From 83fc3dcf3459f50b8fff40e81cde34960f904c5c Mon Sep 17 00:00:00 2001 From: Frederik Ring Date: Sat, 17 Feb 2024 09:12:59 +0100 Subject: [PATCH] Allow backup to be run as non-root user --- Dockerfile | 3 ++- test/nonroot/docker-compose.yml | 40 +++++++++++++++++++++++++++++++++ test/nonroot/run.sh | 25 +++++++++++++++++++++ test/util.sh | 2 +- 4 files changed, 68 insertions(+), 2 deletions(-) create mode 100644 test/nonroot/docker-compose.yml create mode 100755 test/nonroot/run.sh diff --git a/Dockerfile b/Dockerfile index 3cf6f0b..7e7ec8e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,8 @@ FROM alpine:3.19 WORKDIR /root -RUN apk add --no-cache ca-certificates +RUN apk add --no-cache ca-certificates && \ + chmod a+rw /var/lock COPY --from=builder /app/cmd/backup/backup /usr/bin/backup diff --git a/test/nonroot/docker-compose.yml b/test/nonroot/docker-compose.yml new file mode 100644 index 0000000..dd0292c --- /dev/null +++ b/test/nonroot/docker-compose.yml @@ -0,0 +1,40 @@ +version: '3' + +services: + minio: + image: minio/minio:RELEASE.2020-08-04T23-10-51Z + environment: + MINIO_ROOT_USER: test + MINIO_ROOT_PASSWORD: test + MINIO_ACCESS_KEY: test + MINIO_SECRET_KEY: GMusLtUmILge2by+z890kQ + entrypoint: /bin/ash -c 'mkdir -p /data/backup && minio server /data' + volumes: + - ${LOCAL_DIR:-local}:/data + + backup: + image: offen/docker-volume-backup:${TEST_VERSION:-canary} + user: 1000:1000 + depends_on: + - minio + restart: always + environment: + AWS_ACCESS_KEY_ID: test + AWS_SECRET_ACCESS_KEY: GMusLtUmILge2by+z890kQ + AWS_ENDPOINT: minio:9000 + AWS_ENDPOINT_PROTO: http + AWS_S3_BUCKET_NAME: backup + BACKUP_CRON_EXPRESSION: 0 0 5 31 2 ? + BACKUP_FILENAME: test.tar.gz + volumes: + - app_data:/backup/app_data:ro + + offen: + image: offen/offen:latest + labels: + - docker-volume-backup.stop-during-backup=true + volumes: + - app_data:/var/opt/offen + +volumes: + app_data: diff --git a/test/nonroot/run.sh b/test/nonroot/run.sh new file mode 100755 index 0000000..7728320 --- /dev/null +++ b/test/nonroot/run.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +set -e + +cd "$(dirname "$0")" +. ../util.sh +current_test=$(basename $(pwd)) + +export LOCAL_DIR=$(mktemp -d) + +docker compose up -d --quiet-pull +sleep 5 + +docker compose exec backup backup + +sleep 5 + +expect_running_containers "3" + +if [ ! -f "$LOCAL_DIR/backup/test.tar.gz" ]; then + fail "Could not find archive." +fi +pass "Archive was created." + +docker compose logs backup diff --git a/test/util.sh b/test/util.sh index 6de8606..ee7aedf 100644 --- a/test/util.sh +++ b/test/util.sh @@ -22,7 +22,7 @@ skip () { expect_running_containers () { if [ "$(docker ps -q | wc -l)" != "$1" ]; then - fail "Expected $1 containers to be running, instead seen: "$(docker ps -a | wc -l)"" + fail "Expected $1 containers to be running, instead seen: "$(docker ps -q | wc -l)"" fi pass "$1 containers running." }