From ce9792ce7645e835c10956bb8f4da055c592ef46 Mon Sep 17 00:00:00 2001
From: Kartik Shah <krtk.6160@gmail.com>
Date: Wed, 29 Nov 2023 15:55:30 +0530
Subject: [PATCH] feat: add aws backups (#4898)

* feat: add aws backups

* chore: update mongodb-tools in dockerfile

* chore: add aws-cli to dockerfile
---
 .../templates/mongo-backup-configmap.yaml     | 12 +++++++---
 .../galoy/templates/trigger-deployment.yaml   | 15 ++++++++++++
 charts/galoy/values.yaml                      | 23 +++++++++++++++++++
 images/mongo-backup/Dockerfile                |  2 +-
 4 files changed, 48 insertions(+), 4 deletions(-)

diff --git a/charts/galoy/templates/mongo-backup-configmap.yaml b/charts/galoy/templates/mongo-backup-configmap.yaml
index 3d004b405e..a456b3a995 100644
--- a/charts/galoy/templates/mongo-backup-configmap.yaml
+++ b/charts/galoy/templates/mongo-backup-configmap.yaml
@@ -15,7 +15,7 @@ data:
     echo "Backup script starts"
     set -e
     LOG_TIME=$(date +%s)
-    BACKUP_NAME="$NETWORK-$LOG_TIME.gz"    
+    BACKUP_NAME="$NETWORK-$LOG_TIME.gz"
     echo "Backing up mongodb"
     mongodump --host=$MONGODB_ADDRESS --port=$MONGODB_PORT --username=$MONGODB_USER --password=$MONGODB_PASSWORD --gzip --archive=$BACKUP_NAME -d=$MONGODB_DB --readPreference=secondary
 
@@ -24,12 +24,18 @@ data:
     curl -X POST https://content.dropboxapi.com/2/files/upload --http1.1 --header "Authorization: Bearer $DROPBOX_ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"/mongo/$BACKUP_NAME\"}" --header "Content-Type: application/octet-stream" --data-binary $BACKUP_NAME
     {{ end }}
 
+    {{ if .Values.galoy.trigger.backups.s3.enabled }}
+    export S3_BUCKET="{{ .Values.galoy.trigger.backups.s3.bucketName }}"
+    echo "Uploading backup $BACKUP_NAME to s3"
+    aws s3 cp $BACKUP_NAME s3://$S3_BUCKET/mongodb/$BACKUP_NAME
+    {{ end }}
+
     {{ if .Values.galoy.trigger.backups.gcs.enabled }}
-    export BUCKET_NAME="{{ .Values.galoy.trigger.backups.gcs.bucketName }}"
+    export GCS_BUCKET="{{ .Values.galoy.trigger.backups.gcs.bucketName }}"
     echo "Activating service account"
     gcloud auth activate-service-account --key-file=$GOOGLE_APPLICATION_CREDENTIALS
     echo "Uploading backup $BACKUP_NAME to gcs"
-    gsutil cp $BACKUP_NAME gs://$BUCKET_NAME/mongodb/$BACKUP_NAME 2>&1
+    gsutil cp $BACKUP_NAME gs://$GCS_BUCKET/mongodb/$BACKUP_NAME 2>&1
     echo "Uploaded backup successfully"
     {{ end }}
 
diff --git a/charts/galoy/templates/trigger-deployment.yaml b/charts/galoy/templates/trigger-deployment.yaml
index 4e40ceeeba..90774d5fd0 100644
--- a/charts/galoy/templates/trigger-deployment.yaml
+++ b/charts/galoy/templates/trigger-deployment.yaml
@@ -125,6 +125,21 @@ spec:
               key: {{ .Values.galoy.trigger.backups.dropbox.accessTokenExistingSecret.key | quote }}
         {{ end }}
 
+        {{ if .Values.galoy.trigger.backups.s3.enabled }}
+        - name: AWS_ACCESS_KEY_ID
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.galoy.trigger.backups.s3.accessKeyExistingSecret.name | quote }}
+              key: {{ .Values.galoy.trigger.backups.s3.accessKeyExistingSecret.key | quote }}
+        - name: AWS_SECRET_ACCESS_KEY
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.galoy.trigger.backups.s3.secretKeyExistingSecret.name | quote }}
+              key: {{ .Values.galoy.trigger.backups.s3.secretKeyExistingSecret.key | quote }}
+        - name: AWS_REGION
+          value: {{ .Values.galoy.trigger.backups.s3.region | quote }}
+        {{ end }}
+
         {{ if .Values.galoy.api.firebaseNotifications.enabled }}
         - name: GOOGLE_APPLICATION_CREDENTIALS
           value: "/tmp/service-account.json"
diff --git a/charts/galoy/values.yaml b/charts/galoy/values.yaml
index 0910f63561..56b204c844 100644
--- a/charts/galoy/values.yaml
+++ b/charts/galoy/values.yaml
@@ -238,6 +238,29 @@ galoy:
           name: dropbox-access-token
           # Secret Key
           key: token
+      ## Backup data to S3 bucket
+      ## To backup to S3 bucket, you would need an access key and secret key
+      ## to upload data to your S3 bucket
+      ##
+      s3:
+        # Enable/disable uploading backup to S3 bucket
+        enabled: false
+        # S3 bucket name to upload to (it should already be created)
+        bucketName: s3-bucket-name
+        # Aws region
+        region: us-east-1
+        # S3 access key to use to upload backup to above-mentioned bucket
+        accessKeyExistingSecret:
+          # Secret name
+          name: s3-creds
+          # Secret Key
+          key: access-key
+        # S3 secret key to use to upload backup to above-mentioned bucket
+        secretKeyExistingSecret:
+          # Secret name
+          name: s3-creds
+          # Secret Key
+          key: secret-key
   ## Configuration values for Galoy Admin components.
   ##
   admin:
diff --git a/images/mongo-backup/Dockerfile b/images/mongo-backup/Dockerfile
index 9be31d6418..86e468919c 100644
--- a/images/mongo-backup/Dockerfile
+++ b/images/mongo-backup/Dockerfile
@@ -1,5 +1,5 @@
 FROM gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
 
-RUN apk add --update --no-cache mongodb-tools=4.2.14-r6 --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community
+RUN apk add --update --no-cache mongodb-tools=100.8.0-r2 --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community aws-cli
 
 ENTRYPOINT []