fix: backup-unset-public-key-encryption command

README.md

@@ -23,8 +23,8 @@ postgres:backup-auth <service> <aws-access-key-id> <aws-secret-access-key> <aws-
 postgres:backup-deauth <service>                   # remove backup authentication for the postgres service
 postgres:backup-schedule <service> <schedule> <bucket-name> [--use-iam] # schedule a backup of the postgres service
 postgres:backup-schedule-cat <service>             # cat the contents of the configured backup cronfile for the service
-postgres:backup-set-encryption <service> <passphrase> # set encryption for all future backups of postgres service
-postgres:backup-set-public-key-encryption <service> <public-key-id> # set GPG Public Key encryption for all future backups of postgres service
+postgres:backup-set-encryption <service> <passphrase> # set encryption for all future backups of postgres service; public key encryption will take precendence over the passphrase encryption if both types are set.
+postgres:backup-set-public-key-encryption <service> <public-key-id> # set GPG Public Key encryption for all future backups of postgres service; this method currently requires the <public-key-id> to be present on the \"keyserver.ubuntu.com\" keyserver.
 postgres:backup-unschedule <service>               # unschedule the backup of the postgres service
 postgres:backup-unset-encryption <service>         # unset encryption for future backups of the postgres service
 postgres:backup-unset-public-key-encryption <service> # unset GPG Public Key encryption for future backups of the postgres service
@@ -715,7 +715,7 @@ Restore a backup file (assuming it was extracted via `tar -xf backup.tgz`):
 dokku postgres:import lollipop < backup-folder/export
 ```
 
-### set encryption for all future backups of postgres service
+### set encryption for all future backups of postgres service; public key encryption will take precendence over the passphrase encryption if both types are set.
 
 ```shell
 # usage
@@ -728,7 +728,7 @@ Set the GPG-compatible passphrase for encrypting backups for backups:
 dokku postgres:backup-set-encryption lollipop
 ```
 
-### set GPG Public Key encryption for all future backups of postgres service
+### set GPG Public Key encryption for all future backups of postgres service; this method currently requires the <public-key-id> to be present on the \"keyserver.ubuntu.com\" keyserver.
 
 ```shell
 # usage

bin/generate

@@ -304,6 +304,10 @@ def usage_backup(
         "",
         "You may skip the `backup-auth` step if your dokku install is running within EC2 and has access to the bucket via an IAM profile. In that case, use the `--use-iam` option with the `backup` command.",
         "",
+        "If both passphrase and public key forms of encryption are set, the public key encryption will take precedence.",
+        "",
+        "The underlying core backup script is present [here](https://github.com/dokku/docker-s3backup/blob/main/backup.sh).",
+        "",
         "Backups can be performed using the backup commands:",
         "",
     ]

common-functions

@@ -433,7 +433,7 @@ service_backup_set_encryption() {
   local SERVICE_ROOT="${PLUGIN_DATA_ROOT}/${SERVICE}"
   local SERVICE_BACKUP_ENCRYPTION_ROOT="${SERVICE_ROOT}/backup-encryption/"
 
-  mkdir "$SERVICE_BACKUP_ENCRYPTION_ROOT"
+  mkdir -p "$SERVICE_BACKUP_ENCRYPTION_ROOT"
   echo "$ENCRYPTION_KEY" >"${SERVICE_BACKUP_ENCRYPTION_ROOT}/ENCRYPTION_KEY"
 }
 
@@ -443,7 +443,7 @@ service_backup_set_public_key_encryption() {
   local SERVICE_ROOT="${PLUGIN_DATA_ROOT}/${SERVICE}"
   local SERVICE_BACKUP_ENCRYPTION_ROOT="${SERVICE_ROOT}/backup-encryption/"
 
-  mkdir "$SERVICE_BACKUP_ENCRYPTION_ROOT"
+  mkdir -p "$SERVICE_BACKUP_ENCRYPTION_ROOT"
   echo "$ENCRYPT_WITH_PUBLIC_KEY_ID" >"${SERVICE_BACKUP_ENCRYPTION_ROOT}/ENCRYPT_WITH_PUBLIC_KEY_ID"
 }
 
