feat: add encryption to dump-database.sh prototype

This commit also includes required changes to docker-compose.yaml and boilerplate.env.
zebra-f · Apr 9, 2024 · 2e8b255 · 2e8b255
1 parent ad8ce86
commit 2e8b255
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 8 deletions.
diff --git a/boilerplate.env b/boilerplate.env
@@ -18,3 +18,6 @@ EMAIL_HOST_USER=
 EMAIL_HOST_PASSWORD=
 
 ADMIN_URL_SEGMENT="test"
+
+# Not required for Django or Docker, used in a script
+GPG_DATABASE_DUMP_PASSPHRASE=
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -15,7 +15,7 @@ services:
       retries: 5
     volumes:
       - ${BIND_MOUNT_DATA_PATH}/postgres_data/data:/var/lib/postgresql/data
-      - ${BIND_MOUNT_DATA_PATH}/postgres_data/dump:/tmp/dump
+      - ${BIND_MOUNT_DATA_PATH}/postgres_data/dumps:/tmp/dumps
   redis:
     image: redis:7.2.1-alpine
     container_name: redis-v-1-dev

diff --git a/dump-database.sh b/dump-database.sh
@@ -9,17 +9,64 @@ if [ -f ./.env ]; then
 fi
 
 # Warning: hardcoded postgres container name
-docker exec -it postgres-v-1-dev pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB_NAME}
-if [ $? -ne 0 ]; then
-	echo "$(date), database is unhealthy." >> ${LOG_FILE}
-	exit 1
+timeout 10s docker exec postgres-v-1-dev pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB_NAME}
+exit_code=$?
+if [ $exit_code -eq 124 ]; then
+	echo "$(date), pg_isready timed out." >> ${LOG_FILE}
+	exit $exit_code
+fi
+if [ $exit_code -ne 0 ]; then
+	echo "$(date), pg_isready, database is unhealthy." >> ${LOG_FILE}
+	exit $exit_code
 fi
 
 # Warning: hardcoded postgres container name
-docker exec -it postgres-v-1-dev pg_dump -U ${POSTGRES_USER} -d ${POSTGRES_DB_NAME} --format=tar -f /tmp/dump/database.tar
-if [ $? -eq 0 ]; then 
+timeout 20m docker exec postgres-v-1-dev pg_dump -U ${POSTGRES_USER} -d ${POSTGRES_DB_NAME} --format=tar -f /tmp/dumps/database.tar
+exit_code=$?
+if [ $exit_code -eq 124 ]; then
+	echo "$(date), pg_dump timed out." >> ${LOG_FILE}
+	exit $exit_code
+fi
+if [ $exit_code -eq 0 ]; then 
 	echo "$(date), pg_dump succeed." >> ${LOG_FILE}
 else 
 	echo "$(date), pg_dump failed." >> ${LOG_FILE}
-	exit 2
+	exit $exit_code
+fi
+
+# Exit if no arguments are provided
+if [ -z "$1" ]; then
+	exit 0
+fi 
+
+if [[ "$1" != "encrypt" ]]; then
+	echo "Incorrect argument. Did you mean './dump-database.sh encrypt'?"
+	exit 1
+fi
+
+if [[ ! -d ${BIND_MOUNT_DATA_PATH}/postgres_data/dumps ]]; then
+	echo "$(date), dir ${BIND_MOUNT_DATA_PATH}/postgres_data/dumps doesn't exists." >> ${LOG_FILE}
+	exit 1
 fi
+
+if [[ ! -f ${BIND_MOUNT_DATA_PATH}/postgres_data/dumps/database.tar ]]; then
+	echo "$(date), file ${BIND_MOUNT_DATA_PATH}/postgres_data/dumps/database.tar doesn't exists." >> ${LOG_FILE}
+	exit 1
+fi
+
+if [[ -z $GPG_DATABASE_DUMP_PASSPHRASE ]]; then
+	echo "$(date), encryption passphrase is not set." >> ${LOG_FILE}
+	exit 1
+fi
+
+echo $GPG_DATABASE_DUMP_PASSPHRASE | gpg --batch --yes -c --passphrase-fd 0 \
+	-o ${BIND_MOUNT_DATA_PATH}/postgres_data/dumps/database.tar.gpg \
+	${BIND_MOUNT_DATA_PATH}/postgres_data/dumps/database.tar
+exit_code=$?
+if [ $exit_code -eq 0 ]; then 
+	echo "$(date), encryption succeed." >> ${LOG_FILE}
+else 
+	echo "$(date), encryption failed." >> ${LOG_FILE}
+	exit $exit_code
+fi
+