From 68b6293213b69d67ad58051b44ee9f1bd571d441 Mon Sep 17 00:00:00 2001 From: David Rubin Date: Fri, 29 Dec 2017 16:26:41 +0100 Subject: [PATCH] Add AWS_BACKUP_ENCRYPTION ENV to enable aws backup aes encryption backups Also refactor the multi part config to match --- README.md | 1 + assets/runtime/config/gitlabhq/gitlab.yml | 10 ++++++---- assets/runtime/env-defaults | 1 + assets/runtime/functions | 6 +++++- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index b6ddb80c17..d20a2f51a4 100644 --- a/README.md +++ b/README.md @@ -1027,6 +1027,7 @@ Below is the complete list of available options that can be used to customize yo | `AWS_BACKUP_SECRET_ACCESS_KEY` | AWS secret access key. No defaults. | | `AWS_BACKUP_BUCKET` | AWS bucket for backup uploads. No defaults. | | `AWS_BACKUP_MULTIPART_CHUNK_SIZE` | Enables mulitpart uploads when file size reaches a defined size. See at [AWS S3 Docs](http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) | +| `AWS_BACKUP_ENCRYPTION` | Turns on AWS Server-Side Encryption. Defaults to `false`. See at [AWS s3 Docs](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)| | `GCS_BACKUPS` | Enables automatic uploads to an Google Cloud Storage (GCS) instance. Defaults to `false`. | | `GCS_BACKUP_ACCESS_KEY_ID` | GCS access key id. No defaults | | `GCS_BACKUP_SECRET_ACCESS_KEY` | GCS secret access key. No defaults | diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 4b8f7d0ed1..883a91ec30 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -512,13 +512,15 @@ production: &base aws_secret_access_key: '{{AWS_BACKUP_SECRET_ACCESS_KEY}}' # The remote 'directory' to store your backups. For S3, this would be the bucket name. remote_directory: '{{AWS_BACKUP_BUCKET}}' - #start-multipart + #start-multipart-aws # Use multipart uploads when file size reaches 100MB, see # http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html multipart_chunk_size: {{AWS_BACKUP_MULTIPART_CHUNK_SIZE}} - #end-multipart - # # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional - # # encryption: 'AES256' + #end-multipart-aws + #start-encryption-aws + # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional + encryption: 'AES256' + #end-encryption-aws # Fog storage connection settings, see http://fog.io/storage/ . #end-aws #start-gcs diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults index a039b1b110..b39e164b1b 100644 --- a/assets/runtime/env-defaults +++ b/assets/runtime/env-defaults @@ -158,6 +158,7 @@ AWS_BACKUP_ACCESS_KEY_ID=${AWS_BACKUP_ACCESS_KEY_ID} AWS_BACKUP_SECRET_ACCESS_KEY=${AWS_BACKUP_SECRET_ACCESS_KEY} AWS_BACKUP_BUCKET=${AWS_BACKUP_BUCKET} AWS_BACKUP_MULTIPART_CHUNK_SIZE=${AWS_BACKUP_MULTIPART_CHUNK_SIZE} +AWS_BACKUP_ENCRYPTION=${AWS_BACKUP_ENCRYPTION} ### GCS BACKUPS GCS_BACKUPS=${GCS_BACKUPS:-false} diff --git a/assets/runtime/functions b/assets/runtime/functions index 33bbaaf201..5d188a5344 100644 --- a/assets/runtime/functions +++ b/assets/runtime/functions @@ -791,7 +791,11 @@ gitlab_configure_backups_aws() { fi if [[ -z ${AWS_BACKUP_MULTIPART_CHUNK_SIZE} ]]; then - exec_as_git sed -i "/#start-multipart/,/#end-multipart/d" ${GITLAB_CONFIG} + exec_as_git sed -i "/#start-multipart-aws/,/#end-multipart-aws/d" ${GITLAB_CONFIG} + fi + + if [[ ${AWS_BACKUP_ENCRYPTION} != true ]]; then + exec_as_git sed -i "/#start-encryption-aws/,/#end-encryption-aws/d" ${GITLAB_CONFIG} fi if [[ -z ${AWS_BACKUP_REGION} && -z ${AWS_BACKUP_ENDPOINT} ]]; then