I did not find the Jira project or GitHub repo to ask for a feature request so writing it here…
if storageSpec.S3.CredentialsSecret == “” {
return nil, fmt.Errorf(“no credentials specified for the secret name %s”, storageName)
}
It would be nice not to return an error in case no s3.credentials is set for the cluster hosted on the cloud providers. AWS has the ability to get temporary credentials using the role attached to a pod. It is a more secure and flexible way of dealing with credentials. The creds should be renewed on every scheduled run using api call to STS. Maybe add another field in storage config, to have something like this:
storages:
s3-backup-bucket:
type: “s3”
s3:
bucket: {{ .Values.backup.storages.s3BackupStorage.s3.bucketName }}
region: {{ .Values.backup.storages.s3BackupStorage.s3.region }}
cloud: “AWS”
and in pkg/psmdb/backup/agent.go
if storageSpec.S3.cloud == “AWS” {
some_logic
}
elif storageSpec.S3.cloud == “Other_cloud” {
some_logic2
}
elif storageSpec.S3.cloud == “”{
if storageSpec.S3.CredentialsSecret == “” {
return nil, fmt.Errorf(“no credentials specified for the secret name %s”, storageName)
}
}