diff options
Diffstat (limited to 'lib/backup/manager.rb')
| -rw-r--r-- | lib/backup/manager.rb | 36 |
1 files changed, 27 insertions, 9 deletions
diff --git a/lib/backup/manager.rb b/lib/backup/manager.rb index 52810b0fb35..6c5350082e8 100644 --- a/lib/backup/manager.rb +++ b/lib/backup/manager.rb @@ -47,10 +47,12 @@ module Backup return end - directory = connect_to_remote_directory(Gitlab.config.backup.upload) + directory = connect_to_remote_directory + upload = directory.files.create(create_attributes) - if directory.files.create(create_attributes) + if upload progress.puts "done".color(:green) + upload else puts "uploading backup to #{remote_directory} failed".color(:red) raise Backup::Error, 'Backup failed' @@ -206,11 +208,16 @@ module Backup @backup_file_list.map {|item| item.gsub("#{FILE_NAME_SUFFIX}", "")} end - def connect_to_remote_directory(options) - config = ObjectStorage::Config.new(options) - config.load_provider + def object_storage_config + @object_storage_config ||= begin + config = ObjectStorage::Config.new(Gitlab.config.backup.upload) + config.load_provider + config + end + end - connection = ::Fog::Storage.new(config.credentials) + def connect_to_remote_directory + connection = ::Fog::Storage.new(object_storage_config.credentials) # We only attempt to create the directory for local backups. For AWS # and other cloud providers, we cannot guarantee the user will have @@ -280,10 +287,8 @@ module Backup key: remote_target, body: File.open(File.join(backup_path, tar_file)), multipart_chunk_size: Gitlab.config.backup.upload.multipart_chunk_size, - encryption: Gitlab.config.backup.upload.encryption, - encryption_key: Gitlab.config.backup.upload.encryption_key, storage_class: Gitlab.config.backup.upload.storage_class - } + }.merge(encryption_attributes) # Google bucket-only policies prevent setting an ACL. In any case, by default, # all objects are set to the default ACL, which is project-private: @@ -293,6 +298,19 @@ module Backup attrs end + def encryption_attributes + return object_storage_config.fog_attributes if object_storage_config.aws_server_side_encryption_enabled? + + # Use customer-managed keys. Also, this preserves + # backward-compatibility for existing usages of `SSE-S3` that + # don't set `backup.upload.storage_options.server_side_encryption` + # to `'AES256'`. + { + encryption_key: Gitlab.config.backup.upload.encryption_key, + encryption: Gitlab.config.backup.upload.encryption + } + end + def google_provider? Gitlab.config.backup.upload.connection&.provider&.downcase == 'google' end |