[content-service] Add support to use existing S3 bucket

[aledbf]

Description

This PR introduces a new "single bucket mode" to the S3 storage implementation.

In some scenarios, we could not have enough permissions to create buckets. In those cases the "one-bucket per user" implementation fails.

If there's a bucket name configured (see installer/content-service config change), that bucket name is used and the user ID is prefixed to the object name. If no such bucket name is configured, the old "one bucket per user" behaviour kicks in. This way, users can maintain backwards compatibility for now. There is no automatic migration or "hybrid mode" where we fall back to the old behaviour. We don't have enough installations in the wild which were able to actually use the old behaviour to justify introducing such a mode.

We maintain the old mode in GCP (and maybe even S3) for now because

• it maintains backwards compatibility
• it allows for region-local optimisations. That said, we could just as well introduce single regional buckets instead.
• moving away from it would require migration for gitpod.io

How to test

Precursor: ensure the installation uses minio/S3, and that the bucket is configured

• start/stop a workspace, make sure the backup happens and is restored
• take a snapshot and open a workspace from it
• run a prebuild and open a workspace from it
• use the VS Code settings sync, make sure it still syncs
• check out prebuild logs in the dashboard

Release Notes

[content-service] Add support to use a single S3 bucket

Fixes #10070

[aledbf]

/werft run

👍 started the job as gitpod-build-aledbf-bucket.7
(with .werft/ from main)

[aledbf]

Configuration example:

objectStorage:
  inCluster: false
  kind: minio
  s3:
    endpoint: minio.default.svc.cluster.local:9000
    accessKey: GlrlMt5e40dnW0GhveAX
    secretKey: 0L6XW0.GWcD8CBMseV31
    
    bucket: some-valid-bucket

[corneliusludmann]

Awesome to see this change! 🚀

Added a few comments regarding backward compatibility. 🤔

[corneliusludmann]

Follow-up issue: Add config for S3 bucket to KOTS (Replicated) installer.

[corneliusludmann]

Follow-up issue: Document S3 bucket config in self-hosted docs

[sagor999]

Suggested change

	return minioWorkspaceBackupObjectName(rs.Username, rs.WorkspaceName, name)
	var username string
	if rs.MinIOConfig.BucketName != "" {
	username = rs.Username
	}
	return minioWorkspaceBackupObjectName(username, rs.WorkspaceName, name)

that way if bucket name is set, then we default to new way of doing things, otherwise we maintain backwards compatibility to old way of accessing buckets.

[sagor999]

can you please add unit tests that would ensure old code is working correctly, and new one also generates correct bucket and path.

[sagor999]

@corneliusludmann @aledbf I added tests and fixed directMinio and presignedMinio access.
Tested in preview env, and made sure that now all content indeed is being written into dedicated bucket if it was set in installer config.

Please double check tests that I added to ensure they are correct.

This also ensures backward compatibility (rolling out this update should not break any existing self hosted installations).
But this feature should cannot be enabled on existing installations without losing all data or manually moving old buckets into new bucket.

[sagor999]

with tests it looks good now (feels weird approving my own changes to PR 😃 )

[corneliusludmann]

Looks good. Thanks, @aledbf and @sagor999! 🚀

[corneliusludmann]

Suggested change

	BucketName string `json:"bucket"`
	BucketName string `json:"bucket,omitempty"`

Do we need omitempty here in case the value is not given or for backward compatibility reasons?

I don't think so but wanted to raise this question here just in case.

[sagor999]

@corneliusludmann good catch! Since that param is optional, I added omitempty to it.

[akosyakov]

lgtm

[mustard-mh]

LGTM in supervisor mod 🙈