Skip to content

Document usage of NADR (NonAdminDownloadRequest) feature #307

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: oadp-dev
Choose a base branch
from
Open

Document usage of NADR (NonAdminDownloadRequest) feature #307

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1a59df3
Initial plan
Copilot Aug 19, 2025
ff41646
Add comprehensive NADR feature documentation and examples
Copilot Aug 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 34 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,40 @@ To use NAC functionality:

After NonAdminRestore completes, check if the application was successful restored by accessing its route and seeing its items in application UI.

- create NonAdminDownloadRequest to download logs and backup information

For example, to download backup logs:
```sh
oc apply -f - <<EOF
apiVersion: oadp.openshift.io/v1alpha1
kind: NonAdminDownloadRequest
metadata:
name: backup-logs-download
namespace: <non-admin-user-namespace>
spec:
target:
kind: BackupLog
name: <NonAdminBackup-name>
EOF
```

After the download request is processed, get the signed download URL and download the file:
```sh
# Wait for processing
oc wait --for=condition=Processed nadr/backup-logs-download -n <namespace> --timeout=300s

# Get download URL and download file
DOWNLOAD_URL=$(oc get nadr backup-logs-download -n <namespace> -o jsonpath='{.status.velero.status.downloadURL}')
wget "$DOWNLOAD_URL" -O backup-logs.tar.gz
```

For detailed information about NonAdminDownloadRequest usage, supported download types, and troubleshooting, see the [NADR Usage Guide](docs/nadr_usage.md).

Alternatively, use the automated download script:
```sh
./hack/nadr-download.sh -k BackupLog -n <backup-name> -ns <namespace>
```

## Notes on Non Admin Permissions and Enforcements
### Cluster Administrator Enforceable Spec Fields
There are several types of cluster scoped objects that non-admin users should not have access to backup or restore. OADP self-service automatically excludes the following list of cluster scoped resources from being backed up or restored.
Expand Down
9 changes: 9 additions & 0 deletions config/samples/oadp_v1alpha1_nonadmindownloadrequest.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,18 @@ metadata:
labels:
app.kubernetes.io/name: oadp-nac
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/component: download-request
name: nonadmindownloadrequest-sample
spec:
target:
# Download kind - options include:
# For backups: BackupLog, BackupContents, BackupVolumeSnapshots,
# BackupItemOperations, BackupResourceList, BackupResults,
# CSIBackupVolumeSnapshots, CSIBackupVolumeSnapshotContents,
# BackupVolumeInfos
# For restores: RestoreLog, RestoreResults, RestoreResourceList,
# RestoreItemOperations, RestoreVolumeInfo
kind: BackupLog
# Name of the NonAdminBackup or NonAdminRestore to download from
name: non-admin-backup-name

Loading