CLOUD-940 Use authenticated calls to check backup existence #2113
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jvpasinatto
requested review from
eleo007 and
valmiranogueira
as code owners
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| } | ||
|
|
||
| function check_backup_deletion_gcs() { | ||
| backup_dest_gcp=$1 |
Contributor
There was a problem hiding this comment.
[shfmt] reported by reviewdog 🐶
Suggested change
| backup_dest_gcp=$1 | |
| backup_dest_gcp=$1 |
Comment on lines
+1600
to
+1609
| while gsutil ls "$gcs_path" >/dev/null 2>&1; do | ||
| if [ $retry -ge 15 ]; then | ||
| echo "max retry count $retry reached. something went wrong with operator or kubernetes cluster" | ||
| echo "Backup $gcs_path still exists in $storage_name (expected it to be deleted)" | ||
| exit 1 | ||
| fi | ||
| echo "waiting for backup to be deleted from $storage_name" | ||
| sleep 10 | ||
| ((retry += 1)) | ||
| done |
Contributor
There was a problem hiding this comment.
[shfmt] reported by reviewdog 🐶
Suggested change
| while gsutil ls "$gcs_path" >/dev/null 2>&1; do | |
| if [ $retry -ge 15 ]; then | |
| echo "max retry count $retry reached. something went wrong with operator or kubernetes cluster" | |
| echo "Backup $gcs_path still exists in $storage_name (expected it to be deleted)" | |
| exit 1 | |
| fi | |
| echo "waiting for backup to be deleted from $storage_name" | |
| sleep 10 | |
| ((retry += 1)) | |
| done | |
| while gsutil ls "$gcs_path" >/dev/null 2>&1; do | |
| if [ $retry -ge 15 ]; then | |
| echo "max retry count $retry reached. something went wrong with operator or kubernetes cluster" | |
| echo "Backup $gcs_path still exists in $storage_name (expected it to be deleted)" | |
| exit 1 | |
| fi | |
| echo "waiting for backup to be deleted from $storage_name" | |
| sleep 10 | |
| ((retry += 1)) | |
| done |
| ((retry += 1)) | ||
| done | ||
|
|
||
| echo "Backup $gcs_path not found in $storage_name" |
Contributor
There was a problem hiding this comment.
[shfmt] reported by reviewdog 🐶
Suggested change
| echo "Backup $gcs_path not found in $storage_name" | |
| echo "Backup $gcs_path not found in $storage_name" |
| sleep 10 | ||
| ((retry += 1)) | ||
| done | ||
|
|
Contributor
There was a problem hiding this comment.
[shfmt] reported by reviewdog 🐶
Suggested change
Comment on lines
+1656
to
+1688
| local secret_name="aws-s3-secret" | ||
|
|
||
| if [[ -n "$AWS_ACCESS_KEY_ID" ]] && [[ -n "$AWS_SECRET_ACCESS_KEY" ]]; then | ||
| echo "AWS credentials already set in environment" | ||
| return 0 | ||
| fi | ||
|
|
||
| echo "Setting up AWS credentials from secret: $secret_name" | ||
|
|
||
| # Disable tracing for the entire credential section | ||
| local trace_was_on=0 | ||
| if [[ $- == *x* ]]; then | ||
| trace_was_on=1 | ||
| set +x | ||
| fi | ||
|
|
||
| AWS_ACCESS_KEY_ID=$(kubectl get secret "$secret_name" -o jsonpath='{.data.AWS_ACCESS_KEY_ID}' 2>/dev/null | base64 -d 2>/dev/null) | ||
| AWS_SECRET_ACCESS_KEY=$(kubectl get secret "$secret_name" -o jsonpath='{.data.AWS_SECRET_ACCESS_KEY}' 2>/dev/null | base64 -d 2>/dev/null) | ||
|
|
||
| if [[ -z "$AWS_ACCESS_KEY_ID" ]] || [[ -z "$AWS_SECRET_ACCESS_KEY" ]]; then | ||
| # Re-enable tracing before error message if it was on | ||
| [[ $trace_was_on -eq 1 ]] && set -x | ||
| echo "Failed to extract AWS credentials from secret" | ||
| return 1 | ||
| fi | ||
|
|
||
| export AWS_ACCESS_KEY_ID | ||
| export AWS_SECRET_ACCESS_KEY | ||
|
|
||
| # Re-enable tracing if it was on | ||
| [[ $trace_was_on -eq 1 ]] && set -x | ||
|
|
||
| echo "AWS credentials configured successfully" |
Contributor
There was a problem hiding this comment.
