2891 Commits

Author SHA1 Message Date
Shubham Pampattiwar 92123d3d46 Skip VGS cleanup when backup did not use VolumeGroupSnapshots
Guard the cleanupStubVGSC() call in restore finalization with a check
for VolumeGroupSnapshotHandle in volumeInfo. This avoids a spurious
warning on clusters where the v1beta2 VolumeGroupSnapshotContent CRD
is not installed, since the List call would fail even though no stubs
exist to clean up.

Fixes #9882

Signed-off-by: Shubham Pampattiwar <spampatt@redhat.com>
2026-06-09 10:21:55 -07:00
Subhramit Basu dda779de65 Reject restores from backups not in a completed or partially failed phase (#9792)
Run the E2E test on kind / get-go-version (push) Failing after 1m3s
Run the E2E test on kind / build (push) Has been skipped
Run the E2E test on kind / setup-test-matrix (push) Successful in 3s
Run the E2E test on kind / run-e2e-test (push) Has been skipped
build-image / Build (push) Failing after 16s
Main CI / get-go-version (push) Successful in 12s
Main CI / Build (push) Failing after 36s
Trivy Nightly Scan / Trivy nightly scan (velero, main) (push) Failing after 1m41s
Trivy Nightly Scan / Trivy nightly scan (velero-plugin-for-aws, main) (push) Failing after 1m25s
Trivy Nightly Scan / Trivy nightly scan (velero-plugin-for-gcp, main) (push) Failing after 1m18s
Trivy Nightly Scan / Trivy nightly scan (velero-plugin-for-microsoft-azure, main) (push) Failing after 1m17s
Close stale issues and PRs / stale (push) Has started running
* Add phase check validations in restore controller

Signed-off-by: subhramit <subhramit.bb@live.in>

* Adapt existing tests

Signed-off-by: subhramit <subhramit.bb@live.in>

* Add tests

Signed-off-by: subhramit <subhramit.bb@live.in>

* Update doc

Signed-off-by: subhramit <subhramit.bb@live.in>

* Add changelog

Signed-off-by: Subhramit Basu <subhramit.bb@live.in>

* Update pkg/controller/restore_controller_test.go

Signed-off-by: Subhramit Basu <subhramit.bb@live.in>

---------

Signed-off-by: subhramit <subhramit.bb@live.in>
Signed-off-by: Subhramit Basu <subhramit.bb@live.in>
2026-06-08 16:10:32 -04:00
Adam Zhang 0d719f1d8a cli support for fine-grained filter policies
add cli support for NamespacedFilterPolicies and
ClusterScopedFilterPolicy

Signed-off-by: Adam Zhang <adam.zhang@broadcom.com>
2026-06-04 13:25:16 +08:00
Lyndon-Li 09bfc69d63 add totalSize to repo snapshot
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
2026-06-03 13:23:08 +08:00
Lyndon-Li d435b0509e add velero-pins to repo snapshot
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
2026-06-02 17:40:20 +08:00
Lyndon-Li 2e1ab5ab62 Merge branch 'main' into block-data-mover-backup-expose 2026-06-02 16:56:40 +08:00
lyndon-li 5cc0398662 Merge pull request #9864 from Lyndon-Li/node-agent-config-for-cbt-service
Add cbt service parameters to node-agent-config
2026-06-02 16:53:48 +08:00
Wenkai Yin(尹文开) b7d5d84983 Merge pull request #9861 from Lyndon-Li/remove-restic-command-package
Remove restic command package
2026-06-02 12:53:57 +08:00
Adam Zhang 1318d2c5dd Merge pull request #9840 from adam-jian-zhang/legacy_filters_incompatibility_validation
Run the E2E test on kind / get-go-version (push) Failing after 55s
Run the E2E test on kind / build (push) Has been skipped
Run the E2E test on kind / setup-test-matrix (push) Successful in 2s
Run the E2E test on kind / run-e2e-test (push) Has been skipped
Main CI / get-go-version (push) Successful in 14s
Main CI / Build (push) Failing after 34s
validate incompatiblity with legacy filters
2026-06-02 09:42:57 +08:00
Lyndon-Li 74ffe25cbe add cbt service parameters to node-agent-config
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
2026-06-01 14:43:43 +08:00
Lyndon-Li e4ecf26b33 add backup exposer for block data mover
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
2026-05-29 11:44:25 +08:00
lyndon-li 2863f0df48 Merge branch 'main' into block-data-mover-backup-expose 2026-05-28 17:29:39 +08:00
Lyndon-Li cdf3b9ffaa add backup exposer for block data mover
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
2026-05-28 16:13:09 +08:00
lyndon-li 89be6c01df Merge pull request #9853 from Lyndon-Li/incremental-aware-object-write
Run the E2E test on kind / get-go-version (push) Failing after 58s
Run the E2E test on kind / build (push) Has been skipped
Run the E2E test on kind / setup-test-matrix (push) Successful in 3s
Run the E2E test on kind / run-e2e-test (push) Has been skipped
Main CI / get-go-version (push) Successful in 12s
Main CI / Build (push) Failing after 29s
Close stale issues and PRs / stale (push) Successful in 12s
Trivy Nightly Scan / Trivy nightly scan (velero, main) (push) Failing after 1m50s
Trivy Nightly Scan / Trivy nightly scan (velero-plugin-for-aws, main) (push) Failing after 1m23s
Trivy Nightly Scan / Trivy nightly scan (velero-plugin-for-gcp, main) (push) Failing after 1m20s
Trivy Nightly Scan / Trivy nightly scan (velero-plugin-for-microsoft-azure, main) (push) Failing after 1m20s
Incremental aware object write
2026-05-28 14:55:36 +08:00
Lyndon-Li 0a7e5d600b remove restic command package
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
2026-05-28 14:41:54 +08:00
Lyndon-Li 44eaea8faf incremental aware object writer - write
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
2026-05-28 14:30:11 +08:00
Xun Jiang 8bca779270 Implement the CBT service.
* Update go.mod
* Init CBT service in velero data-mover backup/restore CLI.
* Call exeternal-snapshot-metadata's iterator library code to implement the CBT.

