny:latest +FROM paketobuildpacks/ubuntu-noble-run-tiny:latest -LABEL maintainer="Xun Jiang " +LABEL maintainer="Xun Jiang " COPY --from=velero-builder /output / From bbbff59eedd51f4f4c40eb5778f685ae2deeaeb8 Mon Sep 17 00:00:00 2001 From: Adam Zhang Date: Tue, 19 May 2026 00:02:17 +0800 Subject: [PATCH 10/12] address review comments - rename FineGrainedGlobalFilterPolicy to ClusterScopedFilterPolicy - add warning message in several places to help debug - cleanup conflicting validations Signed-off-by: Adam Zhang --- .../fine-grained-backup-filters-design.md | 39 +++++++++++-------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/design/backup-filter-enhancement/fine-grained-backup-filters-design.md b/design/backup-filter-enhancement/fine-grained-backup-filters-design.md index a54663a1f..0bb52ffd5 100644 --- a/design/backup-filter-enhancement/fine-grained-backup-filters-design.md +++ b/design/backup-filter-enhancement/fine-grained-backup-filters-design.md @@ -5,7 +5,7 @@ **Backup Filter**: The mechanism in Velero that determines which Kubernetes resources are collected from the cluster and written into the backup archive. Backup filters currently operate on four dimensions: namespace, resource type, label, and cluster scope. **Global Filter**: A filter that applies uniformly across all namespaces in a backup. All existing Velero backup filters are global filters. **Namespace-Scoped Filter**: A filter that applies only within specific namespaces, overriding the global filter for those namespaces. This is the capability introduced by this design. -**FineGrainedGlobalFilterPolicy**: A global filter for cluster-scoped resources that allows per-kind label selectors and name patterns, functioning similarly to `NamespacedFilterPolicy` but applied to cluster-scoped resources globally. +**ClusterScopedFilterPolicy**: A global filter for cluster-scoped resources that allows per-kind label selectors and name patterns, functioning similarly to `NamespacedFilterPolicy` but applied to cluster-scoped resources globally. **Resource Filter**: A filter rule that pairs one or more resource kinds with their own label selector and/or name patterns. Multiple resource filters within a namespace-scoped policy allow different filtering criteria for different resource types. **Resource Name Filter**: A filter that matches individual resource instances by their metadata.name, using glob patterns. This is a new filter dimension introduced by this design. **Resource Policy**: An existing Velero mechanism where backup behavior rules are defined in a ConfigMap and referenced from `BackupSpec.ResourcePolicy`. Currently used for volume policies and global include/exclude policies. @@ -35,7 +35,7 @@ This creates three critical gaps for common backup scenarios: ## Goals - Extend the `ResourcePolicies` ConfigMap format with a `namespacedFilterPolicies` section that allows per-namespace, per-kind resource filtering with independent label selectors and name patterns for each resource type -- Extend the `ResourcePolicies` ConfigMap format with a `fineGrainedGlobalFilterPolicy` section that allows per-kind resource filtering with independent label selectors and name patterns for cluster-scoped resources globally +- Extend the `ResourcePolicies` ConfigMap format with a `clusterScopedFilterPolicy` section that allows per-kind resource filtering with independent label selectors and name patterns for cluster-scoped resources globally - Support resource name filtering by glob patterns using the same `gobwas/glob` library that Velero uses for namespace patterns, ensuring consistency across the codebase - Support per-kind label selectors, so that different resource types within the same namespace can be filtered with different labels - Maintain full backward compatibility — existing backups with no `namespacedFilterPolicies` behave exactly as they do today @@ -56,7 +56,7 @@ This creates three critical gaps for common backup scenarios: ### Configuration Model -The namespace-scoped filters and fine-grained global filters are defined in the same ResourcePolicy ConfigMap that is already referenced by `BackupSpec.ResourcePolicy`. The YAML format is extended with two new top-level keys: `fineGrainedGlobalFilterPolicy` and `namespacedFilterPolicies` +The namespace-scoped filters and fine-grained global filters are defined in the same ResourcePolicy ConfigMap that is already referenced by `BackupSpec.ResourcePolicy`. The YAML format is extended with two new top-level keys: `clusterScopedFilterPolicy` and `namespacedFilterPolicies` ```yaml version: v1 @@ -70,7 +70,7 @@ includeExcludePolicy: # existing global include/exclude policy (unchanged) includedNamespaceScopedResources: - configmaps -fineGrainedGlobalFilterPolicy: +clusterScopedFilterPolicy: # NEW: global overrides for cluster-scoped resources resourceFilters: - kinds: [ClusterRole, ClusterRoleBinding] @@ -96,7 +96,7 @@ namespacedFilterPolicies: app: my-service ``` -All four sections coexist in the same ConfigMap. They are