dokku/dokku-redis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Adds possibility to set encryption for s3

Browse Source
This commit is contained in:
Jose Diaz-Gonzalez
2017-09-09 14:27:52 -04:00
parent 1af20f31bb
commit 29e06fa758
11 changed files with 84 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -21,7 +21,9 @@ redis:backup <name> <bucket> (--use-iam) Create a backup of the redis service to
redis:backup-auth <name> <aws_access_key_id> <aws_secret_access_key> (<aws_default_region>) (<aws_signature_version>) (<endpoint_url>) Sets up authentication for backups on the redis service
redis:backup-deauth <name> Removes backup authentication for the redis service
redis:backup-schedule <name> <schedule> <bucket> Schedules a backup of the redis service
redis:backup-set-encryption <name> <encryption_key>, Sets up GPG encryption for future backups of the redis service
redis:backup-unschedule <name> Unschedules the backup of the redis service
redis:backup-unset-encryption <name>, Removes backup encryption for future backups of the redis service
redis:clone <name> <new-name> Create container <new-name> then copy data from <name> into <new-name>
redis:connect <name> Connect via redis-cli to a redis service
redis:create <name> Create a redis service with environment variables

10
commands
View File

@@ -27,10 +27,18 @@ case "$1" in
"$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/subcommands/backup-schedule" "$@"
;;
$PLUGIN_COMMAND_PREFIX:backup-set-encryption)
"$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/subcommands/backup-set-encryption" "$@"
;;
$PLUGIN_COMMAND_PREFIX:backup-unschedule)
"$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/subcommands/backup-unschedule" "$@"
;;
$PLUGIN_COMMAND_PREFIX:backup-unset-encryption)
"$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/subcommands/backup-unset-encryption" "$@"
;;
$PLUGIN_COMMAND_PREFIX:clone)
"$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/subcommands/clone" "$@"
;;
@@ -108,7 +116,9 @@ case "$1" in
$PLUGIN_COMMAND_PREFIX:backup-auth <name> <aws_access_key_id> <aws_secret_access_key> (<aws_default_region>) (<aws_signature_version>) (<endpoint_url>), Sets up authentication for backups on the $PLUGIN_COMMAND_PREFIX service
$PLUGIN_COMMAND_PREFIX:backup-deauth <name>, Removes backup authentication for the $PLUGIN_COMMAND_PREFIX service
$PLUGIN_COMMAND_PREFIX:backup-schedule <name> <schedule> <bucket>, Schedules a backup of the $PLUGIN_COMMAND_PREFIX service
$PLUGIN_COMMAND_PREFIX:backup-set-encryption <name> <encryption_key>, Sets up GPG encryption for future backups of the $PLUGIN_COMMAND_PREFIX service
$PLUGIN_COMMAND_PREFIX:backup-unschedule <name>, Unschedules the backup of the $PLUGIN_COMMAND_PREFIX service
$PLUGIN_COMMAND_PREFIX:backup-unset-encryption <name>, Removes backup encryption for future backups of the $PLUGIN_COMMAND_PREFIX service
$PLUGIN_COMMAND_PREFIX:clone <name> <new-name>, Create container <new-name> then copy data from <name> into <new-name>
$PLUGIN_COMMAND_PREFIX:connect <name>, Connect via redis-cli to a $PLUGIN_SERVICE service
$PLUGIN_COMMAND_PREFIX:create <name>, Create a $PLUGIN_SERVICE service

