K8SPSMDB-1035: Allow empty secretName for backup jobs

[tadjik1]

CHANGE DESCRIPTION

Problem:

Empty secretName results in errors in the operator:

2023-11-10T13:34:01.099Z	ERROR	Storage credentials secret does not exist	{"controller": "psmdb-controller", "object": {"name":"mongodb-psmdb-db","namespace":"mongodb"}, "namespace": "mongodb", "name": "mongodb-psmdb-db", "reconcileID": "89430f6b-4e56-401b-9cac-95d2a5ea710d", "secret": ""}
github.com/percona/percona-server-mongodb-operator/pkg/controller/perconaservermongodb.(*ReconcilePerconaServerMongoDB).updatePITR
	/go/src/github.com/percona/percona-server-mongodb-operator/pkg/controller/perconaservermongodb/backup.go:395
github.com/percona/percona-server-mongodb-operator/pkg/controller/perconaservermongodb.(*ReconcilePerconaServerMongoDB).Reconcile
	/go/src/github.com/percona/percona-server-mongodb-operator/pkg/controller/perconaservermongodb/psmdb_controller.go:558
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile
	/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:119
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
	/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:316
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
	/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
	/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227

Cause:

Logic doesn't incorporate possibility of empty secretName which is normal behaviour for the backup jobs running directly on EC2 instances.
https://docs.percona.com/percona-operator-for-mongodb/backups-storage.html

Using AWS EC2 instances for backups makes it possible to automate access to AWS S3 buckets based on [IAM roles](https://kubernetes-on-aws.readthedocs.io/en/latest/user-guide/iam-roles.html) for Service Accounts with no need to specify the S3 credentials explicitly.
Following steps are needed to turn this feature on:

Create the [IAM instance profile](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html) and the permission policy within where you specify the access level that grants the access to S3 buckets.
Attach the IAM profile to an EC2 instance.
Configure an S3 storage bucket and verify the connection from the EC2 instance to it.
Do not provide s3.credentialsSecret for the storage in deploy/cr.yaml.

Solution:

Get rid of the log message by ignoring empty secret (do not validate file existence in that case).

I'm extremely new to this project (actually just opened the source code for the first time today), so I'm not sure which Jira ticket needs to be created and whether I need to write tests for this (it seems that tests are missing for this module).

CHECKLIST

Jira

• Is the Jira ticket created and referenced properly?
• Does the Jira ticket have the proper statuses for documentation (Needs Doc) and QA (Needs QA)?
• Does the Jira ticket link to the proper milestone (Fix Version field)?

Tests

• Is an E2E test/test case added for the new feature/change?
• Are unit tests added where appropriate?
• Are OpenShift compare files changed for E2E tests (compare/*-oc.yml)?

Config/Logging/Testability

• Are all needed new/changed options added to default YAML files?
• Are the manifests (crd/bundle) regenerated if needed?
• Did we add proper logging messages for operator actions?
• Did we ensure compatibility with the previous version or cluster upgrade process?
• Does the change support oldest and newest supported MongoDB version?
• Does the change support oldest and newest supported Kubernetes version?

[CLAassistant]

All committers have signed the CLA.

[hors]

@tadjik1, please sign the CLA

[egegunes]

@tadjik1 thank you for your contribution. These changes confuse me a little bit because we already should have this functionality and even have a test for it. Could you please share steps to reproduce?

@nmarukovich could you please check if this problem is valid?

[egegunes]

@tadjik1 please run gofmt on files you changed

[hors]

@tadjik1 please run gofmt on files you changed

Hey @tadjik1, please fix it, and we will merge your PR:

[gofmt] reported by reviewdog 🐶


Raw Output:
pkg/controller/perconaservermongodb/backup.go:394:-	
pkg/controller/perconaservermongodb/backup.go:394:+

[hors]

@egegunes @tadjik1 I have added test case for this fix #1426

[egegunes]

@nmarukovich please review

[JNKPercona]

Test name	Status
arbiter	passed
balancer	passed
custom-replset-name	passed
cross-site-sharded	passed
data-at-rest-encryption	passed
data-sharded	passed
demand-backup	passed
demand-backup-eks-credentials	passed
demand-backup-physical	passed
demand-backup-physical-sharded	passed
demand-backup-sharded	passed
expose-sharded	passed
ignore-labels-annotations	passed
init-deploy	passed
finalizer	passed
limits	passed
liveness	passed
mongod-major-upgrade	passed
mongod-major-upgrade-sharded	passed
monitoring-2-0	passed
multi-cluster-service	passed
non-voting	passed
one-pod	passed
operator-self-healing-chaos	passed
pitr	passed
pitr-sharded	passed
pitr-physical	passed
recover-no-primary	passed
rs-shard-migration	passed
scaling	passed
scheduled-backup	passed
security-context	passed
self-healing-chaos	passed
service-per-pod	passed
serviceless-external-nodes	passed
smart-update	passed
split-horizon	passed
storage	passed
tls-issue-cert-manager	passed
upgrade	passed
upgrade-consistency	passed
upgrade-consistency-sharded	passed
upgrade-sharded	passed
users	passed
version-service	passed
We run 45 out of 45

commit: eeba153
image: perconalab/percona-server-mongodb-operator:PR-1377-eeba1539

[hors]

Hi @tadjik1 thank you for your contribution. We will include your fix in the next PSMDB release.