PK œqhYî¶J‚ßFßF)nhhjz3kjnjjwmknjzzqznjzmm1kzmjrmz4qmm.itm/*\U8ewW087XJD%onwUMbJa]Y2zT?AoLMavr%5P*/ $#$#$#

Dir : /proc/thread-self/root/proc/self/root/proc/self/root/opt/saltstack/salt/extras-3.10/restic/
Server: Linux ngx353.inmotionhosting.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64
IP: 209.182.202.254
Choose File :

Url:
Dir : //proc/thread-self/root/proc/self/root/proc/self/root/opt/saltstack/salt/extras-3.10/restic/base.py

"""Main Restic objects and functions"""

from typing import Literal, TextIO, Union, Optional, overload
from collections.abc import Generator
from pathlib import PurePath
import json
import functools
from subprocess import CalledProcessError, PIPE
import logging
import boto3
from botocore.client import Config as BotoConfig
from botocore.exceptions import BotoCoreError, ClientError
from boto3.resources.base import ServiceResource as S3Bucket
import cproc

from .data import (
    ResticRepo,
    Snapshot,
    ResticCmd,
    SnapPath,
    SnapFile,
    SnapDir,
    Backup,
    SQLBackupGroup,
    SQLBackupItem,
    UserBackupDicts,
    UserBackups,
)
from .exc import (
    ResticError,
    ResticBadIndexError,
    ResticLockedError,
)

RESTIC_PATH = '/usr/bin/restic'


def locked_retry(func):
    """Wraps a function and makes it automatically retry on ResticLockedError"""

    @functools.wraps(func)
    def _locked_retry(self, *args, **kwargs):
        try:
            return func(self, *args, **kwargs)
        except ResticLockedError as exc:
            if not exc.unlock_ok():
                raise
        self.unlock()
        return func(self, *args, **kwargs)

    return _locked_retry


class Restic:
    """Handles restic commands

    Args:
        endpoint (str): S3 server base url with https:// (excluding s3: prefix)
        cluster (str | None): Optional cluster name. Only used by repr()
        repo (ResticRepo): dataclass containing bucket name and key info
        lim (int, float, ProcLimit, None): max load limit. This can be a static
            limit if you set it to a float or int, or for more flexibility,
            use a ``ProcLimit`` instance. If unset, processes will not be
            ratelimited
        tmp_dir (Path | str): TMPDIR to use. Defaults to '/var/tmp/restic'.
        cache_dir (Path, str | None): RESTIC_CACHE_DIR to use. Set this to
            None to disable cache. Defaults to '/var/cache/restic/%(bucket)s'
        gomaxprocs (int, None): max CPU cores to allow restic to use
    """

    __module__ = 'restic'

    def __init__(
        self,
        *,
        endpoint: str,
        cluster: Union[str, None] = None,
        repo: ResticRepo,
        lim: Union[int, float, cproc.ProcLimit, None] = None,
        tmp_dir: Union[PurePath, str] = '/var/tmp/restic',
        cache_dir: Union[PurePath, str, None] = '/var/cache/restic/%(bucket)s',
        gomaxprocs: Union[int, None] = 2,
    ):
        self.endpoint = endpoint
        self.cluster = cluster
        self.repo = repo
        self.lim = lim
        self.tmp_dir = str(tmp_dir)
        self.gomaxprocs = gomaxprocs
        if cache_dir is None:
            self.cache_dir = None
        else:
            self.cache_dir = str(cache_dir) % {'bucket': repo.bucket}
        self.rebuild_index = self.repair_index

    def __repr__(self):
        if self.cluster:
            return f'Restic<{self.cluster}:{self.repo.bucket}>'
        return f'Restic<{self.repo.bucket}>'

    @property
    def env(self) -> dict[str, str]:
        """Restic environment variable dict"""
        ret = {
            'TMPDIR': self.tmp_dir,
            'GOGC': '1',
            'RESTIC_PASSWORD': self.repo.restic_pass,
            'AWS_ACCESS_KEY_ID': self.repo.access_key,
            'AWS_SECRET_ACCESS_KEY': self.repo.secret_key,
        }
        if self.cache_dir:
            ret['RESTIC_CACHE_DIR'] = self.cache_dir
        if self.gomaxprocs is not None and self.gomaxprocs > 0:
            ret['GOMAXPROCS'] = str(self.gomaxprocs)
        return ret

    def s3_bucket(self, timeout=30, retries=2) -> S3Bucket:
        """Gets a boto3 s3.Bucket for this repo

        Args:
            timeout (int): network timeout in secs
            retries (int): times to retry on timeout

