use pod or workload identity

[till]

• feat(backup): workload identity for Azure/AWS
• fix: correct backupStorages map lookup by using backup storage name instead of repo name

---

• someone needs to test/review the AWS part
• pgbackrest is currently too old 👇🏼

pgbackrest 2.58.0 was released a couple of days ago and adds support for managed identities. I briefly tested if it was already available in the percona repository:

# rebuild the image in percona-docker:
docker run --rm -it till/percona-pgbackrest:latest bash
bash-5.1$ pgbackrest version
pgBackRest 2.57.0

Generally, not sure what the procedure is to get the images rebuild in percona-docker (once it is available).

CHANGE DESCRIPTION

---

Problem:

EVEREST-0

Short explanation of the problem.

I want to use workload identity so that we don't have to maintain credentials for backups.

Related pull requests

• [link]

Cause:

Maintaining and rotating credentials is a nightmare.

Solution:

The solution is (hopefully) this PR as it adds the feature for Azure and AWS.

CHECKLIST

---

Helm chart

• Is the helm chart updated with the new changes? (if applicable)

Jira

• Is the Jira ticket created and referenced properly?

Tests

• Is an Integration test/test case added for the new feature/change?
• Are unit tests added where appropriate?

[it-percona-cla]

All committers have signed the CLA.

[recharte]

Hi @till thanks for driving this initiative, overall the changes look to be heading in the right direction. I still need to spend some more time with pg_repos_reconciler.go to make sure everything is fine.
Also, it would be great if you could extend the integration tests with these new cases. You'll see Makefile targets that will help you run those integration tests

[till]

@recharte I'd pick this up again in April and see if Percona updated pgbackrest, did you have any feedback?

[recharte]

@till Percona will release PGO v2.9.0 within 1 week and it will feature PGBackRest 2.58.0 as you can see here, that file is part of this PR.