Signed-off-by: Xun Jiang <xun.jiang@broadcom.com>
2026-05-27 14:59:16 +08:00
Adam Zhang b29185a62d validate incompatibility with legacy filters
Legacy filters should not be co-exist with new filters defined in
resource policies,
- ClusterScopedFilterPolicy
- NamespacedFilterPolicy

Signed-off-by: Adam Zhang <adam.zhang@broadcom.com>

add test cases to cover positive scenario

add test case to cover the scenario that backup can
complete successfully with namespacedFilterPolicies
and clusterScopedFilterPolicy.

Signed-off-by: Adam Zhang <adam.zhang@broadcom.com>
2026-05-23 12:39:10 +08:00
lyndon-li 57c4c6fc99 Merge branch 'main' into incremental-aware-object-writer 2026-05-22 17:32:49 +08:00
Lyndon-Li 596e774582 add incremental aware object writer
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
2026-05-22 16:36:41 +08:00
Lyndon-Li 219975bee0 Merge branch 'main' into incremental-aware-object-writer 2026-05-22 15:43:45 +08:00
lyndon-li 3e88666872 Merge branch 'main' into data-path-naming-adjustment 2026-05-22 15:22:48 +08:00
Lyndon-Li d08790534a Merge branch 'main' into data-path-naming-adjustment 2026-05-22 15:08:29 +08:00
Lyndon-Li d58139536b Merge branch 'main' into kopia-repo-snapshot-operations 2026-05-22 14:57:39 +08:00
lyndon-li 40025fbbe1 Merge pull request #9817 from Lyndon-Li/metadata-operator-for-kopia-repo
Run the E2E test on kind / get-go-version (push) Failing after 1m0s
Run the E2E test on kind / build (push) Has been skipped
Run the E2E test on kind / setup-test-matrix (push) Successful in 3s
Run the E2E test on kind / run-e2e-test (push) Has been skipped
Main CI / get-go-version (push) Successful in 12s
Main CI / Build (push) Failing after 33s
Metadata operation for kopia repo
2026-05-22 14:49:12 +08:00
lyndon-li 4dc6f2cc64 Merge pull request #9791 from christian-schlichtherle/fix/dataupload-delete-foreign-backup
Fix DataUploadDeleteAction creating CMs for foreign DataUploads
2026-05-22 14:41:44 +08:00
lyndon-li c1fc6540fb Merge pull request #9807 from Lyndon-Li/uploader-interface-fo-block-data-mover
Uploader interface for block data mover
2026-05-22 14:33:17 +08:00
Lyndon-Li 53f25cde2b data path naming adjustment for block data mover
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
2026-05-22 14:32:37 +08:00
Lyndon-Li 205ca71588 kopia repo snapshot operations
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
2026-05-22 06:26:40 +00:00
Lyndon-Li 9f0194d8fe Uploader interface fo block data mover
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
2026-05-22 12:26:00 +08:00
Christian Schlichtherle 1e1eb0b4ec Merge branch 'main' into fix/dataupload-delete-foreign-backup 2026-05-21 11:53:20 +02:00
Christian Schlichtherle 2f19c3158b Also skip snapshot-info CM when DataUpload has no owner label
Per review feedback on #9791, the previous revision still let a
DataUpload with an empty velero.io/backup-name label fall through to
genConfigmap, creating a ConfigMap that deleteMovedSnapshots can never
match back to a snapshot. The CM is useless and only adds etcd churn.

Treat the missing-label case the same way as the foreign-owner case:
warn and skip the ConfigMap creation. Use a distinct warn message so
operators can tell the two misconfiguration classes apart in logs
(missing-label vs. owner mismatch from a captured velero namespace).

Test for the missing-label case is updated to assert no ConfigMap is
created and a warn is emitted. The warn assertion is generalized to
match the per-case message substring instead of a fixed string.

