fix: backup storage support sign version (#21912)

Co-authored-by: Qiu Jian <qiujian@yunionyun.com>

go.mod

@@ -93,12 +93,12 @@ require (
 	k8s.io/cri-api v0.22.17
 	k8s.io/klog/v2 v2.20.0
 	moul.io/http2curl/v2 v2.3.0
-	yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20241225022314-afb2521c4810
+	yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20241231161311-2b925c2c0096
 	yunion.io/x/executor v0.0.0-20241205080005-48f5b1212256
 	yunion.io/x/jsonutils v1.0.1-0.20240930100528-1671a2d0d22f
 	yunion.io/x/log v1.0.1-0.20240305175729-7cf2d6cd5a91
 	yunion.io/x/ovsdb v0.0.0-20230306173834-f164f413a900
-	yunion.io/x/pkg v1.10.2
+	yunion.io/x/pkg v1.10.3
 	yunion.io/x/s3cli v0.0.0-20241221171442-1c11599d28e1
 	yunion.io/x/sqlchemy v1.1.3-0.20240926163039-d41512b264e1
 	yunion.io/x/structarg v0.0.0-20231017124457-df4d5009457c

go.sum

@@ -1376,8 +1376,8 @@ sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
 sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
-yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20241225022314-afb2521c4810 h1:Y5Q+aOgh6a/0fEi7JUI9QVcJ3qDhjjv+0MxZNbDhllk=
-yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20241225022314-afb2521c4810/go.mod h1:KQ/jWx7bZlmjCE711KEWuvHW/dzpdr/UTlBjjutkj0Y=
+yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20241231161311-2b925c2c0096 h1:gJIprJl5tg3An9eixiSVHw2H3rtP/7Pft0mN+dtUa00=
+yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20241231161311-2b925c2c0096/go.mod h1:KQ/jWx7bZlmjCE711KEWuvHW/dzpdr/UTlBjjutkj0Y=
 yunion.io/x/executor v0.0.0-20241205080005-48f5b1212256 h1:kLKQ6zbgPDQflRwoHFAjxNChcbhXIFgsUVLkJwiXu/8=
 yunion.io/x/executor v0.0.0-20241205080005-48f5b1212256/go.mod h1:Uxuou9WQIeJXNpy7t2fPLL0BYLvLiMvGQwY7Qc6aSws=
 yunion.io/x/jsonutils v0.0.0-20190625054549-a964e1e8a051/go.mod h1:4N0/RVzsYL3kH3WE/H1BjUQdFiWu50JGCFQuuy+Z634=
@@ -1391,8 +1391,8 @@ yunion.io/x/ovsdb v0.0.0-20230306173834-f164f413a900 h1:Hu/4ERvoWaN6aiFs4h4/yvVB
 yunion.io/x/ovsdb v0.0.0-20230306173834-f164f413a900/go.mod h1:0vLkNEhlmA64HViPBAnSTUMrx5QP1CLsxXmxDKQ80tc=
 yunion.io/x/pkg v0.0.0-20190620104149-945c25821dbf/go.mod h1:t6rEGG2sQ4J7DhFxSZVOTjNd0YO/KlfWQyK1W4tog+E=
 yunion.io/x/pkg v0.0.0-20190628082551-f4033ba2ea30/go.mod h1:t6rEGG2sQ4J7DhFxSZVOTjNd0YO/KlfWQyK1W4tog+E=
-yunion.io/x/pkg v1.10.2 h1:oZhedvlvDsebIWcOvrOMJQ31SxzjxxqUXUBYseBjh7w=
-yunion.io/x/pkg v1.10.2/go.mod h1:0Bwxqd9MA3ACi119/l02FprY/o9gHahmYC2bsSbnVpM=
+yunion.io/x/pkg v1.10.3 h1:oaJAtMSIwASgF6jB/0W37iOQBLh6ICswfPL3ISnRZC4=
+yunion.io/x/pkg v1.10.3/go.mod h1:0Bwxqd9MA3ACi119/l02FprY/o9gHahmYC2bsSbnVpM=
 yunion.io/x/s3cli v0.0.0-20241221171442-1c11599d28e1 h1:1KJ3YYinydPHpDEQRXdr/T8SYcKZ5Er+m489H+PnaQ4=
 yunion.io/x/s3cli v0.0.0-20241221171442-1c11599d28e1/go.mod h1:0iFKpOs1y4lbCxeOmq3Xx/0AcQoewVPwj62eRluioEo=
 yunion.io/x/sqlchemy v1.1.3-0.20240926163039-d41512b264e1 h1:HWPqY1I5JSmM6Sks6FyK9hnq/MjL7FDghM6M8DXHob0=

