borgmatic-collective/borgmatic
borgmatic-collective
/
borgmatic
14
58
Fork 42
Code Issues 62 Pull Requests 2 Actions Packages Releases 122 Activity

Allow database password to be read from environ 

- add 'password_env' key in config to read databases passwords firectly
  from environment variable
This commit is contained in:
Sébastien MB 2022-06-12 22:44:14 +02:00
parent f2c2f3139e
commit 0dfbf77b7f
4 changed files with 39 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
borgmatic/config/schema.yaml
View File

@ -704,6 +704,12 @@ properties:
without a password or you create a ~/.pgpass without a password or you create a ~/.pgpass
file. file.
example: trustsome1 example: trustsome1
password_env:
type: string
description: |
Environment variable containing the password with
which to connect to the database.
example: MY_PASSWORD
format: format:
type: string type: string
enum: ['plain', 'custom', 'directory', 'tar'] enum: ['plain', 'custom', 'directory', 'tar']
@ -802,6 +808,12 @@ properties:
configured to trust the configured username configured to trust the configured username
without a password. without a password.
example: trustsome1 example: trustsome1
password_env:
type: string
description: |
Environment variable containing the password with
which to connect to the database.
example: MY_PASSWORD
list_options: list_options:
type: string type: string
description: | description: |
@ -864,6 +876,12 @@ properties:
Password with which to connect to the database. Password with which to connect to the database.
Skip it if no authentication is needed. Skip it if no authentication is needed.
example: trustsome1 example: trustsome1
password_env:
type: string
description: |
Environment variable containing the password with
which to connect to the database.
example: MY_PASSWORD
authentication_database: authentication_database:
type: string type: string
description: | description: |

6
borgmatic/hooks/mongodb.py
View File

@ -1,4 +1,5 @@
import logging import logging
from os import environ
from borgmatic.execute import execute_command, execute_command_with_processes from borgmatic.execute import execute_command, execute_command_with_processes
from borgmatic.hooks import dump from borgmatic.hooks import dump
@ -72,6 +73,11 @@ def build_dump_command(database, dump_filename, dump_format):
command.extend(('--username', database['username'])) command.extend(('--username', database['username']))
if 'password' in database: if 'password' in database:
command.extend(('--password', database['password'])) command.extend(('--password', database['password']))
elif 'password_env' in database:
password_key = database['password_env']
if password_key not in environ:
raise ValueError("Cannot find MongoDB password in env variable: " + password_key)
command.extend(('--password', environ[password_key]))
if 'authentication_database' in database: if 'authentication_database' in database:
command.extend(('--authenticationDatabase', database['authentication_database'])) command.extend(('--authenticationDatabase', database['authentication_database']))
if not all_databases: if not all_databases:

11
borgmatic/hooks/mysql.py
View File

@ -1,5 +1,5 @@
import logging import logging
from os import environ
from borgmatic.execute import execute_command, execute_command_with_processes from borgmatic.execute import execute_command, execute_command_with_processes
from borgmatic.hooks import dump from borgmatic.hooks import dump
@ -73,7 +73,14 @@ def dump_databases(databases, log_prefix, location_config, dry_run):
dump_filename = dump.make_database_dump_filename( dump_filename = dump.make_database_dump_filename(
make_dump_path(location_config), requested_name, database.get('hostname') make_dump_path(location_config), requested_name, database.get('hostname')
) )
extra_environment = {'MYSQL_PWD': database['password']} if 'password' in database else None extra_environment = None
if 'password' in database:
extra_environment = {'MYSQL_PWD': database['password']}
elif 'password_env' in database:
password_key = database['password_env']
if password_key not in environ:
raise ValueError("Cannot find MySQL password in env variable: " + password_key)
extra_environment = {'MYSQL_PWD': environ[password_key]}
dump_database_names = database_names_to_dump( dump_database_names = database_names_to_dump(
database, extra_environment, log_prefix, dry_run_label database, extra_environment, log_prefix, dry_run_label
) )

6
borgmatic/hooks/postgresql.py
View File

@ -1,4 +1,5 @@
import logging import logging
from os import environ
from borgmatic.execute import execute_command, execute_command_with_processes from borgmatic.execute import execute_command, execute_command_with_processes
from borgmatic.hooks import dump from borgmatic.hooks import dump
@ -22,6 +23,11 @@ def make_extra_environment(database):
extra = dict() extra = dict()
if 'password' in database: if 'password' in database:
extra['PGPASSWORD'] = database['password'] extra['PGPASSWORD'] = database['password']
elif 'password_env' in database:
password_key = database['password_env']
if password_key not in environ:
raise ValueError("Cannot find PostgreSQL password in env variable: " + password_key)
extra['PGPASSWORD'] = environ[password_key]
extra['PGSSLMODE'] = database.get('ssl_mode', 'disable') extra['PGSSLMODE'] = database.get('ssl_mode', 'disable')
if 'ssl_cert' in database: if 'ssl_cert' in database:
extra['PGSSLCERT'] = database['ssl_cert'] extra['PGSSLCERT'] = database['ssl_cert']