Merge pull request #9 from swisscom/master

JamesClonk · web-flow · commit 8994772b57f7 · 2021-04-01T14:35:43.000+02:00
bump
diff --git a/README.md b/README.md
@@ -85,6 +85,8 @@ Possible JSON properties:
 - `disable_web`: optional, disable web interface and api
 - `disable_metrics`: optional, disable Prometheus metrics endpoint
 - `unprotected_metrics`: optional, disable HTTP basic auth protection for Prometheus metrics endpoint
+- `s3.disable_ssl`: optional, S3 client connections will use HTTP instead of HTTPS
+- `s3.skip_ssl_verification`: optional, S3 client will still use HTTPS but skips certificate verification
 - `s3.service_label`: optional, defines which service label backman will look for to find the S3-compatible object storage
 - `s3.bucket_name`: optional, bucket to use on S3 storage, backman will use service-instance/binding-name if not configured
 - `s3.encryption_key`: optional, defines the key which will be used to encrypt and decrypt backups as they are stored on the S3 can also be passed as an environment variable with the name `BACKMAN_ENCRYPTION_KEY`
diff --git a/config/config.go b/config/config.go
@@ -29,11 +29,12 @@ type Config struct {
 }
 
 type S3Config struct {
-	DisableSSL    bool   `json:"disable_ssl"`
-	ServiceLabel  string `json:"service_label"`
-	ServiceName   string `json:"service_name"`
-	BucketName    string `json:"bucket_name"`
-	EncryptionKey string `json:"encryption_key"`
+	DisableSSL          bool   `json:"disable_ssl"`
+	SkipSSLVerification bool   `json:"skip_ssl_verification"`
+	ServiceLabel        string `json:"service_label"`
+	ServiceName         string `json:"service_name"`
+	BucketName          string `json:"bucket_name"`
+	EncryptionKey       string `json:"encryption_key"`
 }
 
 type ServiceConfig struct {
@@ -131,6 +132,9 @@ func Get() *Config {
 			if envConfig.S3.DisableSSL {
 				config.S3.DisableSSL = envConfig.S3.DisableSSL
 			}
+			if envConfig.S3.SkipSSLVerification {
+				config.S3.SkipSSLVerification = envConfig.S3.SkipSSLVerification
+			}
 			if len(envConfig.S3.ServiceLabel) > 0 {
 				config.S3.ServiceLabel = envConfig.S3.ServiceLabel
 			}
diff --git a/manifest.yml b/manifest.yml
@@ -23,7 +23,7 @@ applications:
 
   # ### push either as docker image
   docker:
-    image: jamesclonk/backman:1.24.1 # choose version from https://hub.docker.com/r/jamesclonk/backman/tags, or 'latest'
+    image: jamesclonk/backman:1.26.0 # choose version from https://hub.docker.com/r/jamesclonk/backman/tags, or 'latest'
   # ### or as buildpack/src
   # buildpacks:
   # - https://github.com/cloudfoundry/apt-buildpack
diff --git a/s3/client.go b/s3/client.go
@@ -1,6 +1,11 @@
 package s3
 
 import (
+	"crypto/tls"
+	"net"
+	"net/http"
+	"time"
+
 	cfenv "github.com/cloudfoundry-community/go-cfenv"
 	"github.com/minio/minio-go/v6"
 	"github.com/swisscom/backman/config"
@@ -53,6 +58,24 @@ func New(app *cfenv.App) *Client {
 		log.Fatalf("%v", err)
 	}
 
+	if config.Get().S3.SkipSSLVerification {
+		log.Debugln("disabling S3 client SSL verification ...")
+		minioClient.SetCustomTransport(&http.Transport{
+			Proxy: http.ProxyFromEnvironment,
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: true,
+			},
+			DialContext: (&net.Dialer{
+				Timeout:   30 * time.Second,
+				KeepAlive: 30 * time.Second,
+			}).DialContext,
+			MaxIdleConns:          100,
+			IdleConnTimeout:       90 * time.Second,
+			TLSHandshakeTimeout:   10 * time.Second,
+			ExpectContinueTimeout: 1 * time.Second,
+		})
+	}
+
 	// check if bucket exists and is accessible and if not create it, or fail
 	exists, errBucketExists := minioClient.BucketExists(bucketName)
 	if errBucketExists == nil && exists {
diff --git a/s3/objects.go b/s3/objects.go
@@ -46,7 +46,6 @@ func (s *Client) UploadWithContext(ctx context.Context, object string, reader io
 		size = -1
 	}
 
