Lightning: Changed data-source-dir to use StorageBackend to prevent leaking secret access key to JSON output

[kennytm]

What problem does this PR solve?

When using Lightning to load from S3, the non-environmental access key and secret key have to be provided through URL parameters in mydumper.data-source-dir. This is stored as a plain string.

Lightning also prints the config as JSON before starting a task for debugging.

These two together means the access key and secret key will be leaked to the log.

What is changed and how it works?

The type of mydumper.data-source-dir is changed from a string to a custom type (*backuppb.StorageBackend) which scrubs all extra parameters when serializing as JSON.

The change introduces some additional effects needing refactoring:

• There was a check whether mydumper.data-source-dir exists before running. This overlaps with the StoragePermissions pre-check for S3. These, along with GCS, are combined into the existing CheckPermissions check.
• The SkipCheckPath field for external storage is thus entirely ignored (it is already set to true on Dumpling and TiCDC so it is safe to ignore). The BR flag --skip-check-path is unaffected.
• (More in review comments below.)

Check List

Tests

• Unit test

Code changes

• Has exported variable/fields change

Side effects

Related changes

• Need to cherry-pick to the release branch

Release note

• Lightning will stop printing the explicit S3 secret access key from the config file into the log. (It is still discouraged to put the secret access key in the config file.)

[ti-chi-bot]

[REVIEW NOTIFICATION]

This pull request has not been approved.

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

[kennytm]

this check-and-adjust does several things:

1. if the data-source-dir is a path, we common.IsDirExists it. this is going to be replaced by the ListObjects permission check.
2. turn the path into a URL. this comes for free by storage.ParseBackend.
3. ban unsupported schemes. currently all schemes are supported (including GCS), so the check is useless now.

[kennytm]

this replaces the StoragePermission pre-check

[kennytm]

i don't know how this check can ever be valid, when SourceDir can be non-local

[ti-chi-bot]

@kennytm: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.