Red Hat SummitEste contenido no está disponible en el idioma seleccionado.
Appendix A. Restore owner references script
This Bash script is for restoring the ownerReferences when restoring Red Hat Trusted Artifact Signer (RHTAS) data to a different OpenShift cluster.
List of resources to check
#!/bin/bash
# List of resources to check
RESOURCES=("Fulcio" "Rekor" "Trillian" "TimestampAuthority" "CTlog" "Tuf")
function validate_owner() {
local RESOURCE=$1
local ITEM=$2
local OWNER_NAME=$3
# Check all the labels exist and are the same
LABELS=("app.kubernetes.io/instance" "app.kubernetes.io/part-of" "velero.io/backup-name" "velero.io/restore-name")
for LABEL in "${LABELS[@]}"; do
PARENT_LABEL=$(oc get Securesign "$OWNER_NAME" -o json | jq -r ".metadata.labels[\"$LABEL\"]")
CHILD_LABEL=$(oc get $RESOURCE "$ITEM" -o json | jq -r ".metadata.labels[\"$LABEL\"]")
if [[ -z "$CHILD_LABEL" || $CHILD_LABEL == "null" ]]; then
echo " $LABEL label missing in $RESOURCE"
return 1
elif [[ -z "$PARENT_LABEL" || $PARENT_LABEL == "null" ]]; then
echo " $LABEL label missing in Securesign"
return 1
elif [[ "$CHILD_LABEL" != "$PARENT_LABEL" ]]; then
echo " $LABEL labels not matching: $CHILD_LABEL != $PARENT_LABEL"
return 1
fi
done
return 0
}
for RESOURCE in "${RESOURCES[@]}"; do
echo "Checking $RESOURCE ..."
# Get all resources missing ownerReferences
MISSING_REFS=$(oc get $RESOURCE -o json | jq -r '.items[] | select(.metadata.ownerReferences == null) | .metadata.name')
for ITEM in $MISSING_REFS; do
echo " Missing ownerReferences in $RESOURCE/$ITEM"
# Find the expected owner based on labels
OWNER_NAME=$(oc get $RESOURCE "$ITEM" -o json | jq -r '.metadata.labels["app.kubernetes.io/name"]')
if [[ -z "$OWNER_NAME" || "$OWNER_NAME" == "null" ]]; then
echo " Skipping $RESOURCE/$ITEM: name not found in labels"
continue
fi
if ! validate_owner $RESOURCE $ITEM $OWNER_NAME; then
echo " Skipping ..."
continue
fi
# Try to get the owner's UID from Securesign
OWNER_UID=$(oc get Securesign "$OWNER_NAME" -o jsonpath='{.metadata.uid}' 2>/dev/null)
if [[ -z "$OWNER_UID" || "$OWNER_UID" == "null" ]]; then
echo " Failed to find Securesign/$OWNER_NAME UID, skipping ..."
continue
fi
echo " Found owner: Securesign/$OWNER_NAME (UID: $OWNER_UID)"
# Patch the object with the restored ownerReference
oc patch $RESOURCE "$ITEM" --type='merge' -p "{
\"metadata\": {
\"ownerReferences\": [
{
\"apiVersion\": \"rhtas.redhat.com/v1alpha1\",
\"kind\": \"Securesign\",
\"name\": \"$OWNER_NAME\",
\"uid\": \"$OWNER_UID\",
\"controller\": true,
\"blockOwnerDeletion\": true
}
]
}
}"
echo "Restored ownerReferences for $RESOURCE/$ITEM"
done
done
echo "Done"
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}