diff --git a/internal/cnpgi/common/common.go b/internal/cnpgi/common/common.go index 9526d7e..5a21c1e 100644 --- a/internal/cnpgi/common/common.go +++ b/internal/cnpgi/common/common.go @@ -20,13 +20,17 @@ SPDX-License-Identifier: Apache-2.0 package common import ( + "context" "fmt" "path" "strings" barmanapi "github.com/cloudnative-pg/barman-cloud/pkg/api" + "github.com/cloudnative-pg/barman-cloud/pkg/command" + barmancloudv1 "github.com/cloudnative-pg/plugin-barman-cloud/api/v1" "github.com/cloudnative-pg/plugin-barman-cloud/internal/cnpgi/metadata" + pluginmetadata "github.com/cloudnative-pg/plugin-barman-cloud/pkg/metadata" ) // TODO: refactor. @@ -97,3 +101,14 @@ func MergeEnv(env []string, incomingEnv []string) []string { func BuildCertificateFilePath(objectStoreName string) string { return path.Join(metadata.BarmanCertificatesPath, objectStoreName, metadata.BarmanCertificatesFileName) } + +// ContextWithProviderOptions enriches the context with cloud service provider specific options +// based on the ObjectStore resource +func ContextWithProviderOptions(ctx context.Context, objectStore barmancloudv1.ObjectStore) context.Context { + if objectStore.GetAnnotations()[pluginmetadata.UseDefaultAzureCredentialsAnnotationName] == + pluginmetadata.UseDefaultAzureCredentialsTrueValue { + return command.ContextWithDefaultAzureCredentials(ctx, true) + } + + return ctx +} diff --git a/internal/cnpgi/common/wal.go b/internal/cnpgi/common/wal.go index 8e58cb4..c9b286b 100644 --- a/internal/cnpgi/common/wal.go +++ b/internal/cnpgi/common/wal.go @@ -127,6 +127,8 @@ func (w WALServiceImplementation) Archive( return nil, err } + ctx = ContextWithProviderOptions(ctx, objectStore) + envArchive, err := barmanCredentials.EnvSetCloudCredentialsAndCertificates( ctx, w.Client, diff --git a/internal/cnpgi/instance/backup.go b/internal/cnpgi/instance/backup.go index ebf166c..0b90ede 100644 --- a/internal/cnpgi/instance/backup.go +++ b/internal/cnpgi/instance/backup.go @@ -87,6 +87,8 @@ func (b BackupServiceImplementation) Backup( return nil, err } + ctx = common.ContextWithProviderOptions(ctx, objectStore) + if err := fileutils.EnsureDirectoryExists(postgres.BackupTemporaryDirectory); err != nil { contextLogger.Error(err, "Cannot create backup temporary directory", "err", err) return nil, err diff --git a/internal/cnpgi/instance/retention.go b/internal/cnpgi/instance/retention.go index 372d50e..ec4becb 100644 --- a/internal/cnpgi/instance/retention.go +++ b/internal/cnpgi/instance/retention.go @@ -93,6 +93,8 @@ func (c *CatalogMaintenanceRunnable) cycle(ctx context.Context) (time.Duration, return 0, err } + ctx = common.ContextWithProviderOptions(ctx, barmanObjectStore) + if err := c.maintenance(ctx, &cluster, &barmanObjectStore); err != nil { return 0, err } diff --git a/internal/cnpgi/restore/restore.go b/internal/cnpgi/restore/restore.go index 187143e..42d8f62 100644 --- a/internal/cnpgi/restore/restore.go +++ b/internal/cnpgi/restore/restore.go @@ -109,7 +109,7 @@ func (impl JobHookImpl) Restore( } if err := impl.checkBackupDestination( - ctx, + common.ContextWithProviderOptions(ctx, targetObjectStore), configuration.Cluster, &targetObjectStore.Spec.Configuration, targetObjectStore.Name, @@ -118,6 +118,8 @@ func (impl JobHookImpl) Restore( } } + ctx = common.ContextWithProviderOptions(ctx, recoveryObjectStore) + // Detect the backup to recover backup, env, err := loadBackupObjectFromExternalCluster( ctx, diff --git a/pkg/metadata/doc.go b/pkg/metadata/doc.go new file mode 100644 index 0000000..5d2f689 --- /dev/null +++ b/pkg/metadata/doc.go @@ -0,0 +1,2 @@ +// Package metadata provides metadata utilities for the Barman Cloud plugin +package metadata diff --git a/pkg/metadata/labels_annotations.go b/pkg/metadata/labels_annotations.go new file mode 100644 index 0000000..5dae9b6 --- /dev/null +++ b/pkg/metadata/labels_annotations.go @@ -0,0 +1,15 @@ +package metadata + +// MetadataNamespace is the namespace used for the Barman Cloud plugin metadata +const MetadataNamespace = "barmancloud.cnpg.io" + +const ( + // UseDefaultAzureCredentialsAnnotationName is an annotation that can be set + // on an ObjectStore resource to enable the use DefaultAzureCredentials + // to authenticate to Azure. This is meant to be used with inheritFromAzureAD enabled. + UseDefaultAzureCredentialsAnnotationName = MetadataNamespace + "/useDefaultAzureCredentials" + + // UseDefaultAzureCredentialsTrueValue is the value for the annotation + // barmancloud.cnpg.io/useDefaultAzureCredentials to enable the use of DefaultAzureCredentials + UseDefaultAzureCredentialsTrueValue = "true" +)