Merge 2cb76ef622 into 1d7974516f

Signed-off-by: Peggie <info@cloudnative-pg.io>

.release-please-manifest.json

@@ -1,3 +1,3 @@
 {
-  ".": "0.9.0"
+  ".": "0.10.0"
 }

CHANGELOG.md

@@ -1,5 +1,26 @@
 # Changelog
 
+## [0.10.0](https://github.com/cloudnative-pg/plugin-barman-cloud/compare/v0.9.0...v0.10.0) (2025-12-30)
+
+
+### Features
+
+* Add `pprof-server` support  ([#538](https://github.com/cloudnative-pg/plugin-barman-cloud/issues/538)) ([921b20c](https://github.com/cloudnative-pg/plugin-barman-cloud/commit/921b20c249240ec271d410bd4531c41272b9c505)), closes [#421](https://github.com/cloudnative-pg/plugin-barman-cloud/issues/421)
+* Remove wal from cache after archiving ([#659](https://github.com/cloudnative-pg/plugin-barman-cloud/issues/659)) ([df22bf2](https://github.com/cloudnative-pg/plugin-barman-cloud/commit/df22bf221674d5e0c42c8a70ce2b590f355a5d46))
+
+
+### Bug Fixes
+
+* **deps:** Update all non-major go dependencies ([#685](https://github.com/cloudnative-pg/plugin-barman-cloud/issues/685)) ([df2f91d](https://github.com/cloudnative-pg/plugin-barman-cloud/commit/df2f91d885e426eb4a3f91dba338f6a93ee31787))
+* **deps:** Update all non-major go dependencies ([#701](https://github.com/cloudnative-pg/plugin-barman-cloud/issues/701)) ([db96dcc](https://github.com/cloudnative-pg/plugin-barman-cloud/commit/db96dcc1288b4cfd5c531e7cf5e89a855d83d76a))
+* **deps:** Update k8s.io/utils digest to 383b50a ([#695](https://github.com/cloudnative-pg/plugin-barman-cloud/issues/695)) ([95ef5dc](https://github.com/cloudnative-pg/plugin-barman-cloud/commit/95ef5dce1d38c63e82aed505f273402602a1b30b))
+* **deps:** Update k8s.io/utils digest to 9d40a56 ([#684](https://github.com/cloudnative-pg/plugin-barman-cloud/issues/684)) ([0ea3d91](https://github.com/cloudnative-pg/plugin-barman-cloud/commit/0ea3d918111ac532d1d94575ba5ba4bd3b0304cb))
+* **deps:** Update kubernetes packages to v0.35.0 ([#694](https://github.com/cloudnative-pg/plugin-barman-cloud/issues/694)) ([30dbc44](https://github.com/cloudnative-pg/plugin-barman-cloud/commit/30dbc44016371931365cf65bff39a0087bda9b97))
+* **deps:** Update module google.golang.org/grpc to v1.78.0 ([#697](https://github.com/cloudnative-pg/plugin-barman-cloud/issues/697)) ([3f8d4f7](https://github.com/cloudnative-pg/plugin-barman-cloud/commit/3f8d4f72573ef8ae5deb3bad7e36db2dc2c36708))
+* **deps:** Update module sigs.k8s.io/kustomize/api to v0.21.0 ([#651](https://github.com/cloudnative-pg/plugin-barman-cloud/issues/651)) ([ef19031](https://github.com/cloudnative-pg/plugin-barman-cloud/commit/ef19031326c197fe08b05c14415b4468604119fb))
+* Don't log full environment variables at default log level ([#589](https://github.com/cloudnative-pg/plugin-barman-cloud/issues/589)) ([a487c4e](https://github.com/cloudnative-pg/plugin-barman-cloud/commit/a487c4ef50c8185f2e38b858271270d46d4bb5a1))
+* **targetTime:** Treat RFC3339-like timestamps without timezone as UTC ([#700](https://github.com/cloudnative-pg/plugin-barman-cloud/issues/700)) ([1f1d300](https://github.com/cloudnative-pg/plugin-barman-cloud/commit/1f1d30043b3ce059866eee616f280a6e4ae3c760)), closes [#699](https://github.com/cloudnative-pg/plugin-barman-cloud/issues/699)
+
 ## [0.9.0](https://github.com/cloudnative-pg/plugin-barman-cloud/compare/v0.8.0...v0.9.0) (2025-11-06)
 
