Merge pull request #2113 from percona/cloud-940

CLOUD-940 Use authenticated calls to check backup existence

Author: hors

Jenkinsfile

@@ -218,22 +218,24 @@ void makeReport() {
 }
 
 void clusterRunner(String cluster) {
-    def clusterCreated=0
+    withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', accessKeyVariable: 'AWS_ACCESS_KEY_ID', credentialsId: 'AMI/OVF', secretKeyVariable: 'AWS_SECRET_ACCESS_KEY']]){
+        def clusterCreated=0
 
-    for (int i=0; i<tests.size(); i++) {
-        if (tests[i]["result"] == "skipped" && currentBuild.nextBuild == null) {
-            tests[i]["result"] = "failure"
-            tests[i]["cluster"] = cluster
-            if (clusterCreated == 0) {
-                createCluster(cluster)
-                clusterCreated++
+        for (int i=0; i<tests.size(); i++) {
+            if (tests[i]["result"] == "skipped" && currentBuild.nextBuild == null) {
+                tests[i]["result"] = "failure"
+                tests[i]["cluster"] = cluster
+                if (clusterCreated == 0) {
+                    createCluster(cluster)
+                    clusterCreated++
+                }
+                runTest(i)
             }
-            runTest(i)
         }
-    }
 
-    if (clusterCreated >= 1) {
-        shutdownCluster(cluster)
+        if (clusterCreated >= 1) {
+            shutdownCluster(cluster)
+        }
     }
 }
 
@@ -306,6 +308,35 @@ EOF
 
         curl -sL https://github.com/mitchellh/golicense/releases/latest/download/golicense_0.2.0_linux_x86_64.tar.gz | sudo tar -C /usr/local/bin -xzf - golicense
     """
+    installAzureCLI()
+    azureAuth()
+}
+
+void azureAuth() {
+    withCredentials([azureServicePrincipal('PERCONA-OPERATORS-SP')]) {
+        sh '''
+            az login --service-principal -u "$AZURE_CLIENT_ID" -p "$AZURE_CLIENT_SECRET" -t "$AZURE_TENANT_ID"  --allow-no-subscriptions
+            az account set -s "$AZURE_SUBSCRIPTION_ID"
+        '''
+    }
+}
+
+void installAzureCLI() {
+    sh """
+        if ! command -v az &>/dev/null; then
+            echo "Installing Azure CLI for Hetzner instances..."
+            sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
+            cat <<EOF | sudo tee /etc/yum.repos.d/azure-cli.repo
+[azure-cli]
+name=Azure CLI
+baseurl=https://packages.microsoft.com/yumrepos/azure-cli
+enabled=1
+gpgcheck=1
+gpgkey=https://packages.microsoft.com/keys/microsoft.asc
+EOF
+            sudo dnf install azure-cli -y
+        fi
+    """
 }
 
 boolean isManualBuild() {

e2e-tests/data-at-rest-encryption/run

@@ -66,7 +66,8 @@ compare_mongos_cmd "find" "myApp:myPass@$cluster-mongos.$namespace"
 if [ -z "$SKIP_BACKUPS_TO_AWS_GCP_AZURE" ]; then
 	desc 'check backup and restore -- gcp-cs'
 	backup_dest_gcp=$(get_backup_dest "$backup_name_gcp")
-	curl -s "https://storage.googleapis.com/${backup_dest_gcp}/rs0/myApp.test.gz" | gunzip >/dev/null
+	setup_gcs_credentials
+	check_backup_existence_gcs "$backup_dest_gcp" "/rs0/myApp.test.gz"
 	run_mongos 'use myApp\n db.test.insert({ x: 100501 })' "myApp:myPass@$cluster-mongos.$namespace"
 	compare_mongos_cmd "find" "myApp:myPass@$cluster-mongos.$namespace" "-2nd"
 	run_restore "$backup_name_gcp"