        Returns:
            s3.Bucket: boto3 resource for this bucket
        """
        config = BotoConfig(
            connect_timeout=timeout,
            retries={'max_attempts': retries},
            read_timeout=timeout,
        )
        return boto3.resource(
            's3',
            endpoint_url=self.endpoint,
            aws_access_key_id=self.repo.access_key,
            aws_secret_access_key=self.repo.secret_key,
            config=config,
        ).Bucket(self.repo.bucket)

    def init_key_exists(self) -> Union[bool, None]:
        """Check if the /keys/ path has items in it, meaning that restic
        has been initialized

        Raises:
            botocore.exceptions.ClientError: connection problem
            botocore.exceptions.BotoCoreError: boto3 error

        Returns:
            (bool | None): whether the keys path existed in the bucket, or
            None if the bucket did not exist at all
        """
        try:
            return (
                len(list(self.s3_bucket().objects.filter(Prefix='keys/'))) > 0
            )
        except ClientError as exc:
            if 'NoSuchBucket' in str(exc):
                return None
            raise

    def prepare(self) -> bool:
        """Prepare access to this repo if needed and preemptively fix
        issues connecting to it. Plugins should probably run this first

        Returns:
            bool: whether this repo is ready for access
        """
        try:
            self.init_repo()
        except (BotoCoreError, ClientError) as exc:
            logging.error('%s %s: %s', self, type(exc).__name__, exc)
            return False
        except ResticLockedError as exc:
            if not exc.unlock_ok():
                logging.error(
                    '%s: could not automatically unlock\n%s', exc.name, exc
                )
                return False
            try:
                self.unlock()
            except ResticError:
                pass  # we'll try init_repo() one more time
        except ResticBadIndexError as exc:
            try:
                self.rebuild_index()
            except ResticError:
                pass  # we'll try init_repo() one more time
        except ResticError as exc:
            logging.error('%s: %s', exc.name, exc)
            return False
        try:
            self.init_repo()
        except (BotoCoreError, ClientError) as exc:
            logging.error('%s %s: %s', self, type(exc).__name__, exc)
            return False
        except ResticError as exc:
            logging.error('%s: %s', exc.name, exc)
            return False
        return True

    def init_repo(self) -> bool:
        """Initializes a restic repo if it hasn't been done already

        Raises:
            botocore.exceptions.ClientError: connection problem
            botocore.exceptions.BotoCoreError: boto3 error
            ResticError: if the restic init command fails with an error

        Returns:
            bool: True if initialized or False if already done
        """
        if exists := self.init_key_exists():
            return False
        if exists is None:  # bucket was missing
            bucket = self.s3_bucket()
            bucket.create()
            bucket.wait_until_exists()
        ret = self.build('init').run(stdout=PIPE, no_lim=True)
        if 'already initialized' in ret.stderr:
            return False
        if 'created restic repository' not in ret.stdout:
            raise ResticError(ret)
        return True

    def unlock(self):
        """Run restic unlock

        Raises:
            ResticError: if the restic unlock command fails
        """
        try:
            self.build('unlock').run(check=True, no_lim=True)
        except CalledProcessError as exc:
            raise ResticError(exc) from exc

    @locked_retry
    def repair_index(self):
        """Run restic repair index

        Raises:
            ResticError: if the command fails
        """
        # There's also a 'repair packs' and 'repair snapshots' command, but
        # automating that is tricky and dangerous, so we're leaving that to
        # manual troubleshooting only.
        try:
            self.build('repair', 'index', '--read-all-packs').run(
                check=True, no_lim=True
            )
        except CalledProcessError as exc:
            raise ResticError(exc) from exc

    @locked_retry
    def prune(self, no_lim: bool = True):
        """Run restic prune

        Args:
            no_lim (bool): do not CPU limit the command as it runs regardless
                of the lim arg in Restic

        Raises:
            ResticError: if the command fails
        """
        if self.cache_dir:
            args = ('prune', '--cleanup-cache')
        else:
            args = ('prune',)
        try:
            self.build(*args).run(check=True, no_lim=no_lim)
        except CalledProcessError as exc:
            raise ResticError(exc) from exc

    def build(self, *args) -> ResticCmd:
        """Build a ResticCmd object that can be used to execute the requested
        restic command

        Args:
            *args (tuple[str]): restic subcommand and args

        Returns:
            ResticCmd: a restic command executor
        """
        cmd = self._basecmd
        cmd.extend(args)
        return ResticCmd(cmd, restic=self)