[shfmt] reported by reviewdog 🐶
Suggested change
| local secret_name="aws-s3-secret" | |
| if [[ -n "$AWS_ACCESS_KEY_ID" ]] && [[ -n "$AWS_SECRET_ACCESS_KEY" ]]; then | |
| echo "AWS credentials already set in environment" | |
| return 0 | |
| fi | |
| echo "Setting up AWS credentials from secret: $secret_name" | |
| # Disable tracing for the entire credential section | |
| local trace_was_on=0 | |
| if [[ $- == *x* ]]; then | |
| trace_was_on=1 | |
| set +x | |
| fi | |
| AWS_ACCESS_KEY_ID=$(kubectl get secret "$secret_name" -o jsonpath='{.data.AWS_ACCESS_KEY_ID}' 2>/dev/null | base64 -d 2>/dev/null) | |
| AWS_SECRET_ACCESS_KEY=$(kubectl get secret "$secret_name" -o jsonpath='{.data.AWS_SECRET_ACCESS_KEY}' 2>/dev/null | base64 -d 2>/dev/null) | |
| if [[ -z "$AWS_ACCESS_KEY_ID" ]] || [[ -z "$AWS_SECRET_ACCESS_KEY" ]]; then | |
| # Re-enable tracing before error message if it was on | |
| [[ $trace_was_on -eq 1 ]] && set -x | |
| echo "Failed to extract AWS credentials from secret" | |
| return 1 | |
| fi | |
| export AWS_ACCESS_KEY_ID | |
| export AWS_SECRET_ACCESS_KEY | |
| # Re-enable tracing if it was on | |
| [[ $trace_was_on -eq 1 ]] && set -x | |
| echo "AWS credentials configured successfully" | |
| local secret_name="aws-s3-secret" | |
| if [[ -n $AWS_ACCESS_KEY_ID ]] && [[ -n $AWS_SECRET_ACCESS_KEY ]]; then | |
| echo "AWS credentials already set in environment" | |
| return 0 | |
| fi | |
| echo "Setting up AWS credentials from secret: $secret_name" | |
| # Disable tracing for the entire credential section | |
| local trace_was_on=0 | |
| if [[ $- == *x* ]]; then | |
| trace_was_on=1 | |
| set +x | |
| fi | |
| AWS_ACCESS_KEY_ID=$(kubectl get secret "$secret_name" -o jsonpath='{.data.AWS_ACCESS_KEY_ID}' 2>/dev/null | base64 -d 2>/dev/null) | |
| AWS_SECRET_ACCESS_KEY=$(kubectl get secret "$secret_name" -o jsonpath='{.data.AWS_SECRET_ACCESS_KEY}' 2>/dev/null | base64 -d 2>/dev/null) | |
| if [[ -z $AWS_ACCESS_KEY_ID ]] || [[ -z $AWS_SECRET_ACCESS_KEY ]]; then | |
| # Re-enable tracing before error message if it was on | |
| [[ $trace_was_on -eq 1 ]] && set -x | |
| echo "Failed to extract AWS credentials from secret" | |
| return 1 | |
| fi | |
| export AWS_ACCESS_KEY_ID | |
| export AWS_SECRET_ACCESS_KEY | |
| # Re-enable tracing if it was on | |
| [[ $trace_was_on -eq 1 ]] && set -x | |
| echo "AWS credentials configured successfully" |
Comment on lines
+1762
to
+1763
| # Re-enable tracing if it was on | ||
| [[ $trace_was_on -eq 1 ]] && set -x |
Contributor
There was a problem hiding this comment.
[shfmt] reported by reviewdog 🐶
Suggested change
| # Re-enable tracing if it was on | |
| [[ $trace_was_on -eq 1 ]] && set -x | |
| # Re-enable tracing if it was on | |
| [[ $trace_was_on -eq 1 ]] && set -x |
| # Re-enable tracing if it was on | ||
| [[ $trace_was_on -eq 1 ]] && set -x | ||
|
|
||
| echo "Azure credentials configured successfully" |
Contributor
There was a problem hiding this comment.
[shfmt] reported by reviewdog 🐶
Suggested change
| echo "Azure credentials configured successfully" | |
| echo "Azure credentials configured successfully" |
| sleep 10 | ||
| ((retry += 1)) | ||
| done | ||
|
|
Contributor
There was a problem hiding this comment.
[shfmt] reported by reviewdog 🐶
Suggested change
| sleep 10 | ||
| ((retry += 1)) | ||
| done | ||
|
|
Contributor
There was a problem hiding this comment.
[shfmt] reported by reviewdog 🐶
Suggested change
| sleep 10 | ||
| ((retry += 1)) | ||
| done | ||
|
|
Contributor
There was a problem hiding this comment.
[shfmt] reported by reviewdog 🐶
Suggested change
Collaborator
commit: a1bead7 |
egegunes
approved these changes
Nov 20, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
CHANGE DESCRIPTION
Problem
The operator-testing S3 bucket is now private, so its objects can no longer be accessed through unauthenticated object URLs. As a result, tests that verify the existence of backups in this bucket are failing.
Solution
Use the respective cloud CLIs, authenticated via the pipeline credentials, to verify the existence of backups.
Also, use PBM 2.11.0 as default in e2e-tests until K8SPSMDB-1522 is fixed
CHECKLIST
Jira
Needs Doc) and QA (Needs QA)?Tests
compare/*-oc.yml)?Config/Logging/Testability