K8SPSMDB-1056: S3 storage delete-backup finalizer without secrets (#1524)

inelpandzic · web-flow · commit cd0968e03595 · 2024-04-19T13:20:16.000+03:00
* Check for secret only if CredentialSecret filed is persent.

* Update demand-backup-eks-credentials to delete the backup with
finalizer.
diff --git a/e2e-tests/demand-backup-eks-credentials/conf/backup-aws-s3.yml b/e2e-tests/demand-backup-eks-credentials/conf/backup-aws-s3.yml
@@ -1,6 +1,8 @@
 apiVersion: psmdb.percona.com/v1
 kind: PerconaServerMongoDBBackup
 metadata:
+  finalizers:
+    - delete-backup
   name: backup-aws-s3
 spec:
   clusterName: some-name
diff --git a/e2e-tests/demand-backup-eks-credentials/run b/e2e-tests/demand-backup-eks-credentials/run
@@ -68,6 +68,10 @@ compare_mongo_cmd "find" "myApp:myPass@$cluster-0.$cluster.$namespace"
 compare_mongo_cmd "find" "myApp:myPass@$cluster-1.$cluster.$namespace"
 compare_mongo_cmd "find" "myApp:myPass@$cluster-2.$cluster.$namespace"
 
+desc 'delete backup and check if it is removed from bucket -- aws-s3'
+kubectl_bin delete psmdb-backup --all
+check_backup_deletion "https://s3.amazonaws.com/${backup_dest_aws}" "aws-s3"
+
 destroy $namespace
 
 desc 'test passed'
diff --git a/pkg/controller/perconaservermongodbbackup/perconaservermongodbbackup_controller.go b/pkg/controller/perconaservermongodbbackup/perconaservermongodbbackup_controller.go
@@ -258,9 +258,6 @@ func (r *ReconcilePerconaServerMongoDBBackup) getPBMStorage(ctx context.Context,
 		}
 		return azure.New(azureConf, nil)
 	case cr.Status.S3 != nil:
-		if cr.Status.S3.CredentialsSecret == "" {
-			return nil, errors.New("no s3 credentials specified for the secret name")
-		}
 		s3Conf := s3.Conf{
 			Region:                cr.Status.S3.Region,
 			EndpointURL:           cr.Status.S3.EndpointURL,
@@ -271,9 +268,16 @@ func (r *ReconcilePerconaServerMongoDBBackup) getPBMStorage(ctx context.Context,
 			StorageClass:          cr.Status.S3.StorageClass,
 			InsecureSkipTLSVerify: cr.Status.S3.InsecureSkipTLSVerify,
 		}
-		s3secret, err := secret(ctx, r.client, cr.Namespace, cr.Status.S3.CredentialsSecret)
-		if err != nil {
-			return nil, errors.Wrap(err, "getting s3 credentials secret name")
+
+		if cr.Status.S3.CredentialsSecret != "" {
+			s3secret, err := secret(ctx, r.client, cr.Namespace, cr.Status.S3.CredentialsSecret)
+			if err != nil {
+				return nil, errors.Wrap(err, "getting s3 credentials secret name")
+			}
+			s3Conf.Credentials = s3.Credentials{
+				AccessKeyID:     string(s3secret.Data[backup.AWSAccessKeySecretKey]),
+				SecretAccessKey: string(s3secret.Data[backup.AWSSecretAccessKeySecretKey]),
+			}
 		}
 
 		if len(cr.Status.S3.ServerSideEncryption.SSECustomerAlgorithm) != 0 {
@@ -319,10 +323,6 @@ func (r *ReconcilePerconaServerMongoDBBackup) getPBMStorage(ctx context.Context,
 			}
 		}
 
-		s3Conf.Credentials = s3.Credentials{
-			AccessKeyID:     string(s3secret.Data[backup.AWSAccessKeySecretKey]),
-			SecretAccessKey: string(s3secret.Data[backup.AWSSecretAccessKeySecretKey]),
-		}
 		return s3.New(s3Conf, nil)
 	default:
 		return nil, errors.New("no storage info in backup status")