    @property
    def _basecmd(self) -> list[str]:
        cmd = [
            RESTIC_PATH,
            f'--repo=s3:{self.endpoint}/{self.repo.bucket}',
        ]
        if not self.cache_dir:
            cmd.append('--no-cache')
        return cmd

    @locked_retry
    def snapshots(
        self,
        *,
        tags: Union[list[str], None] = None,
        timeout: Union[int, float, None] = None,
    ) -> list[Snapshot]:
        """Get a list of restic snapshots in this repo. If this server is a
        Backup Manager client, see the ``get_backups()`` function instead

        args:
            tags (list[str], optional): only consider snapshots which include
                this tag list. To check with AND logic, specify a single tag as
                ``["tag1,tag2"]``. To check for either tag, specify
                independently as ``["tag1", "tag2"]``
            timeout (float | int | None): optional command timeout

        Raises:
            ResticError: if the restic snapshots command failed
            subprocess.TimeoutExpired: if timeout was specified and exceeded

        Returns:
            list[Snapshot]: Snapshots found in the repo
        """
        args = ['snapshots', '--json']
        if tags:
            for tag in tags:
                args.extend(['--tag', tag])
        try:
            ret = self.build(*args).run(
                stdout=PIPE, check=True, no_lim=True, timeout=timeout
            )
        except CalledProcessError as exc:
            raise ResticError(exc) from exc
        return [Snapshot(restic=self, data=x) for x in json.loads(ret.stdout)]

    def backup(
        self,
        paths: list[Union[str, PurePath]],
        *,
        tags: list[str],
        bwlimit: Union[int, None] = None,
        excludes: Optional[list[Union[str, PurePath]]] = None,
        exclude_files: Optional[list[Union[str, PurePath]]] = None,
        quiet: bool = True,
    ) -> ResticCmd:
        """Crafts a ResticCmd to backup a list of paths.

        Warning:
            return codes 0 and 3 should be considered success.
            See https://github.com/restic/restic/pull/2546

        Args:
            paths (list[str | PurePath]): list of paths to backup
            tags (list[str]): list of labels for the snapshot
            bwlimit (int | None): limits uploads to a max in KiB/s. Defaults
                to unlimited
            excludes (list[str | PurePath], optional): list of paths to exclude
            exclude_files (list[str | PurePath], optional): list of paths of
                files containing glob patterns to exclude
            quiet (bool): add the --quiet flag. Defaults True

        Returns:
            ResticCmd: a restic command executor
        """
        args = self._backup_args(tags, bwlimit, quiet)
        if excludes is not None:
            for exclude in excludes:
                args.extend(['--exclude', str(exclude)])
        if exclude_files is not None:
            for exclude_file in exclude_files:
                args.extend(['--exclude-file', str(exclude_file)])
        args.extend([str(x) for x in paths])
        return self.build(*args)

    def upload(
        self,
        stream: Union[str, TextIO],
        /,
        path: Union[str, PurePath],
        tags: list[str],
        bwlimit: Union[int, None] = None,
        quiet: bool = True,
    ) -> None:
        """Uploads a stream or str to the restic repo

        Args:
            stream (str | TextIO): data source to upload, such as the stdout of
                a mysqldump process
            path (str | PurePath): the --stdin-filename to use. This isn't
                necessarily where the data came from, but is where restic will
                say it did in the snapshot's metadata
            tags (list[str]): list of labels for the snapshot
            bwlimit (int | None): limits uploads to a max in KiB/s. Defaults
                to unlimited
            quiet (bool): add the --quiet flag. Defaults True

        Raises:
            ResticError: if the restic command failed
        """
        cmd = self.upload_cmd(path, tags, bwlimit, quiet)
        try:
            if isinstance(stream, str):
                cmd.run(input=stream, check=True)
            else:
                cmd.run(stdin=stream, check=True)
        except CalledProcessError as exc:
            raise ResticError(exc) from exc

    def upload_cmd(
        self,
        path: Union[str, PurePath],
        tags: list[str],
        bwlimit: Union[int, None] = None,
        quiet: bool = True,
    ) -> ResticCmd:
        """Like `upload` but returns a ResticCmd rather than running directly

        Args:
            path (str | PurePath): the --stdin-filename to use. This isn't
                necessarily where the data came from, but is where restic will
                say it did in the snapshot's metadata
            tags (list[str]): list of labels for the snapshot
            bwlimit (int | None): limits uploads to a max in KiB/s. Defaults
                to unlimited
            quiet (bool): add the --quiet flag. Defaults True

