Merge branch 'master' into master

README.md

@@ -1,6 +1,6 @@
 # dokku postgres (beta) [![Build Status](https://img.shields.io/travis/dokku/dokku-postgres.svg?branch=master "Build Status")](https://travis-ci.org/dokku/dokku-postgres) [![IRC Network](https://img.shields.io/badge/irc-freenode-blue.svg "IRC Freenode")](https://webchat.freenode.net/?channels=dokku)
 
-Official postgres plugin for dokku. Currently defaults to installing [postgres 9.6.1](https://hub.docker.com/_/postgres/).
+Official postgres plugin for dokku. Currently defaults to installing [postgres 9.6.4](https://hub.docker.com/_/postgres/).
 
 ## requirements
 
@@ -17,8 +17,8 @@ sudo dokku plugin:install https://github.com/dokku/dokku-postgres.git postgres
 ## commands
 
 ```
-postgres:backup <name> <bucket>   Create a backup of the postgres service to an existing s3 bucket
-postgres:backup-auth <name> <aws_access_key_id> <aws_secret_access_key> Sets up authentication for backups on the postgres service
+postgres:backup <name> <bucket> [--use-iam] Create a backup of the postgres service to an existing s3 bucket
+postgres:backup-auth <name> <aws_access_key_id> <aws_secret_access_key> (<aws_default_region>) (<aws_signature_version>) (<endpoint_url>) Sets up authentication for backups on the postgres service
 postgres:backup-deauth <name>     Removes backup authentication for the postgres service
 postgres:backup-schedule <name> <schedule> <bucket> Schedules a backup of the postgres service
 postgres:backup-unschedule <name> Unschedules the backup of the postgres service
@@ -53,12 +53,12 @@ dokku postgres:create lolipop
 # it *must* be compatible with the
 # official postgres image
 export POSTGRES_IMAGE="postgres"
-export POSTGRES_IMAGE_VERSION="9.6.1"
+export POSTGRES_IMAGE_VERSION="9.6.4"
 dokku postgres:create lolipop
 
 # you can also specify custom environment
 # variables to start the postgres service
-# in semi-colon separated forma
+# in semi-colon separated form
 export POSTGRES_CUSTOM_ENV="USER=alpha;HOST=beta"
 dokku postgres:create lolipop
 
@@ -196,28 +196,23 @@ $ dokku postgres:unlink db9.5 my_app
 $ dokku postgres:destroy db9.5
 ```
 
-## importing data
+## Configuration
 
-The `import` command should be used with any non-plain-text files exported by `pg_dump`. To import a SQL file, use `connect` like this:
+If you wish to tune the postgres instances various .conf files, you can find them by using the postgres:info command.
 
 ```shell
-$ dokku postgres:connect db < ./dump.sql
+dokku postgres:info lolipop 
+# or
+dokku postgres:info lolipop --data-dir
 ```
 
-## Security
-
-The connection to the database is done over SSL. A self-signed certificate is
-automatically generated when creating the service.  It can be replaced by a
-custom certificate by overwriting the `server.crt` and `server.key` files in
-`/var/lib/dokku/services/postgres/<DB_NAME>/data`.
-The `server.key` must be chmoded to 600 and must be owned by the postgres user
-or root.
-
 ## Backups
 
-Datastore backups are supported via AWS S3. The only supported region is `us-east-1`, and using an S3 bucket in another region will result in an error.
+Datastore backups are supported via AWS S3 and S3 compatible services like [minio](https://github.com/minio/minio).
 
-> If you would like to sponsor work to enable support for other regions, please contact [@josegonzalez](http://github.com/josegonzalez/).
+You may skip the `backup-auth` step if your dokku install is running within EC2
+and has access to the bucket via an IAM profile. In that case, use the `--use-iam`
+option with the `backup` command.
 