independent — `volumePolicies` handles volume backup strategy, `includeExcludePolicy` handles global resource type filtering, `fineGrainedGlobalFilterPolicy` handles cluster-scoped resource filtering by kind/name/label, and `namespacedFilterPolicies` handles per-namespace, per-kind overrides. +All four sections coexist in the same ConfigMap. They are independent — `volumePolicies` handles volume backup strategy, `includeExcludePolicy` handles global resource type filtering, `clusterScopedFilterPolicy` handles cluster-scoped resource filtering by kind/name/label, and `namespacedFilterPolicies` handles per-namespace, per-kind overrides. ### The `resourceFilters` Model @@ -124,6 +124,7 @@ A `ResourceFilter` entry with an empty (or omitted) `kinds` field, or a field ex - At most **one** catch-all entry is allowed per `NamespacedFilterPolicy`. - `names` and `excludedNames` are **not** supported on catch-all entries. Name patterns are kind-specific by nature and cannot be applied across arbitrary kinds; use kind-specific entries for name-based filtering. - The catch-all applies to kinds that are **not listed in any other `resourceFilters` entry** in the same policy. Kind-specific entries take precedence over the catch-all. +- A catch-all entry **does not inherit or fall back to `BackupSpec.LabelSelector`**. If a catch-all entry has no `labelSelector`/`orLabelSelectors`, all unlisted resource kinds in the namespace are included with **no label filtering** — the global label selector is not applied. Define a catch-all with an explicit `labelSelector` if label-based filtering is desired for unlisted kinds. **Evaluation order within a namespace filter policy:** 1. For each resource kind encountered during backup, the system first checks whether a kind-specific `resourceFilters` entry exists for that kind. @@ -135,7 +136,7 @@ A `ResourceFilter` entry with an empty (or omitted) `kinds` field, or a field ex The namespace-scoped filter system and fine-grained global filter system layer on top of the existing global filter system. They intentionally behave differently: - **`namespacedFilterPolicies`** acts as an **exclusive allowlist (boundary)**. Only kinds explicitly listed (or matched by a catch-all) are backed up from that namespace. This gives namespace owners complete and isolated control over their namespace's backup contents, preventing unexpected data spillage from global fallbacks. -- **`fineGrainedGlobalFilterPolicy`** acts as a **refinement overlay (tweak)**. Unlisted cluster-scoped kinds fall back to the standard global filters. This allows administrators to selectively adjust filtering for a few specific cluster-scoped kinds without rewriting the entire global inclusion list. +- **`clusterScopedFilterPolicy`** acts as a **refinement overlay (tweak)**. Unlisted cluster-scoped kinds fall back to the standard global filters. This allows administrators to selectively adjust filtering for a few specific cluster-scoped kinds without rewriting the entire global inclusion list. **For Namespace-Scoped Resources:** @@ -156,14 +157,19 @@ The evaluation order is: 6. **Interaction with `includeExcludePolicy`**: `namespacedFilterPolicies` is a **refinement** of the global resource filter system, not a replacement. Global exclusions defined in `includeExcludePolicy` (e.g., `excludedNamespaceScopedResources: [secrets]`) are applied first at the resource-type level before per-namespace filter policies are consulted. A namespace-scoped filter policy cannot re-include a resource kind that has been globally excluded by `includeExcludePolicy`. For example, if `secrets` is listed under `excludedNamespaceScopedResources`, no `Secret` resources will be backed up from any namespace, even if a `namespacedFilterPolicies` entry explicitly lists `Secret` for that namespace. Users who need per-namespace secret selection must remove `secrets` from the global exclusion list. + To help users catch this misconfiguration early, Velero logs a warning at backup start when a `namespacedFilterPolicies` entry lists a kind that is globally excluded by `includeExcludePolicy`: + ``` + level=warn msg="namespacedFilterPolicies entry lists a kind that is globally excluded by includeExcludePolicy; the per-namespace filter entry has no effect" kind="secrets" namespacePattern="ns-a" + ``` + **For Cluster-Scoped Resources:** -1. If `fineGrainedGlobalFilterPolicy` is present, it acts as a **refinement overlay** over the existing global filters for cluster-scoped resources. It is NOT an exclusive allowlist. +1. If `clusterScopedFilterPolicy` is present, it acts as a **refinement overlay** over the existing global filters for cluster-scoped resources. It is NOT an exclusive allowlist. - To back up cluster-scoped resources in a namespace-filtered backup, you must still explicitly include them via `BackupSpec.IncludedClusterScopedResources`. - If a cluster-scoped kind is listed in its `resourceFilters`, its specific `labelSelector`/`orLabelSelectors` and `names`/`excludedNames` patterns are applied. - If a cluster-scoped kind is **not listed**, it falls back to the standard global filters (`BackupSpec.LabelSelector`, etc.) and is included in the backup. -2. If `fineGrainedGlobalFilterPolicy` is absent, Velero falls back to the existing global filters (`IncludedClusterScopedResources`, `IncludedResources`, `LabelSelector`, etc.) for cluster-scoped resources. +2. If `clusterScopedFilterPolicy` is absent, Velero falls back to the existing global filters (`IncludedClusterScopedResources`, `IncludedResources`, `LabelSelector`, etc.) for cluster-scoped resources. 3. **The `velero.io/exclude-from-backup=true` label** always takes precedence over all filters. @@ -179,7 +185,7 @@ flowchart TD H["Use global filters:
