fix: allow third-party backup provider plugins via configurable allowed list#13332
Open
yigitbasalma wants to merge 1 commit into
Open
fix: allow third-party backup provider plugins via configurable allowed list#13332yigitbasalma wants to merge 1 commit into
yigitbasalma wants to merge 1 commit into
Conversation
|
Congratulations on your first Pull Request and welcome to the Apache CloudStack community! If you have any issues or are unsure about any anything please check our Contribution Guide (https://github.com/apache/cloudstack/blob/main/CONTRIBUTING.md)
|
Contributor
|
@blueorangutan package |
|
@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with no SystemVM templates. I'll keep you posted as I make progress. |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR makes the backup provider plugin selection extensible by replacing the hardcoded built-in plugin allowlist with a new configuration key so administrators can permit third-party backup provider plugins without modifying CloudStack source.
Changes:
- Adds
backup.framework.provider.plugin.allowed(comma-separated) to define which backup provider plugins are permitted. - Updates validation for
backup.framework.provider.pluginto check against the configured allowlist instead of a hardcoded list. - Updates the
backup.framework.provider.pluginconfig description to reference the new allowlist setting.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+64
to
+69
| ConfigKey<String> AllowedBackupProviderPlugins = new ConfigKey<>( | ||
| "Advanced", String.class, | ||
| "backup.framework.provider.plugin.allowed", | ||
| "dummy,veeam,networker,nas", | ||
| "Comma-separated list of allowed backup provider plugins.", | ||
| true, ConfigKey.Scope.Zone); |
Comment on lines
261
to
273
| static void validateBackupProviderConfig(String value) { | ||
| if (value != null && (value.contains(",") || value.trim().contains(" "))) { | ||
| throw new IllegalArgumentException("Multiple backup provider plugins are not supported. Please provide a single plugin value."); | ||
| } | ||
| List<String> validPlugins = List.of("dummy", "veeam", "networker", "nas"); | ||
| if (value != null && !validPlugins.contains(value)) { | ||
| throw new IllegalArgumentException("Invalid backup provider plugin: " + value + ". Valid plugin values are: " + String.join(", ", validPlugins)); | ||
| String allowed = AllowedBackupProviderPlugins.value(); | ||
| if (allowed != null && value != null) { | ||
| List<String> validPlugins = Arrays.asList(allowed.split(",")); | ||
| if (!validPlugins.contains(value.trim())) { | ||
| throw new IllegalArgumentException("Invalid backup provider plugin: " + value + | ||
| ". Valid plugin values are: " + allowed + | ||
| ". You can add more plugins via backup.framework.provider.plugin.allowed setting."); | ||
| } | ||
| } |
|
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 18256 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Currently, the
backup.framework.provider.pluginsetting validates against a hardcoded list of plugins (dummy,veeam,networker,nas). This prevents third-party backup provider plugins from being registered and used in CloudStack, even when the plugin is correctly implemented and deployed.This PR introduces a new configuration key
backup.framework.provider.plugin.allowedthat contains a comma-separated list of allowed backup provider plugins. Administrators can extend this list to include third-party plugins without modifying CloudStack source code.Default value maintains full backward compatibility with existing plugins.
Types of changes
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Bug Severity
Screenshots (if appropriate):
N/A
How Has This Been Tested?
backup.framework.provider.plugin.allowedincludes all existing plugins (dummy,veeam,networker,nas)How did you try to break this feature and the system with this change?
dummy,veeam,networker,nas) — all work as before