From cf28ef528b55ee13ed5b5a4ed317e05d76ab3e6e Mon Sep 17 00:00:00 2001 From: Jianjun Liao Date: Mon, 11 May 2026 16:33:59 +0800 Subject: [PATCH 1/3] fix gke wif credential file Signed-off-by: Jianjun Liao --- images/tidb-backup-manager/e2e-entrypoint.sh | 24 +++++++++++--------- images/tidb-backup-manager/entrypoint.sh | 24 +++++++++++--------- 2 files changed, 26 insertions(+), 22 deletions(-) diff --git a/images/tidb-backup-manager/e2e-entrypoint.sh b/images/tidb-backup-manager/e2e-entrypoint.sh index b25427c6bc5..047b0adab57 100755 --- a/images/tidb-backup-manager/e2e-entrypoint.sh +++ b/images/tidb-backup-manager/e2e-entrypoint.sh @@ -25,7 +25,18 @@ cleanup() { trap cleanup EXIT -export GOOGLE_APPLICATION_CREDENTIALS=/tmp/google-credentials.json +GCS_SERVICE_ACCOUNT_FILE_CONFIG= +if [ -n "${GCS_SERVICE_ACCOUNT_JSON_KEY:-}" ]; then + export GOOGLE_APPLICATION_CREDENTIALS=/tmp/google-credentials.json + GCS_SERVICE_ACCOUNT_FILE_CONFIG="service_account_file = ${GOOGLE_APPLICATION_CREDENTIALS}" + echo "Create google-credentials.json file." + cat < "${GOOGLE_APPLICATION_CREDENTIALS}" + ${GCS_SERVICE_ACCOUNT_JSON_KEY} +EOF +else + unset GOOGLE_APPLICATION_CREDENTIALS +fi + echo "Create rclone.conf file." cat < /tmp/rclone.conf [s3] @@ -41,7 +52,7 @@ storage_class = ${AWS_STORAGE_CLASS} [gcs] type = google cloud storage project_number = ${GCS_PROJECT_ID} -service_account_file = ${GOOGLE_APPLICATION_CREDENTIALS} +${GCS_SERVICE_ACCOUNT_FILE_CONFIG} object_acl = ${GCS_OBJECT_ACL} bucket_acl = ${GCS_BUCKET_ACL} location = ${GCS_LOCATION} @@ -52,15 +63,6 @@ account = ${AZUREBLOB_ACCOUNT} key = ${AZUREBLOB_KEY} EOF -if [[ -n "${GCS_SERVICE_ACCOUNT_JSON_KEY:-}" ]]; then - echo "Create google-credentials.json file." - cat < ${GOOGLE_APPLICATION_CREDENTIALS} - ${GCS_SERVICE_ACCOUNT_JSON_KEY} -EOF -else - touch ${GOOGLE_APPLICATION_CREDENTIALS} -fi - BACKUP_BIN=/tidb-backup-manager COV_NAME="backup-manager.$(( ( RANDOM % 100000 ) + 1 ))" diff --git a/images/tidb-backup-manager/entrypoint.sh b/images/tidb-backup-manager/entrypoint.sh index 710a76c507e..53dd2520677 100755 --- a/images/tidb-backup-manager/entrypoint.sh +++ b/images/tidb-backup-manager/entrypoint.sh @@ -27,7 +27,18 @@ cleanup() { trap cleanup EXIT -export GOOGLE_APPLICATION_CREDENTIALS=/tmp/google-credentials.json +GCS_SERVICE_ACCOUNT_FILE_CONFIG= +if [ -n "${GCS_SERVICE_ACCOUNT_JSON_KEY:-}" ]; then + export GOOGLE_APPLICATION_CREDENTIALS=/tmp/google-credentials.json + GCS_SERVICE_ACCOUNT_FILE_CONFIG="service_account_file = ${GOOGLE_APPLICATION_CREDENTIALS}" + echo "Create google-credentials.json file." + cat < "${GOOGLE_APPLICATION_CREDENTIALS}" + ${GCS_SERVICE_ACCOUNT_JSON_KEY} +EOF +else + unset GOOGLE_APPLICATION_CREDENTIALS +fi + echo "Create rclone.conf file." cat < /tmp/rclone.conf [s3] @@ -43,7 +54,7 @@ storage_class = ${AWS_STORAGE_CLASS} [gcs] type = google cloud storage project_number = ${GCS_PROJECT_ID} -service_account_file = ${GOOGLE_APPLICATION_CREDENTIALS} +${GCS_SERVICE_ACCOUNT_FILE_CONFIG} object_acl = ${GCS_OBJECT_ACL} bucket_acl = ${GCS_BUCKET_ACL} location = ${GCS_LOCATION} @@ -54,15 +65,6 @@ account = ${AZUREBLOB_ACCOUNT} key = ${AZUREBLOB_KEY} EOF -if [[ -n "${GCS_SERVICE_ACCOUNT_JSON_KEY:-}" ]]; then - echo "Create google-credentials.json file." - cat < ${GOOGLE_APPLICATION_CREDENTIALS} - ${GCS_SERVICE_ACCOUNT_JSON_KEY} -EOF -else - touch ${GOOGLE_APPLICATION_CREDENTIALS} -fi - BACKUP_BIN=/tidb-backup-manager if [[ -n "${AWS_DEFAULT_REGION}" ]]; then EXEC_COMMAND="exec" From cfe5e43502abaa06d599a38833341864de93a76d Mon Sep 17 00:00:00 2001 From: Jianjun Liao Date: Tue, 12 May 2026 11:02:48 +0800 Subject: [PATCH 2/3] fix typos Signed-off-by: Jianjun Liao --- images/tidb-backup-manager/e2e-entrypoint.sh | 2 +- images/tidb-backup-manager/entrypoint.