 Backups can be performed using the backup commands:
 
@@ -239,15 +234,32 @@ dokku postgres:backup-schedule lolipop CRON_SCHEDULE BUCKET_NAME
 dokku postgres:backup-unschedule lolipop
 ```
 
-## Postgres Configuration
-
-If you wish to tune the postgres instances various .conf files, you can find them by using the postgres:info command.
-
-```shell
-dokku postgres:info lolipop 
-# or
-dokku postgres:info lolipop --data-dir
+Backup auth can also be set up for different regions, signature versions and endpoints (e.g. for minio):
+ 
+```
+# setup s3 backup authentication with different region
+dokku postgres:backup-auth lolipop AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_REGION
+ 
+# setup s3 backup authentication with different signature version and endpoint
+dokku postgres:backup-auth lolipop AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_REGION AWS_SIGNATURE_VERSION ENDPOINT_URL
+ 
+# more specific example for minio auth
+dokku postgres:backup-auth lolipop MINIO_ACCESS_KEY_ID MINIO_SECRET_ACCESS_KEY us-east-1 s3v4 https://YOURMINIOSERVICE
 ```
 
+## Importing Data
 
+The `import` command should be used with any non-plain-text files exported by `pg_dump`. To import a SQL file, use `connect` like this:
 
+```shell
+dokku postgres:connect db < ./dump.sql
+```
+
+## Security
+
+The connection to the database is done over SSL. A self-signed certificate is
+automatically generated when creating the service.  It can be replaced by a
+custom certificate by overwriting the `server.crt` and `server.key` files in
+`/var/lib/dokku/services/postgres/<DB_NAME>/data`.
+The `server.key` must be chmoded to 600 and must be owned by the postgres user
+or root.

commands

@@ -105,7 +105,7 @@ case "$1" in
       declare desc="return $PLUGIN_COMMAND_PREFIX plugin help content"
       cat<<help_content
     $PLUGIN_COMMAND_PREFIX:backup <name> <bucket>, Create a backup of the $PLUGIN_COMMAND_PREFIX service to an existing s3 bucket
-    $PLUGIN_COMMAND_PREFIX:backup-auth <name> <aws_access_key_id> <aws_secret_access_key>, Sets up authentication for backups on the $PLUGIN_COMMAND_PREFIX service
+    $PLUGIN_COMMAND_PREFIX:backup-auth <name> <aws_access_key_id> <aws_secret_access_key> (<aws_default_region>) (<aws_signature_version>) (<endpoint_url>), Sets up authentication for backups on the $PLUGIN_COMMAND_PREFIX service
     $PLUGIN_COMMAND_PREFIX:backup-deauth <name>, Removes backup authentication for the $PLUGIN_COMMAND_PREFIX service
     $PLUGIN_COMMAND_PREFIX:backup-schedule <name> <schedule> <bucket>, Schedules a backup of the $PLUGIN_COMMAND_PREFIX service
     $PLUGIN_COMMAND_PREFIX:backup-unschedule <name>, Unschedules the backup of the $PLUGIN_COMMAND_PREFIX service

common-functions

@@ -31,6 +31,7 @@ get_random_ports() {
     local quit=0
     while [ "$quit" -ne 1 ]; do
       netstat -an | grep $port > /dev/null
+      # shellcheck disable=SC2181
       if [ $? -gt 0 ]; then
         quit=1
       else
@@ -104,35 +105,67 @@ service_alternative_alias() {
 
 service_backup() {
   declare desc="Creates a backup of a service to an existing s3 bucket"
-  declare SERVICE="$1" BUCKET_NAME="$2"
-  local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
-  local AWS_ACCESS_KEY_ID_FILE="$SERVICE_ROOT/backup/AWS_ACCESS_KEY_ID"
-  local AWS_SECRET_ACCESS_KEY_FILE="$SERVICE_ROOT/backup/AWS_SECRET_ACCESS_KEY"
+  declare SERVICE="$1" BUCKET_NAME="$2" S3_FLAG="$3"
+  local BACKUP_CONFIG_ROOT="$PLUGIN_DATA_ROOT/$SERVICE/backup"
+  local AWS_ACCESS_KEY_ID_FILE="$BACKUP_CONFIG_ROOT/AWS_ACCESS_KEY_ID"
+  local AWS_SECRET_ACCESS_KEY_FILE="$BACKUP_CONFIG_ROOT/AWS_SECRET_ACCESS_KEY"
+  local BACKUP_PARAMETERS=""
 