- BackupSpec IncludedResources
- BackupSpec LabelSelector
- includeExcludePolicy"] I{"Is resource
cluster-scoped?"} - J{"Is fineGrainedGlobalFilterPolicy
present?"} + J{"Is clusterScopedFilterPolicy
present?"} K{"Is kind in resourceFilters?"} L["Apply kind-specific filters:
- labelSelector / orLabelSelectors
- names / excludedNames"] @@ -206,7 +212,7 @@ The existing backup pipeline has two stages: item collection and item backup. Na **Stage 1 — Item Collection (`item_collector.go`).** Resources are listed from the Kubernetes API. - **Resource type check** in `getResourceItems()`: Before iterating namespaces, the global resource type check still applies. - - **For Cluster-Scoped Resources:** The global resource type check (`ShouldInclude`) determines if the kind is collected. `FineGrainedGlobalFilterPolicy` does not skip unlisted cluster-scoped kinds at this stage. + - **For Cluster-Scoped Resources:** The global resource type check (`ShouldInclude`) determines if the kind is collected. `ClusterScopedFilterPolicy` does not skip unlisted cluster-scoped kinds at this stage. - **For Namespace-Scoped Resources:** Within the namespace loop, a per-namespace resource type check is added. If a filter policy matches the current namespace, only resource kinds listed in `resourceFilters[].kinds` are included — if the current resource type is not listed, it is skipped for that namespace. - **Label selector** in `listResourceByLabelsPerNamespace()` and `listResourceByLabelsGlobally()`: The function looks up the filter policy (either the namespace-specific one or the fine-grained global one). If found, it retrieves the `ResourceFilter` entry for the current resource kind and uses that entry's `labelSelector`/`orLabelSelectors` for the Kubernetes API list call. If no filter policy is found, the global selectors are used as before. @@ -230,7 +236,7 @@ A follow-up design will add namespace-scoped filters to the restore pipeline. This section documents the system behavior in edge cases and error conditions: **Plugin AdditionalItems and Auto-Backed Up CRDs:** -Cluster-scoped resources injected dynamically (such as `VolumeSnapshotClass` from the CSI plugin or `CustomResourceDefinition` from Velero's auto-backup loop) do not require hardcoded exceptions. In `itemInclusionChecks()`, Velero natively allows unlisted cluster-scoped resources to pass through unless explicitly excluded by the user. `FineGrainedGlobalFilterPolicy` preserves this permissive behavior: if a dynamically injected cluster-scoped resource is NOT listed in the policy, it passes through untouched. If it IS listed, its specific `names` and `excludedNames` filters are strictly enforced. +Cluster-scoped resources injected dynamically (such as `VolumeSnapshotClass` from the CSI plugin or `CustomResourceDefinition` from Velero's auto-backup loop) do not require hardcoded exceptions. In `itemInclusionChecks()`, Velero natively allows unlisted cluster-scoped resources to pass through unless explicitly excluded by the user. `ClusterScopedFilterPolicy` preserves this permissive behavior: if a dynamically injected cluster-scoped resource is NOT listed in the policy, it passes through untouched. If it IS listed, its specific `names` and `excludedNames` filters are strictly enforced. **Plugin-injected namespace-scoped additional items** follow the same permissive principle. When a `BackupItemAction` returns additional items whose kind is not listed in the matched `namespacedFilterPolicies` entry and there is no catch-all entry, those items still pass through Stage 2 (`itemInclusionChecks`). This is intentional: blocking plugin-injected items at Stage 2 would break backup completeness — for example, a CSI plugin may inject a `VolumeSnapshotContent` that is required for a correct restore even when the user's filter policy only lists application resource types. @@ -321,7 +327,7 @@ namespacedFilterPolicies[0].resourceFilters[0]: invalid label selector: "invalid ``` **Out-of-Scope Kinds in Filter Entries:** -A user may accidentally list a cluster-scoped kind (e.g., `ClusterRole`) inside a `namespacedFilterPolicies` entry, or a namespace-scoped kind (e.g., `ConfigMap`) inside `fineGrainedGlobalFilterPolicy`. The system silently ignores such entries at the Kubernetes API level — namespace-scoped items are never listed globally, and cluster-scoped items are never listed per-namespace, so no matching resources will ever be found. A warning is logged at backup start to help the user detect the misconfiguration. No validation error is raised — the entry is harmless but ineffective. +A user may accidentally list a cluster-scoped kind (e.g., `ClusterRole`) inside a `namespacedFilterPolicies` entry, or a namespace-scoped kind (e.g., `ConfigMap`) inside `clusterScopedFilterPolicy`. The system silently ignores such entries at the Kubernetes API level — namespace-scoped items are never listed globally, and cluster-scoped items are never listed per-namespace, so no matching resources will ever be found. A warning is logged at backup start to help the user detect the misconfiguration. No validation error is raised — the entry is harmless but ineffective. **Discovery Helper Unavailable:** If the discovery helper is completely unavailable during backup initialization, the backup fails with: @@ -352,11 +358,10 @@ This is consistent with how other discovery-dependent features handle this error namespacedFilterPolicies[N]: at least one resourceFilter must be specified ``` -3. **Each resource filter without kinds can only be defined once, and cannot specify names/excludedNames. Additionally, it must specify either labelSelector or orLabelSelectors:** +3. **Each resource filter without kinds can only be defined once, and cannot specify names/excludedNames.** ``` namespacedFilterPolicies[N]: only one resource filter with empty kinds is allowed namespacedFilterPolicies[N].resourceFilters[M]: names or excludedNames cannot be specified when kinds is empty - namespacedFilterPolicies[N].resourceFilters[M]: labelSelector or orLabelSelectors must be specified when kinds is empty ``` 4. **No duplicate kinds across resource filter entries** within the same namespace filter: @@ -379,11 +384,11 @@ This is consistent with how other discovery-dependent features handle this error 9. **Resource kind validation with discovery helper** (performed during backup initialization). -**Validation functions for `fineGrainedGlobalFilterPolicy`:** +**Validation functions for `clusterScopedFilterPolicy`:** 1. **At least one resourceFilter must be specified.** ``` - fineGrainedGlobalFilterPolicy: at least one resourceFilter must be specified + clusterScopedFilterPolicy: at least one resourceFilter must be specified ``` 2. **No duplicate kinds across resource filters.** @@ -392,7 +397,7 @@ This is consistent with how other discovery-dependent features handle this error 4. **Resource name patterns must be valid globs.** -Additionally, in `backup_controller.go`, a validation check ensures that `namespacedFilterPolicies` and `fineGrainedGlobalFilterPolicy` are not used with old-style resource filters (`IncludedResources`/`ExcludedResources`/`IncludeClusterResources`), similar to the existing check for `includeExcludePolicy`. +Additionally, in `backup_controller.go`, a validation check ensures that `namespacedFilterPolicies` and `clusterScopedFilterPolicy` are not used with old-style resource filters (`IncludedResources`/`ExcludedResources`/`IncludeClusterResources`), similar to the existing check for `includeExcludePolicy`. ## ConfigMap Examples From 30381a60e46ab63e5d61adda3e359307e7f4dc8c Mon Sep 17 00:00:00 2001 From: Daniel Jiang Date: Tue, 19 May 2026 19:42:19 +0800 Subject: [PATCH 11/12] Fix the site deployment problem MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The netlify error analysis: The problem is that base = "site/" makes the build run from the site subdirectory, and publish = "site/public" is resolved relative to the repo root as site/site/public — but Hugo outputs to site/public. Since the base is already site/, the publish path should just be public (relative to the base directory). Signed-off-by: Daniel Jiang --- netlify.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netlify.toml b/netlify.toml index ed2de9787..d270f9aba 100644 --- a/netlify.toml +++ b/netlify.toml @@ -1,7 +1,7 @@ [build] base = "site/" command = "hugo --gc --minify" - publish = "site/public" + publish = "public" [context.production.environment] HUGO_VERSION = "0.73.0" From 1d03217661ed17d67801d8645b78633e99743d99 Mon Sep 17 00:00:00 2001 From: Lyndon-Li Date: Thu, 21 May 2026 09:20:24 +0800 Subject: [PATCH 12/12] add CBT bitmap implementation Signed-off-by: Lyndon-Li --- pkg/uploader/cbt/types/types.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/uploader/cbt/types/types.go b/pkg/uploader/cbt/types/types.go index f512d7a8a..9b13669b2 100644 --- a/pkg/uploader/cbt/types/types.go +++ b/pkg/uploader/cbt/types/types.go @@ -51,7 +51,7 @@ type Iterator interface { // BlockSize returns the granularity of the bitmap BlockSize() uint - // Count returns the toal number of count in the bitmap + // Count returns the total number of count in the bitmap Count() uint64 // Next returns the offset of the next set block and whether it comes to the end of the iteration