Problem description

After switching a library to manage remote storage on GCS to a native one - https://pkg.go.dev/cloud.google.com/go/storage

HMAC encryption has stopped working. HMAC is just not supported by this library because most requests made by this library use the JSON API to call GCS. However, HMAC keys are only usable with the XML API (which is provided for S3 compatibility). So HMAC auth is just not compatible with how this library works. See https://cloud.google.com/storage/docs/authentication/hmackeys#restrictions

Solution proposition

Use the signature that allows the request to be authenticated - As described in: https://medium.com/@rosyparmar/google-cloud-storage-use-hmac-to-authenticate-requests-to-cloud-storage-aa8ed859be33

Additionally, we need a HMAC to JSON credentials migration guide based -https://developers.google.com/workspace/guides/create-credentials

Acceptance Criteria

• User can authenticate with HMAC keys and perform a successful backup and restore

• User needs only to change “storage” from “s3” to “gcs” on the upgrade to PBM where the change was introduced

• User can authenticate with JSON credentials to GCS storage and perform a successful backup and restore

• GCS integration should work equally same (functionally and non-functionally) as it was before e.g. “multi-part upload” support

QA and Documentation

• Docs: Describe change in release notes (breaking change)

• Docs: Describe a migration guide from HMAC to JSON credentials

• Docs: Update GCS support requirements

• QA: End-2-end safety net