pkg/apis/compute/backup.go

@@ -199,6 +199,8 @@ type SBackupStorageAccessInfo struct {
 	ObjectAccessKey string `json:"object_access_key"`
 	// description: secret of object storage
 	ObjectSecret string `json:"object_secret"`
+	// description: signing version, can be v2/v4, default is v4
+	ObjectSignVer string `json:"object_sign_ver"`
 }
 
 func (ba *SBackupStorageAccessInfo) String() string {

pkg/compute/models/backup_storage.go

@@ -171,6 +171,7 @@ func (bs *SBackupStorage) getMoreDetails(ctx context.Context, out api.BackupStor
 	out.NfsSharedDir = bs.AccessInfo.NfsSharedDir
 	out.ObjectBucketUrl = bs.AccessInfo.ObjectBucketUrl
 	out.ObjectAccessKey = bs.AccessInfo.ObjectAccessKey
+	out.ObjectSignVer = bs.AccessInfo.ObjectSignVer
 	// should not return secret
 	out.ObjectSecret = "" // bs.AccessInfo.ObjectSecret
 	return out
@@ -318,6 +319,10 @@ func (bs *SBackupStorage) PostUpdate(ctx context.Context, userCred mcclient.Toke
 			accessInfo.ObjectSecret = sec
 			accessInfoChanged = true
 		}
+		if input.ObjectSignVer != accessInfo.ObjectSignVer {
+			accessInfo.ObjectSignVer = input.ObjectSignVer
+			accessInfoChanged = true
+		}
 	}
 	if accessInfoChanged {
 		_, err = db.Update(bs, func() error {

pkg/compute/models/cloudaccounts.go

@@ -252,7 +252,7 @@ func (acnt *SCloudaccount) enableAccountOnly(ctx context.Context, userCred mccli
 }
 
 func (acnt *SCloudaccount) PerformEnable(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject, input apis.PerformEnableInput) (jsonutils.JSONObject, error) {
-	if strings.Index(acnt.Status, "delet") >= 0 {
+	if strings.Contains(acnt.Status, "delet") {
 		return nil, httperrors.NewInvalidStatusError("Cannot enable deleting account")
 	}
 	_, err := acnt.enableAccountOnly(ctx, userCred, query, input)
@@ -759,7 +759,12 @@ func (acnt *SCloudaccount) PerformTestConnectivity(ctx context.Context, userCred
 	return nil, nil
 }
 
-func (acnt *SCloudaccount) PerformUpdateCredential(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject, data jsonutils.JSONObject) (jsonutils.JSONObject, error) {
+func (acnt *SCloudaccount) PerformUpdateCredential(
+	ctx context.Context,
+	userCred mcclient.TokenCredential,
+	query jsonutils.JSONObject,
+	input cloudprovider.SCloudaccountCredential,
+) (jsonutils.JSONObject, error) {
 	if !acnt.GetEnabled() {
 		return nil, httperrors.NewInvalidStatusError("Account disabled")
 	}
@@ -769,12 +774,6 @@ func (acnt *SCloudaccount) PerformUpdateCredential(ctx context.Context, userCred
 		return nil, httperrors.NewBadRequestError("failed to found provider factory error: %v", err)
 	}
 
-	input := cloudprovider.SCloudaccountCredential{}
-	err = data.Unmarshal(&input)
-	if err != nil {
-		return nil, httperrors.NewInputParameterError("failed to unmarshal input params: %v", err)
-	}
-
 	account, err := providerDriver.ValidateUpdateCloudaccountCredential(ctx, input, acnt.Account)
 	if err != nil {
 		return nil, err

pkg/hostman/storageman/backupstorage/object/factory.go

@@ -15,6 +15,7 @@
 package object
 
 import (
+	"yunion.io/x/cloudmux/pkg/multicloud/objectstore"
 	"yunion.io/x/jsonutils"
 	"yunion.io/x/pkg/errors"
 
@@ -40,7 +41,7 @@ func (factory *sObjectBackupStorageFactory) NewBackupStore(backupStroageId strin
 	if len(accessInfo.ObjectSecret) == 0 {
 		return nil, errors.Wrap(httperrors.ErrInputParameter, "need object_secret in backup_storage_access_info")
 	}
-	return newObjectBackupStorage(backupStroageId, accessInfo.ObjectBucketUrl, accessInfo.ObjectAccessKey, accessInfo.ObjectSecret)
+	return newObjectBackupStorage(backupStroageId, accessInfo.ObjectBucketUrl, accessInfo.ObjectAccessKey, accessInfo.ObjectSecret, objectstore.S3SignVersion(accessInfo.ObjectSignVer))
 }
 
 func init() {

pkg/hostman/storageman/backupstorage/object/object.go

@@ -30,31 +30,29 @@ import (
 type SObjectBackupStorage struct {
 	BackupStorageId string
 
