From c6e19eec802d20a896dbf45a64db48c296345096 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C3=ADas=20Garc=C3=ADa=20Isa=C3=ADa?=
 <mgarcia@manas.tech>
Date: Mon, 29 Aug 2022 10:20:43 -0300
Subject: [PATCH] Allow to opt-out of S3 bucket creation in mysql-backup (#153)

This avoids the need to grant S3 list/read access to the backup user
---
 mysql-backup-s3/Dockerfile |  1 +
 mysql-backup-s3/README.md  |  1 +
 mysql-backup-s3/backup.sh  | 12 +++++++-----
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/mysql-backup-s3/Dockerfile b/mysql-backup-s3/Dockerfile
index 415abaf..00834cc 100644
--- a/mysql-backup-s3/Dockerfile
+++ b/mysql-backup-s3/Dockerfile
@@ -18,6 +18,7 @@ ENV S3_ENDPOINT **None**
 ENV S3_S3V4 no
 ENV S3_PREFIX 'backup'
 ENV S3_FILENAME **None**
+ENV S3_ENSURE_BUCKET_EXISTS yes
 ENV MULTI_FILES no
 ENV SCHEDULE **None**
 
diff --git a/mysql-backup-s3/README.md b/mysql-backup-s3/README.md
index bb0d3f7..b96b0a3 100644
--- a/mysql-backup-s3/README.md
+++ b/mysql-backup-s3/README.md
@@ -23,6 +23,7 @@ $ docker run -e S3_ACCESS_KEY_ID=key -e S3_SECRET_ACCESS_KEY=secret -e S3_BUCKET
 - `S3_FILENAME` a consistent filename to overwrite with your backup.  If not set will use a timestamp.
 - `S3_REGION` the AWS S3 bucket region (default: us-west-1)
 - `S3_ENDPOINT` the AWS Endpoint URL, for S3 Compliant APIs such as [minio](https://minio.io) (default: none)
+- `S3_ENSURE_BUCKET_EXISTS` set to `no` to assume the bucket exists, avoiding the need of S3 read permissions (default: yes)
 - `S3_S3V4` set to `yes` to enable AWS Signature Version 4, required for [minio](https://minio.io) servers (default: no)
 - `MULTI_FILES` Allow to have one file per database if set `yes` default: no)
 - `SCHEDULE` backup schedule time, see explainatons below
diff --git a/mysql-backup-s3/backup.sh b/mysql-backup-s3/backup.sh
index f3130ad..bc5f6a3 100644
--- a/mysql-backup-s3/backup.sh
+++ b/mysql-backup-s3/backup.sh
@@ -50,11 +50,13 @@ copy_s3 () {
     AWS_ARGS="--endpoint-url ${S3_ENDPOINT}"
   fi
 
-  echo "Ensuring S3 bucket $S3_BUCKET exists"
-  EXISTS_ERR=`aws $AWS_ARGS s3api head-bucket --bucket "$S3_BUCKET" 2>&1 || true`
-  if [[ ! -z "$EXISTS_ERR" ]]; then
-    echo "Bucket $S3_BUCKET not found (or owned by someone else), attempting to create"
-    aws $AWS_ARGS s3api create-bucket --bucket $S3_BUCKET
+  if [ "${S3_ENSURE_BUCKET_EXISTS}" != "no" ]; then
+    echo "Ensuring S3 bucket $S3_BUCKET exists"
+    EXISTS_ERR=`aws $AWS_ARGS s3api head-bucket --bucket "$S3_BUCKET" 2>&1 || true`
+    if [[ ! -z "$EXISTS_ERR" ]]; then
+      echo "Bucket $S3_BUCKET not found (or owned by someone else), attempting to create"
+      aws $AWS_ARGS s3api create-bucket --bucket $S3_BUCKET
+    fi
   fi
 
   echo "Uploading ${DEST_FILE} on S3..."