* EE-319: backup endpoint (#193) * feat(backup): * add an orbiter to block writes while backup * add backup handler * add an ability to tar.gz a dir * add aes encryption support * EE-320: restore endpoint (#196) * feat(backup): * add restore handler * re-init system state after restore * feat(backup): Update server to respect readonly lock (#199) * feat(backup): EE-322 Add backup and restore screen (#198) Co-authored-by: Simon Meng <simon.meng@portainer.io> * name archive as portainer-backup_yyyy-mm-dd_hh-mm-ss * backup custom templates and edge jobs * restart http and proxy servers after restore to re-init internal state * feat(backup): EE-322 hide password field if password protect toggle is off * feat(backup): EE-322 add tooltip for password field of restore backup * feat(backup): EE-322 wait for backend restart after restoring * Shutdown background go-routines * changed restore err message when cannot extract * fix: symlinks are ignored from backups * replace single admin check with a restartable monitor (#238) * clean log Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com> Co-authored-by: cong meng <mcpacino@gmail.com> Co-authored-by: Simon Meng <simon.meng@portainer.io>
122 lines
3.6 KiB
Go
122 lines
3.6 KiB
Go
package backup
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"io"
|
|
"io/ioutil"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"os"
|
|
"os/exec"
|
|
"path"
|
|
"path/filepath"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/portainer/portainer/api/adminmonitor"
|
|
"github.com/portainer/portainer/api/crypto"
|
|
"github.com/portainer/portainer/api/http/offlinegate"
|
|
i "github.com/portainer/portainer/api/internal/testhelpers"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func listFiles(dir string) []string {
|
|
items := make([]string, 0)
|
|
filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
|
|
if path == dir {
|
|
return nil
|
|
}
|
|
items = append(items, path)
|
|
return nil
|
|
})
|
|
|
|
return items
|
|
}
|
|
|
|
func contains(t *testing.T, list []string, path string) {
|
|
assert.Contains(t, list, path)
|
|
copyContent, _ := ioutil.ReadFile(path)
|
|
assert.Equal(t, "content\n", string(copyContent))
|
|
}
|
|
|
|
func Test_backupHandlerWithoutPassword_shouldCreateATarballArchive(t *testing.T) {
|
|
r := httptest.NewRequest(http.MethodPost, "/", strings.NewReader(`{"password":""}`))
|
|
w := httptest.NewRecorder()
|
|
|
|
gate := offlinegate.NewOfflineGate()
|
|
adminMonitor := adminmonitor.New(time.Hour, nil, context.Background())
|
|
|
|
handlerErr := NewHandler(nil, i.NewDatastore(), gate, "./test_assets/handler_test", func() {}, adminMonitor).backup(w, r)
|
|
assert.Nil(t, handlerErr, "Handler should not fail")
|
|
|
|
response := w.Result()
|
|
body, _ := io.ReadAll(response.Body)
|
|
|
|
tmpdir, _ := os.MkdirTemp("", "backup")
|
|
defer os.RemoveAll(tmpdir)
|
|
|
|
archivePath := filepath.Join(tmpdir, "archive.tag.gz")
|
|
err := ioutil.WriteFile(archivePath, body, 0600)
|
|
if err != nil {
|
|
t.Fatal("Failed to save downloaded .tar.gz archive: ", err)
|
|
}
|
|
cmd := exec.Command("tar", "-xzf", archivePath, "-C", tmpdir)
|
|
err = cmd.Run()
|
|
if err != nil {
|
|
t.Fatal("Failed to extract archive: ", err)
|
|
}
|
|
|
|
createdFiles := listFiles(tmpdir)
|
|
|
|
contains(t, createdFiles, path.Join(tmpdir, "portainer.key"))
|
|
contains(t, createdFiles, path.Join(tmpdir, "portainer.pub"))
|
|
contains(t, createdFiles, path.Join(tmpdir, "tls", "file1"))
|
|
contains(t, createdFiles, path.Join(tmpdir, "tls", "file2"))
|
|
assert.NotContains(t, createdFiles, path.Join(tmpdir, "extra_file"))
|
|
assert.NotContains(t, createdFiles, path.Join(tmpdir, "extra_folder", "file1"))
|
|
}
|
|
|
|
func Test_backupHandlerWithPassword_shouldCreateEncryptedATarballArchive(t *testing.T) {
|
|
r := httptest.NewRequest(http.MethodPost, "/", strings.NewReader(`{"password":"secret"}`))
|
|
w := httptest.NewRecorder()
|
|
|
|
gate := offlinegate.NewOfflineGate()
|
|
adminMonitor := adminmonitor.New(time.Hour, nil, nil)
|
|
|
|
handlerErr := NewHandler(nil, i.NewDatastore(), gate, "./test_assets/handler_test", func() {}, adminMonitor).backup(w, r)
|
|
assert.Nil(t, handlerErr, "Handler should not fail")
|
|
|
|
response := w.Result()
|
|
body, _ := io.ReadAll(response.Body)
|
|
|
|
tmpdir, _ := os.MkdirTemp("", "backup")
|
|
defer os.RemoveAll(tmpdir)
|
|
|
|
dr, err := crypto.AesDecrypt(bytes.NewReader(body), []byte("secret"))
|
|
if err != nil {
|
|
t.Fatal("Failed to decrypt archive")
|
|
}
|
|
|
|
archivePath := filepath.Join(tmpdir, "archive.tag.gz")
|
|
archive, _ := os.Create(archivePath)
|
|
defer archive.Close()
|
|
io.Copy(archive, dr)
|
|
|
|
cmd := exec.Command("tar", "-xzf", archivePath, "-C", tmpdir)
|
|
err = cmd.Run()
|
|
if err != nil {
|
|
t.Fatal("Failed to extract archive: ", err)
|
|
}
|
|
|
|
createdFiles := listFiles(tmpdir)
|
|
|
|
contains(t, createdFiles, path.Join(tmpdir, "portainer.key"))
|
|
contains(t, createdFiles, path.Join(tmpdir, "portainer.pub"))
|
|
contains(t, createdFiles, path.Join(tmpdir, "tls", "file1"))
|
|
contains(t, createdFiles, path.Join(tmpdir, "tls", "file2"))
|
|
assert.NotContains(t, createdFiles, path.Join(tmpdir, "extra_file"))
|
|
assert.NotContains(t, createdFiles, path.Join(tmpdir, "extra_folder", "file1"))
|
|
}
|