-  [[ ! -f "$AWS_ACCESS_KEY_ID_FILE" ]] && dokku_log_fail "Missing AWS_ACCESS_KEY_ID file"
-  [[ ! -f "$AWS_SECRET_ACCESS_KEY_FILE" ]] && dokku_log_fail "Missing AWS_SECRET_ACCESS_KEY file"
+  if [[ -z "$S3_FLAG" ]]; then
+    [[ ! -f "$AWS_ACCESS_KEY_ID_FILE" ]] && dokku_log_fail "Missing AWS_ACCESS_KEY_ID file"
+    [[ ! -f "$AWS_SECRET_ACCESS_KEY_FILE" ]] && dokku_log_fail "Missing AWS_SECRET_ACCESS_KEY file"
+    BACKUP_PARAMETERS="$BACKUP_PARAMETERS -e AWS_ACCESS_KEY_ID=$(cat "$AWS_ACCESS_KEY_ID_FILE") -e AWS_SECRET_ACCESS_KEY=$(cat "$AWS_SECRET_ACCESS_KEY_FILE")"
+  elif [[ $S3_FLAG != "--use-iam" ]]; then
+    dokku_log_fail "Provide AWS credentials or use the --use-iam flag"
+  fi
 
   TMPDIR=$(mktemp -d)
   trap 'rm -rf "$TMPDIR" > /dev/null' RETURN INT TERM EXIT
 
   (service_export "$SERVICE" > "${TMPDIR}/export")
-  docker run \
-      -e AWS_ACCESS_KEY_ID="$(cat "$AWS_ACCESS_KEY_ID_FILE")" \
-      -e AWS_SECRET_ACCESS_KEY="$(cat "$AWS_SECRET_ACCESS_KEY_FILE")" \
-      -e BUCKET_NAME="$BUCKET_NAME" \
-      -e BACKUP_NAME="${PLUGIN_COMMAND_PREFIX}-${SERVICE}" \
-      -v "${TMPDIR}:/backup" dokkupaas/s3backup:0.5.0-1
+
+  # Build parameter list for s3backup tool
+  BACKUP_PARAMETERS="$BACKUP_PARAMETERS -e BUCKET_NAME=$BUCKET_NAME"
+  BACKUP_PARAMETERS="$BACKUP_PARAMETERS -e BACKUP_NAME=${PLUGIN_COMMAND_PREFIX}-${SERVICE}"
+  BACKUP_PARAMETERS="$BACKUP_PARAMETERS -v ${TMPDIR}:/backup"
+
+  if [[ -f "$BACKUP_CONFIG_ROOT/AWS_DEFAULT_REGION" ]]; then
+    BACKUP_PARAMETERS="$BACKUP_PARAMETERS -e AWS_DEFAULT_REGION=$(cat "$BACKUP_CONFIG_ROOT/AWS_DEFAULT_REGION")"
+  fi
+
+  if [[ -f "$BACKUP_CONFIG_ROOT/AWS_SIGNATURE_VERSION" ]]; then
+    BACKUP_PARAMETERS="$BACKUP_PARAMETERS -e AWS_SIGNATURE_VERSION=$(cat "$BACKUP_CONFIG_ROOT/AWS_SIGNATURE_VERSION")"
+  fi
+
+  if [[ -f "$BACKUP_CONFIG_ROOT/ENDPOINT_URL" ]]; then
+    BACKUP_PARAMETERS="$BACKUP_PARAMETERS -e ENDPOINT_URL=$(cat "$BACKUP_CONFIG_ROOT/ENDPOINT_URL")"
+  fi
+
+  # shellcheck disable=SC2086
+  docker run $BACKUP_PARAMETERS dokkupaas/s3backup:0.7.0
 }
 
 service_backup_auth() {
   declare desc="Sets up authentication"
-  declare SERVICE="$1" AWS_ACCESS_KEY_ID="$2" AWS_SECRET_ACCESS_KEY="$3"
+  declare SERVICE="$1" AWS_ACCESS_KEY_ID="$2" AWS_SECRET_ACCESS_KEY="$3" AWS_DEFAULT_REGION="$4" AWS_SIGNATURE_VERSION="$5" ENDPOINT_URL="$6"
   local SERVICE_ROOT="${PLUGIN_DATA_ROOT}/${SERVICE}"
   local SERVICE_BACKUP_ROOT="${SERVICE_ROOT}/backup/"
 