e2e-tests/demand-backup-eks-credentials-irsa/run

@@ -116,7 +116,8 @@ sleep 5
 
 desc 'check backup and restore -- aws-s3'
 backup_dest_aws=$(get_backup_dest "$backup_name_aws")
-curl -s "https://s3.amazonaws.com/${backup_dest_aws}/rs0/myApp.test.gz" | gunzip >/dev/null
+setup_aws_credentials
+check_backup_existence_aws "$backup_dest_aws" "/rs0/myApp.test.gz"
 run_mongo 'use myApp\n db.test.insert({ x: 100501 })' "myApp:myPass@$cluster-rs0.$namespace"
 compare_mongo_cmd "find" "myApp:myPass@$cluster-rs0-0.$cluster-rs0.$namespace" "-2nd"
 compare_mongo_cmd "find" "myApp:myPass@$cluster-rs0-1.$cluster-rs0.$namespace" "-2nd"

e2e-tests/demand-backup-eks-credentials/run

@@ -57,7 +57,8 @@ sleep 5
 
 desc 'check backup and restore -- aws-s3'
 backup_dest_aws=$(get_backup_dest "$backup_name_aws")
-curl -s "https://s3.amazonaws.com/${backup_dest_aws}/rs0/myApp.test.gz" | gunzip >/dev/null
+setup_aws_credentials
+check_backup_existence_aws "$backup_dest_aws" "/rs0/myApp.test.gz"
 run_mongo 'use myApp\n db.test.insert({ x: 100501 })' "myApp:myPass@$cluster.$namespace"
 compare_mongo_cmd "find" "myApp:myPass@$cluster-0.$cluster.$namespace" "-2nd"
 compare_mongo_cmd "find" "myApp:myPass@$cluster-1.$cluster.$namespace" "-2nd"
@@ -70,7 +71,7 @@ compare_mongo_cmd "find" "myApp:myPass@$cluster-2.$cluster.$namespace"
 
 desc 'delete backup and check if it is removed from bucket -- aws-s3'
 kubectl_bin delete psmdb-backup --all
-check_backup_deletion "https://s3.amazonaws.com/${backup_dest_aws}" "aws-s3"
+check_backup_deletion_aws "$backup_dest_aws" "/rs0/myApp.test.gz"
 
 destroy $namespace
 

e2e-tests/demand-backup-sharded/run

@@ -108,9 +108,10 @@ sleep 5
 if [ -z "$SKIP_BACKUPS_TO_AWS_GCP_AZURE" ]; then
 	desc 'check backup and restore -- aws-s3'
 	backup_dest_aws=$(get_backup_dest "$backup_name_aws")
-	curl -s "https://s3.amazonaws.com/${backup_dest_aws}/rs0/myApp.test.gz" | gunzip >/dev/null
-	curl -s "https://s3.amazonaws.com/${backup_dest_aws}/rs1/myApp1.test.gz" | gunzip >/dev/null
-	curl -s "https://s3.amazonaws.com/${backup_dest_aws}/rs2/myApp2.test.gz" | gunzip >/dev/null
+	setup_aws_credentials
+	check_backup_existence_aws "$backup_dest_aws" "/rs0/myApp.test.gz"
+	check_backup_existence_aws "$backup_dest_aws" "/rs1/myApp1.test.gz"
+	check_backup_existence_aws "$backup_dest_aws" "/rs2/myApp2.test.gz"
 	insert_data_mongos "100501" "myApp" "" "$custom_port"
 	insert_data_mongos "100501" "myApp1" "" "$custom_port"
 	insert_data_mongos "100501" "myApp2" "" "$custom_port"
@@ -121,9 +122,10 @@ if [ -z "$SKIP_BACKUPS_TO_AWS_GCP_AZURE" ]; then
 
