K8SPSMDB-1488: reconfigure PBM on storage secret update (#2103)

mayankshah1607 · web-flow · commit 959c43be71bc · 2025-11-06T08:41:07.000+03:00
Signed-off-by: Mayank Shah &lt;mayank.shah@percona.com&gt;
diff --git a/pkg/controller/perconaservermongodb/pbm.go b/pkg/controller/perconaservermongodb/pbm.go
@@ -139,6 +139,7 @@ func (r *ReconcilePerconaServerMongoDB) reconcilePBMConfig(ctx context.Context,
 	// Hashes can be equal even if the actual PBM configuration differs from the one that was hashed
 	// For example, a restore can modify the PBM config
 	// We should use `isResyncNeeded` to compare the current configuration with the one we need
+	// Also, storage credentials are not hashed since they are excluded from JSON representation. `isResyncNeeded` will handle it.
 	if cr.Status.BackupConfigHash == hash && !isResyncNeeded(currentCfg, &main) {
 		return nil
 	}
@@ -192,6 +193,15 @@ func isResyncNeeded(currentCfg *config.Config, newCfg *config.Config) bool {
 		if currentCfg.Storage.S3.Prefix != newCfg.Storage.S3.Prefix {
 			return true
 		}
+
+		if currentCfg.Storage.S3.Credentials.AccessKeyID != newCfg.Storage.S3.Credentials.AccessKeyID {
+			return true
+		}
+
+		if currentCfg.Storage.S3.Credentials.SecretAccessKey != newCfg.Storage.S3.Credentials.SecretAccessKey {
+			return true
+		}
+
 	}
 
 	if currentCfg.Storage.GCS != nil && newCfg.Storage.GCS != nil {
@@ -202,6 +212,22 @@ func isResyncNeeded(currentCfg *config.Config, newCfg *config.Config) bool {
 		if currentCfg.Storage.GCS.Prefix != newCfg.Storage.GCS.Prefix {
 			return true
 		}
+
+		if currentCfg.Storage.GCS.Credentials.ClientEmail != newCfg.Storage.GCS.Credentials.ClientEmail {
+			return true
+		}
+
+		if currentCfg.Storage.GCS.Credentials.PrivateKey != newCfg.Storage.GCS.Credentials.PrivateKey {
+			return true
+		}
+
+		if currentCfg.Storage.GCS.Credentials.HMACAccessKey != newCfg.Storage.GCS.Credentials.HMACAccessKey {
+			return true
+		}
+
+		if currentCfg.Storage.GCS.Credentials.HMACSecret != newCfg.Storage.GCS.Credentials.HMACSecret {
+			return true
+		}
 	}
 
 	if currentCfg.Storage.Azure != nil && newCfg.Storage.Azure != nil {
@@ -216,6 +242,10 @@ func isResyncNeeded(currentCfg *config.Config, newCfg *config.Config) bool {
 		if currentCfg.Storage.Azure.Account != newCfg.Storage.Azure.Account {
 			return true
 		}
+
+		if currentCfg.Storage.Azure.Credentials.Key != newCfg.Storage.Azure.Credentials.Key {
+			return true
+		}
 	}
 
 	if currentCfg.Storage.Filesystem != nil && newCfg.Storage.Filesystem != nil {