   mkdir -p "$SERVICE_BACKUP_ROOT"
   echo "$AWS_ACCESS_KEY_ID" > "${SERVICE_BACKUP_ROOT}/AWS_ACCESS_KEY_ID"
   echo "$AWS_SECRET_ACCESS_KEY" > "${SERVICE_BACKUP_ROOT}/AWS_SECRET_ACCESS_KEY"
+
+  if [[ -n "$AWS_DEFAULT_REGION" ]]; then
+    echo "$AWS_DEFAULT_REGION" > "${SERVICE_BACKUP_ROOT}/AWS_DEFAULT_REGION"
+  fi
+
+  if [[ -n "$AWS_SIGNATURE_VERSION" ]]; then
+    echo "$AWS_SIGNATURE_VERSION" > "${SERVICE_BACKUP_ROOT}/AWS_SIGNATURE_VERSION"
+  fi
+
+  if [[ -n "$ENDPOINT_URL" ]]; then
+    echo "$ENDPOINT_URL" > "${SERVICE_BACKUP_ROOT}/ENDPOINT_URL"
+  fi
 }
 
 service_backup_deauth() {

config

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 export POSTGRES_IMAGE=${POSTGRES_IMAGE:="postgres"}
-export POSTGRES_IMAGE_VERSION=${POSTGRES_IMAGE_VERSION:="9.6.1"}
+export POSTGRES_IMAGE_VERSION=${POSTGRES_IMAGE_VERSION:="9.6.4"}
 export POSTGRES_ROOT=${POSTGRES_ROOT:="/var/lib/dokku/services/postgres"}
 
 export PLUGIN_COMMAND_PREFIX="postgres"

install

@@ -13,7 +13,7 @@ plugin-install() {
   pull-docker-image "${PLUGIN_IMAGE}:${PLUGIN_IMAGE_VERSION}"
   pull-docker-image "svendowideit/ambassador:latest"
   pull-docker-image "dokkupaas/wait:0.2"
-  pull-docker-image "dokkupaas/s3backup:0.5.0-2"
+  pull-docker-image "dokkupaas/s3backup:0.7.0"
   pull-docker-image "busybox:latest"
 
   mkdir -p "$PLUGIN_DATA_ROOT" || echo "Failed to create $PLUGIN_SERVICE directory"

subcommands/backup

@@ -7,12 +7,12 @@ source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/functions"
 postgres-backup-cmd() {
   declare desc="creates a backup of the $PLUGIN_SERVICE service to an existing s3 bucket"
   local cmd="$PLUGIN_COMMAND_PREFIX:backup" argv=("$@"); [[ ${argv[0]} == "$cmd" ]] && shift 1
-  declare SERVICE="$1" BUCKET_NAME="$2"
+  declare SERVICE="$1" BUCKET_NAME="$2" S3_FLAG="$3"
 
   [[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a name for the service"
   [[ -z "$BUCKET_NAME" ]] && dokku_log_fail "Please specify an aws bucket for the backup"
   verify_service_name "$SERVICE"
-  service_backup "$SERVICE" "$BUCKET_NAME"
+  service_backup "$SERVICE" "$BUCKET_NAME" "$S3_FLAG"
 }
 
 postgres-backup-cmd "$@"