-	endpoint  string
-	bucket    string
-	accessKey string
-	secret    string
+	bucket string
 
 	store *objectstore.SObjectStoreClient
 }
 
-func newObjectBackupStorage(backupStorageId, bucketUrl, accessKey, secret string) (*SObjectBackupStorage, error) {
+func newObjectBackupStorage(backupStorageId, bucketUrl, accessKey, secret string, signVer objectstore.S3SignVersion) (*SObjectBackupStorage, error) {
 	bucket, endpoint, err := parseBucketUrl(bucketUrl)
 	if err != nil {
 		return nil, errors.Wrapf(err, "parseBucketUrl %s", bucketUrl)
 	}
 	cfg := objectstore.NewObjectStoreClientConfig(endpoint, accessKey, secret)
+	if len(signVer) > 0 {
+		cfg = cfg.SignVersion(signVer)
+	}
 	store, err := objectstore.NewObjectStoreClient(cfg)
 	if err != nil {
 		return nil, errors.Wrap(err, "NewObjectStoreClient")
 	}
+
 	return &SObjectBackupStorage{
 		BackupStorageId: backupStorageId,
 
-		endpoint:  endpoint,
-		bucket:    bucket,
-		accessKey: accessKey,
-		secret:    secret,
+		bucket: bucket,
 
 		store: store,
 	}, nil

pkg/mcclient/options/compute/backup.go

@@ -145,6 +145,7 @@ type BackupStorageCreateOptions struct {
 	ObjectBucketUrl string `help:"object bucket url, required when storage_type is object"`
 	ObjectAccessKey string `help:"object storage access key, required when storage_type is object"`
 	ObjectSecret    string `help:"object storage secret, required when storage_type is object"`
+	ObjectSignVer   string `help:"object storage signing alogirithm version, optional" choices:"v2|v4"`
 
 	CapacityMb int `help:"capacity, unit mb"`
 }
@@ -162,6 +163,7 @@ type BackupStorageUpdateOptions struct {
 	ObjectBucketUrl string `help:"object bucket url, required when storage_type is object"`
 	ObjectAccessKey string `help:"object storage access key, required when storage_type is object"`
 	ObjectSecret    string `help:"object storage secret, required when storage_type is object"`
+	ObjectSignVer   string `help:"object storage signing alogirithm version, optional" choices:"v2|v4"`
 }
 
 func (opts *BackupStorageUpdateOptions) Params() (jsonutils.JSONObject, error) {

pkg/mcclient/options/compute/cloudaccounts.go

@@ -405,11 +405,17 @@ type SS3CloudAccountCreateOptions struct {
 	SCloudAccountCreateBaseOptions
 	SAccessKeyCredential
 	Endpoint string `help:"S3 endpoint" required:"true" positional:"true" json:"endpoint"`
+
+	OptionSignVer string `help:"signing algorithm version" choices:"v2|v4"`
 }
 
 func (opts *SS3CloudAccountCreateOptions) Params() (jsonutils.JSONObject, error) {
 	params := jsonutils.Marshal(opts)
 	params.(*jsonutils.JSONDict).Add(jsonutils.NewString("S3"), "provider")
+	options := jsonutils.NewDict()
+	if len(opts.OptionSignVer) > 0 {
+		options.Add(jsonutils.NewString(opts.OptionSignVer), "sign_ver")
+	}
 	return params, nil
 }
 

vendor/modules.txt

@@ -1785,7 +1785,7 @@ sigs.k8s.io/structured-merge-diff/v4/value
 # sigs.k8s.io/yaml v1.2.0
 ## explicit; go 1.12
 sigs.k8s.io/yaml
-# yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20241225022314-afb2521c4810
+# yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20241231161311-2b925c2c0096
 ## explicit; go 1.21
 yunion.io/x/cloudmux/pkg/apis
 yunion.io/x/cloudmux/pkg/apis/billing
@@ -1882,7 +1882,7 @@ yunion.io/x/log/hooks
 yunion.io/x/ovsdb/cli_util
 yunion.io/x/ovsdb/schema/ovn_nb
 yunion.io/x/ovsdb/types
-# yunion.io/x/pkg v1.10.2
+# yunion.io/x/pkg v1.10.3
 ## explicit; go 1.18
 yunion.io/x/pkg/appctx
 yunion.io/x/pkg/errors