Azure Blob Storage BSL doesn't respect provided CA cert bundle

[rnarenpujari]

What steps did you take and what happened:
According to the docs, by providing a proxy's certificate under Spec.ObjectStorage.CACert in the BSL, velero should trust it while connecting to the bucket. It works as expected for an AWS BSL but for an Azure Blob Storage one, I get an error message x509: certificate signed by unknown authority under Status.Message and it remains Unavailable. Looks like the AWS plugin supports consuming the configured certs from the BSL (link) but not the Azure plugin.

What did you expect to happen:

Velero to trust the the configured certs for an Azure BSL. (If it makes more sense to configure proxy certs at the deployment/daemonset level rather than per BSL, that works too.)

The following information will help us better understand what's going on:

N/A

Anything else you would like to add:

N/A

Environment:

• Velero version (use velero version): v1.10.3, (v1.6.2 for the Azure plugin)
• Velero features (use velero client config get features):
• Kubernetes version (use kubectl version):
• Kubernetes installer & version:
• Cloud provider or hardware configuration:
• OS (e.g. from /etc/os-release):

Vote on this issue!

This is an invitation to the Velero community to vote on issues, you can see the project's top voted issues listed here.
Use the "reaction smiley face" up to the right of this comment to vote.

• 👍 for "I would like to see this bug fixed as soon as possible"
• 👎 for "There are more important bugs to focus on right now"

[ywk253100]

Fixed by vmware-tanzu/velero-plugin-for-microsoft-azure#206