From bac7b673a2ef239dd28bd2d1eced083009ad8ba6 Mon Sep 17 00:00:00 2001
From: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
Date: Mon, 24 Mar 2025 18:21:47 +0100
Subject: [PATCH] fix: custom CA support for retention policies (#224)

Closes #220

Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
---
 internal/cnpgi/instance/retention.go              | 6 ++++--
 internal/cnpgi/operator/lifecycle_certificates.go | 3 ++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/internal/cnpgi/instance/retention.go b/internal/cnpgi/instance/retention.go
index 4a643b1..6b68dfb 100644
--- a/internal/cnpgi/instance/retention.go
+++ b/internal/cnpgi/instance/retention.go
@@ -109,12 +109,14 @@ func (c *CatalogMaintenanceRunnable) maintenance(
 		return nil
 	}
 
-	env, err := barmanCredentials.EnvSetBackupCloudCredentials(
+	env, err := barmanCredentials.EnvSetCloudCredentialsAndCertificates(
 		ctx,
 		c.Client,
 		objectStore.Namespace,
 		&objectStore.Spec.Configuration,
-		common.MergeEnv(os.Environ(), common.GetRestoreCABundleEnv(&objectStore.Spec.Configuration)))
+		os.Environ(),
+		common.BuildCertificateFilePath(objectStore.Name),
+	)
 	if err != nil {
 		contextLogger.Error(err, "while setting backup cloud credentials")
 		return err
diff --git a/internal/cnpgi/operator/lifecycle_certificates.go b/internal/cnpgi/operator/lifecycle_certificates.go
index 0888212..9ba5677 100644
--- a/internal/cnpgi/operator/lifecycle_certificates.go
+++ b/internal/cnpgi/operator/lifecycle_certificates.go
@@ -37,7 +37,8 @@ func (impl LifecycleImplementation) collectAdditionalCertificates(
 		result = append(result, envs...)
 	}
 
-	if len(pluginConfiguration.RecoveryBarmanObjectName) > 0 {
+	if len(pluginConfiguration.RecoveryBarmanObjectName) > 0 &&
+		pluginConfiguration.RecoveryBarmanObjectName != pluginConfiguration.BarmanObjectName {
 		envs, err := impl.collectObjectStoreCertificates(
 			ctx,
 			types.NamespacedName{