 	desc 'check backup and restore -- gcp-cs'
 	backup_dest_gcp=$(get_backup_dest "$backup_name_gcp")
-	curl -s "https://storage.googleapis.com/${backup_dest_gcp}/rs0/myApp.test.gz" | gunzip >/dev/null
-	curl -s "https://storage.googleapis.com/${backup_dest_gcp}/rs1/myApp1.test.gz" | gunzip >/dev/null
-	curl -s "https://storage.googleapis.com/${backup_dest_gcp}/rs2/myApp2.test.gz" | gunzip >/dev/null
+	setup_gcs_credentials
+	check_backup_existence_gcs "$backup_dest_gcp" "/rs0/myApp.test.gz"
+	check_backup_existence_gcs "$backup_dest_gcp" "/rs1/myApp1.test.gz"
+	check_backup_existence_gcs "$backup_dest_gcp" "/rs2/myApp2.test.gz"
 	insert_data_mongos "100501" "myApp" "" "$custom_port"
 	insert_data_mongos "100501" "myApp1" "" "$custom_port"
 	insert_data_mongos "100501" "myApp2" "" "$custom_port"
@@ -134,9 +136,10 @@ if [ -z "$SKIP_BACKUPS_TO_AWS_GCP_AZURE" ]; then
 
 	desc 'check backup and restore -- azure-blob'
 	backup_dest_azure=$(get_backup_dest "$backup_name_azure")
-	curl -s "https://engk8soperators.blob.core.windows.net/${backup_dest_azure}/rs0/myApp.test.gz" | gunzip >/dev/null
-	curl -s "https://engk8soperators.blob.core.windows.net/${backup_dest_azure}/rs1/myApp1.test.gz" | gunzip >/dev/null
-	curl -s "https://engk8soperators.blob.core.windows.net/${backup_dest_azure}/rs2/myApp2.test.gz" | gunzip >/dev/null
+	setup_azure_credentials
+	check_backup_existence_azure "$backup_dest_azure" "/rs0/myApp.test.gz"
+	check_backup_existence_azure "$backup_dest_azure" "/rs1/myApp1.test.gz"
+	check_backup_existence_azure "$backup_dest_azure" "/rs2/myApp2.test.gz"
 	insert_data_mongos "100501" "myApp" "" "$custom_port"
 	insert_data_mongos "100501" "myApp1" "" "$custom_port"
 	insert_data_mongos "100501" "myApp2" "" "$custom_port"
@@ -169,9 +172,9 @@ if [[ $backup_exists -eq 1 ]]; then
 fi
 
 if [ -z "$SKIP_BACKUPS_TO_AWS_GCP_AZURE" ]; then
-	check_backup_deletion "https://s3.amazonaws.com/${backup_dest_aws}" "aws-s3"
-	check_backup_deletion "https://storage.googleapis.com/${backup_dest_gcp}" "gcp-cs"
-	check_backup_deletion "https://engk8soperators.blob.core.windows.net/${backup_dest_azure}" "azure-blob"
+	check_backup_deletion_aws "$backup_dest_aws" "/rs0/myApp.test.gz"
+	check_backup_deletion_gcs "$backup_dest_gcp" "/rs0/myApp.test.gz"
+	check_backup_deletion_azure "$backup_dest_azure" "/rs0/myApp.test.gz"
 fi
 
 # Temporarily skipping this check
@@ -180,3 +183,4 @@ fi
 
 kubectl_bin delete -f "$conf_dir/container-rc.yaml"
 destroy "$namespace"
+desc 'test passed'

e2e-tests/demand-backup/run

@@ -188,7 +188,7 @@ wait_backup_agent $cluster-1
 wait_backup_agent $cluster-2
 
 if [ -z "$SKIP_BACKUPS_TO_AWS_GCP_AZURE" ]; then
-	desc 'Check GCS pfofiles'
+	desc 'Check GCS profiles'
 	compare_pbm_profile_setup "some-name" "gcp-cs-s3"
 	compare_pbm_profile_setup "some-name" "gcp-cs-sa"
 fi
@@ -223,22 +223,25 @@ sleep 5
 if [ -z "$SKIP_BACKUPS_TO_AWS_GCP_AZURE" ]; then
 	desc 'check backup and restore -- aws-s3'
 	backup_dest_aws=$(get_backup_dest "$backup_name_aws")
-	check_backup_in_storage ${backup_name_aws} s3 rs0 'myApp.test.gz'
+	setup_aws_credentials
+	check_backup_existence_aws ${backup_dest_aws} '/rs0/myApp.test.gz'
 	run_recovery_check "$backup_name_aws" "$cluster"
 
