feat: add types (CHECKPOINT 2)

Signed-off-by: Armando Ruocco <[email protected]>

.gitignore

@@ -28,3 +28,7 @@
 
 # Go workspace file
 go.work
+
+# artifacts
+/bin/
+/testbin/

go.mod

@@ -5,26 +5,27 @@ go 1.23.0
 require (
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/cloudnative-pg/cnpg-i-machinery v0.0.0-20240903080817-f919c9abfe74
-	github.com/onsi/ginkgo/v2 v2.19.1
+	github.com/onsi/ginkgo/v2 v2.20.0
 	github.com/onsi/gomega v1.34.1
+	k8s.io/apimachinery v0.30.3
 )
 
 require (
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/zapr v1.3.0 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect
+	github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/rogpeppe/go-internal v1.10.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
-	golang.org/x/net v0.27.0 // indirect
-	golang.org/x/sys v0.22.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
-	golang.org/x/tools v0.23.0 // indirect
+	golang.org/x/net v0.28.0 // indirect
+	golang.org/x/sys v0.23.0 // indirect
+	golang.org/x/text v0.17.0 // indirect
+	golang.org/x/tools v0.24.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -15,6 +15,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg=
 github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
+github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 h1:FKHo8hFI3A+7w0aUQuYXQ+6EN5stWmeY/AZqtM8xk9k=
+github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
@@ -24,6 +26,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/onsi/ginkgo/v2 v2.19.1 h1:QXgq3Z8Crl5EL1WBAC98A5sEBHARrAJNzAmMxzLcRF0=
 github.com/onsi/ginkgo/v2 v2.19.1/go.mod h1:O3DtEWQkPa/F7fBMgmZQKKsluAy8pd3rEQdrjkPb9zA=
+github.com/onsi/ginkgo/v2 v2.20.0 h1:PE84V2mHqoT1sglvHc8ZdQtPcwmvvt29WLEEO3xmdZw=
+github.com/onsi/ginkgo/v2 v2.20.0/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI=
 github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
 github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
@@ -44,16 +48,26 @@ golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0
 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
 golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
 golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
+golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
+golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
 golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
 golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
+golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
 golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
+golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg=
 golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
+golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24=
+golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
 google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
 google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc=
+k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=

