feat: Adds possibility to set encryption for s3
This commit is contained in:
Jose Diaz-Gonzalez
@@ -21,7 +21,9 @@ mysql:backup <name> <bucket> (--use-iam) Create a backup of the mysql service to
|
||||
mysql:backup-auth <name> <aws_access_key_id> <aws_secret_access_key> (<aws_default_region>) (<aws_signature_version>) (<endpoint_url>) Sets up authentication for backups on the mysql service
|
||||
mysql:backup-deauth <name> Removes backup authentication for the mysql service
|
||||
mysql:backup-schedule <name> <schedule> <bucket> Schedules a backup of the mysql service
|
||||
mysql:backup-set-encryption <name> <encryption_key>, Sets up GPG encryption for future backups of the mysql service
|
||||
mysql:backup-unschedule <name> Unschedules the backup of the mysql service
|
||||
mysql:backup-unset-encryption <name>, Removes backup encryption for future backups of the mysql service
|
||||
mysql:clone <name> <new-name> Create container <new-name> then copy data from <name> into <new-name>
|
||||
mysql:connect <name> Connect via mysql to a mysql service
|
||||
mysql:create <name> Create a mysql service with environment variables
|
||||
|
||||
10
commands
10
commands
@@ -27,10 +27,18 @@ case "$1" in
|
||||
"$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/subcommands/backup-schedule" "$@"
|
||||
;;
|
||||
|
||||
$PLUGIN_COMMAND_PREFIX:backup-set-encryption)
|
||||
"$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/subcommands/backup-set-encryption" "$@"
|
||||
;;
|
||||
|
||||
$PLUGIN_COMMAND_PREFIX:backup-unschedule)
|
||||
"$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/subcommands/backup-unschedule" "$@"
|
||||
;;
|
||||
|
||||
$PLUGIN_COMMAND_PREFIX:backup-unset-encryption)
|
||||
"$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/subcommands/backup-unset-encryption" "$@"
|
||||
;;
|
||||
|
||||
$PLUGIN_COMMAND_PREFIX:clone)
|
||||
"$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/subcommands/clone" "$@"
|
||||
;;
|
||||
@@ -108,7 +116,9 @@ case "$1" in
|
||||
$PLUGIN_COMMAND_PREFIX:backup-auth <name> <aws_access_key_id> <aws_secret_access_key> (<aws_default_region>) (<aws_signature_version>) (<endpoint_url>), Sets up authentication for backups on the $PLUGIN_COMMAND_PREFIX service
|
||||
$PLUGIN_COMMAND_PREFIX:backup-deauth <name>, Removes backup authentication for the $PLUGIN_COMMAND_PREFIX service
|
||||
$PLUGIN_COMMAND_PREFIX:backup-schedule <name> <schedule> <bucket>, Schedules a backup of the $PLUGIN_COMMAND_PREFIX service
|
||||
$PLUGIN_COMMAND_PREFIX:backup-set-encryption <name> <encryption_key>, Sets up GPG encryption for future backups of the $PLUGIN_COMMAND_PREFIX service
|
||||
$PLUGIN_COMMAND_PREFIX:backup-unschedule <name>, Unschedules the backup of the $PLUGIN_COMMAND_PREFIX service
|
||||
$PLUGIN_COMMAND_PREFIX:backup-unset-encryption <name>, Removes backup encryption for future backups of the $PLUGIN_COMMAND_PREFIX service
|
||||
$PLUGIN_COMMAND_PREFIX:clone <name> <new-name>, Create container <new-name> then copy data from <name> into <new-name>
|
||||
$PLUGIN_COMMAND_PREFIX:connect <name>, Connect via mysql to a $PLUGIN_SERVICE service