 

containers/Dockerfile.plugin

@@ -15,6 +15,7 @@ RUN go mod download
 COPY ../cmd/manager/main.go cmd/manager/main.go
 COPY ../api/ api/
 COPY ../internal/ internal/
+COPY ../pkg/ pkg/
 
 ENV GOCACHE=/root/.cache/go-build
 ENV GOMODCACHE=/go/pkg/mod

containers/Dockerfile.sidecar

@@ -24,6 +24,7 @@ ENV GOMODCACHE=/go/pkg/mod
 COPY ../cmd/manager/main.go cmd/manager/main.go
 COPY ../api/ api/
 COPY ../internal/ internal/
+COPY ../pkg/ pkg/
 
 # Build
 # the GOARCH has not a default value to allow the binary be built according to the host where the command

internal/cnpgi/common/common.go

@@ -20,13 +20,17 @@ SPDX-License-Identifier: Apache-2.0
 package common
 
 import (
+	"context"
 	"fmt"
 	"path"
 	"strings"
 
 	barmanapi "github.com/cloudnative-pg/barman-cloud/pkg/api"
+	"github.com/cloudnative-pg/barman-cloud/pkg/command"
 
+	apiv1 "github.com/cloudnative-pg/plugin-barman-cloud/api/v1"
 	"github.com/cloudnative-pg/plugin-barman-cloud/internal/cnpgi/metadata"
+	pluginmetadata "github.com/cloudnative-pg/plugin-barman-cloud/pkg/metadata"
 )
 
 // TODO: refactor.
@@ -97,3 +101,14 @@ func MergeEnv(env []string, incomingEnv []string) []string {
 func BuildCertificateFilePath(objectStoreName string) string {
 	return path.Join(metadata.BarmanCertificatesPath, objectStoreName, metadata.BarmanCertificatesFileName)
 }
+
+// ContextWithProviderOptions enriches the context with cloud service provider specific options
+// based on the ObjectStore resource
+func ContextWithProviderOptions(ctx context.Context, objectStore apiv1.ObjectStore) context.Context {
+	if objectStore.GetAnnotations()[pluginmetadata.UseDefaultAzureCredentialAnnotationName] ==
+		pluginmetadata.UseDefaultAzureCredentialTrueValue {
+		return command.ContextWithDefaultAzureCredentials(ctx, true)
+	}
+
+	return ctx
+}

internal/cnpgi/common/wal.go

@@ -127,6 +127,8 @@ func (w WALServiceImplementation) Archive(
 		return nil, err
 	}
 
+	ctx = ContextWithProviderOptions(ctx, objectStore)
+
 	envArchive, err := barmanCredentials.EnvSetCloudCredentialsAndCertificates(
 		ctx,
 		w.Client,

internal/cnpgi/instance/backup.go

@@ -87,6 +87,8 @@ func (b BackupServiceImplementation) Backup(
 		return nil, err
 	}
 
+	ctx = common.ContextWithProviderOptions(ctx, objectStore)
+
 	if err := fileutils.EnsureDirectoryExists(postgres.BackupTemporaryDirectory); err != nil {
 		contextLogger.Error(err, "Cannot create backup temporary directory", "err", err)
 		return nil, err

internal/cnpgi/instance/retention.go

@@ -93,6 +93,8 @@ func (c *CatalogMaintenanceRunnable) cycle(ctx context.Context) (time.Duration,
 		return 0, err
 	}
 