pkg/credentials/env.go

@@ -0,0 +1,308 @@
+/*
+Copyright The CloudNativePG Contributors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package credentials is used to build environment for barman cloud commands
+package credentials
+
+import (
+	"context"
+	"fmt"
+	barmanTypes "github.com/cloudnative-pg/plugin-barman-cloud/pkg/types"
+
+	corev1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/cloudnative-pg/cloudnative-pg/pkg/fileutils"
+	"github.com/cloudnative-pg/cloudnative-pg/pkg/postgres"
+)
+
+// EnvSetBackupCloudCredentials sets the AWS environment variables needed for backups
+// given the configuration inside the cluster
+func EnvSetBackupCloudCredentials(
+	ctx context.Context,
+	c client.Client,
+	namespace string,
+	configuration *barmanTypes.BarmanObjectStoreConfiguration,
+	env []string,
+) ([]string, error) {
+	if configuration.EndpointCA != nil && configuration.BarmanCredentials.AWS != nil {
+		env = append(env, fmt.Sprintf("AWS_CA_BUNDLE=%s", postgres.BarmanBackupEndpointCACertificateLocation))
+	} else if configuration.EndpointCA != nil && configuration.BarmanCredentials.Azure != nil {
+		env = append(env, fmt.Sprintf("REQUESTS_CA_BUNDLE=%s", postgres.BarmanBackupEndpointCACertificateLocation))
+	}
+
+	return envSetCloudCredentials(ctx, c, namespace, configuration, env)
+}
+
+// EnvSetRestoreCloudCredentials sets the AWS environment variables needed for restores
+// given the configuration inside the cluster
+func EnvSetRestoreCloudCredentials(
+	ctx context.Context,
+	c client.Client,
+	namespace string,
+	configuration *barmanTypes.BarmanObjectStoreConfiguration,
+	env []string,
+) ([]string, error) {
+	if configuration.EndpointCA != nil && configuration.BarmanCredentials.AWS != nil {
+		env = append(env, fmt.Sprintf("AWS_CA_BUNDLE=%s", postgres.BarmanRestoreEndpointCACertificateLocation))
+	} else if configuration.EndpointCA != nil && configuration.BarmanCredentials.Azure != nil {
+		env = append(env, fmt.Sprintf("REQUESTS_CA_BUNDLE=%s", postgres.BarmanRestoreEndpointCACertificateLocation))
+	}
+	return envSetCloudCredentials(ctx, c, namespace, configuration, env)
+}
+
+// envSetCloudCredentials sets the AWS environment variables given the configuration
+// inside the cluster
+func envSetCloudCredentials(
+	ctx context.Context,
+	c client.Client,
+	namespace string,
+	configuration *barmanTypes.BarmanObjectStoreConfiguration,
+	env []string,
+) (envs []string, err error) {
+	if configuration.BarmanCredentials.AWS != nil {
+		return envSetAWSCredentials(ctx, c, namespace, configuration.BarmanCredentials.AWS, env)
+	}
+
+	if configuration.BarmanCredentials.Google != nil {
+		return envSetGoogleCredentials(ctx, c, namespace, configuration.BarmanCredentials.Google, env)
+	}
+
+	return envSetAzureCredentials(ctx, c, namespace, configuration, env)
+}
+
+// envSetAWSCredentials sets the AWS environment variables given the configuration
+// inside the cluster
+func envSetAWSCredentials(
+	ctx context.Context,
+	client client.Client,
+	namespace string,
+	s3credentials *barmanTypes.S3Credentials,
+	env []string,
+) ([]string, error) {
+	// check if AWS credentials are defined
+	if s3credentials == nil {
+		return nil, fmt.Errorf("missing S3 credentials")
+	}
+
+	if s3credentials.InheritFromIAMRole {
+		return env, nil
+	}
+
+	// Get access key ID
+	if s3credentials.AccessKeyIDReference == nil {
+		return nil, fmt.Errorf("missing access key ID")
+	}
+	accessKeyID, accessKeyErr := extractValueFromSecret(
+		ctx,
+		client,
+		s3credentials.AccessKeyIDReference,
+		namespace,
+	)
+	if accessKeyErr != nil {
+		return nil, accessKeyErr
+	}
+
+	// Get secret access key
+	if s3credentials.SecretAccessKeyReference == nil {
+		return nil, fmt.Errorf("missing secret access key")
+	}
+	secretAccessKey, secretAccessErr := extractValueFromSecret(
+		ctx,
+		client,
+		s3credentials.SecretAccessKeyReference,
+		namespace,
+	)
+	if secretAccessErr != nil {
+		return nil, secretAccessErr
+	}
+
+	if s3credentials.RegionReference != nil {
+		region, regionErr := extractValueFromSecret(
+			ctx,
+			client,
+			s3credentials.RegionReference,
+			namespace,
+		)
+		if regionErr != nil {
+			return nil, regionErr
+		}
+		env = append(env, fmt.Sprintf("AWS_DEFAULT_REGION=%s", region))
+	}
+
+	// Get session token secret