-	var err error
 	uploadReader := reader
 	if len(config.Get().S3.EncryptionKey) != 0 {
 		hdr := newHeader(sio.AES_256_GCM, kdfScrypt)
@@ -63,6 +62,7 @@ func (s *Client) UploadWithContext(ctx context.Context, object string, reader io
 		}
 		uploadReader = io.MultiReader(bytes.NewBuffer(hdr[:]), uploadReader)
 	}
+
 	n, err := s.Client.PutObjectWithContext(ctx, s.BucketName, object, uploadReader, size, minio.PutObjectOptions{ContentType: "application/gzip"})
 	if err != nil {
 		return err
@@ -90,13 +90,13 @@ func (s *Client) DownloadWithContext(ctx context.Context, object string) (io.Rea
 	if err != nil {
 		return nil, err
 	}
-	masterKey := config.Get().S3.EncryptionKey
-	if len(masterKey) > 0 {
+
+	if len(config.Get().S3.EncryptionKey) > 0 {
 		hdr, err := readHeader(reader)
 		if err != nil {
 			return nil, err
 		}
-		key, err := getKey(masterKey, object, hdr, reader)
+		key, err := getKey(config.Get().S3.EncryptionKey, object, hdr, reader)
 		if err != nil {
 			return nil, fmt.Errorf("could not derive key: %v", err)
 		}
diff --git a/service/service.go b/service/service.go
@@ -57,63 +57,80 @@ func Get() *Service {
 func (s *Service) parseServices() {
 	s.Services = make([]util.Service, 0)
 
-	for label, services := range s.App.Services {
-		if util.IsValidServiceType(label) || label == "user-provided" {
-			for _, service := range services {
-				// try to figure out if user-provided service binding can be handled
-				if service.Label == "user-provided" {
-					// can it be identified as a custom postgres binding?
-					if postgres.IsPostgresBinding(&service) {
-						service.Label = "postgres"
-					} else if mysql.IsMySQLBinding(&service) { // or a mysql binding?
-						service.Label = "mysql"
-					} else if redis.IsRedisBinding(&service) { // or a redis binding?
-						service.Label = "redis"
-					} else {
-						continue // cannot handle service binding
+	for _, services := range s.App.Services {
+		for _, service := range services {
+			// exclude S3 storage service, don't try to parse it as a service for backups
+			if service.Name == config.Get().S3.ServiceName ||
+				(service.Label == config.Get().S3.ServiceLabel && service.Label != "user-provided") {
+				continue
+			}
+
+			// if it is an unrecognized type/label or user-provided service
+			// then try to figure out if it can be identified as a supported service type
+			if !util.IsValidServiceType(service.Label) || service.Label == "user-provided" {
+				// can it be identified as a custom postgres binding?
+				if postgres.IsPostgresBinding(&service) {
+					service.Label = "postgres"
+				} else if mysql.IsMySQLBinding(&service) { // or a mysql binding?
+					service.Label = "mysql"
+				} else if redis.IsRedisBinding(&service) { // or a redis binding?
+					service.Label = "redis"
+				} else {
+					// try to guess it via service tags as a last resort
+					var identified bool
+					for _, tag := range service.Tags {
+						if util.IsValidServiceType(tag) {
+							identified = true
+							service.Label = tag
+							break
+						}
+					}
+					if !identified {
+						log.Errorf("unsupported service type [%s]: could not identify [%s]", service.Label, service.Name)
+						continue // cannot handle this service binding
 					}
 				}
+			}
 
-				// read timeout for service
-				timeout := config.Get().Services[service.Name].Timeout
-				if timeout.Seconds() <= 1 {
-					timeout.Duration = 1 * time.Hour // default
-				}
+			// read timeout for service
+			timeout := config.Get().Services[service.Name].Timeout
+			if timeout.Seconds() <= 1 {
+				timeout.Duration = 1 * time.Hour // default
+			}
 
-				// read crontab schedule for service
-				schedule := config.Get().Services[service.Name].Schedule
-				if len(schedule) == 0 {
-					// create a random schedule for daily backup as a fallback
-					schedule = fmt.Sprintf("%d %d %d * * *", rand.Intn(59), rand.Intn(59), rand.Intn(23))
-				}
+			// read crontab schedule for service
+			schedule := config.Get().Services[service.Name].Schedule
+			if len(schedule) == 0 {
+				// create a random schedule for daily backup as a fallback
+				schedule = fmt.Sprintf("%d %d %d * * *", rand.Intn(59), rand.Intn(59), rand.Intn(23))
+			}
 
-				// read retention days & files, with defaults as fallback
-				retentionDays := config.Get().Services[service.Name].Retention.Days
-				retentionFiles := config.Get().Services[service.Name].Retention.Files
-				if retentionDays <= 0 {
-					retentionDays = 31 // default
-				}
-				if retentionFiles <= 0 {
-					retentionFiles = 100 // default
-				}
+			// read retention days & files, with defaults as fallback
+			retentionDays := config.Get().Services[service.Name].Retention.Days
+			retentionFiles := config.Get().Services[service.Name].Retention.Files
+			if retentionDays <= 0 {
+				retentionDays = 31 // default
+			}
+			if retentionFiles <= 0 {
+				retentionFiles = 100 // default
+			}
 
