core: add toggle to completely disable backup mechanism

closes #1671 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-26 17:04:27 +02:00 · 2021-10-26 17:04:27 +02:00 · 92085f1a3c
parent 6067406e96
commit 92085f1a3c
3 changed files with 27 additions and 13 deletions
--- a/authentik/core/tasks.py
+++ b/authentik/core/tasks.py
@ -6,6 +6,7 @@ from os import environ
 from boto3.exceptions import Boto3Error
 from botocore.exceptions import BotoCoreError, ClientError
 from dbbackup.db.exceptions import CommandConnectorError
+from django.conf import settings
 from django.contrib.humanize.templatetags.humanize import naturaltime
 from django.contrib.sessions.backends.cache import KEY_PREFIX
 from django.core import management
@ -55,24 +56,25 @@ def clean_expired_models(self: MonitoredTask):
    self.set_status(TaskResult(TaskResultStatus.SUCCESSFUL, messages))


+def should_backup() -> bool:
+    """Check if we should be doing backups"""
+    if SERVICE_HOST_ENV_NAME in environ and not CONFIG.y("postgresql.s3_backup.bucket"):
+        LOGGER.info("Running in k8s and s3 backups are not configured, skipping")
+        return False
+    if not CONFIG.y_bool("postgresql.backup.enabled"):
+        return False
+    if settings.DEBUG:
+        return False
+    return True
+
+
@CELERY_APP.task(bind=True, base=MonitoredTask)
@prefill_task()
 def backup_database(self: MonitoredTask):  # pragma: no cover
    """Database backup"""
    self.result_timeout_hours = 25
-    if SERVICE_HOST_ENV_NAME in environ and not CONFIG.y("postgresql.s3_backup.bucket"):
-        LOGGER.info("Running in k8s and s3 backups are not configured, skipping")
-        self.set_status(
-            TaskResult(
-                TaskResultStatus.WARNING,
-                [
-                    (
-                        "Skipping backup as authentik is running in Kubernetes "
-                        "without S3 backups configured."
-                    ),
-                ],
-            )
-        )
+    if not should_backup():
+        self.set_status(TaskResult(TaskResultStatus.UNKNOWN, ["Backups are not configured."]))
        return
    try:
        start = datetime.now()
--- a/authentik/lib/default.yml
+++ b/authentik/lib/default.yml
@ -5,6 +5,16 @@ postgresql:
  user: authentik
  port: 5432
  password: 'env://POSTGRES_PASSWORD'
+  backup:
+    enabled: true
+  s3_backup:
+    access_key: ""
+    secret_key: ""
+    bucket: ""
+    region: eu-central-1
+    host: ""
+    location: ""
+    insecure_skip_verify: false

 web:
  listen: 0.0.0.0:9000
--- a/website/docs/installation/configuration.md
+++ b/website/docs/installation/configuration.md
@ -25,6 +25,8 @@ All of these variables can be set to values, but you can also use a URI-like for

 ### PostgreSQL Backup Settings

+- `AUTHENTIK_POSTGRESQL__BACKUP__ENABLED`: Controls if the inbuilt backup-mechanism is enabled, defaults to true (new in 2021.10).
+
 Optionally enable automated database backups to S3 or S3-compatible storages.

 - `AUTHENTIK_POSTGRESQL__S3_BACKUP__ACCESS_KEY`: S3 Access Key