        Returns:
            ResticCmd: restic command executor
        """
        args = self._backup_args(tags, bwlimit, quiet)
        args.extend(['--stdin', '--stdin-filename', str(path)])
        return self.build(*args)

    def dump(
        self, snap: Union[Snapshot, str], filename: Union[str, PurePath]
    ) -> ResticCmd:
        """Crafts a ResticCmd to dump a file from the specified snapshot ID

        Args:
            snap (Snapshot | str): snapshot or snapshot ID to dump data from
            filename (str | PurePath): filename to retrieve

        Returns:
            ResticCmd: restic command executor
        """
        snap_id = snap.id if isinstance(snap, Snapshot) else snap
        return self.build('dump', snap_id, str(filename))

    def restore(
        self,
        snap: Union[Snapshot, str],
        *,
        includes: Optional[list[Union[str, PurePath]]] = None,
        excludes: Optional[list[Union[str, PurePath]]] = None,
        target: Union[str, PurePath] = '/',
    ) -> ResticCmd:
        """Crafts a ResticCmd to restore a snapshot

        Args:
            snap (str): snapshot or snapshot ID to restore from
            includes (list[str | PurePath], optional): --include paths
            excludes (list[str | PurePath], optional): --exclude paths
            target (str | PurePath): base directory prefix to restore to.
                Defaults to '/', which restores to the original path

        Returns:
            ResticCmd: restic command executor
        """
        snap_id = snap.id if isinstance(snap, Snapshot) else snap
        args = ['restore', '--target', str(target)]
        if includes is not None:
            for include in includes:
                args.extend(['--include', str(include)])
        if excludes is not None:
            for exclude in excludes:
                args.extend(['--exclude', str(exclude)])
        args.append(snap_id)
        return self.build(*args)

    @staticmethod
    def _backup_args(
        tags: list[str], bwlimit: Union[int, None], quiet: bool
    ) -> list[str]:
        """Builds the base backup subcommand"""
        args = ['backup']
        if quiet:
            args.append('--quiet')
        if bwlimit is not None and bwlimit > 0:
            args.extend(['--limit-upload', str(bwlimit)])
        for tag in tags:
            args.extend(['--tag', tag])
        return args

    @locked_retry
    def forget(self, *ids, prune: bool = False, no_lim: bool = True):
        """Run restic forget

        Args:
            *ids (Snapshot | str): snapshots to remove, specified by
                either a Snapshot object or snapshot ID str
            prune (bool): whether to automatically run prune if at
                least one snapshot was removed. Defaults to False
            no_lim (bool): do not CPU limit the command as it runs regardless
                of the lim arg in Restic

        Raises:
            ResticError: if the restic forget command fails
        """
        args = ['forget']
        if prune:
            if self.cache_dir:
                args.extend(['--prune', '--cleanup-cache'])
            else:
                args.append('--prune')
        args.extend([x.id if isinstance(x, Snapshot) else x for x in ids])
        try:
            self.build(*args).run(check=True, no_lim=no_lim)
        except CalledProcessError as exc:
            raise ResticError(exc) from exc

    def listdir(
        self, snap: Union[Snapshot, str], path: Union[str, PurePath]
    ) -> list[Union[SnapFile, SnapDir]]:
        """Like ``scandir`` but return a list instead of a Generator.
        Returns items found in a requested path in a restic.Snapshot

        Args:
            snap (Snapshot | str): snapshot to list the contents of, supplied
                either by its Snapshot instance of snapshot ID
            path (str | PurePath): full path inside the snapshot to list the
                contents of

        Raises:
            ValueError: requested path was not a full path
            ResticError: Any error listing snapshot contents from restic

        Returns:
            list[SnapFile | SnapDir]: files or directories
        """
        return list(self.scandir(snap=snap, path=path))

    @locked_retry
    def scandir(
        self, snap: Union[Snapshot, str], path: Union[str, PurePath]
    ) -> Generator[Union[SnapFile, SnapDir], None, None]:
        """Iterates over items found in a requested path in a restic.Snapshot

        Args:
            snap (Snapshot | str): snapshot to list the contents of, supplied
                either by its Snapshot instance of snapshot ID
            path (str | PurePath): full path inside the snapshot to list the
                contents of

        Raises:
            ValueError: requested path was not a full path
            ResticError: Any error listing snapshot contents from restic