|
||||
$PLUGIN_COMMAND_PREFIX:create <name>, Create a $PLUGIN_SERVICE service
|
||||
|
||||
@@ -105,17 +105,18 @@ service_alternative_alias() {
|
||||
|
||||
service_backup() {
|
||||
declare desc="Creates a backup of a service to an existing s3 bucket"
|
||||
declare SERVICE="$1" BUCKET_NAME="$2" S3_FLAG="$3"
|
||||
declare SERVICE="$1" BUCKET_NAME="$2" USE_IAM_OPTIONAL_FLAG="$3"
|
||||
local BACKUP_CONFIG_ROOT="$PLUGIN_DATA_ROOT/$SERVICE/backup"
|
||||
local BACKUP_ENCRYPTION_CONFIG_ROOT="$PLUGIN_DATA_ROOT/$SERVICE/backup-encryption"
|
||||
local AWS_ACCESS_KEY_ID_FILE="$BACKUP_CONFIG_ROOT/AWS_ACCESS_KEY_ID"
|
||||
local AWS_SECRET_ACCESS_KEY_FILE="$BACKUP_CONFIG_ROOT/AWS_SECRET_ACCESS_KEY"
|
||||
local BACKUP_PARAMETERS=""
|
||||
|
||||
if [[ -z "$S3_FLAG" ]]; then
|
||||
if [[ -z "$USE_IAM_OPTIONAL_FLAG" ]]; then
|
||||
[[ ! -f "$AWS_ACCESS_KEY_ID_FILE" ]] && dokku_log_fail "Missing AWS_ACCESS_KEY_ID file"
|
||||
[[ ! -f "$AWS_SECRET_ACCESS_KEY_FILE" ]] && dokku_log_fail "Missing AWS_SECRET_ACCESS_KEY file"
|
||||
BACKUP_PARAMETERS="$BACKUP_PARAMETERS -e AWS_ACCESS_KEY_ID=$(cat "$AWS_ACCESS_KEY_ID_FILE") -e AWS_SECRET_ACCESS_KEY=$(cat "$AWS_SECRET_ACCESS_KEY_FILE")"
|
||||
elif [[ $S3_FLAG != "--use-iam" ]]; then
|
||||
elif [[ $USE_IAM_OPTIONAL_FLAG != "--use-iam" ]]; then
|
||||
dokku_log_fail "Provide AWS credentials or use the --use-iam flag"
|
||||
fi
|
||||
|
||||
@@ -141,8 +142,12 @@ service_backup() {
|
||||
BACKUP_PARAMETERS="$BACKUP_PARAMETERS -e ENDPOINT_URL=$(cat "$BACKUP_CONFIG_ROOT/ENDPOINT_URL")"
|
||||
fi
|
||||
|
||||
if [[ -f "$BACKUP_ENCRYPTION_CONFIG_ROOT/ENCRYPTION_KEY" ]]; then
|
||||
BACKUP_PARAMETERS="$BACKUP_PARAMETERS -e ENCRYPTION_KEY=$(cat "$BACKUP_ENCRYPTION_CONFIG_ROOT/ENCRYPTION_KEY")"
|
||||
fi
|
||||
|
||||
# shellcheck disable=SC2086
|
||||
docker run $BACKUP_PARAMETERS dokkupaas/s3backup:0.7.0
|
||||
docker run $BACKUP_PARAMETERS dokkupaas/s3backup:0.8.0
|
||||
}
|
||||
|
||||
service_backup_auth() {
|
||||
@@ -198,6 +203,25 @@ service_backup_unschedule() {
|
||||
sudo /bin/rm -f "$CRON_FILE"
|
||||
}
|
||||
|
||||
service_backup_set_encryption() {
|
||||
declare desc="Sets up backup encryption"
|
||||
declare SERVICE="$1" ENCRYPTION_KEY="$2"
|
||||
local SERVICE_ROOT="${PLUGIN_DATA_ROOT}/${SERVICE}"
|
||||
local SERVICE_BACKUP_ENCRYPTION_ROOT="${SERVICE_ROOT}/backup-encryption/"
|
||||
|
||||
mkdir -p "$SERVICE_BACKUP_ENCRYPTION_ROOT"
|
||||
echo "$ENCRYPTION_KEY" > "${SERVICE_BACKUP_ENCRYPTION_ROOT}/ENCRYPTION_KEY"
|
||||
}
|
||||
|
||||
service_backup_unset_encryption() {
|
||||
declare desc="Removes backup encryption"
|
||||
declare SERVICE="$1"
|
||||
local SERVICE_ROOT="${PLUGIN_DATA_ROOT}/${SERVICE}"
|
||||
local SERVICE_BACKUP_ENCRYPTION_ROOT="${SERVICE_ROOT}/backup-encryption/"
|
||||
|
||||
rm -rf "$SERVICE_BACKUP_ENCRYPTION_ROOT"
|
||||
}
|
||||
|
||||
service_enter() {
|
||||
declare desc="enters running app container of specified proc type"
|
||||
declare SERVICE="$1" && shift 1
|
||||
|
||||
2
install
2
install
@@ -13,7 +13,7 @@ plugin-install() {
|
||||
pull-docker-image "${PLUGIN_IMAGE}:${PLUGIN_IMAGE_VERSION}"