Signed-off-by: Christian Schlichtherle <christian@schlichtherle.de>
2026-05-21 11:50:21 +02:00
Adam Zhang b0e72333a0 extend backup resource policy
- added ClusterScopedFilterPolicy/NamespacedFilterPolicy
- added run time data structure, ResolvedResourceFilter and ResolvedNamespaceFilter

Signed-off-by: Adam Zhang <adam.zhang@broadcom.com>
2026-05-21 15:36:51 +08:00
Lyndon-Li cf5f5de911 Merge branch 'main' into data-path-naming-adjustment 2026-05-21 14:44:25 +08:00
Lyndon-Li 343ed95a5e metadata operation for Kopia repo
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
2026-05-21 14:22:36 +08:00
Lyndon-Li 3103318c9b Merge branch 'main' into metadata-operator-for-kopia-repo 2026-05-21 13:52:41 +08:00
Lyndon-Li 32969856af Merge branch 'main' into kopia-repo-snapshot-operations 2026-05-21 13:27:40 +08:00
Lyndon-Li d756df874f Merge branch 'main' into uploader-interface-fo-block-data-mover 2026-05-21 13:21:14 +08:00
Lyndon-Li 6bf73dc7ac Merge branch 'main' into cbt-bitmap-implementation 2026-05-21 09:22:45 +08:00
Lyndon-Li 1d03217661 add CBT bitmap implementation
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
2026-05-21 09:20:24 +08:00
Christian Schlichtherle 8f6c563c4d Warn instead of silently skipping foreign DataUploads
Velero does not support self-protection: the velero namespace must
never be captured in a backup tarball. When it is, the tarball can
contain DataUpload CRs belonging to other backups, and the previous
revision of this change silently swallowed that case in the
DataUploadDeleteAction.

Per maintainer feedback, the action should make the misconfiguration
detectable rather than silent. Emit a warn-level log naming the
DataUpload, its owning backup-name label, and the executing backup,
and call out that the velero namespace should be excluded from
schedules. Continue to skip the snapshot-info ConfigMap creation so
that a mislabeled CM does not mask the real owning backup's snapshot
on deletion.

The test for the foreign-backup case now also asserts the warn is
emitted via a logrus test hook.

Signed-off-by: Christian Schlichtherle <cs@bsure-analytics.de>
2026-05-15 08:10:19 +02:00
Christian Schlichtherle fb3f94bc88 Fix DataUploadDeleteAction creating CMs for foreign DataUploads
When a backup tarball incidentally contains DataUpload CRs that belong to
a different backup (common when a schedule includes the velero namespace
where DataUploads live), DataUploadDeleteAction.Execute used to create a
"<du-name>-info" ConfigMap labeled with the *executing* backup's name
instead of the DataUpload's true owning backup. The ConfigMap is
created with Create-only semantics, so the wrong label is never
corrected.

deleteMovedSnapshots in the backup-deletion controller looks up these
ConfigMaps by velero.io/backup-name to discover which Kopia snapshots
to delete. With the wrong label, the real owning backup's expiry pass
finds no ConfigMaps for its DataUploads and silently leaves their Kopia
snapshots in object storage, leaking data over time.

Fix: in DataUploadDeleteAction.Execute, compare the DataUpload's
velero.io/backup-name label against input.Backup.Name (using
label.GetValidName to handle DNS-1035 truncation for long backup names).
If the label is present and differs, skip the DataUpload entirely; this
prevents the over-eager creation of misnamed ConfigMaps without changing
behavior for DataUploads that legitimately belong to the executing
backup, or for legacy DataUploads with no backup-name label.

Refs: #9472

Signed-off-by: Christian Schlichtherle <cs@bsure-analytics.de>
2026-05-14 19:03:20 +02:00
Lyndon-Li 2346314729 call block uploader provider creation
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
2026-05-14 16:17:51 +08:00
Lyndon-Li 6257282117 add listsnapshot method
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
2026-05-12 09:51:47 +08:00
Lyndon-Li 0be9fc7d09 add block uploader provider
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
2026-05-11 17:31:40 +08:00
Lyndon-Li 22be7e3218 data path naming adjustment
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
2026-05-11 13:53:49 +08:00
Xun Jiang 35e1e1f988 Fix unstable UT in pvc_action_test.go's TestExectue().
* Move the error assert out of goroutine.
* Create the VSC before patching VS status to ReadyToUse.

Signed-off-by: Xun Jiang <xun.jiang@broadcom.com>
2026-05-11 11:33:08 +08:00
Xun Jiang 5afe5df122 Bump Velero dependencies to latest version.
* Fix UT failures caused by client-go version bump.
* Some modifications to enhance the UT stability.
* Fix UT errors: non-constant format string in call to ...
* Fix linter issues.

Signed-off-by: Xun Jiang <xun.jiang@broadcom.com>
2026-05-08 17:38:42 +08:00
Lyndon-Li 6a67f4a8a4 fix UT error
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
2026-05-08 16:41:39 +08:00
Lyndon-Li 6ca73a00b6 fix UT error
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
2026-05-08 16:39:24 +08:00