backup-service/backup.py

#!/usr/bin/env python3
import base64
import os
from kubernetes import client, config
from kubernetes.client.api_client import ApiClient
from subprocess import Popen, PIPE
from flask import Flask, request, send_file
from urllib.parse import urlparse

TOKEN = os.environ["TOKEN"]
app = Flask(__name__)

if os.getenv("KUBECONFIG"):
    config.load_kube_config()
else:
    config.load_incluster_config()


def generate_targets():
    with ApiClient() as api:
        v1 = client.CoreV1Api(api)
        api_instance = client.CustomObjectsApi(api)
        for i in v1.list_namespace().items:
            # Handle MongoDB community operator
            targets = api_instance.list_namespaced_custom_object(
                "mongodbcommunity.mongodb.com",
                "v1",
                i.metadata.name,
                "mongodbcommunity")
            for target in targets["items"]:
                for user in target["spec"]["users"]:
                    for role in user["roles"]:
                        yield i.metadata.name, "mongodbcommunity", \
                            user["name"], role["db"]


@app.route("/cronjob.sh")
def generate_script():
    if request.headers.get("Authorization") != TOKEN:
        raise
    base = urlparse(request.base_url)._replace(path="", params="", query="", fragment="").geturl()

    def generate():
        for z in generate_targets():
            path = "/stream/%s/%s/%s/%s\n" % z
            yield "wget --content-disposition --header \"Authorization: %s\" %s%s" % (TOKEN, base, path)
    return app.response_class(generate(), mimetype="text/plain")


@app.route("/stream/<namespace>/mongodbcommunity/<user>/<database>")
def stream(namespace, user, database):
    if request.headers.get("Authorization") != TOKEN:
        raise
    with ApiClient() as api:
        v1 = client.CoreV1Api(api)
        secret_name = "mongodb-%s-%s" % (database, user)
        secret = v1.read_namespaced_secret(secret_name, namespace)
        uri = base64.b64decode(secret.data["connectionString.standard"]).decode("ascii")
        cmd = "/usr/bin/mongodump", "--uri", uri, "--gzip", "--archive", "--quiet"
        print("Executing:", cmd)
        process = Popen(cmd, stdout=PIPE, stdin=PIPE, close_fds=True, bufsize=4096 * 1024)
        return send_file(process.stdout,
          mimetype="application/tar+gzip",
          as_attachment=True,
          download_name="%s.tar.gz" % secret_name)


app.run(host="0.0.0.0", debug=False, threaded=True)
Initial commit 2022-07-28 21:55:11 +00:00			`#!/usr/bin/env python3`
			`import base64`
			`import os`
			`from kubernetes import client, config`
			`from kubernetes.client.api_client import ApiClient`
			`from subprocess import Popen, PIPE`
			`from flask import Flask, request, send_file`
Add cronjob script generator 2022-08-03 20:45:01 +00:00			`from urllib.parse import urlparse`
Initial commit 2022-07-28 21:55:11 +00:00
			`TOKEN = os.environ["TOKEN"]`
			`app = Flask(__name__)`

Add cronjob script generator 2022-08-03 20:45:01 +00:00			`if os.getenv("KUBECONFIG"):`
			`config.load_kube_config()`
			`else:`
			`config.load_incluster_config()`


			`def generate_targets():`
			`with ApiClient() as api:`
			`v1 = client.CoreV1Api(api)`
			`api_instance = client.CustomObjectsApi(api)`
			`for i in v1.list_namespace().items:`
			`# Handle MongoDB community operator`
			`targets = api_instance.list_namespaced_custom_object(`
			`"mongodbcommunity.mongodb.com",`
			`"v1",`
			`i.metadata.name,`
			`"mongodbcommunity")`
			`for target in targets["items"]:`
			`for user in target["spec"]["users"]:`
			`for role in user["roles"]:`
			`yield i.metadata.name, "mongodbcommunity", \`
			`user["name"], role["db"]`


			`@app.route("/cronjob.sh")`
			`def generate_script():`
			`if request.headers.get("Authorization") != TOKEN:`
			`raise`
			`base = urlparse(request.base_url)._replace(path="", params="", query="", fragment="").geturl()`

			`def generate():`
			`for z in generate_targets():`
			`path = "/stream/%s/%s/%s/%s\n" % z`
			`yield "wget --content-disposition --header \"Authorization: %s\" %s%s" % (TOKEN, base, path)`
			`return app.response_class(generate(), mimetype="text/plain")`


			`@app.route("/stream/<namespace>/mongodbcommunity/<user>/<database>")`
Initial commit 2022-07-28 21:55:11 +00:00			`def stream(namespace, user, database):`
			`if request.headers.get("Authorization") != TOKEN:`
			`raise`
			`with ApiClient() as api:`
			`v1 = client.CoreV1Api(api)`
Add cronjob script generator 2022-08-03 20:45:01 +00:00			`secret_name = "mongodb-%s-%s" % (database, user)`
Initial commit 2022-07-28 21:55:11 +00:00			`secret = v1.read_namespaced_secret(secret_name, namespace)`
			`uri = base64.b64decode(secret.data["connectionString.standard"]).decode("ascii")`
Add cronjob script generator 2022-08-03 20:45:01 +00:00			`cmd = "/usr/bin/mongodump", "--uri", uri, "--gzip", "--archive", "--quiet"`
Initial commit 2022-07-28 21:55:11 +00:00			`print("Executing:", cmd)`
			`process = Popen(cmd, stdout=PIPE, stdin=PIPE, close_fds=True, bufsize=4096 * 1024)`
Add cronjob script generator 2022-08-03 20:45:01 +00:00			`return send_file(process.stdout,`
			`mimetype="application/tar+gzip",`
			`as_attachment=True,`
			`download_name="%s.tar.gz" % secret_name)`
Initial commit 2022-07-28 21:55:11 +00:00

			`app.run(host="0.0.0.0", debug=False, threaded=True)`