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/images/tidb-backup-manager/e2e-entrypoint.sh b/images/tidb-backup-manager/e2e-entrypoint.sh index 047b0adab57..06cc154f956 100755 --- a/images/tidb-backup-manager/e2e-entrypoint.sh +++ b/images/tidb-backup-manager/e2e-entrypoint.sh @@ -52,11 +52,11 @@ storage_class = ${AWS_STORAGE_CLASS} [gcs] type = google cloud storage project_number = ${GCS_PROJECT_ID} -${GCS_SERVICE_ACCOUNT_FILE_CONFIG} object_acl = ${GCS_OBJECT_ACL} bucket_acl = ${GCS_BUCKET_ACL} location = ${GCS_LOCATION} storage_class = ${GCS_STORAGE_CLASS:-"COLDLINE"} +${GCS_SERVICE_ACCOUNT_FILE_CONFIG} [azure] type = azureblob account = ${AZUREBLOB_ACCOUNT} diff --git a/images/tidb-backup-manager/entrypoint.sh b/images/tidb-backup-manager/entrypoint.sh index 53dd2520677..7599688835f 100755 --- a/images/tidb-backup-manager/entrypoint.sh +++ b/images/tidb-backup-manager/entrypoint.sh @@ -54,11 +54,11 @@ storage_class = ${AWS_STORAGE_CLASS} [gcs] type = google cloud storage project_number = ${GCS_PROJECT_ID} -${GCS_SERVICE_ACCOUNT_FILE_CONFIG} object_acl = ${GCS_OBJECT_ACL} bucket_acl = ${GCS_BUCKET_ACL} location = ${GCS_LOCATION} storage_class = ${GCS_STORAGE_CLASS:-"COLDLINE"} +${GCS_SERVICE_ACCOUNT_FILE_CONFIG} [azure] type = azureblob account = ${AZUREBLOB_ACCOUNT} From 5f26bb92796b4313520aaeca19b4805fb044598e Mon Sep 17 00:00:00 2001 From: Jianjun Liao Date: Tue, 12 May 2026 11:45:24 +0800 Subject: [PATCH 3/3] commit some suggestions Signed-off-by: Jianjun Liao --- images/tidb-backup-manager/e2e-entrypoint.sh | 7 ++++++- images/tidb-backup-manager/entrypoint.sh | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/images/tidb-backup-manager/e2e-entrypoint.sh b/images/tidb-backup-manager/e2e-entrypoint.sh index 06cc154f956..db7f6152557 100755 --- a/images/tidb-backup-manager/e2e-entrypoint.sh +++ b/images/tidb-backup-manager/e2e-entrypoint.sh @@ -25,14 +25,19 @@ cleanup() { trap cleanup EXIT +GCS_SERVICE_ACCOUNT_FILE=/tmp/google-credentials.json GCS_SERVICE_ACCOUNT_FILE_CONFIG= if [ -n "${GCS_SERVICE_ACCOUNT_JSON_KEY:-}" ]; then - export GOOGLE_APPLICATION_CREDENTIALS=/tmp/google-credentials.json + export GOOGLE_APPLICATION_CREDENTIALS=${GCS_SERVICE_ACCOUNT_FILE} GCS_SERVICE_ACCOUNT_FILE_CONFIG="service_account_file = ${GOOGLE_APPLICATION_CREDENTIALS}" echo "Create google-credentials.json file." cat < "${GOOGLE_APPLICATION_CREDENTIALS}" ${GCS_SERVICE_ACCOUNT_JSON_KEY} EOF +elif [ -s "${GCS_SERVICE_ACCOUNT_FILE}" ]; then + echo "Use mounted google-credentials.json file." + export GOOGLE_APPLICATION_CREDENTIALS=${GCS_SERVICE_ACCOUNT_FILE} + GCS_SERVICE_ACCOUNT_FILE_CONFIG="service_account_file = ${GOOGLE_APPLICATION_CREDENTIALS}" else unset GOOGLE_APPLICATION_CREDENTIALS fi diff --git a/images/tidb-backup-manager/entrypoint.sh b/images/tidb-backup-manager/entrypoint.sh index 7599688835f..f3e4ffe3e6a 100755 --- a/images/tidb-backup-manager/entrypoint.sh +++ b/images/tidb-backup-manager/entrypoint.sh @@ -27,14 +27,19 @@ cleanup() { trap cleanup EXIT +GCS_SERVICE_ACCOUNT_FILE=/tmp/google-credentials.json GCS_SERVICE_ACCOUNT_FILE_CONFIG= if [ -n "${GCS_SERVICE_ACCOUNT_JSON_KEY:-}" ]; then - export GOOGLE_APPLICATION_CREDENTIALS=/tmp/google-credentials.json + export GOOGLE_APPLICATION_CREDENTIALS=${GCS_SERVICE_ACCOUNT_FILE} GCS_SERVICE_ACCOUNT_FILE_CONFIG="service_account_file = ${GOOGLE_APPLICATION_CREDENTIALS}" echo "Create google-credentials.json file." cat < "${GOOGLE_APPLICATION_CREDENTIALS}" ${GCS_SERVICE_ACCOUNT_JSON_KEY} EOF +elif [ -s "${GCS_SERVICE_ACCOUNT_FILE}" ]; then + echo "Use mounted google-credentials.json file." + export GOOGLE_APPLICATION_CREDENTIALS=${GCS_SERVICE_ACCOUNT_FILE} + GCS_SERVICE_ACCOUNT_FILE_CONFIG="service_account_file = ${GOOGLE_APPLICATION_CREDENTIALS}" else unset GOOGLE_APPLICATION_CREDENTIALS fi