|
||||
pull-docker-image "svendowideit/ambassador:latest"
|
||||
pull-docker-image "dokkupaas/wait:0.2"
|
||||
pull-docker-image "dokkupaas/s3backup:0.7.0"
|
||||
pull-docker-image "dokkupaas/s3backup:0.8.0"
|
||||
pull-docker-image "busybox:latest"
|
||||
|
||||
mkdir -p "$PLUGIN_DATA_ROOT" || echo "Failed to create $PLUGIN_SERVICE directory"
|
||||
|
||||
@@ -7,12 +7,12 @@ source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/functions"
|
||||
mysql-backup-cmd() {
|
||||
declare desc="creates a backup of the $PLUGIN_SERVICE service to an existing s3 bucket"
|
||||
local cmd="$PLUGIN_COMMAND_PREFIX:backup" argv=("$@"); [[ ${argv[0]} == "$cmd" ]] && shift 1
|
||||
declare SERVICE="$1" BUCKET_NAME="$2" S3_FLAG="$3"
|
||||
declare SERVICE="$1" BUCKET_NAME="$2" USE_IAM_OPTIONAL_FLAG="$3"
|
||||
|
||||
[[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a name for the service"
|
||||
[[ -z "$BUCKET_NAME" ]] && dokku_log_fail "Please specify an aws bucket for the backup"
|
||||
verify_service_name "$SERVICE"
|
||||
service_backup "$SERVICE" "$BUCKET_NAME" "$S3_FLAG"
|
||||
service_backup "$SERVICE" "$BUCKET_NAME" "$USE_IAM_OPTIONAL_FLAG"
|
||||
}
|
||||
|
||||
mysql-backup-cmd "$@"
|
||||
|
||||
@@ -7,16 +7,14 @@ source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/functions"
|
||||
mysql-backup-auth-cmd() {
|
||||
declare desc="sets up authentication for backups on the $PLUGIN_SERVICE service"
|
||||
local cmd="$PLUGIN_COMMAND_PREFIX:backup-auth" argv=("$@"); [[ ${argv[0]} == "$cmd" ]] && shift 1
|
||||
declare SERVICE="$1" AWS_ACCESS_KEY_ID="$2" AWS_SECRET_ACCESS_KEY="$3"
|
||||
shift 3
|
||||
declare OPTIONAL_PARAMETERS="$@"
|
||||
declare SERVICE="$1" AWS_ACCESS_KEY_ID="$2" AWS_SECRET_ACCESS_KEY="$3" AWS_DEFAULT_REGION="$4" AWS_SIGNATURE_VERSION="$5" ENDPOINT_URL="$6"
|
||||
|
||||
[[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a name for the service"
|
||||
[[ -z "$AWS_ACCESS_KEY_ID" ]] && dokku_log_fail "Please specify an aws access key id"
|
||||
[[ -z "$AWS_SECRET_ACCESS_KEY" ]] && dokku_log_fail "Please specify an aws secret access key"
|
||||
verify_service_name "$SERVICE"
|
||||
|
||||
service_backup_auth "$SERVICE" "$AWS_ACCESS_KEY_ID" "$AWS_SECRET_ACCESS_KEY" $OPTIONAL_PARAMETERS
|
||||
service_backup_auth "$SERVICE" "$AWS_ACCESS_KEY_ID" "$AWS_SECRET_ACCESS_KEY" "$AWS_DEFAULT_REGION" "$AWS_SIGNATURE_VERSION" "$ENDPOINT_URL"
|
||||
}
|
||||
|
||||
mysql-backup-auth-cmd "$@"
|
||||
|
||||
18
subcommands/backup-set-encryption
Executable file
18
subcommands/backup-set-encryption
Executable file
@@ -0,0 +1,18 @@
|
||||
#!/usr/bin/env bash
|
||||
source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/config"
|
||||
set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
|
||||
source "$PLUGIN_BASE_PATH/common/functions"
|
||||
source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/functions"
|
||||
|
||||
mysql-backup-set-encryption-cmd() {
|
||||
declare desc="sets encryption for all future backups of $PLUGIN_SERVICE service"
|
||||
local cmd="$PLUGIN_COMMAND_PREFIX:backup-set-encryption" argv=("$@"); [[ ${argv[0]} == "$cmd" ]] && shift 1
