octoleo/restic
2
2
Fork 0
mirror of https://github.com/octoleo/restic.git synced 2024-11-28 15:56:37 +00:00
Code Issues Releases Wiki Activity

Merge pull request #4480 from AgathaSorceress/add-rest-auth-env

Browse Source 
Support reading basic auth credentials for REST server from environment variables
This commit is contained in:
Michael Eischer 2023-10-21 17:41:08 +00:00 committed by GitHub
commit 7f05af02b9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 53 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
changelog/unreleased/pull-4480 Normal file
View File

@ -0,0 +1,10 @@
Enhancement: Allow setting REST password and username via environment variables
Previously, it was only possible to specify the REST server username and
password in the repository URL, or using the `--repository-file` option. This
meant it was not possible to use authentication in contexts where the repository
URL is public and parts of it are templated by other software. Restic now
allows setting the username and password using the `RESTIC_REST_USERNAME` and
`RESTIC_REST_PASSWORD` variables.
https://github.com/restic/restic/pull/4480

8
doc/030_preparing_a_new_repo.rst
View File

@ -211,6 +211,14 @@ are some more examples:
$ restic -r rest:https://user:pass@host:8000/ init $ restic -r rest:https://user:pass@host:8000/ init
$ restic -r rest:https://user:pass@host:8000/my_backup_repo/ init $ restic -r rest:https://user:pass@host:8000/my_backup_repo/ init
The server username and password can be specified using environment
variables as well:
.. code-block:: console
$ export RESTIC_REST_USERNAME=<MY_REST_SERVER_USERNAME>
$ export RESTIC_REST_PASSWORD=<MY_REST_SERVER_PASSWORD>
If you use TLS, restic will use the system's CA certificates to verify the If you use TLS, restic will use the system's CA certificates to verify the
server certificate. When the verification fails, restic refuses to proceed and server certificate. When the verification fails, restic refuses to proceed and
exits with an error. If you have your own self-signed certificate, or a custom exits with an error. If you have your own self-signed certificate, or a custom

31
doc/040_backup.rst
View File

@ -593,9 +593,16 @@ environment variables. The following lists these environment variables:
AWS_PROFILE Amazon credentials profile (alternative to specifying key and region) AWS_PROFILE Amazon credentials profile (alternative to specifying key and region)
AWS_SHARED_CREDENTIALS_FILE Location of the AWS CLI shared credentials file (default: ~/.aws/credentials) AWS_SHARED_CREDENTIALS_FILE Location of the AWS CLI shared credentials file (default: ~/.aws/credentials)
ST_AUTH Auth URL for keystone v1 authentication AZURE_ACCOUNT_NAME Account name for Azure
ST_USER Username for keystone v1 authentication AZURE_ACCOUNT_KEY Account key for Azure
ST_KEY Password for keystone v1 authentication AZURE_ACCOUNT_SAS Shared access signatures (SAS) for Azure
AZURE_ENDPOINT_SUFFIX Endpoint suffix for Azure Storage (default: core.windows.net)
B2_ACCOUNT_ID Account ID or applicationKeyId for Backblaze B2
B2_ACCOUNT_KEY Account Key or applicationKey for Backblaze B2
GOOGLE_PROJECT_ID Project ID for Google Cloud Storage
GOOGLE_APPLICATION_CREDENTIALS Application Credentials for Google Cloud Storage (e.g. $HOME/.config/gs-secret-restic-key.json)
OS_AUTH_URL Auth URL for keystone authentication OS_AUTH_URL Auth URL for keystone authentication
OS_REGION_NAME Region name for keystone authentication OS_REGION_NAME Region name for keystone authentication
@ -619,19 +626,15 @@ environment variables. The following lists these environment variables:
OS_STORAGE_URL Storage URL for token authentication OS_STORAGE_URL Storage URL for token authentication
OS_AUTH_TOKEN Auth token for token authentication OS_AUTH_TOKEN Auth token for token authentication
B2_ACCOUNT_ID Account ID or applicationKeyId for Backblaze B2
B2_ACCOUNT_KEY Account Key or applicationKey for Backblaze B2
AZURE_ACCOUNT_NAME Account name for Azure
AZURE_ACCOUNT_KEY Account key for Azure
AZURE_ACCOUNT_SAS Shared access signatures (SAS) for Azure
AZURE_ENDPOINT_SUFFIX Endpoint suffix for Azure Storage (default: core.windows.net)
GOOGLE_PROJECT_ID Project ID for Google Cloud Storage
GOOGLE_APPLICATION_CREDENTIALS Application Credentials for Google Cloud Storage (e.g. $HOME/.config/gs-secret-restic-key.json)
RCLONE_BWLIMIT rclone bandwidth limit RCLONE_BWLIMIT rclone bandwidth limit
RESTIC_REST_USERNAME Restic REST Server username
RESTIC_REST_PASSWORD Restic REST Server password
ST_AUTH Auth URL for keystone v1 authentication
ST_USER Username for keystone v1 authentication
ST_KEY Password for keystone v1 authentication
See :ref:`caching` for the rules concerning cache locations when See :ref:`caching` for the rules concerning cache locations when
``RESTIC_CACHE_DIR`` is not set. ``RESTIC_CACHE_DIR`` is not set.

18
internal/backend/rest/config.go
View File

@ -2,10 +2,12 @@ package rest
import ( import (
"net/url" "net/url"
"os"
"strings" "strings"
"github.com/restic/restic/internal/errors" "github.com/restic/restic/internal/errors"
"github.com/restic/restic/internal/options" "github.com/restic/restic/internal/options"
"github.com/restic/restic/internal/restic"
) )
// Config contains all configuration necessary to connect to a REST server. // Config contains all configuration necessary to connect to a REST server.
@ -70,3 +72,19 @@ func prepareURL(s string) string {
} }
return s return s
} }
var _ restic.ApplyEnvironmenter = &Config{}
// ApplyEnvironment saves values from the environment to the config.
func (cfg *Config) ApplyEnvironment(prefix string) {
username := cfg.URL.User.Username()
_, pwdSet := cfg.URL.User.Password()
// Only apply env variable values if neither username nor password are provided.
if username == "" && !pwdSet {
envName := os.Getenv(prefix + "RESTIC_REST_USERNAME")
envPwd := os.Getenv(prefix + "RESTIC_REST_PASSWORD")
cfg.URL.User = url.UserPassword(envName, envPwd)
}
}