-				newService := util.Service{
-					Name:     service.Name,
-					Label:    service.Label,
-					Plan:     service.Plan,
-					Tags:     service.Tags,
-					Timeout:  timeout.Duration,
-					Schedule: schedule,
-					Retention: util.Retention{
-						Days:  retentionDays,
-						Files: retentionFiles,
-					},
-					DisableColumnStatistics: config.Get().Services[service.Name].DisableColumnStatistics,
-					ForceImport:             config.Get().Services[service.Name].ForceImport,
-					LocalBackupPath:         config.Get().Services[service.Name].LocalBackupPath,
-				}
-				s.Services = append(s.Services, newService)
+			newService := util.Service{
+				Name:     service.Name,
+				Label:    service.Label,
+				Plan:     service.Plan,
+				Tags:     service.Tags,
+				Timeout:  timeout.Duration,
+				Schedule: schedule,
+				Retention: util.Retention{
+					Days:  retentionDays,
+					Files: retentionFiles,
+				},
+				DisableColumnStatistics: config.Get().Services[service.Name].DisableColumnStatistics,
+				ForceImport:             config.Get().Services[service.Name].ForceImport,
+				LocalBackupPath:         config.Get().Services[service.Name].LocalBackupPath,
 			}
+			s.Services = append(s.Services, newService)
 		}
 	}
 
diff --git a/service/util/service_type.go b/service/util/service_type.go
@@ -14,13 +14,13 @@ func ParseServiceType(serviceType string) ServiceType {
 	switch serviceType {
 	case "postgres", "pg", "psql", "postgresql", "elephantsql", "citusdb":
 		return Postgres
-	case "mysql", "mariadb", "mariadbent", "pxc", "galera", "mysql-database", "mariadb-k8s-database":
+	case "mysql", "mariadb", "mariadbent", "pxc", "galera", "mysql-database", "mariadb-k8s-database", "mysql-k8s", "mariadb-k8s":
 		return MySQL
-	case "mongo", "mongodb", "mongodb-2", "mongodbent", "mongodbent-database", "mangodb":
+	case "mongo", "mongodb", "mongodb-2", "mongodbent", "mongodbent-database", "mangodb", "mongodb-k8s":
 		return MongoDB
 	case "redis", "redis-2", "redisent", "redis-enterprise", "redis-ha", "redis-k8s":
 		return Redis
-	case "elastic", "es", "elasticsearch":
+	case "elastic", "es", "elasticsearch", "ece":
 		return Elasticsearch
 	}
 	return -1

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,6 @@ func (s *Client) UploadWithContext(ctx context.Context, object string, reader io`
`46`	`46`	`size = -1`
`47`	`47`	`}`
`48`	`48`
`49`		`- var err error`
`50`	`49`	`uploadReader := reader`
`51`	`50`	`if len(config.Get().S3.EncryptionKey) != 0 {`
`52`	`51`	`hdr := newHeader(sio.AES_256_GCM, kdfScrypt)`
`@@ -63,6 +62,7 @@ func (s *Client) UploadWithContext(ctx context.Context, object string, reader io`
`63`	`62`	`}`
`64`	`63`	`uploadReader = io.MultiReader(bytes.NewBuffer(hdr[:]), uploadReader)`
`65`	`64`	`}`
	`65`	`+`
`66`	`66`	`n, err := s.Client.PutObjectWithContext(ctx, s.BucketName, object, uploadReader, size, minio.PutObjectOptions{ContentType: "application/gzip"})`
`67`	`67`	`if err != nil {`
`68`	`68`	`return err`
`@@ -90,13 +90,13 @@ func (s *Client) DownloadWithContext(ctx context.Context, object string) (io.Rea`
`90`	`90`	`if err != nil {`
`91`	`91`	`return nil, err`
`92`	`92`	`}`
`93`		`- masterKey := config.Get().S3.EncryptionKey`
`94`		`- if len(masterKey) > 0 {`
	`93`	`+`
	`94`	`+ if len(config.Get().S3.EncryptionKey) > 0 {`
`95`	`95`	`hdr, err := readHeader(reader)`
`96`	`96`	`if err != nil {`
`97`	`97`	`return nil, err`
`98`	`98`	`}`
`99`		`- key, err := getKey(masterKey, object, hdr, reader)`
	`99`	`+ key, err := getKey(config.Get().S3.EncryptionKey, object, hdr, reader)`
`100`	`100`	`if err != nil {`
`101`	`101`	`return nil, fmt.Errorf("could not derive key: %v", err)`
`102`	`102`	`}`