32
common-functions
View File

@@ -105,17 +105,18 @@ service_alternative_alias() {
service_backup() {
declare desc="Creates a backup of a service to an existing s3 bucket"
declare SERVICE="$1" BUCKET_NAME="$2" S3_FLAG="$3"
declare SERVICE="$1" BUCKET_NAME="$2" USE_IAM_OPTIONAL_FLAG="$3"
local BACKUP_CONFIG_ROOT="$PLUGIN_DATA_ROOT/$SERVICE/backup"
local BACKUP_ENCRYPTION_CONFIG_ROOT="$PLUGIN_DATA_ROOT/$SERVICE/backup-encryption"
local AWS_ACCESS_KEY_ID_FILE="$BACKUP_CONFIG_ROOT/AWS_ACCESS_KEY_ID"
local AWS_SECRET_ACCESS_KEY_FILE="$BACKUP_CONFIG_ROOT/AWS_SECRET_ACCESS_KEY"
local BACKUP_PARAMETERS=""
if [[ -z "$S3_FLAG" ]]; then
if [[ -z "$USE_IAM_OPTIONAL_FLAG" ]]; then
[[ ! -f "$AWS_ACCESS_KEY_ID_FILE" ]] && dokku_log_fail "Missing AWS_ACCESS_KEY_ID file"
[[ ! -f "$AWS_SECRET_ACCESS_KEY_FILE" ]] && dokku_log_fail "Missing AWS_SECRET_ACCESS_KEY file"
BACKUP_PARAMETERS="$BACKUP_PARAMETERS -e AWS_ACCESS_KEY_ID=$(cat "$AWS_ACCESS_KEY_ID_FILE") -e AWS_SECRET_ACCESS_KEY=$(cat "$AWS_SECRET_ACCESS_KEY_FILE")"
elif [[ $S3_FLAG != "--use-iam" ]]; then
elif [[ $USE_IAM_OPTIONAL_FLAG != "--use-iam" ]]; then
dokku_log_fail "Provide AWS credentials or use the --use-iam flag"
fi
@@ -141,8 +142,12 @@ service_backup() {
BACKUP_PARAMETERS="$BACKUP_PARAMETERS -e ENDPOINT_URL=$(cat "$BACKUP_CONFIG_ROOT/ENDPOINT_URL")"
fi
if [[ -f "$BACKUP_ENCRYPTION_CONFIG_ROOT/ENCRYPTION_KEY" ]]; then
BACKUP_PARAMETERS="$BACKUP_PARAMETERS -e ENCRYPTION_KEY=$(cat "$BACKUP_ENCRYPTION_CONFIG_ROOT/ENCRYPTION_KEY")"
fi
# shellcheck disable=SC2086
docker run $BACKUP_PARAMETERS dokkupaas/s3backup:0.7.0
docker run $BACKUP_PARAMETERS dokkupaas/s3backup:0.8.0
}
service_backup_auth() {
@@ -198,6 +203,25 @@ service_backup_unschedule() {
sudo /bin/rm -f "$CRON_FILE"
}
service_backup_set_encryption() {
declare desc="Sets up backup encryption"
declare SERVICE="$1" ENCRYPTION_KEY="$2"
local SERVICE_ROOT="${PLUGIN_DATA_ROOT}/${SERVICE}"
local SERVICE_BACKUP_ENCRYPTION_ROOT="${SERVICE_ROOT}/backup-encryption/"
mkdir -p "$SERVICE_BACKUP_ENCRYPTION_ROOT"
echo "$ENCRYPTION_KEY" > "${SERVICE_BACKUP_ENCRYPTION_ROOT}/ENCRYPTION_KEY"
}
service_backup_unset_encryption() {
declare desc="Removes backup encryption"
declare SERVICE="$1"
local SERVICE_ROOT="${PLUGIN_DATA_ROOT}/${SERVICE}"
local SERVICE_BACKUP_ENCRYPTION_ROOT="${SERVICE_ROOT}/backup-encryption/"
rm -rf "$SERVICE_BACKUP_ENCRYPTION_ROOT"
}
service_enter() {
declare desc="enters running app container of specified proc type"
declare SERVICE="$1" && shift 1

2
install
View File

@@ -13,7 +13,7 @@ plugin-install() {
pull-docker-image "${PLUGIN_IMAGE}:${PLUGIN_IMAGE_VERSION}"
pull-docker-image "svendowideit/ambassador:latest"
pull-docker-image "dokkupaas/wait:0.2"
pull-docker-image "dokkupaas/s3backup:0.7.0"
pull-docker-image "dokkupaas/s3backup:0.8.0"
pull-docker-image "busybox:latest"
mkdir -p "$PLUGIN_DATA_ROOT" || echo "Failed to create $PLUGIN_SERVICE directory"

4
subcommands/backup
View File

@@ -7,12 +7,12 @@ source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/functions"
redis-backup-cmd() {
declare desc="creates a backup of the $PLUGIN_SERVICE service to an existing s3 bucket"
local cmd="$PLUGIN_COMMAND_PREFIX:backup" argv=("$@"); [[ ${argv[0]} == "$cmd" ]] && shift 1
declare SERVICE="$1" BUCKET_NAME="$2" S3_FLAG="$3"
declare SERVICE="$1" BUCKET_NAME="$2" USE_IAM_OPTIONAL_FLAG="$3"
[[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a name for the service"
[[ -z "$BUCKET_NAME" ]] && dokku_log_fail "Please specify an aws bucket for the backup"
verify_service_name "$SERVICE"
service_backup "$SERVICE" "$BUCKET_NAME" "$S3_FLAG"
service_backup "$SERVICE" "$BUCKET_NAME" "$USE_IAM_OPTIONAL_FLAG"
}
redis-backup-cmd "$@"

