Skip to content

[GEP-26] Add support for web identity authentication to S3 snapstore#892

Merged
ishan16696 merged 10 commits intogardener:masterfrom
vpnachev:enh/s3/add-support-for-web-identity
Aug 18, 2025
Merged

[GEP-26] Add support for web identity authentication to S3 snapstore#892
ishan16696 merged 10 commits intogardener:masterfrom
vpnachev:enh/s3/add-support-for-web-identity

Conversation

@vpnachev
Copy link
Member

@vpnachev vpnachev commented Jul 8, 2025

How to categorize this PR?
/area backup security ipcei
/kind enhancement

What this PR does / why we need it:
Add support for web identity authentication to S3 snapstore

Which issue(s) this PR fixes:
Part of gardener/gardener#9586

Special notes for your reviewer:
cc @dimityrmirchev

Release note:

The container base image has been updated to debian12. 

S3 snapstore now support web identity authentication.
To be enabled, the `roleARN` and `token` credentials files or json fields must be set, while `accessKeyID` and `secretAccessKey` has to be unset.

@vpnachev vpnachev requested a review from a team as a code owner July 8, 2025 15:20
@gardener-robot gardener-robot added area/backup Backup related area/ipcei IPCEI (Important Project of Common European Interest) area/security Security related kind/enhancement Enhancement, improvement, extension needs/review Needs review size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jul 8, 2025
@vpnachev vpnachev changed the title Add support for web identity authentication to S3 snapstore [GEP-26] Add support for web identity authentication to S3 snapstore Jul 8, 2025
@ghost ghost added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Jul 8, 2025
@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Jul 9, 2025
@gardener-robot-ci-2 gardener-robot-ci-2 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Jul 9, 2025
dimityrmirchev
dimityrmirchev requested changes Jul 10, 2025
View reviewed changes
Copy link
Member

@dimityrmirchev dimityrmirchev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I left some small comments/questions.

@gardener-robot gardener-robot added the needs/changes Needs (more) changes label Jul 10, 2025
@vpnachev @dimityrmirchev
Address review feedback part1
3f757e8 
Co-authored-by: Dimitar Mirchev <dimitar.mirchev@sap.com>
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jul 10, 2025
@ghost ghost removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jul 10, 2025
@vpnachev vpnachev mentioned this pull request Jul 10, 2025
Merged
@vpnachev vpnachev mentioned this pull request Jul 28, 2025
Open
@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 5, 2025
@vpnachev vpnachev requested a review from ishan16696 August 5, 2025 15:26
@vpnachev
Copy link
Member Author

vpnachev commented Aug 5, 2025

@gardener/etcd-druid-maintainers kindly review this PR

dimityrmirchev
dimityrmirchev approved these changes Aug 6, 2025
View reviewed changes
Copy link
Member

@dimityrmirchev dimityrmirchev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@gardener-robot gardener-robot added reviewed/lgtm Has approval for merging and removed needs/changes Needs (more) changes needs/review Needs review labels Aug 6, 2025
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 6, 2025
@ishan16696
Copy link
Member

ishan16696 commented Aug 6, 2025

/assign

ishan16696
ishan16696 requested changes Aug 6, 2025
View reviewed changes
Copy link
Member

@ishan16696 ishan16696 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

few nits:

@gitguardian
Copy link

gitguardian bot commented Aug 6, 2025
edited
Loading

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
While these secrets were previously flagged, we no longer have a reference to the
specific commits where they were detected. Once a secret has been leaked into a git
repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

@ghost ghost removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 6, 2025
@ishan16696 ishan16696 added this to the v0.38.0 milestone Aug 7, 2025
ishan16696
ishan16696 approved these changes Aug 14, 2025
View reviewed changes
Copy link
Member

@ishan16696 ishan16696 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!!

@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 18, 2025
@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 18, 2025
@vpnachev vpnachev force-pushed the enh/s3/add-support-for-web-identity branch from 0f04c07 to 1a6af64 Compare August 18, 2025 07:31
@gardener-robot-ci-2 gardener-robot-ci-2 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Aug 18, 2025
@vpnachev vpnachev force-pushed the enh/s3/add-support-for-web-identity branch from 1a6af64 to 68ed770 Compare August 18, 2025 10:02
@gardener-robot-ci-2 gardener-robot-ci-2 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Aug 18, 2025
@ishan16696 ishan16696 merged commit 8bd3f58 into gardener:master Aug 18, 2025
10 checks passed
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Aug 18, 2025
@vpnachev vpnachev deleted the enh/s3/add-support-for-web-identity branch August 18, 2025 10:56
@gardener-github-actions gardener-github-actions bot mentioned this pull request Aug 26, 2025
Merged
@renormalize renormalize mentioned this pull request Sep 10, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dimityrmirchev dimityrmirchev dimityrmirchev approved these changes

@ishan16696 ishan16696 ishan16696 approved these changes

Assignees

@ishan16696 ishan16696

Labels

area/backup Backup related area/ipcei IPCEI (Important Project of Common European Interest) area/security Security related kind/enhancement Enhancement, improvement, extension needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) reviewed/lgtm Has approval for merging size/M Denotes a PR that changes 30-99 lines, ignoring generated files. status/closed Issue is closed (either delivered or triaged)

Projects

None yet

Milestone

v0.38.0

Development

Successfully merging this pull request may close these issues.

6 participants

@vpnachev @ishan16696 @dimityrmirchev @gardener-robot-ci-1 @gardener-robot-ci-2 @gardener-robot