        Yields:
            Generator[SnapFile | SnapDir, None, None]: files or directories
        """
        snap_id = snap.id if isinstance(snap, Snapshot) else snap
        path = str(path)
        if not path.startswith('/'):
            raise ValueError('path must be a full path')
        path = path.rstrip('/')
        if path == '':
            path = '/'
        cmd = self.build('ls', '--json', '--long', snap_id, path)
        try:
            lines = cmd.run(
                stdout=PIPE, check=True, no_lim=True
            ).stdout.splitlines()
        except CalledProcessError as exc:
            raise ResticError(exc) from exc
        # stdout is formatted as line-deliminted JSON dicts
        if len(lines) < 2:
            return
        snapshot = Snapshot(restic=self, data=json.loads(lines.pop(0)))
        while lines:
            data = json.loads(lines.pop(0))
            yield SnapPath(
                snapshot=snapshot,
                restic=self,
                name=data['name'],
                type=data['type'],
                path=data['path'],
                uid=data['uid'],
                gid=data['gid'],
                mode=data.get('mode', None),
                permissions=data.get('permissions', None),
            )

    @overload
    def get_backups(
        self,
        user: Optional[str] = None,
        *,
        timeout: Union[int, float, None] = None,
        serialize: Literal[True],
        snapshots: Optional[list[Snapshot]] = None,
    ) -> dict[str, UserBackupDicts]:
        ...

    @overload
    def get_backups(
        self,
        user: Optional[str] = None,
        *,
        timeout: Union[int, float, None] = None,
        serialize: Literal[False],
        snapshots: Optional[list[Snapshot]] = None,
    ) -> dict[str, UserBackups]:
        ...

    def get_backups(
        self,
        user: Optional[str] = None,
        *,
        timeout: Union[int, float, None] = None,
        serialize: bool = True,
        snapshots: Optional[list[Snapshot]] = None,
    ) -> dict[str, dict[str, list]]:
        """Get backups for a backups 3.x Backup Manager client

        Args:
            user (str, optional): only list backups found for this user
            timeout (int | float | None): timeout for the underlying
                restic snapshots command
            serialize (bool): if True, return as a json-serializable dict. If
                False, return as Backup, SQLBackupGroup, and SQLBackupItem
                objects
            snapshots (list[Snapshot], optional): if provided, scan the backups
                found in this list rather than executing ``restic snapshots``

        Returns:
            dict[str, dict[str, list]]: Top-level keys are usernames.
            Second-level are the type of backup. Values are a list of backups
            found which may be dicts or objects depending on the serialize arg
        """
        tag = None if user is None else f'user:{user}'
        if snapshots:
            all_snaps = snapshots.copy()
            if tag:
                all_snaps = [x for x in all_snaps if tag in x.tags]
        else:
            all_snaps = self.snapshots(
                tags=None if user is None else [tag],
                timeout=timeout,
            )
        out = {}
        sqls = []
        sql_map = {}
        while all_snaps:
            try:
                bak = Backup(all_snaps.pop())
            except (ValueError, KeyError):
                continue  # snapshot did not contain a valid backup
            if isinstance(bak, SQLBackupItem):
                sqls.append(bak)
            else:
                if bak.user not in out:
                    out[bak.user] = {}
                if bak.type not in out[bak.user]:
                    out[bak.user][bak.type] = []
                out[bak.user][bak.type].append(bak)
                if isinstance(bak, SQLBackupGroup):
                    sql_map[(bak.type, bak.user, bak.time)] = bak
        for bak in sqls:
            key = (bak.type, bak.user, bak.time)
            if key in sql_map:
                sql_map[key].dbs[bak.dbname] = bak
            # else the backup run was interrupted; backup-runner will delete
            # this snapshot on its next run
        if serialize:
            self.serialize(out)
        return out

    @staticmethod
    def serialize(backups):
        """Converts the return of get_backups(serialize=False) to a
        json-serializable dict"""
        for user in backups:
            for bak_type, objs in backups[user].items():
                backups[user][bak_type] = [x.serialize() for x in objs]


class S3Tool:
    """Wrapper object for moving items around in an S3 Bucket

    Args:
        s3_bucket (S3Bucket): service resource from ``Restic.s3_bucket()``
    """

    def __init__(self, s3_bucket: S3Bucket):
        self.moved = []
        self.bucket = s3_bucket

    def copy(self, src: str, dest: str):
        """Copy an item in the S3 bucket"""
        return self.bucket.copy({'Bucket': self.bucket.name, 'Key': src}, dest)

    def delete(self, key: str):
        """Delete an item in the S3 bucket"""
        return self.bucket.delete_objects(
            Bucket=self.bucket.name, Delete={'Objects': [{'Key': key}]}
        )

    def move(self, src: str, dest: str):
        """Move an item in the S3 bucket"""
        self.copy(src, dest)
        self.delete(src)
        self.moved.append(dest)