Merge pull request #10 from github/restore-confirm

rtomayko · rtomayko · commit 21632b238219 · 2014-10-07T02:05:56.000-07:00
Require host confirmation on restore
diff --git a/bin/ghe-restore b/bin/ghe-restore
@@ -6,6 +6,7 @@
 #/ argument is provided, it always overrides the configured restore host.
 #/
 #/ Options:
+#/   -f                Don't prompt for confirmation before restoring.
 #/   -c                Restore appliance settings and license in addition to
 #/                     datastores. Settings are not restored by default to
 #/                     prevent overwriting different configuration on the
@@ -32,8 +33,13 @@ export GHE_RESTORE_SNAPSHOT
 
 # Parse arguments
 restore_settings=false
+force=false
 while true; do
     case "$1" in
+        -f|--force)
+            force=true
+            shift
+            ;;
         -s)
             GHE_RESTORE_SNAPSHOT="$(basename "$2")"
             shift 2
@@ -70,11 +76,39 @@ GHE_RESTORE_SNAPSHOT=$(basename "$GHE_RESTORE_SNAPSHOT_PATH")
 # strategy file written in the snapshot directory.
 GHE_BACKUP_STRATEGY=$(cat "$GHE_RESTORE_SNAPSHOT_PATH/strategy")
 
-echo "Starting $GHE_BACKUP_STRATEGY restore of $host from snapshot $GHE_RESTORE_SNAPSHOT"
-
 # Perform a host-check and establish the remote version in GHE_REMOTE_VERSION.
 ghe_remote_version_required "$host"
 
+# Prompt to verify the restore host given is correct. Restoring overwrites
+# important data on the destination appliance that cannot be recovered. This is
+# mostly to prevent accidents where the backup host is given to restore instead
+# of a separate restore host since they're used in such close proximity.
+if ! $force; then
+    echo
+    echo "WARNING: All data on GitHub Enterprise appliance $hostname ($GHE_REMOTE_VERSION)"
+    echo "         will be overwritten with data from snapshot ${GHE_RESTORE_SNAPSHOT}."
+    echo "Please verify that this is the correct restore host before continuing."
+    printf "Type 'yes' to continue: "
+
+    while read -r response; do
+        case $response in
+            yes|Yes|YES)
+                break
+                ;;
+            '')
+                printf "Type 'yes' to continue: "
+                ;;
+            *)
+                echo "Restore aborted." 1>&2
+                exit 1
+                ;;
+        esac
+    done
+    echo
+fi
+
+echo "Starting $GHE_BACKUP_STRATEGY restore of $host from snapshot $GHE_RESTORE_SNAPSHOT"
+
 # Verify the host has been fully configured at least once unless the -c
 # argument was provided.
 if ! $restore_settings &&
diff --git a/test/test-ghe-restore.sh b/test/test-ghe-restore.sh
@@ -77,7 +77,7 @@ begin_test "ghe-restore into configured vm"
     export GHE_RESTORE_HOST
 
     # run ghe-restore and write output to file for asserting against
-    ghe-restore -v > "$TRASHDIR/restore-out" 2>&1
+    ghe-restore -v -f > "$TRASHDIR/restore-out" 2>&1
     cat "$TRASHDIR/restore-out"
 
     # verify connect to right host
@@ -110,6 +110,50 @@ begin_test "ghe-restore into configured vm"
 )
 end_test
 
+begin_test "ghe-restore aborts without user verification"
+(
+    set -e
+    rm -rf "$GHE_REMOTE_DATA_DIR"
+    setup_remote_metadata
+
+    # create settings file -- used to determine if instance has been configured.
+    touch "$GHE_REMOTE_DATA_DIR/enterprise/dna.json"
+
+    # set restore host environ var
+    GHE_RESTORE_HOST=127.0.0.1
+    export GHE_RESTORE_HOST
+
+    # run ghe-restore and write output to file for asserting against
+    if echo "no" | ghe-restore -v > "$TRASHDIR/restore-out" 2>&1; then
+        cat "$TRASHDIR/restore-out"
+        false # ghe-restore should have exited non-zero
+    fi
+
+    grep -q "Restore aborted" "$TRASHDIR/restore-out"
+)
+end_test
+
+begin_test "ghe-restore accepts user verification"
+(
+    set -e
+    rm -rf "$GHE_REMOTE_DATA_DIR"
+    setup_remote_metadata
+
+    # create settings file -- used to determine if instance has been configured.
+    touch "$GHE_REMOTE_DATA_DIR/enterprise/dna.json"
+
+    # set restore host environ var
+    GHE_RESTORE_HOST=127.0.0.1
+    export GHE_RESTORE_HOST
+
+    # run ghe-restore and write output to file for asserting against
+    if ! echo "yes" | ghe-restore -v > "$TRASHDIR/restore-out" 2>&1; then
+        cat "$TRASHDIR/restore-out"
+        false # ghe-restore should have accepted the input
+    fi
+)
+end_test
+
 begin_test "ghe-restore -c into unconfigured vm"
 (
     set -e
@@ -121,7 +165,7 @@ begin_test "ghe-restore -c into unconfigured vm"
     export GHE_RESTORE_HOST
 
     # run ghe-restore and write output to file for asserting against
-    ghe-restore -v -c > "$TRASHDIR/restore-out" 2>&1
+    ghe-restore -v -f -c > "$TRASHDIR/restore-out" 2>&1
     cat "$TRASHDIR/restore-out"
 
     # verify connect to right host
@@ -165,7 +209,7 @@ begin_test "ghe-restore into unconfigured vm"
 
     # run ghe-restore and write output to file for asserting against
     # this should fail due to the appliance being in an unconfigured state
-    ! ghe-restore -v > "$TRASHDIR/restore-out" 2>&1
+    ! ghe-restore -v -f > "$TRASHDIR/restore-out" 2>&1
 
     # verify that ghe-restore failed due to the appliance not being configured
     grep -q -e "Error: $GHE_RESTORE_HOST not configured" "$TRASHDIR/restore-out"
@@ -186,7 +230,7 @@ begin_test "ghe-restore with host arg"
     export GHE_RESTORE_HOST
 
     # run it
-    output="$(ghe-restore localhost)" || false
+    output="$(ghe-restore -f localhost)" || false
 
     # verify host arg overrides configured restore host
     echo "$output" | grep -q 'Connect localhost OK'
@@ -220,7 +264,7 @@ begin_test "ghe-restore no host arg or configured restore host"
     unset GHE_RESTORE_HOST
 
     # verify running ghe-restore fails
-    ! ghe-restore
+    ! ghe-restore -f
 )
 end_test
 
@@ -237,7 +281,7 @@ begin_test "ghe-restore with no pages backup"
     rm -rf "$GHE_DATA_DIR/1/pages"
 
     # run it
-    ghe-restore -v localhost
+    ghe-restore -v -f localhost
 )
 end_test
 
@@ -252,7 +296,7 @@ begin_test "ghe-restore with tarball strategy"
 
     # run it
     echo "tarball" > "$GHE_DATA_DIR/current/strategy"
-    output=$(ghe-restore -v localhost)
+    output=$(ghe-restore -v -f localhost)
 
     # verify ghe-import-repositories was run on remote side with fake tarball
     echo "$output" | grep -q 'fake ghe-export-repositories data'