|
||||
declare SERVICE="$1" ENCRYPTION_KEY="$2"
|
||||
|
||||
[[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a name for the service"
|
||||
[[ -z "$ENCRYPTION_KEY" ]] && dokku_log_fail "Please specify a GPG encryption key"
|
||||
verify_service_name "$SERVICE"
|
||||
service_backup_set_encryption "$SERVICE" "$ENCRYPTION_KEY"
|
||||
}
|
||||
|
||||
mysql-backup-set-encryption-cmd "$@"
|
||||
17
subcommands/backup-unset-encryption
Executable file
17
subcommands/backup-unset-encryption
Executable file
@@ -0,0 +1,17 @@
|
||||
#!/usr/bin/env bash
|
||||
source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/config"
|
||||
set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
|
||||
source "$PLUGIN_BASE_PATH/common/functions"
|
||||
source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/functions"
|
||||
|
||||
mysql-backup-unset-encryption-cmd() {
|
||||
declare desc="unsets encryption for future backups of the $PLUGIN_SERVICE service"
|
||||
local cmd="$PLUGIN_COMMAND_PREFIX:backup-unset-encryption" argv=("$@"); [[ ${argv[0]} == "$cmd" ]] && shift 1
|
||||
declare SERVICE="$1"
|
||||
|
||||
[[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a name for the service"
|
||||
verify_service_name "$SERVICE"
|
||||
service_backup_unset_encryption "$SERVICE"
|
||||
}
|
||||
|
||||
mysql-backup-unset-encryption-cmd "$@"
|
||||
@@ -7,7 +7,7 @@ source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/functions"
|
||||
mysql-expose-cmd() {
|
||||
declare desc="expose a $PLUGIN_SERVICE service on custom port if provided (random port otherwise)"
|
||||
local cmd="$PLUGIN_COMMAND_PREFIX:expose" argv=("$@"); [[ ${argv[0]} == "$cmd" ]] && shift 1
|
||||
declare SERVICE="$1"
|
||||
declare SERVICE="$1" PORTS="${@:2}"
|
||||
|
||||
[[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a name for the service"
|
||||
verify_service_name "$SERVICE"
|
||||
|
||||
@@ -7,11 +7,11 @@ source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/functions"
|
||||
mysql-logs-cmd() {
|
||||
declare desc="print the most recent log(s) for this service"
|
||||
local cmd="$PLUGIN_COMMAND_PREFIX:logs" argv=("$@"); [[ ${argv[0]} == "$cmd" ]] && shift 1
|
||||
declare SERVICE="$1" TAIL="$2"
|
||||
declare SERVICE="$1" TAIL_FLAG="$2"
|
||||
|
||||
[[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a name for the service"
|
||||
verify_service_name "$SERVICE"
|
||||
service_logs "$SERVICE" "$TAIL"
|
||||
service_logs "$SERVICE" "$TAIL_FLAG"
|
||||
}
|
||||
|
||||
mysql-logs-cmd "$@"
|
||||
|
||||
@@ -5,7 +5,7 @@ source "$PLUGIN_BASE_PATH/common/functions"
|
||||
source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/functions"
|
||||
|
||||
mysql-promote-cmd() {
|
||||
declare desc="promote service <name> as ${PLUGIN_DEFAULT_ALIAS}_URL in <app>"
|
||||
declare desc="promote service <service> as ${PLUGIN_DEFAULT_ALIAS}_URL in <app>"
|
||||
local cmd="$PLUGIN_COMMAND_PREFIX:promote" argv=("$@"); [[ ${argv[0]} == "$cmd" ]] && shift 1
|
||||
declare SERVICE="$1" APP="$2"
|
||||
APP=${APP:="$DOKKU_APP_NAME"}
|
||||
|
||||
Reference in New Issue
Block a user