This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
|
[golangci/golangci-lint](https://redirect.github.com/golangci/golangci-lint)
| minor | `v2.11.4` → `v2.12.0` |
---
### Release Notes
<details>
<summary>golangci/golangci-lint (golangci/golangci-lint)</summary>
###
[`v2.12.0`](https://redirect.github.com/golangci/golangci-lint/blob/HEAD/CHANGELOG.md#v2120)
[Compare
Source](https://redirect.github.com/golangci/golangci-lint/compare/v2.11.4...v2.12.0)
*Released on 2026-05-01*
1. New linters
- Add `clickhouselint` linter
<https://github.com/ClickHouse/clickhouse-go-linter>
2. Linters new features or changes
- `dupl`: from
[`f665c8d`](https://redirect.github.com/golangci/golangci-lint/commit/f665c8d69b32)
to
[`c99c5cf`](https://redirect.github.com/golangci/golangci-lint/commit/c99c5cf5c202)
(extended detection)
- `funcorder`: from 0.5.0 to 0.6.0 (new option: `function`)
- `goconst`: add an option to ignore strings from tests
- `goconst`: from 1.8.2 to 1.10.0 (extended detection)
- `gomodguard_v2`: from 1.4.1 to 2.1.0 (major version with new
configuration)
- `gosec`: from
[`619ce21`](https://redirect.github.com/golangci/golangci-lint/commit/619ce2117e08)
to 2.26.1 (new checks: `G124`, `G708`, `G709`, `G710`)
- `govet`: add `inline` analyzer
- `makezero`: from 2.1.0 to 2.2.1 (support slice type aliases)
- `paralleltest`: expose `checkcleanup` option
- `sloglint`: from 0.11.1 to 0.12.0 (new options: `allowed-keys`,
`custom-funcs`)
- `wsl_v5`: from 5.6.0 to 5.8.0 (new option: `cuddle-max-statements`;
new checks: `after-decl`, `after-defer`, `after-expr`, `after-go`,
`cuddle-group`)
3. Linters bug fixes
- `forbidigo`: from 2.3.0 to 2.3.1
- `godot`: from 1.5.4 to 1.5.6
- `govet-modernize`: from 0.43.0 to 0.44.0
- `ireturn`: from 0.4.0 to 0.4.1
- `rowserrcheck`: from 1.1.1 to
[`c5f79b8`](https://redirect.github.com/golangci/golangci-lint/commit/c5f79b8)
4. Misc.
- Decrease cache entropy
- Embed the JSON schema in the binary
- Filter env vars when cloning the repository with the `custom` command
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- At any time (no schedule defined)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Never, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/cloudnative-pg/plugin-barman-cloud).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE1OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJhdXRvbWF0ZWQiLCJuby1pc3N1ZSJdfQ==-->
---------
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Leonardo Cecchi <leonardo.cecchi@gmail.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonardo Cecchi <leonardo.cecchi@gmail.com>
When an ObjectStore's credentials change (e.g., secret rename), the
RBAC Role granting the Cluster's ServiceAccount access to those
secrets was not updated because nothing triggered a Cluster
reconciliation.
Implement the ObjectStore controller's Reconcile to detect affected
Roles and update their rules directly, without needing access to
Cluster objects. The controller lists Roles by a label set by the
Pre hook, inspects their rules to find which ObjectStores they
reference, fetches those ObjectStores, and patches the rules to
match the current specs.
Replace the custom setOwnerReference helper with
controllerutil.SetControllerReference. Add dynamic CNPG scheme
registration (internal/scheme) to the operator, instance, and
restore managers.
Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Signed-off-by: Gabriele Quaresima <gabriele.quaresima@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Gabriele Quaresima <gabriele.quaresima@enterprisedb.com>
This commit adds support for the DefaultAzureCredential authentication
mechanism in Azure Blob Storage. Users can now use the
`useDefaultAzureCredentials` option to enable Azure's default credential
chain, which automatically discovers and uses available credentials in
the following order
1. Environment Variables (Service Principal)
2. Managed Identity
3. Azure CLI
4. Azure PowerShell
This is particularly useful when running on Azure Kubernetes Service
(AKS) with Workload Identity, eliminating the need to explicitly store
credentials in Kubernetes Secrets.
Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Signed-off-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
This commit makes the Barman cloud plugin support the enforcement of
retention policy as provided by the barman-cloud tool suite.
The first recoverability point and the last successful backup are
shown in the status of the ObjectStore resource for each involved
server name.
Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>