 	desc 'check backup and restore -- gcp-cs-s3'
 	backup_dest_gcp_s3=$(get_backup_dest "$backup_name_gcp_s3")
-	check_backup_in_storage ${backup_name_gcp_s3} gcs rs0 'myApp.test.gz'
+	setup_gcs_credentials
+	check_backup_existence_gcs ${backup_dest_gcp_s3} '/rs0/myApp.test.gz'
 	run_recovery_check "$backup_name_gcp_s3" "$cluster"
 
 	desc 'check backup and restore -- gcp-cs-sa'
 	backup_dest_gcp_sa=$(get_backup_dest "$backup_name_gcp_sa")
-	check_backup_in_storage ${backup_name_gcp_sa} gcs rs0 'myApp.test.gz'
+	check_backup_existence_gcs ${backup_dest_gcp_sa} '/rs0/myApp.test.gz'
 	run_recovery_check "$backup_name_gcp_sa" "$cluster"
 
 	desc 'check backup and restore -- azure-blob'
 	backup_dest_azure=$(get_backup_dest "$backup_name_azure")
-	check_backup_in_storage ${backup_name_azure} azure rs0 'myApp.test.gz'
+	setup_azure_credentials
+	check_backup_existence_azure ${backup_dest_azure} '/rs0/myApp.test.gz'
 	run_recovery_check "$backup_name_azure" "$cluster"
 fi
 
@@ -285,10 +288,10 @@ if [[ $backup_exists -eq 1 ]]; then
 fi
 
 if [ -z "$SKIP_BACKUPS_TO_AWS_GCP_AZURE" ]; then
-	check_backup_deletion "https://s3.amazonaws.com/${backup_dest_aws}" "aws-s3"
-	check_backup_deletion "https://storage.googleapis.com/${backup_dest_gcp_s3}" "gcp-cs-s3"
-	check_backup_deletion "https://storage.googleapis.com/${backup_dest_gcp_sa}" "gcp-cs-sa"
-	check_backup_deletion "${backup_dest_azure}" "azure-blob"
+	check_backup_deletion_aws "$backup_dest_aws" "/rs0/myApp.test.gz"
+	check_backup_deletion_gcs "$backup_dest_gcp_s3" "/rs0/myApp.test.gz"
+	check_backup_deletion_gcs "$backup_dest_gcp_sa" "/rs0/myApp.test.gz"
+	check_backup_deletion_azure "$backup_dest_azure" "/rs0/myApp.test.gz"
 fi
 
 desc 'checking backup deletion without cr'
@@ -327,10 +330,10 @@ if [[ $backup_exists -eq 1 ]]; then
 fi
 
 if [ -z "$SKIP_BACKUPS_TO_AWS_GCP_AZURE" ]; then
-	check_backup_deletion "https://s3.amazonaws.com/${backup_dest_aws}" "aws-s3"
-	check_backup_deletion "https://storage.googleapis.com/${backup_dest_gcp_s3}" "gcp-cs-s3"
-	check_backup_deletion "https://storage.googleapis.com/${backup_dest_gcp_sa}" "gcp-cs-sa"
-	check_backup_deletion "${backup_dest_azure}" "azure-blob"
+	check_backup_deletion_aws "$backup_dest_aws" "/rs0/myApp.test.gz"
+	check_backup_deletion_gcs "$backup_dest_gcp_s3" "/rs0/myApp.test.gz"
+	check_backup_deletion_gcs "$backup_dest_gcp_sa" "/rs0/myApp.test.gz"
+	check_backup_deletion_azure "$backup_dest_azure" "/rs0/myApp.test.gz"
 fi
 
 # Temporarily skipping this check