Merge 78d02d6803 into 0153abba82

fix(azure): update barman-cloud with Azure validation fix (#710 )
This change fixes Azure credentials validation to require a storage account when using explicit credentials such as a storage key or SAS token, and ensures the connection string is mutually exclusive with other authentication parameters. Closes #705 Related: cloudnative-pg/barman-cloud#177 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
2026-01-11 13:23:09 +01:00 · 2026-01-08 09:27:52 +01:00 · 2026-01-08 09:25:15 +01:00 · 2025-08-18 13:36:01 +02:00
4 changed files with 20 additions and 3 deletions
--- a/go.mod
+++ b/go.mod
@ -7,7 +7,7 @@ toolchain go1.25.5
 require (
 	github.com/cert-manager/cert-manager v1.19.2
 	github.com/cloudnative-pg/api v1.28.0
-	github.com/cloudnative-pg/barman-cloud v0.4.0
+	github.com/cloudnative-pg/barman-cloud v0.4.1-0.20251230211524-20b7e0e10b0f
 	github.com/cloudnative-pg/cloudnative-pg v1.28.0
 	github.com/cloudnative-pg/cnpg-i v0.3.1
 	github.com/cloudnative-pg/cnpg-i-machinery v0.4.2
--- a/go.sum
+++ b/go.sum
@ -18,8 +18,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cloudnative-pg/api v1.28.0 h1:xElzHliO0eKkVQafkfMhDJo0aIRCmB1ItEt+SGh6B58=
 github.com/cloudnative-pg/api v1.28.0/go.mod h1:puXJBOsEaJd8JLgvCtxgl2TO/ZANap/z7bPepKRUgrk=
-github.com/cloudnative-pg/barman-cloud v0.4.0 h1:V4ajM5yDWq2m+TxmnDtCBGmfMXAxbXr9k7lfR4jM+eE=
-github.com/cloudnative-pg/barman-cloud v0.4.0/go.mod h1:AWdyNP2jvMO1c7eOOwT8kT+QGyK5O7lEBZX12LEZ1Ic=
+github.com/cloudnative-pg/barman-cloud v0.4.1-0.20251230211524-20b7e0e10b0f h1:4/PwIQOwQSTIxuncGRn3pX2V9CRwl7zJNXOVWOMSCCU=
+github.com/cloudnative-pg/barman-cloud v0.4.1-0.20251230211524-20b7e0e10b0f/go.mod h1:qD0NtJOllNQbRB0MaleuHsZjFYaXtXfdg0HbFTbuHn0=
 github.com/cloudnative-pg/cloudnative-pg v1.28.0 h1:vkv0a0ewDSfJOPJrsyUr4uczsxheReAWf/k171V0Dm0=
 github.com/cloudnative-pg/cloudnative-pg v1.28.0/go.mod h1:209fkRR6m0vXUVQ9Q498eAPQqN2UlXECbXXtpGsZz3I=
 github.com/cloudnative-pg/cnpg-i v0.3.1 h1:fKj8NoToWI11HUL2UWYJBpkVzmaTvbs3kDMo7wQF8RU=
--- a/web/docs/migration.md
+++ b/web/docs/migration.md
@ -103,6 +103,10 @@ As you can see, the contents of `barmanObjectStore` have been copied directly
 under the `configuration` field of the `ObjectStore` resource, using the same
 secret references.

+### IAM Role for Service Account (IRSA)
+
+If you use IRSA, you need to configure the `ObjectStore` to utilize the correct role as described in the [`Object Store Reference`](object_stores.md#iam-role-for-service-account-irsa).
+
 ## Step 2: Update the `Cluster` for plugin WAL archiving

 Once the `ObjectStore` resource is in place, update the `Cluster` resource as
--- a/web/docs/object_stores.md
+++ b/web/docs/object_stores.md
@ -101,6 +101,19 @@ spec:
        [...]
 ```

+In addition, configure the `ObjectStore` to inherit permissions from the IAM role referenced in the service account:
+
+```yaml
+apiVersion: barmancloud.cnpg.io/v1
+kind: ObjectStore
+metadata:
+  [...]
+spec:
+  configuration:
+    s3Credentials:
+      inheritFromIAMRole: true
+```
+
 ### S3 Lifecycle Policy

 Barman Cloud uploads backup files to S3 but does not modify or delete them afterward.