@@ -461,16 +461,16 @@ service_backup_unset_encryption() {
   local SERVICE_ROOT="${PLUGIN_DATA_ROOT}/${SERVICE}"
   local SERVICE_BACKUP_ENCRYPTION_ROOT="${SERVICE_ROOT}/backup-encryption/"
 
-  rm -rf "$SERVICE_BACKUP_ENCRYPTION_ROOT"
+  rm "$SERVICE_BACKUP_ENCRYPTION_ROOT/ENCRYPTION_KEY"
 }
 
-service_backup_unset_encryption() {
-  declare desc="remove backup encryption"
+service_backup_unset_public_key_encryption() {
+  declare desc="remove backup GPG Public Key encryption"
   declare SERVICE="$1"
   local SERVICE_ROOT="${PLUGIN_DATA_ROOT}/${SERVICE}"
   local SERVICE_BACKUP_ENCRYPTION_ROOT="${SERVICE_ROOT}/backup-encryption/"
 
-  rm -rf "$SERVICE_BACKUP_ENCRYPTION_ROOT"
+  rm "$SERVICE_BACKUP_ENCRYPTION_ROOT/ENCRYPT_WITH_PUBLIC_KEY_ID"
 }
 
 service_container_rm() {

subcommands/backup-set-encryption

@@ -10,7 +10,7 @@ service-backup-set-encryption-cmd() {
   #E dokku $PLUGIN_COMMAND_PREFIX:backup-set-encryption lollipop
   #A service, service to run command against
   #A passphrase, a GPG-compatible passphrase
-  declare desc="set encryption for all future backups of $PLUGIN_SERVICE service"
+  declare desc="set encryption for all future backups of $PLUGIN_SERVICE service; public key encryption will take precendence over the passphrase encryption if both types are set."
   local cmd="$PLUGIN_COMMAND_PREFIX:backup-set-encryption" argv=("$@")
   [[ ${argv[0]} == "$cmd" ]] && shift 1
   declare SERVICE="$1" PASSPHRASE="$2"

subcommands/backup-set-public-key-encryption

@@ -10,7 +10,7 @@ service-backup-set-public-key-encryption-cmd() {
   #E dokku $PLUGIN_COMMAND_PREFIX:backup-set-public-key-encryption lollipop
   #A service, service to run command against
   #A public-key-id, a GPG Public Key ID (or fingerprint) to use for encryption. Must be uploaded to the GPG keyserver beforehand.
-  declare desc="set GPG Public Key encryption for all future backups of $PLUGIN_SERVICE service"
+  declare desc="set GPG Public Key encryption for all future backups of $PLUGIN_SERVICE service; this method currently requires the <public-key-id> to be present on the \"keyserver.ubuntu.com\" keyserver."
   local cmd="$PLUGIN_COMMAND_PREFIX:backup-set-public-key-encryption" argv=("$@")
   [[ ${argv[0]} == "$cmd" ]] && shift 1
   declare SERVICE="$1" PUBLIC_KEY_ID="$2"

subcommands/backup-unset-public-key-encryption

@@ -13,11 +13,11 @@ service-backup-unset-public-key-encryption-cmd() {
   local cmd="$PLUGIN_COMMAND_PREFIX:backup-unset-public-key-encryption" argv=("$@")
   [[ ${argv[0]} == "$cmd" ]] && shift 1
   declare SERVICE="$1"
-  is_implemented_command "$cmd" || dokku_log_fail "Not yet implemented"  # TODO: [22.03.2024 by Mykola]
+  is_implemented_command "$cmd" || dokku_log_fail "Not yet implemented"
 
   [[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a valid name for the service"
   verify_service_name "$SERVICE"
-  service_backup_unset_public_key_encryption "$SERVICE"  # TODO: [22.03.2024 by Mykola]
+  service_backup_unset_public_key_encryption "$SERVICE"
 }
 
-service-backup-unset-encryption-cmd "$@"
+service-backup-unset-public-key-encryption-cmd "$@"