tests/bin/docker

@@ -22,7 +22,7 @@ case "$1" in
     echo "mongo                                3.2.9               12eadb136159        2 days ago          291.1 MB"
     echo "mysql                                5.7.12              57d56ac47bed        2 days ago          321.3 MB"
     echo "nats                                 0.9.4               9216d5a4eec8        2 days ago          109.3 MB"
-    echo "postgres                             9.6.1               6412eb70175e        2 days ago          265.7 MB"
+    echo "postgres                             9.6.4               6412eb70175e        2 days ago          265.7 MB"
     echo "rabbitmq                             3.6.5-management    327b803301e9        2 days ago          143.5 MB"
     echo "redis                                3.2.3               9216d5a4eec8        2 days ago          109.3 MB"
     echo "rethinkdb                            2.3.4               f27010a550ec        2 days ago          196.3 MB"
@@ -71,7 +71,7 @@ case "$1" in
       echo 'c0f74fc90377        mongo:3.2.9                                "/entrypoint.sh mong"      11 seconds ago       Up 10 seconds       27017/tcp                                  dokku.mongo.l'
       echo '0f33b1c86da9        mysql:5.7.12                               "/entrypoint.sh mysq"      11 seconds ago       Up 10 seconds       3306/tcp                                   dokku.mysql.l'
       echo '9f10b6dc12d5        nats:0.9.4                                 "/entrypoint.sh redi"      11 seconds ago       Up 10 seconds       4222/tcp                                   dokku.nats.l'
-      echo '7f899b723c08        postgres:9.6.1                             "/docker-entrypoint."      11 seconds ago       Up 10 seconds       5432/tcp                                   dokku.postgres.l'
+      echo '7f899b723c08        postgres:9.6.4                             "/docker-entrypoint."      11 seconds ago       Up 10 seconds       5432/tcp                                   dokku.postgres.l'
       echo '5e50a462661e        rabbitmq:3.6.5-management                  "/docker-entrypoint."      11 seconds ago       Up 10 seconds       5672/tcp, 15672/tcp                        dokku.rabbitmq.l'
       echo 'c39ca00fa3c6        redis:3.2.3                                "/entrypoint.sh redi"      11 seconds ago       Up 10 seconds       6379/tcp                                   dokku.redis.l'
       echo 'dc98c2939a80        rethinkdb:2.3.4                            "rethinkdb --bind al"      11 seconds ago       Up 10 seconds       8080/tcp, 28015/tcp, 29015/tcp             dokku.rethinkdb.l'

tests/service_list.bats

@@ -11,20 +11,20 @@ teardown() {
 
 @test "($PLUGIN_COMMAND_PREFIX:list) with no exposed ports, no linked apps" {
   run dokku "$PLUGIN_COMMAND_PREFIX:list"
-  assert_contains "${lines[*]}" "l     postgres:9.6.1  running  -              -"
+  assert_contains "${lines[*]}" "l     postgres:9.6.4  running  -              -"
 }
 
 @test "($PLUGIN_COMMAND_PREFIX:list) with exposed ports" {
   dokku "$PLUGIN_COMMAND_PREFIX:expose" l 4242
   run dokku "$PLUGIN_COMMAND_PREFIX:list"
-  assert_contains "${lines[*]}" "l     postgres:9.6.1  running  5432->4242     -"
+  assert_contains "${lines[*]}" "l     postgres:9.6.4  running  5432->4242     -"
 }
 
 @test "($PLUGIN_COMMAND_PREFIX:list) with linked app" {
   dokku apps:create my_app
   dokku "$PLUGIN_COMMAND_PREFIX:link" l my_app
   run dokku "$PLUGIN_COMMAND_PREFIX:list"
-  assert_contains "${lines[*]}" "l     postgres:9.6.1  running  -              my_app"
+  assert_contains "${lines[*]}" "l     postgres:9.6.4  running  -              my_app"
   dokku --force apps:destroy my_app
 }
 

tests/test_helper.bash

@@ -11,9 +11,9 @@ export PLUGIN_CORE_AVAILABLE_PATH="$PLUGIN_PATH"
 export POSTGRES_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/fixtures"
 export PLUGIN_DATA_ROOT="$POSTGRES_ROOT"
 if [[ "$(uname)" == "Darwin" ]]; then
-  export PLUGN_URL="https://github.com/dokku/plugn/releases/download/v0.2.1/plugn_0.2.1_darwin_x86_64.tgz"
+  export PLUGN_URL="https://github.com/dokku/plugn/releases/download/v0.3.0/plugn_0.3.0_darwin_x86_64.tgz"
 else
-  export PLUGN_URL="https://github.com/dokku/plugn/releases/download/v0.2.1/plugn_0.2.1_linux_x86_64.tgz"
+  export PLUGN_URL="https://github.com/dokku/plugn/releases/download/v0.3.0/plugn_0.3.0_linux_x86_64.tgz"
 fi
 
 mkdir -p "$PLUGIN_DATA_ROOT"