diff options
| author | Quentin Dufour <quentin@deuxfleurs.fr> | 2020-06-02 12:26:41 +0200 |
|---|---|---|
| committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2020-06-02 12:26:41 +0200 |
| commit | d13352910d3c352d07d7e482bc87227ce88bdb22 (patch) | |
| tree | 0c7c07a1f9e8a03f54dd58c1ebf8c05693234757 /docker/bckp/kv_to_s3.go | |
| parent | a2e1f61cf8b70f0e63fc6f8eddbbcf0477263f8f (diff) | |
| download | infrastructure-d13352910d3c352d07d7e482bc87227ce88bdb22.tar.gz infrastructure-d13352910d3c352d07d7e482bc87227ce88bdb22.zip | |
Add upgrade documentation
Diffstat (limited to 'docker/bckp/kv_to_s3.go')
| -rw-r--r-- | docker/bckp/kv_to_s3.go | 83 |
1 files changed, 0 insertions, 83 deletions
diff --git a/docker/bckp/kv_to_s3.go b/docker/bckp/kv_to_s3.go deleted file mode 100644 index 5b629b8..0000000 --- a/docker/bckp/kv_to_s3.go +++ /dev/null @@ -1,83 +0,0 @@ -package main -import ( - "github.com/hashicorp/consul/api" - "errors" - "log" - "fmt" - "os" - "encoding/base64" - /*"github.com/aws/aws-sdk-go/service/s3"*/ -) - -const consul_addr string = "KV2S3_CONSUL_ADDR" -const enc_key string = "KV2S3_ENC_KEY" - -const key_exp_bits int = 256 -const key_exp_bytes int = key_exp_bits / 8 - -func errIsPanic(err error, format string, a ...interface{}) { - if err != nil { - log.Panicf(format, a...) - } -} - -func absentIsErr(present bool) error { - if !present { - return errors.New("Environement variable is not set.") - } - return nil -} - -func main() { - log.Println("starting consul kv backup...") - - //--- Ask Consul to Snapshot our KV - var present bool - conf := api.DefaultConfig() - conf.Address, present = os.LookupEnv(consul_addr) - err := absentIsErr(present) - errIsPanic(err, "%v env required. %v", consul_addr, err) - //@FIXME add later support for HTTPS - - options := api.QueryOptions { - // Prevent from backuping forever silently a desynchronized node - AllowStale: false, - } - - consul, err := api.NewClient(conf) - errIsPanic(err, "Unable to build a new client. %v", err) - - reader, _, err := consul.Snapshot().Save(&options) - defer reader.Close() - errIsPanic(err, "Snapshot failed. %v", err) - - //--- Get encryption key and check it - b64_key, present := os.LookupEnv(enc_key) - err = absentIsErr(present) - errIsPanic(err, "%v env required. %v", enc_key, err) - raw_key, err := base64.StdEncoding.DecodeString(b64_key) - errIsPanic(err, "Unable to decode base64 key. %v", err) - - err = nil - key_size_bytes := len(raw_key) - key_size_bits := key_size_bytes - - if key_size_bytes != key_exp_bytes { - msg := fmt.Sprintf( - "Key size is %d bits (%d bytes) instead of %d bits (%d bytes).", - key_size_bits, - key_size_bytes, - key_exp_bits, - key_exp_bytes) - - err = errors.New(msg) - } - errIsPanic(err, "We deliberately support only 256 bits (32 bytes) keys. %v", err) - - //--- Encryption - // Not a simple thing to do it in a streaming manner - is it only a good idea? - // https://neilmadden.blog/2019/12/30/a-few-comments-on-age/ - // https://moxie.org/2011/12/13/the-cryptographic-doom-principle.html - - -} |