6
subcommands/backup-auth
View File

@@ -7,16 +7,14 @@ source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/functions"
redis-backup-auth-cmd() {
declare desc="sets up authentication for backups on the $PLUGIN_SERVICE service"
local cmd="$PLUGIN_COMMAND_PREFIX:backup-auth" argv=("$@"); [[ ${argv[0]} == "$cmd" ]] && shift 1
declare SERVICE="$1" AWS_ACCESS_KEY_ID="$2" AWS_SECRET_ACCESS_KEY="$3"
shift 3
declare OPTIONAL_PARAMETERS="$@"
declare SERVICE="$1" AWS_ACCESS_KEY_ID="$2" AWS_SECRET_ACCESS_KEY="$3" AWS_DEFAULT_REGION="$4" AWS_SIGNATURE_VERSION="$5" ENDPOINT_URL="$6"
[[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a name for the service"
[[ -z "$AWS_ACCESS_KEY_ID" ]] && dokku_log_fail "Please specify an aws access key id"
[[ -z "$AWS_SECRET_ACCESS_KEY" ]] && dokku_log_fail "Please specify an aws secret access key"
verify_service_name "$SERVICE"
service_backup_auth "$SERVICE" "$AWS_ACCESS_KEY_ID" "$AWS_SECRET_ACCESS_KEY" $OPTIONAL_PARAMETERS
service_backup_auth "$SERVICE" "$AWS_ACCESS_KEY_ID" "$AWS_SECRET_ACCESS_KEY" "$AWS_DEFAULT_REGION" "$AWS_SIGNATURE_VERSION" "$ENDPOINT_URL"
}
redis-backup-auth-cmd "$@"

18
subcommands/backup-set-encryption Executable file
View File

@@ -0,0 +1,18 @@
#!/usr/bin/env bash
source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/config"
set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
source "$PLUGIN_BASE_PATH/common/functions"
source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/functions"
redis-backup-set-encryption-cmd() {
declare desc="sets encryption for all future backups of $PLUGIN_SERVICE service"
local cmd="$PLUGIN_COMMAND_PREFIX:backup-set-encryption" argv=("$@"); [[ ${argv[0]} == "$cmd" ]] && shift 1
declare SERVICE="$1" ENCRYPTION_KEY="$2"
[[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a name for the service"
[[ -z "$ENCRYPTION_KEY" ]] && dokku_log_fail "Please specify a GPG encryption key"
verify_service_name "$SERVICE"
service_backup_set_encryption "$SERVICE" "$ENCRYPTION_KEY"
}
redis-backup-set-encryption-cmd "$@"

17
subcommands/backup-unset-encryption Executable file
View File

@@ -0,0 +1,17 @@
#!/usr/bin/env bash
source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/config"
set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
source "$PLUGIN_BASE_PATH/common/functions"
source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/functions"
redis-backup-unset-encryption-cmd() {
declare desc="unsets encryption for future backups of the $PLUGIN_SERVICE service"
local cmd="$PLUGIN_COMMAND_PREFIX:backup-unset-encryption" argv=("$@"); [[ ${argv[0]} == "$cmd" ]] && shift 1
declare SERVICE="$1"
[[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a name for the service"
verify_service_name "$SERVICE"
service_backup_unset_encryption "$SERVICE"
}
redis-backup-unset-encryption-cmd "$@"

2
subcommands/expose
View File

@@ -7,7 +7,7 @@ source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/functions"
redis-expose-cmd() {
declare desc="expose a $PLUGIN_SERVICE service on custom port if provided (random port otherwise)"
local cmd="$PLUGIN_COMMAND_PREFIX:expose" argv=("$@"); [[ ${argv[0]} == "$cmd" ]] && shift 1
declare SERVICE="$1"
declare SERVICE="$1" PORTS="${@:2}"
[[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a name for the service"
verify_service_name "$SERVICE"

4
subcommands/logs
View File

@@ -7,11 +7,11 @@ source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/functions"
redis-logs-cmd() {
declare desc="print the most recent log(s) for this service"
local cmd="$PLUGIN_COMMAND_PREFIX:logs" argv=("$@"); [[ ${argv[0]} == "$cmd" ]] && shift 1
declare SERVICE="$1" TAIL="$2"
declare SERVICE="$1" TAIL_FLAG="$2"
[[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a name for the service"
verify_service_name "$SERVICE"
service_logs "$SERVICE" "$TAIL"
service_logs "$SERVICE" "$TAIL_FLAG"
}
redis-logs-cmd "$@"

2
subcommands/promote
View File

@@ -5,7 +5,7 @@ source "$PLUGIN_BASE_PATH/common/functions"
source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/functions"
redis-promote-cmd() {
declare desc="promote service <name> as ${PLUGIN_DEFAULT_ALIAS}_URL in <app>"
declare desc="promote service <service> as ${PLUGIN_DEFAULT_ALIAS}_URL in <app>"
local cmd="$PLUGIN_COMMAND_PREFIX:promote" argv=("$@"); [[ ${argv[0]} == "$cmd" ]] && shift 1
declare SERVICE="$1" APP="$2"
APP=${APP:="$DOKKU_APP_NAME"}