Support AssumeRole in CRR

[Kerkesni]

• Support per site replication destination config to allow having a mix of CRR and Zenko Replication locations.
• Remove vault admin API call that get account details, this task will be delegated to the destination Cloudserver that will get the account details and place them into the objectMD.
• Support AssumeRole auth type in CRR.

Issue: BB-647

[bert-e]

Hello kerkesni,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Available options

name	description	privileged	authored
/after_pull_request	Wait for the given pull request id to be merged before continuing with the current one.
/bypass_author_approval	Bypass the pull request author's approval	⭐
/bypass_build_status	Bypass the build and test status	⭐
/bypass_commit_size	Bypass the check on the size of the changeset TBA	⭐
/bypass_incompatible_branch	Bypass the check on the source branch prefix	⭐
/bypass_jira_check	Bypass the Jira issue check	⭐
/bypass_peer_approval	Bypass the pull request peers' approval	⭐
/bypass_leader_approval	Bypass the pull request leaders' approval	⭐
/approve	Instruct Bert-E that the author has approved the pull request.		✍️
/create_pull_requests	Allow the creation of integration pull requests.
/create_integration_branches	Allow the creation of integration branches.
/no_octopus	Prevent Wall-E from doing any octopus merge and use multiple consecutive merge instead
/unanimity	Change review acceptance criteria from one reviewer at least to all reviewers
/wait	Instruct Bert-E not to run until further notice.

Available commands

name	description	privileged
/help	Print Bert-E's manual in the pull request.
/status	Print Bert-E's current status in the pull request TBA
/clear	Remove all comments from Bert-E from the history TBA
/retry	Re-start a fresh build TBA
/build	Re-start a fresh build TBA
/force_reset	Delete integration branches & pull requests, and restart merge process from the beginning.
/reset	Try to remove integration branches unless there are commits on them which do not appear on the source branch.

Status report is not available.

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

[codecov]

Codecov Report

Attention: Patch coverage is 71.42857% with 14 lines in your changes missing coverage. Please review.

Project coverage is 73.01%. Comparing base (fa738fe) to head (f7f393c).
Report is 9 commits behind head on development/9.1.

Files with missing lines	Patch %	Lines
extensions/replication/queueProcessor/task.js	0.00%	11 Missing ⚠️
...tensions/replication/ReplicationConfigValidator.js	83.33%	3 Missing ⚠️

Additional details and impacted files

Files with missing lines	Coverage Δ
extensions/replication/tasks/ReplicateObject.js	91.89% <100.00%> (+0.40%)	⬆️
lib/Config.js	75.00% <100.00%> (+1.22%)	⬆️
...tensions/replication/ReplicationConfigValidator.js	73.17% <83.33%> (+5.17%)	⬆️
extensions/replication/queueProcessor/task.js	0.00% <0.00%> (ø)

... and 1 file with indirect coverage changes

Components	Coverage Δ
Bucket Notification	75.37% <ø> (ø)
Core Library	79.43% <100.00%> (+0.08%)	⬆️
Ingestion	70.14% <ø> (ø)
Lifecycle	76.88% <ø> (ø)
Oplog Populator	85.06% <ø> (ø)
Replication	58.83% <70.21%> (+0.27%)	⬆️
Bucket Scanner	85.60% <ø> (∅)

@@                 Coverage Diff                 @@
##           development/9.1    #2622      +/-   ##
===================================================
+ Coverage            72.96%   73.01%   +0.04%     
===================================================
  Files                  201      201              
  Lines                13374    13415      +41     
===================================================
+ Hits                  9759     9795      +36     
- Misses                3605     3610       +5     
  Partials                10       10              

Flag	Coverage Δ
api:retry	9.48% <10.20%> (+<0.01%)	⬆️
api:routes	9.29% <10.20%> (+<0.01%)	⬆️
bucket-scanner	85.60% <ø> (∅)
ft_test:queuepopulator	8.90% <12.24%> (+<0.01%)	⬆️
ingestion	12.55% <10.20%> (-0.01%)	⬇️
lib	7.34% <10.20%> (+0.03%)	⬆️
lifecycle	18.73% <10.20%> (-0.02%)	⬇️
notification	1.06% <0.00%> (-0.01%)	⬇️
replication	18.69% <26.53%> (+0.15%)	⬆️
unit	48.80% <69.38%> (+0.24%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[francoisferrand]

• since it is required, destination.auth will never be used as default
• does it make sense to specify a destination with the same transport but a dedicated auth?

[francoisferrand]

maybe we want to validate this is in the bootstrap list?

Suggested change

	joi.string(), // site name
	joi.string().valid(Joi.in('bootstrapList')), // site name

[francoisferrand]

• there is an authJoi type in configItems.joi.js, which holds both transport and auth: can't we use it (or extend it) instead of introducting a new destinationAuthJoi type?

• once we have a type with transport+auth, maybe destination can extend this type to add bootstrap? (but maybe this creates lots of override, to make things optional/alternative)

[francoisferrand]

set the default vault already, so that "config" handling is done only here (and does not trickle in the "business" code) : i.e. from here on, auth is always specified in each destination' site?

Suggested change

	}
	} else {
	site.auth.vault = destination.auth.vault;
	}

[francoisferrand]

should this condition on be on each destination's auth field ?
(i.e. the site's auth must be specified if there is no "top level" default)

[francoisferrand]

not needed, already done in getReplicationSiteDestConfig()

[francoisferrand]

boostrapList already set in getReplicationSiteDestConfig(), so either it is an else:

Suggested change

	if (!destConfig[site]) {
	destConfig[site] = config.getReplicationSiteDestConfig(site);
	}
	destConfig[site].bootstrapList = updatedBootstrapList;
	if (!destConfig[site]) {
	destConfig[site] = config.getReplicationSiteDestConfig(site);
	}
	else {
	destConfig[site].bootstrapList = updatedBootstrapList;
	}

or maybe we should always update the site's configuration:

Suggested change

	if (!destConfig[site]) {
	destConfig[site] = config.getReplicationSiteDestConfig(site);
	}
	destConfig[site].bootstrapList = updatedBootstrapList;
	destConfig[site] = config.getReplicationSiteDestConfig(site);

[francoisferrand]

it may/could happen that BACKBEAT_CONFIG_FILE is set before the tests begin (and some test may depend on it...) : the really safe way to handle this is to store the previous value of BACKBEAT_CONFIG_FILE before the test (beforeEach), so that eventually we can either delete the env variable if it was not set or reset it to its original value otherwise

[francoisferrand]

no test for the auth.vault handling (_loadAdminCredentialsFromFile)