borgmatic-collective/borgmatic
borgmatic-collective
/
borgmatic
14
58
Fork 42
Code Issues 59 Pull Requests 2 Actions Packages Releases 122 Activity

Allow database password to be read from environ 

- add 'password_env' key in config to read databases passwords firectly
  from environment variable
This commit is contained in:
Sébastien MB 2022-06-12 22:44:14 +02:00
parent f2c2f3139e
commit 0dfbf77b7f
4 changed files with 39 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
borgmatic/config/schema.yaml
View File

@ -704,6 +704,12 @@ properties:
without a password or you create a ~/.pgpass
file.
example: trustsome1
password_env:
type: string
description: |
Environment variable containing the password with
which to connect to the database.
example: MY_PASSWORD
format:
type: string
enum: ['plain', 'custom', 'directory', 'tar']
@ -802,6 +808,12 @@ properties:
configured to trust the configured username
without a password.
example: trustsome1
password_env:
type: string
description: |
Environment variable containing the password with
which to connect to the database.
example: MY_PASSWORD
list_options:
type: string
description: |
@ -864,6 +876,12 @@ properties:
Password with which to connect to the database.
Skip it if no authentication is needed.
example: trustsome1
password_env:
type: string
description: |
Environment variable containing the password with
which to connect to the database.
example: MY_PASSWORD
authentication_database:
type: string
description: |

6
borgmatic/hooks/mongodb.py
View File

@ -1,4 +1,5 @@
import logging
from os import environ
from borgmatic.execute import execute_command, execute_command_with_processes
from borgmatic.hooks import dump
@ -72,6 +73,11 @@ def build_dump_command(database, dump_filename, dump_format):
command.extend(('--username', database['username']))
if 'password' in database:
command.extend(('--password', database['password']))
elif 'password_env' in database:
password_key = database['password_env']
if password_key not in environ:
raise ValueError("Cannot find MongoDB password in env variable: " + password_key)
command.extend(('--password', environ[password_key]))
if 'authentication_database' in database:
command.extend(('--authenticationDatabase', database['authentication_database']))
if not all_databases:

11
borgmatic/hooks/mysql.py
View File

@ -1,5 +1,5 @@
import logging
from os import environ
from borgmatic.execute import execute_command, execute_command_with_processes
from borgmatic.hooks import dump
@ -73,7 +73,14 @@ def dump_databases(databases, log_prefix, location_config, dry_run):
dump_filename = dump.make_database_dump_filename(
make_dump_path(location_config), requested_name, database.get('hostname')
)
extra_environment = {'MYSQL_PWD': database['password']} if 'password' in database else None
extra_environment = None
if 'password' in database:
extra_environment = {'MYSQL_PWD': database['password']}
elif 'password_env' in database:
password_key = database['password_env']
if password_key not in environ:
raise ValueError("Cannot find MySQL password in env variable: " + password_key)
extra_environment = {'MYSQL_PWD': environ[password_key]}
dump_database_names = database_names_to_dump(
database, extra_environment, log_prefix, dry_run_label
)

6
borgmatic/hooks/postgresql.py
View File

@ -1,4 +1,5 @@
import logging
from os import environ
from borgmatic.execute import execute_command, execute_command_with_processes
from borgmatic.hooks import dump
@ -22,6 +23,11 @@ def make_extra_environment(database):
extra = dict()
if 'password' in database:
extra['PGPASSWORD'] = database['password']
elif 'password_env' in database:
password_key = database['password_env']
if password_key not in environ:
raise ValueError("Cannot find PostgreSQL password in env variable: " + password_key)
extra['PGPASSWORD'] = environ[password_key]
extra['PGSSLMODE'] = database.get('ssl_mode', 'disable')
if 'ssl_cert' in database:
extra['PGSSLCERT'] = database['ssl_cert']