From 92085f1a3c578cb16f87f28e8eed678d621bcd68 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 26 Oct 2021 17:04:27 +0200 Subject: [PATCH] core: add toggle to completely disable backup mechanism closes #1671 Signed-off-by: Jens Langhammer --- authentik/core/tasks.py | 28 ++++++++++++---------- authentik/lib/default.yml | 10 ++++++++ website/docs/installation/configuration.md | 2 ++ 3 files changed, 27 insertions(+), 13 deletions(-) diff --git a/authentik/core/tasks.py b/authentik/core/tasks.py index 280ac4ddd..df45b4d4b 100644 --- a/authentik/core/tasks.py +++ b/authentik/core/tasks.py @@ -6,6 +6,7 @@ from os import environ from boto3.exceptions import Boto3Error from botocore.exceptions import BotoCoreError, ClientError from dbbackup.db.exceptions import CommandConnectorError +from django.conf import settings from django.contrib.humanize.templatetags.humanize import naturaltime from django.contrib.sessions.backends.cache import KEY_PREFIX from django.core import management @@ -55,24 +56,25 @@ def clean_expired_models(self: MonitoredTask): self.set_status(TaskResult(TaskResultStatus.SUCCESSFUL, messages)) +def should_backup() -> bool: + """Check if we should be doing backups""" + if SERVICE_HOST_ENV_NAME in environ and not CONFIG.y("postgresql.s3_backup.bucket"): + LOGGER.info("Running in k8s and s3 backups are not configured, skipping") + return False + if not CONFIG.y_bool("postgresql.backup.enabled"): + return False + if settings.DEBUG: + return False + return True + + @CELERY_APP.task(bind=True, base=MonitoredTask) @prefill_task() def backup_database(self: MonitoredTask): # pragma: no cover """Database backup""" self.result_timeout_hours = 25 - if SERVICE_HOST_ENV_NAME in environ and not CONFIG.y("postgresql.s3_backup.bucket"): - LOGGER.info("Running in k8s and s3 backups are not configured, skipping") - self.set_status( - TaskResult( - TaskResultStatus.WARNING, - [ - ( - "Skipping backup as authentik is running in Kubernetes " - "without S3 backups configured." - ), - ], - ) - ) + if not should_backup(): + self.set_status(TaskResult(TaskResultStatus.UNKNOWN, ["Backups are not configured."])) return try: start = datetime.now() diff --git a/authentik/lib/default.yml b/authentik/lib/default.yml index 4390443dd..0613f82c5 100644 --- a/authentik/lib/default.yml +++ b/authentik/lib/default.yml @@ -5,6 +5,16 @@ postgresql: user: authentik port: 5432 password: 'env://POSTGRES_PASSWORD' + backup: + enabled: true + s3_backup: + access_key: "" + secret_key: "" + bucket: "" + region: eu-central-1 + host: "" + location: "" + insecure_skip_verify: false web: listen: 0.0.0.0:9000 diff --git a/website/docs/installation/configuration.md b/website/docs/installation/configuration.md index 3803b5a05..d6908f511 100644 --- a/website/docs/installation/configuration.md +++ b/website/docs/installation/configuration.md @@ -25,6 +25,8 @@ All of these variables can be set to values, but you can also use a URI-like for ### PostgreSQL Backup Settings +- `AUTHENTIK_POSTGRESQL__BACKUP__ENABLED`: Controls if the inbuilt backup-mechanism is enabled, defaults to true (new in 2021.10). + Optionally enable automated database backups to S3 or S3-compatible storages. - `AUTHENTIK_POSTGRESQL__S3_BACKUP__ACCESS_KEY`: S3 Access Key