From 9f97fb0e1c53047cddf22b8ba05a2966062fe650 Mon Sep 17 00:00:00 2001
From: JenTing Hsiao <jenting.hsiao@suse.com>
Date: Fri, 31 Jul 2020 02:33:45 +0800
Subject: [PATCH] Add cacert flag for velero backup-location create (#2778)

Signed-off-by: JenTing Hsiao <jenting.hsiao@suse.com>
---
 pkg/cmd/cli/backuplocation/create.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/pkg/cmd/cli/backuplocation/create.go b/pkg/cmd/cli/backuplocation/create.go
index a4dfd5ad..b76d0149 100644
--- a/pkg/cmd/cli/backuplocation/create.go
+++ b/pkg/cmd/cli/backuplocation/create.go
@@ -18,6 +18,8 @@ package backuplocation
 
 import (
 	"fmt"
+	"io/ioutil"
+	"path/filepath"
 	"strings"
 	"time"
 
@@ -62,6 +64,7 @@ type CreateOptions struct {
 	BackupSyncPeriod time.Duration
 	Config           flag.Map
 	Labels           flag.Map
+	CACertFile       string
 	AccessMode       *flag.Enum
 }
 
@@ -83,6 +86,7 @@ func (o *CreateOptions) BindFlags(flags *pflag.FlagSet) {
 	flags.DurationVar(&o.BackupSyncPeriod, "backup-sync-period", o.BackupSyncPeriod, "how often to ensure all Velero backups in object storage exist as Backup API objects in the cluster. Optional. Set this to `0s` to disable sync")
 	flags.Var(&o.Config, "config", "configuration key-value pairs")
 	flags.Var(&o.Labels, "labels", "labels to apply to the backup storage location")
+	flags.StringVar(&o.CACertFile, "cacert", o.CACertFile, "file containing a certificate bundle to use when verifying TLS connections to the object store. Optional.")
 	flags.Var(
 		o.AccessMode,
 		"access-mode",
@@ -118,6 +122,18 @@ func (o *CreateOptions) Complete(args []string, f client.Factory) error {
 func (o *CreateOptions) Run(c *cobra.Command, f client.Factory) error {
 	var backupSyncPeriod *metav1.Duration
 
+	var caCertData []byte
+	if o.CACertFile != "" {
+		realPath, err := filepath.Abs(o.CACertFile)
+		if err != nil {
+			return err
+		}
+		caCertData, err = ioutil.ReadFile(realPath)
+		if err != nil {
+			return err
+		}
+	}
+
 	if c.Flags().Changed("backup-sync-period") {
 		backupSyncPeriod = &metav1.Duration{Duration: o.BackupSyncPeriod}
 	}
@@ -134,6 +150,7 @@ func (o *CreateOptions) Run(c *cobra.Command, f client.Factory) error {
 				ObjectStorage: &velerov1api.ObjectStorageLocation{
 					Bucket: o.Bucket,
 					Prefix: o.Prefix,
+					CACert: caCertData,
 				},
 			},
 			Config:           o.Config.Data(),
-- 
2.26.2