+	if s3credentials.SessionToken != nil {
+		sessionKey, sessErr := extractValueFromSecret(
+			ctx,
+			client,
+			s3credentials.SessionToken,
+			namespace,
+		)
+		if sessErr != nil {
+			return nil, sessErr
+		}
+		env = append(env, fmt.Sprintf("AWS_SESSION_TOKEN=%s", sessionKey))
+	}
+
+	env = append(env, fmt.Sprintf("AWS_ACCESS_KEY_ID=%s", accessKeyID))
+	env = append(env, fmt.Sprintf("AWS_SECRET_ACCESS_KEY=%s", secretAccessKey))
+
+	return env, nil
+}
+
+// envSetAzureCredentials sets the Azure environment variables given the configuration
+// inside the cluster
+func envSetAzureCredentials(
+	ctx context.Context,
+	c client.Client,
+	namespace string,
+	configuration *barmanTypes.BarmanObjectStoreConfiguration,
+	env []string,
+) ([]string, error) {
+	// check if Azure credentials are defined
+	if configuration.BarmanCredentials.Azure == nil {
+		return nil, fmt.Errorf("missing Azure credentials")
+	}
+
+	if configuration.BarmanCredentials.Azure.InheritFromAzureAD {
+		return env, nil
+	}
+
+	// Get storage account name
+	if configuration.BarmanCredentials.Azure.StorageAccount != nil {
+		storageAccount, err := extractValueFromSecret(
+			ctx,
+			c,
+			configuration.BarmanCredentials.Azure.StorageAccount,
+			namespace,
+		)
+		if err != nil {
+			return nil, err
+		}
+		env = append(env, fmt.Sprintf("AZURE_STORAGE_ACCOUNT=%s", storageAccount))
+	}
+
+	// Get the storage key
+	if configuration.BarmanCredentials.Azure.StorageKey != nil {
+		storageKey, err := extractValueFromSecret(
+			ctx,
+			c,
+			configuration.BarmanCredentials.Azure.StorageKey,
+			namespace,
+		)
+		if err != nil {
+			return nil, err
+		}
+		env = append(env, fmt.Sprintf("AZURE_STORAGE_KEY=%s", storageKey))
+	}
+
+	// Get the SAS token
+	if configuration.BarmanCredentials.Azure.StorageSasToken != nil {
+		storageSasToken, err := extractValueFromSecret(
+			ctx,
+			c,
+			configuration.BarmanCredentials.Azure.StorageSasToken,
+			namespace,
+		)
+		if err != nil {
+			return nil, err
+		}
+		env = append(env, fmt.Sprintf("AZURE_STORAGE_SAS_TOKEN=%s", storageSasToken))
+	}
+
+	if configuration.BarmanCredentials.Azure.ConnectionString != nil {
+		connString, err := extractValueFromSecret(
+			ctx,
+			c,
+			configuration.BarmanCredentials.Azure.ConnectionString,
+			namespace,
+		)
+		if err != nil {
+			return nil, err
+		}
+		env = append(env, fmt.Sprintf("AZURE_STORAGE_CONNECTION_STRING=%s", connString))
+	}
+
+	return env, nil
+}
+
+func envSetGoogleCredentials(
+	ctx context.Context,
+	c client.Client,
+	namespace string,
+	googleCredentials *barmanTypes.GoogleCredentials,
+	env []string,
+) ([]string, error) {
+	var applicationCredentialsContent []byte
+
+	if googleCredentials.GKEEnvironment &&
+		googleCredentials.ApplicationCredentials == nil {
+		return env, reconcileGoogleCredentials(googleCredentials, applicationCredentialsContent)
+	}
+
+	applicationCredentialsContent, err := extractValueFromSecret(
+		ctx,
+		c,
+		googleCredentials.ApplicationCredentials,
+		namespace,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := reconcileGoogleCredentials(googleCredentials, applicationCredentialsContent); err != nil {
+		return nil, err
+	}
+
+	env = append(env, "GOOGLE_APPLICATION_CREDENTIALS=/controller/.application_credentials.json")
+
+	return env, nil
+}
+
+func reconcileGoogleCredentials(
+	googleCredentials *barmanTypes.GoogleCredentials,
+	applicationCredentialsContent []byte,
+) error {
+	credentialsPath := "/controller/.application_credentials.json"
+
+	if googleCredentials == nil {
+		return fileutils.RemoveFile(credentialsPath)
+	}
+
+	_, err := fileutils.WriteFileAtomic(credentialsPath, applicationCredentialsContent, 0o600)
+
+	return err
+}
+
+func extractValueFromSecret(
+	ctx context.Context,
+	c client.Client,
+	secretReference *barmanTypes.SecretKeySelector,
+	namespace string,
+) ([]byte, error) {
+	secret := &corev1.Secret{}
+	err := c.Get(ctx, client.ObjectKey{Namespace: namespace, Name: secretReference.Name}, secret)
+	if err != nil {
+		return nil, fmt.Errorf("while getting secret %s: %w", secretReference.Name, err)
+	}
+
+	value, ok := secret.Data[secretReference.Key]
+	if !ok {
+		return nil, fmt.Errorf("missing key %s, inside secret %s", secretReference.Key, secretReference.Name)
+	}
+
+	return value, nil
+}