+	ctx = common.ContextWithProviderOptions(ctx, barmanObjectStore)
+
 	if err := c.maintenance(ctx, &cluster, &barmanObjectStore); err != nil {
 		return 0, err
 	}

internal/cnpgi/metadata/constants.go

@@ -43,7 +43,7 @@ const (
 // Data is the metadata of this plugin.
 var Data = identity.GetPluginMetadataResponse{
 	Name:          PluginName,
-	Version:       "0.9.0", // x-release-please-version
+	Version:       "0.10.0", // x-release-please-version
 	DisplayName:   "BarmanCloudInstance",
 	ProjectUrl:    "https://github.com/cloudnative-pg/plugin-barman-cloud",
 	RepositoryUrl: "https://github.com/cloudnative-pg/plugin-barman-cloud",

internal/cnpgi/restore/restore.go

@@ -109,7 +109,7 @@ func (impl JobHookImpl) Restore(
 		}
 
 		if err := impl.checkBackupDestination(
-			ctx,
+			common.ContextWithProviderOptions(ctx, targetObjectStore),
 			configuration.Cluster,
 			&targetObjectStore.Spec.Configuration,
 			targetObjectStore.Name,
@@ -118,6 +118,8 @@ func (impl JobHookImpl) Restore(
 		}
 	}
 
+	ctx = common.ContextWithProviderOptions(ctx, recoveryObjectStore)
+
 	// Detect the backup to recover
 	backup, env, err := loadBackupObjectFromExternalCluster(
 		ctx,

pkg/metadata/doc.go

@@ -0,0 +1,2 @@
+// Package metadata provides metadata utilities for the Barman Cloud plugin
+package metadata

pkg/metadata/labels_annotations.go

@@ -0,0 +1,15 @@
+package metadata
+
+// MetadataNamespace is the namespace used for the Barman Cloud plugin metadata
+const MetadataNamespace = "barmancloud.cnpg.io"
+
+const (
+	// UseDefaultAzureCredentialAnnotationName is an annotation that can be set
+	// on an ObjectStore resource to enable the authentication to Azure via DefaultAzureCredential.
+	// This is meant to be used with inheritFromAzureAD enabled.
+	UseDefaultAzureCredentialAnnotationName = MetadataNamespace + "/useDefaultAzureCredential"
+
+	// UseDefaultAzureCredentialTrueValue is the value for the annotation
+	// barmancloud.cnpg.io/useDefaultAzureCredential to enable the DefaultAzureCredentials auth mechanism.
+	UseDefaultAzureCredentialTrueValue = "true"
+)

web/docs/object_stores.md

@@ -233,6 +233,7 @@ Barman Cloud supports the following authentication methods:
 - Storage Account Name + [Access Key](https://learn.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage)
 - Storage Account Name + [SAS Token](https://learn.microsoft.com/en-us/azure/storage/blobs/sas-service-create)
 - [Azure AD Workload Identity](https://azure.github.io/azure-workload-identity/docs/introduction.html)
+- [DefaultAzureCredential](https://learn.microsoft.com/en-us/azure/developer/go/sdk/authentication/credential-chains#defaultazurecredential-overview)
 
 ### Azure AD Workload Identity
 
@@ -252,6 +253,27 @@ spec:
   [...]
 ```
 
+### DefaultAzureCredential
+
+To authenticate using `DefaultAzureCredential`, set the annotation
+`barmancloud.cnpg.io/useDefaultAzureCredential="true"` on the ObjectStore in
+conjunction with the `.spec.configuration.inheritFromAzureAD` option:
+
+```yaml
+apiVersion: barmancloud.cnpg.io/v1
+kind: ObjectStore
+metadata:
+  name: azure-store
+  annotations:
+    barmancloud.cnpg.io/useDefaultAzureCredential: "true"
+spec:
+  configuration:
+    destinationPath: "<destination path here>"
+    azureCredentials:
+      inheritFromAzureAD: true
+  [...]
+```
+
 ### Access Key, SAS Token, or Connection String
 
 Store credentials in a Kubernetes secret: