Pass file location to lifecycle commands (#173)

* Add test case for extending image and calling through to rsync

* Keep backup file location env var

* Add documentation

* Work against untared content in test

.circleci/config.yml

@@ -35,7 +35,8 @@ jobs:
       - checkout
       - setup_remote_docker:
           version: 20.10.6
-      - docker/install-docker-credential-helper
+      - docker/install-docker-credential-helper:
+          release-tag: v0.6.4
       - docker/configure-docker-credentials-store
       - run:
           name: Push to Docker Hub
@@ -71,4 +72,4 @@ workflows:
               only: /^v.*/
 
 orbs:
-  docker: circleci/docker@1.0.1
+  docker: circleci/docker@2.1.4

.dockerignore

@@ -1 +1,7 @@
 test
+.github
+.circleci
+docs
+.editorconfig
+LICENSE
+README.md

.github/FUNDING.yml

@@ -0,0 +1,3 @@
+github: offen
+patreon: offen
+

.github/ISSUE_TEMPLATE.md

@@ -1,20 +0,0 @@
-* **I'm submitting a ...**
-  - [ ] bug report
-  - [ ] feature request
-  - [ ] support request
-
-* **What is the current behavior?**
-
-* **If the current behavior is a bug, please provide the configuration and steps to reproduce and if possible a minimal demo of the problem.**
-
-* **What is the expected behavior?**
-
-* **What is the motivation / use case for changing the behavior?**
-
-* **Please tell us about your environment:**
-  
-  - Image version:
-  - Docker version: 
-  - docker-compose version:
-
-* **Other information** (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. stackoverflow, etc)

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,28 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. ...
+2. ...
+3. ...
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Desktop (please complete the following information):**
+ - Image Version: [e.g. v2.21.0]
+ - Docker Version: [e.g. 20.10.17]
+ - Docker Compose Version (if applicable): [e.g. 1.29.2]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/support_request.md

@@ -0,0 +1,20 @@
+---
+name: Support request
+about: Ask for help
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**What are you trying to do?**
+A clear and concise description of what you are trying to do, but cannot get working.
+
+**What is your current configuration?**
+Add the full configuration you are using. Please redact out any real-world credentials.
+
+**Log output**
+Provide the full log output of your setup.
+
+**Additional context**
+Add any other context or screenshots about the support request here.

Dockerfile

@@ -1,16 +1,15 @@
 # Copyright 2021 - Offen Authors <hioffen@posteo.de>
 # SPDX-License-Identifier: MPL-2.0
 
-FROM golang:1.18-alpine as builder
+FROM golang:1.19-alpine as builder
 
 WORKDIR /app
-COPY go.mod go.sum ./
+COPY . .
 RUN go mod download
-COPY cmd/backup ./cmd/backup/
 WORKDIR /app/cmd/backup
 RUN go build -o backup .
 
-FROM alpine:3.15
+FROM alpine:3.16
 
 WORKDIR /root
 

README.md

@@ -33,10 +33,12 @@ It handles __recurring or one-off backups of Docker volumes__ to a __local direc
   - [Run multiple backup schedules in the same container](#run-multiple-backup-schedules-in-the-same-container)
   - [Define different retention schedules](#define-different-retention-schedules)
   - [Use special characters in notification URLs](#use-special-characters-in-notification-urls)
+  - [Handle file uploads using third party tools](#handle-file-uploads-using-third-party-tools)
 - [Recipes](#recipes)
   - [Backing up to AWS S3](#backing-up-to-aws-s3)
   - [Backing up to Filebase](#backing-up-to-filebase)
   - [Backing up to MinIO](#backing-up-to-minio)
+  - [Backing up to MinIO \(using Docker secrets\)](#backing-up-to-minio-using-docker-secrets)
   - [Backing up to WebDAV](#backing-up-to-webdav)
   - [Backing up to SSH](#backing-up-to-ssh)
   - [Backing up locally](#backing-up-locally)
@@ -196,6 +198,14 @@ You can populate below template according to your requirements and use it as you
 # AWS_ACCESS_KEY_ID="<xxx>"
 # AWS_SECRET_ACCESS_KEY="<xxx>"
 
+# It is possible to provide the keys in files, allowing to hide the sensitive data.
+# These values have a higher priority than the ones above, meaning if both are set
+# the values from the files will be used.
+# This option is most useful with Docker [secrets](https://docs.docker.com/engine/swarm/secrets/).
+
+# AWS_ACCESS_KEY_ID_FILE="/path/to/file"
+# AWS_SECRET_ACCESS_KEY_FILE="/path/to/file"
+
 # Instead of providing static credentials, you can also use IAM instance profiles
 # or similar to provide authentication. Some possible configuration options on AWS:
 # - EC2: http://169.254.169.254
@@ -223,6 +233,13 @@ You can populate below template according to your requirements and use it as you
 
 # AWS_ENDPOINT_INSECURE="true"
 
+# If you wish to use self signed certificates your S3 server, you can pass
+# the location of a PEM encoded CA certificate and it will be used for
+# validating your certificates.
+# Alternatively, pass a PEM encoded string containing the certificate.
+
+# AWS_ENDPOINT_CA_CERT="/path/to/cert.pem"
+
 # Setting this variable will change the S3 storage class header.
 # Defaults to "STANDARD", you can set this value according to your needs.
 
@@ -878,6 +895,45 @@ where service is any of the [supported services][shoutrrr-docs], e.g. for SMTP:
 docker run --rm -ti containrrr/shoutrrr generate smtp
 ```
 
+### Handle file uploads using third party tools
+
+If you want to use a non-supported storage backend, or want to use a third party (e.g. rsync, rclone) tool for file uploads, you can build a Docker image containing the required binaries off this one, and call through to these in lifecycle hooks.
+
+For example, if you wanted to use `rsync`, define your Docker image like this:
+
+```Dockerfile
+ARG version=canary
+FROM offen/docker-volume-backup:$version
+
+RUN apk add rsync
+```
+
+Using this image, you can now omit configuring any of the supported storage backends, and instead define your own mechanism in a `docker-volume-backup.copy-post` label:
+
+```yml
+version: '3'
+
+services:
+  backup:
+    image: your-custom-image
+    restart: always
+    environment:
+      BACKUP_FILENAME: "daily-backup-%Y-%m-%dT%H-%M-%S.tar.gz"
+      BACKUP_CRON_EXPRESSION: "0 2 * * *"
+    labels:
+      - docker-volume-backup.copy-post=/bin/sh -c 'rsync $$COMMAND_RUNTIME_ARCHIVE_FILEPATH /destination'
+    volumes:
+      - app_data:/backup/app_data:ro
+      - /var/run/docker.sock:/var/run/docker.sock
+
+  # other services defined here ...
+volumes:
+  app_data:
+```
+
+
+Commands will be invoked with the filepath of the tar archive passed as `COMMAND_RUNTIME_BACKUP_FILEPATH`.
+
 ## Recipes
 
 This section lists configuration for some real-world use cases that you can mix and match according to your needs.
@@ -947,6 +1003,38 @@ volumes:
   data:
 ```
 
+
+### Backing up to MinIO (using Docker secrets)
+
+```yml
+version: '3'
+
+services:
+  # ... define other services using the `data` volume here
+  backup:
+    image: offen/docker-volume-backup:v2
+    environment:
+      AWS_ENDPOINT: minio.example.com
+      AWS_S3_BUCKET_NAME: backup-bucket
+      AWS_ACCESS_KEY_ID_FILE: /run/secrets/minio_access_key
+      AWS_SECRET_ACCESS_KEY_FILE: /run/secrets/minio_secret_key
+    volumes:
+      - data:/backup/my-app-backup:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    secrets:
+      - minio_access_key
+      - minio_secret_key
+
+volumes:
+  data:
+
+secrets:
+  minio_access_key:
+    # ... define how secret is accessed
+  minio_secret_key:
+    # ... define how secret is accessed
+```
+
 ### Backing up to WebDAV
 
 ```yml
@@ -986,7 +1074,7 @@ services:
     volumes:
       - data:/backup/my-app-backup:ro
       - /var/run/docker.sock:/var/run/docker.sock:ro
-      - /path/to/private_key:/root/.ssh/id
+      - /path/to/private_key:/root/.ssh/id_rsa
 
 volumes:
   data:
@@ -1113,9 +1201,9 @@ services:
   database:
     image: mariadb:latest
     labels:
-      - docker-volume-backup.exec-pre=/bin/sh -c 'mysqldump -psecret --all-databases > /tmp/dumps/dump.sql'
+      - docker-volume-backup.archive-pre=/bin/sh -c 'mysqldump -psecret --all-databases > /tmp/dumps/dump.sql'
     volumes:
-      - app_data:/tmp/dumps
+      - data:/tmp/dumps
   backup:
     image: offen/docker-volume-backup:v2
     environment:

cmd/backup/archive.go

@@ -63,7 +63,7 @@ func compress(paths []string, outFilePath, subPath string) error {
 
 	for _, p := range paths {
 		if err := writeTarGz(p, tarWriter, prefix); err != nil {
-			return fmt.Errorf("compress error writing %s to archive: %w", p, err)
+			return fmt.Errorf("compress: error writing %s to archive: %w", p, err)
 		}
 	}
 

cmd/backup/config.go

@@ -4,7 +4,11 @@
 package main
 
 import (
+	"crypto/x509"
+	"encoding/pem"
 	"fmt"
+	"io/ioutil"
+	"os"
 	"regexp"
 	"time"
 )
@@ -12,6 +16,18 @@ import (
 // Config holds all configuration values that are expected to be set
 // by users.
 type Config struct {
+	AwsS3BucketName            string        `split_words:"true"`
+	AwsS3Path                  string        `split_words:"true"`
+	AwsEndpoint                string        `split_words:"true" default:"s3.amazonaws.com"`
+	AwsEndpointProto           string        `split_words:"true" default:"https"`
+	AwsEndpointInsecure        bool          `split_words:"true"`
+	AwsEndpointCACert          CertDecoder   `envconfig:"AWS_ENDPOINT_CA_CERT"`
+	AwsStorageClass            string        `split_words:"true"`
+	AwsAccessKeyID             string        `envconfig:"AWS_ACCESS_KEY_ID"`
+	AwsAccessKeyIDFile         string        `envconfig:"AWS_ACCESS_KEY_ID_FILE"`
+	AwsSecretAccessKey         string        `split_words:"true"`
+	AwsSecretAccessKeyFile     string        `split_words:"true"`
+	AwsIamRoleEndpoint         string        `split_words:"true"`
 	BackupSources              string        `split_words:"true" default:"/backup"`
 	BackupFilename             string        `split_words:"true" default:"backup-%Y-%m-%dT%H-%M-%S.tar.gz"`
 	BackupFilenameExpand       bool          `split_words:"true"`
@@ -23,15 +39,6 @@ type Config struct {
 	BackupStopContainerLabel   string        `split_words:"true" default:"true"`
 	BackupFromSnapshot         bool          `split_words:"true"`
 	BackupExcludeRegexp        RegexpDecoder `split_words:"true"`
-	AwsS3BucketName            string        `split_words:"true"`
-	AwsS3Path                  string        `split_words:"true"`
-	AwsEndpoint                string        `split_words:"true" default:"s3.amazonaws.com"`
-	AwsEndpointProto           string        `split_words:"true" default:"https"`
-	AwsEndpointInsecure        bool          `split_words:"true"`
-	AwsStorageClass            string        `split_words:"true"`
-	AwsAccessKeyID             string        `envconfig:"AWS_ACCESS_KEY_ID"`
-	AwsSecretAccessKey         string        `split_words:"true"`
-	AwsIamRoleEndpoint         string        `split_words:"true"`
 	GpgPassphrase              string        `split_words:"true"`
 	NotificationURLs           []string      `envconfig:"NOTIFICATION_URLS"`
 	NotificationLevel          string        `split_words:"true" default:"error"`
@@ -58,6 +65,38 @@ type Config struct {
 	LockTimeout                time.Duration `split_words:"true" default:"60m"`
 }
 
+func (c *Config) resolveSecret(envVar string, secretPath string) (string, error) {
+	if secretPath == "" {
+		return envVar, nil
+	}
+	data, err := os.ReadFile(secretPath)
+	if err != nil {
+		return "", fmt.Errorf("resolveSecret: error reading secret path: %w", err)
+	}
+	return string(data), nil
+}
+
+type CertDecoder struct {
+	Cert *x509.Certificate
+}
+
+func (c *CertDecoder) Decode(v string) error {
+	if v == "" {
+		return nil
+	}
+	content, err := ioutil.ReadFile(v)
+	if err != nil {
+		content = []byte(v)
+	}
+	block, _ := pem.Decode(content)
+	cert, err := x509.ParseCertificate(block.Bytes)
+	if err != nil {
+		return fmt.Errorf("config: error parsing certificate: %w", err)
+	}
+	*c = CertDecoder{Cert: cert}
+	return nil
+}
+
 type RegexpDecoder struct {
 	Re *regexp.Regexp
 }

cmd/backup/exec.go

@@ -23,10 +23,14 @@ import (
 
 func (s *script) exec(containerRef string, command string) ([]byte, []byte, error) {
 	args, _ := argv.Argv(command, nil, nil)
+	commandEnv := []string{
+		fmt.Sprintf("COMMAND_RUNTIME_ARCHIVE_FILEPATH=%s", s.file),
+	}
 	execID, err := s.cli.ContainerExecCreate(context.Background(), containerRef, types.ExecConfig{
 		Cmd:          args[0],
 		AttachStdin:  true,
 		AttachStderr: true,
+		Env:          commandEnv,
 	})
 	if err != nil {
 		return nil, nil, fmt.Errorf("exec: error creating container exec: %w", err)

cmd/backup/hooks.go

@@ -6,6 +6,8 @@ package main
 import (
 	"fmt"
 	"sort"
+
+	"github.com/offen/docker-volume-backup/internal/utilities"
 )
 
 // hook contains a queued action that can be trigger them when the script
@@ -50,7 +52,7 @@ func (s *script) runHooks(err error) error {
 		}
 	}
 	if len(actionErrors) != 0 {
-		return join(actionErrors...)
+		return utilities.Join(actionErrors...)
 	}
 	return nil
 }

cmd/backup/lock.go

@@ -31,7 +31,7 @@ func (s *script) lock(lockfile string) (func() error, error) {
 	for {
 		acquired, err := fileLock.TryLock()
 		if err != nil {
-			return noop, fmt.Errorf("lock: error trying lock: %w", err)
+			return noop, fmt.Errorf("lock: error trying to lock: %w", err)
 		}
 		if acquired {
 			if s.encounteredLock {

cmd/backup/notifications.go

@@ -12,6 +12,7 @@ import (
 	"time"
 
 	sTypes "github.com/containrrr/shoutrrr/pkg/types"
+	"github.com/offen/docker-volume-backup/internal/utilities"
 )
 
 //go:embed notifications.tmpl
@@ -35,16 +36,16 @@ func (s *script) notify(titleTemplate string, bodyTemplate string, err error) er
 
 	titleBuf := &bytes.Buffer{}
 	if err := s.template.ExecuteTemplate(titleBuf, titleTemplate, params); err != nil {
-		return fmt.Errorf("notifyFailure: error executing %s template: %w", titleTemplate, err)
+		return fmt.Errorf("notify: error executing %s template: %w", titleTemplate, err)
 	}
 
 	bodyBuf := &bytes.Buffer{}
 	if err := s.template.ExecuteTemplate(bodyBuf, bodyTemplate, params); err != nil {
-		return fmt.Errorf("notifyFailure: error executing %s template: %w", bodyTemplate, err)
+		return fmt.Errorf("notify: error executing %s template: %w", bodyTemplate, err)
 	}
 
 	if err := s.sendNotification(titleBuf.String(), bodyBuf.String()); err != nil {
-		return fmt.Errorf("notifyFailure: error notifying: %w", err)
+		return fmt.Errorf("notify: error notifying: %w", err)
 	}
 	return nil
 }
@@ -68,7 +69,7 @@ func (s *script) sendNotification(title, body string) error {
 		}
 	}
 	if len(errs) != 0 {
-		return fmt.Errorf("sendNotification: error sending message: %w", join(errs...))
+		return fmt.Errorf("sendNotification: error sending message: %w", utilities.Join(errs...))
 	}
 	return nil
 }

cmd/backup/script.go

@@ -5,19 +5,22 @@ package main
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"io"
 	"io/fs"
-	"io/ioutil"
-	"net/http"
 	"os"
 	"path"
 	"path/filepath"
-	"strings"
 	"text/template"
 	"time"
 
+	"github.com/offen/docker-volume-backup/internal/storage"
+	"github.com/offen/docker-volume-backup/internal/storage/local"
+	"github.com/offen/docker-volume-backup/internal/storage/s3"
+	"github.com/offen/docker-volume-backup/internal/storage/ssh"
+	"github.com/offen/docker-volume-backup/internal/storage/webdav"
+	"github.com/offen/docker-volume-backup/internal/utilities"
+
 	"github.com/containrrr/shoutrrr"
 	"github.com/containrrr/shoutrrr/pkg/router"
 	"github.com/docker/docker/api/types"
@@ -26,29 +29,22 @@ import (
 	"github.com/docker/docker/client"
 	"github.com/kelseyhightower/envconfig"
 	"github.com/leekchan/timeutil"
-	"github.com/minio/minio-go/v7"
-	"github.com/minio/minio-go/v7/pkg/credentials"
 	"github.com/otiai10/copy"
-	"github.com/pkg/sftp"
 	"github.com/sirupsen/logrus"
-	"github.com/studio-b12/gowebdav"
 	"golang.org/x/crypto/openpgp"
-	"golang.org/x/crypto/ssh"
+	"golang.org/x/sync/errgroup"
 )
 
 // script holds all the stateful information required to orchestrate a
 // single backup run.
 type script struct {
-	cli          *client.Client
-	minioClient  *minio.Client
-	webdavClient *gowebdav.Client
-	sshClient    *ssh.Client
-	sftpClient   *sftp.Client
-	logger       *logrus.Logger
-	sender       *router.ServiceRouter
-	template     *template.Template
-	hooks        []hook
-	hookLevel    hookLevel
+	cli       *client.Client
+	storages  []storage.Backend
+	logger    *logrus.Logger
+	sender    *router.ServiceRouter
+	template  *template.Template
+	hooks     []hook
+	hookLevel hookLevel
 
 	file  string
 	stats *Stats
@@ -75,7 +71,12 @@ func newScript() (*script, error) {
 		stats: &Stats{
 			StartTime: time.Now(),
 			LogOutput: logBuffer,
-			Storages:  StoragesStats{},
+			Storages: map[string]StorageStats{
+				"S3":     {},
+				"WebDAV": {},
+				"SSH":    {},
+				"Local":  {},
+			},
 		},
 	}
 
@@ -107,112 +108,85 @@ func newScript() (*script, error) {
 		s.cli = cli
 	}
 
+	logFunc := func(logType storage.LogLevel, context string, msg string, params ...interface{}) {
+		switch logType {
+		case storage.LogLevelWarning:
+			s.logger.Warnf("["+context+"] "+msg, params...)
+		case storage.LogLevelError:
+			s.logger.Errorf("["+context+"] "+msg, params...)
+		case storage.LogLevelInfo:
+		default:
+			s.logger.Infof("["+context+"] "+msg, params...)
+		}
+	}
+
 	if s.c.AwsS3BucketName != "" {
-		var creds *credentials.Credentials
-		if s.c.AwsAccessKeyID != "" && s.c.AwsSecretAccessKey != "" {
-			creds = credentials.NewStaticV4(
-				s.c.AwsAccessKeyID,
-				s.c.AwsSecretAccessKey,
-				"",
-			)
-		} else if s.c.AwsIamRoleEndpoint != "" {
-			creds = credentials.NewIAM(s.c.AwsIamRoleEndpoint)
-		} else {
-			return nil, errors.New("newScript: AWS_S3_BUCKET_NAME is defined, but no credentials were provided")
-		}
-
-		options := minio.Options{
-			Creds:  creds,
-			Secure: s.c.AwsEndpointProto == "https",
-		}
-
-		if s.c.AwsEndpointInsecure {
-			if !options.Secure {
-				return nil, errors.New("newScript: AWS_ENDPOINT_INSECURE = true is only meaningful for https")
-			}
-
-			transport, err := minio.DefaultTransport(true)
-			if err != nil {
-				return nil, fmt.Errorf("newScript: failed to create default minio transport")
-			}
-			transport.TLSClientConfig.InsecureSkipVerify = true
-			options.Transport = transport
-		}
-
-		mc, err := minio.New(s.c.AwsEndpoint, &options)
+		accessKeyID, err := s.c.resolveSecret(s.c.AwsAccessKeyID, s.c.AwsAccessKeyIDFile)
 		if err != nil {
-			return nil, fmt.Errorf("newScript: error setting up minio client: %w", err)
+			return nil, fmt.Errorf("newScript: error resolving AwsAccessKeyID: %w", err)
+		}
+		secretAccessKey, err := s.c.resolveSecret(s.c.AwsSecretAccessKey, s.c.AwsSecretAccessKeyFile)
+		if err != nil {
+			return nil, fmt.Errorf("newScript: error resolving AwsSecretAccessKey: %w", err)
+		}
+		s3Config := s3.Config{
+			Endpoint:         s.c.AwsEndpoint,
+			AccessKeyID:      accessKeyID,
+			SecretAccessKey:  secretAccessKey,
+			IamRoleEndpoint:  s.c.AwsIamRoleEndpoint,
+			EndpointProto:    s.c.AwsEndpointProto,
+			EndpointInsecure: s.c.AwsEndpointInsecure,
+			RemotePath:       s.c.AwsS3Path,
+			BucketName:       s.c.AwsS3BucketName,
+			StorageClass:     s.c.AwsStorageClass,
+			CACert:           s.c.AwsEndpointCACert.Cert,
+		}
+		if s3Backend, err := s3.NewStorageBackend(s3Config, logFunc); err != nil {
+			return nil, err
+		} else {
+			s.storages = append(s.storages, s3Backend)
 		}
-		s.minioClient = mc
 	}
 
 	if s.c.WebdavUrl != "" {
-		if s.c.WebdavUsername == "" || s.c.WebdavPassword == "" {
-			return nil, errors.New("newScript: WEBDAV_URL is defined, but no credentials were provided")
+		webDavConfig := webdav.Config{
+			URL:         s.c.WebdavUrl,
+			URLInsecure: s.c.WebdavUrlInsecure,
+			Username:    s.c.WebdavUsername,
+			Password:    s.c.WebdavPassword,
+			RemotePath:  s.c.WebdavPath,
+		}
+		if webdavBackend, err := webdav.NewStorageBackend(webDavConfig, logFunc); err != nil {
+			return nil, err
 		} else {
-			webdavClient := gowebdav.NewClient(s.c.WebdavUrl, s.c.WebdavUsername, s.c.WebdavPassword)
-			s.webdavClient = webdavClient
-			if s.c.WebdavUrlInsecure {
-				defaultTransport, ok := http.DefaultTransport.(*http.Transport)
-				if !ok {
-					return nil, errors.New("newScript: unexpected error when asserting type for http.DefaultTransport")
-				}
-				webdavTransport := defaultTransport.Clone()
-				webdavTransport.TLSClientConfig.InsecureSkipVerify = s.c.WebdavUrlInsecure
-				s.webdavClient.SetTransport(webdavTransport)
-			}
+			s.storages = append(s.storages, webdavBackend)
 		}
 	}
 
 	if s.c.SSHHostName != "" {
-		var authMethods []ssh.AuthMethod
-
-		if s.c.SSHPassword != "" {
-			authMethods = append(authMethods, ssh.Password(s.c.SSHPassword))
+		sshConfig := ssh.Config{
+			HostName:           s.c.SSHHostName,
+			Port:               s.c.SSHPort,
+			User:               s.c.SSHUser,
+			Password:           s.c.SSHPassword,
+			IdentityFile:       s.c.SSHIdentityFile,
+			IdentityPassphrase: s.c.SSHIdentityPassphrase,
+			RemotePath:         s.c.SSHRemotePath,
 		}
-
-		if _, err := os.Stat(s.c.SSHIdentityFile); err == nil {
-			key, err := ioutil.ReadFile(s.c.SSHIdentityFile)
-			if err != nil {
-				return nil, errors.New("newScript: error reading the private key")
-			}
-
-			var signer ssh.Signer
-			if s.c.SSHIdentityPassphrase != "" {
-				signer, err = ssh.ParsePrivateKeyWithPassphrase(key, []byte(s.c.SSHIdentityPassphrase))
-				if err != nil {
-					return nil, errors.New("newScript: error parsing the encrypted private key")
-				}
-				authMethods = append(authMethods, ssh.PublicKeys(signer))
-			} else {
-				signer, err = ssh.ParsePrivateKey(key)
-				if err != nil {
-					return nil, errors.New("newScript: error parsing the private key")
-				}
-				authMethods = append(authMethods, ssh.PublicKeys(signer))
-			}
-		}
-
-		sshClientConfig := &ssh.ClientConfig{
-			User:            s.c.SSHUser,
-			Auth:            authMethods,
-			HostKeyCallback: ssh.InsecureIgnoreHostKey(),
-		}
-		sshClient, err := ssh.Dial("tcp", fmt.Sprintf("%s:%s", s.c.SSHHostName, s.c.SSHPort), sshClientConfig)
-		s.sshClient = sshClient
-		if err != nil {
-			return nil, fmt.Errorf("newScript: error creating ssh client: %w", err)
-		}
-		_, _, err = s.sshClient.SendRequest("keepalive", false, nil)
-		if err != nil {
+		if sshBackend, err := ssh.NewStorageBackend(sshConfig, logFunc); err != nil {
 			return nil, err
+		} else {
+			s.storages = append(s.storages, sshBackend)
 		}
+	}
 
-		sftpClient, err := sftp.NewClient(sshClient)
-		s.sftpClient = sftpClient
-		if err != nil {
-			return nil, fmt.Errorf("newScript: error creating sftp client: %w", err)
+	if _, err := os.Stat(s.c.BackupArchive); !os.IsNotExist(err) {
+		localConfig := local.Config{
+			ArchivePath:   s.c.BackupArchive,
+			LatestSymlink: s.c.BackupLatestSymlink,
 		}
+		localBackend := local.NewStorageBackend(localConfig, logFunc)
+		s.storages = append(s.storages, localBackend)
 	}
 
 	if s.c.EmailNotificationRecipient != "" {
@@ -293,7 +267,7 @@ func (s *script) stopContainers() (func() error, error) {
 		Quiet: true,
 	})
 	if err != nil {
-		return noop, fmt.Errorf("stopContainersAndRun: error querying for containers: %w", err)
+		return noop, fmt.Errorf("stopContainers: error querying for containers: %w", err)
 	}
 
 	containerLabel := fmt.Sprintf(
@@ -309,7 +283,7 @@ func (s *script) stopContainers() (func() error, error) {
 	})
 
 	if err != nil {
-		return noop, fmt.Errorf("stopContainersAndRun: error querying for containers to stop: %w", err)
+		return noop, fmt.Errorf("stopContainers: error querying for containers to stop: %w", err)
 	}
 
 	if len(containersToStop) == 0 {
@@ -336,9 +310,9 @@ func (s *script) stopContainers() (func() error, error) {
 	var stopError error
 	if len(stopErrors) != 0 {
 		stopError = fmt.Errorf(
-			"stopContainersAndRun: %d error(s) stopping containers: %w",
+			"stopContainers: %d error(s) stopping containers: %w",
 			len(stopErrors),
-			join(stopErrors...),
+			utilities.Join(stopErrors...),
 		)
 	}
 
@@ -373,7 +347,7 @@ func (s *script) stopContainers() (func() error, error) {
 					}
 				}
 				if serviceMatch.ID == "" {
-					return fmt.Errorf("stopContainersAndRun: couldn't find service with name %s", serviceName)
+					return fmt.Errorf("stopContainers: couldn't find service with name %s", serviceName)
 				}
 				serviceMatch.Spec.TaskTemplate.ForceUpdate = 1
 				if _, err := s.cli.ServiceUpdate(
@@ -387,9 +361,9 @@ func (s *script) stopContainers() (func() error, error) {
 
 		if len(restartErrors) != 0 {
 			return fmt.Errorf(
-				"stopContainersAndRun: %d error(s) restarting containers and services: %w",
+				"stopContainers: %d error(s) restarting containers and services: %w",
 				len(restartErrors),
-				join(restartErrors...),
+				utilities.Join(restartErrors...),
 			)
 		}
 		s.logger.Infof(
@@ -416,7 +390,7 @@ func (s *script) createArchive() error {
 		// copy before compressing guard against a situation where backup folder's content are still growing.
 		s.registerHook(hookLevelPlumbing, func(error) error {
 			if err := remove(backupSources); err != nil {
-				return fmt.Errorf("takeBackup: error removing snapshot: %w", err)
+				return fmt.Errorf("createArchive: error removing snapshot: %w", err)
 			}
 			s.logger.Infof("Removed snapshot `%s`.", backupSources)
 			return nil
@@ -425,7 +399,7 @@ func (s *script) createArchive() error {
 			PreserveTimes: true,
 			PreserveOwner: true,
 		}); err != nil {
-			return fmt.Errorf("takeBackup: error creating snapshot: %w", err)
+			return fmt.Errorf("createArchive: error creating snapshot: %w", err)
 		}
 		s.logger.Infof("Created snapshot of `%s` at `%s`.", s.c.BackupSources, backupSources)
 	}
@@ -433,7 +407,7 @@ func (s *script) createArchive() error {
 	tarFile := s.file
 	s.registerHook(hookLevelPlumbing, func(error) error {
 		if err := remove(tarFile); err != nil {
-			return fmt.Errorf("takeBackup: error removing tar file: %w", err)
+			return fmt.Errorf("createArchive: error removing tar file: %w", err)
 		}
 		s.logger.Infof("Removed tar file `%s`.", tarFile)
 		return nil
@@ -441,7 +415,7 @@ func (s *script) createArchive() error {
 
 	backupPath, err := filepath.Abs(stripTrailingSlashes(backupSources))
 	if err != nil {
-		return fmt.Errorf("takeBackup: error getting absolute path: %w", err)
+		return fmt.Errorf("createArchive: error getting absolute path: %w", err)
 	}
 
 	var filesEligibleForBackup []string
@@ -456,11 +430,11 @@ func (s *script) createArchive() error {
 		filesEligibleForBackup = append(filesEligibleForBackup, path)
 		return nil
 	}); err != nil {
-		return fmt.Errorf("compress: error walking filesystem tree: %w", err)
+		return fmt.Errorf("createArchive: error walking filesystem tree: %w", err)
 	}
 
 	if err := createArchive(filesEligibleForBackup, backupSources, tarFile); err != nil {
-		return fmt.Errorf("takeBackup: error compressing backup folder: %w", err)
+		return fmt.Errorf("createArchive: error compressing backup folder: %w", err)
 	}
 
 	s.logger.Infof("Created backup of `%s` at `%s`.", backupSources, tarFile)
@@ -478,35 +452,35 @@ func (s *script) encryptArchive() error {
 	gpgFile := fmt.Sprintf("%s.gpg", s.file)
 	s.registerHook(hookLevelPlumbing, func(error) error {
 		if err := remove(gpgFile); err != nil {
-			return fmt.Errorf("encryptBackup: error removing gpg file: %w", err)
+			return fmt.Errorf("encryptArchive: error removing gpg file: %w", err)
 		}
 		s.logger.Infof("Removed GPG file `%s`.", gpgFile)
 		return nil
 	})
 
 	outFile, err := os.Create(gpgFile)
-	defer outFile.Close()
 	if err != nil {
-		return fmt.Errorf("encryptBackup: error opening out file: %w", err)
+		return fmt.Errorf("encryptArchive: error opening out file: %w", err)
 	}
+	defer outFile.Close()
 
 	_, name := path.Split(s.file)
 	dst, err := openpgp.SymmetricallyEncrypt(outFile, []byte(s.c.GpgPassphrase), &openpgp.FileHints{
 		IsBinary: true,
 		FileName: name,
 	}, nil)
-	defer dst.Close()
 	if err != nil {
-		return fmt.Errorf("encryptBackup: error encrypting backup file: %w", err)
+		return fmt.Errorf("encryptArchive: error encrypting backup file: %w", err)
 	}
+	defer dst.Close()
 
 	src, err := os.Open(s.file)
 	if err != nil {
-		return fmt.Errorf("encryptBackup: error opening backup file `%s`: %w", s.file, err)
+		return fmt.Errorf("encryptArchive: error opening backup file `%s`: %w", s.file, err)
 	}
 
 	if _, err := io.Copy(dst, src); err != nil {
-		return fmt.Errorf("encryptBackup: error writing ciphertext to file: %w", err)
+		return fmt.Errorf("encryptArchive: error writing ciphertext to file: %w", err)
 	}
 
 	s.file = gpgFile
@@ -519,7 +493,7 @@ func (s *script) encryptArchive() error {
 func (s *script) copyArchive() error {
 	_, name := path.Split(s.file)
 	if stat, err := os.Stat(s.file); err != nil {
-		return fmt.Errorf("copyBackup: unable to stat backup file: %w", err)
+		return fmt.Errorf("copyArchive: unable to stat backup file: %w", err)
 	} else {
 		size := stat.Size()
 		s.stats.BackupFile = BackupFileStats{
@@ -529,92 +503,17 @@ func (s *script) copyArchive() error {
 		}
 	}
 
-	if s.minioClient != nil {
-		if _, err := s.minioClient.FPutObject(context.Background(), s.c.AwsS3BucketName, filepath.Join(s.c.AwsS3Path, name), s.file, minio.PutObjectOptions{
-			ContentType:  "application/tar+gzip",
-			StorageClass: s.c.AwsStorageClass,
-		}); err != nil {
-			return fmt.Errorf("copyBackup: error uploading backup to remote storage: %w", err)
-		}
-		s.logger.Infof("Uploaded a copy of backup `%s` to bucket `%s`.", s.file, s.c.AwsS3BucketName)
+	eg := errgroup.Group{}
+	for _, backend := range s.storages {
+		b := backend
+		eg.Go(func() error {
+			return b.Copy(s.file)
+		})
+	}
+	if err := eg.Wait(); err != nil {
+		return fmt.Errorf("copyArchive: error copying archive: %w", err)
 	}
 
-	if s.webdavClient != nil {
-		bytes, err := os.ReadFile(s.file)
-		if err != nil {
-			return fmt.Errorf("copyBackup: error reading the file to be uploaded: %w", err)
-		}
-		if err := s.webdavClient.MkdirAll(s.c.WebdavPath, 0644); err != nil {
-			return fmt.Errorf("copyBackup: error creating directory '%s' on WebDAV server: %w", s.c.WebdavPath, err)
-		}
-		if err := s.webdavClient.Write(filepath.Join(s.c.WebdavPath, name), bytes, 0644); err != nil {
-			return fmt.Errorf("copyBackup: error uploading the file to WebDAV server: %w", err)
-		}
-		s.logger.Infof("Uploaded a copy of backup `%s` to WebDAV-URL '%s' at path '%s'.", s.file, s.c.WebdavUrl, s.c.WebdavPath)
-	}
-
-	if s.sshClient != nil {
-		source, err := os.Open(s.file)
-		if err != nil {
-			return fmt.Errorf("copyBackup: error reading the file to be uploaded: %w", err)
-		}
-		defer source.Close()
-
-		destination, err := s.sftpClient.Create(filepath.Join(s.c.SSHRemotePath, name))
-		if err != nil {
-			return fmt.Errorf("copyBackup: error creating file on SSH storage: %w", err)
-		}
-		defer destination.Close()
-
-		chunk := make([]byte, 1000000)
-		for {
-			num, err := source.Read(chunk)
-			if err == io.EOF {
-				tot, err := destination.Write(chunk[:num])
-				if err != nil {
-					return fmt.Errorf("copyBackup: error uploading the file to SSH storage: %w", err)
-				}
-
-				if tot != len(chunk[:num]) {
-					return fmt.Errorf("sshClient: failed to write stream")
-				}
-
-				break
-			}
-
-			if err != nil {
-				return fmt.Errorf("copyBackup: error uploading the file to SSH storage: %w", err)
-			}
-
-			tot, err := destination.Write(chunk[:num])
-			if err != nil {
-				return fmt.Errorf("copyBackup: error uploading the file to SSH storage: %w", err)
-			}
-
-			if tot != len(chunk[:num]) {
-				return fmt.Errorf("sshClient: failed to write stream")
-			}
-		}
-
-		s.logger.Infof("Uploaded a copy of backup `%s` to SSH storage '%s' at path '%s'.", s.file, s.c.SSHHostName, s.c.SSHRemotePath)
-	}
-
-	if _, err := os.Stat(s.c.BackupArchive); !os.IsNotExist(err) {
-		if err := copyFile(s.file, path.Join(s.c.BackupArchive, name)); err != nil {
-			return fmt.Errorf("copyBackup: error copying file to local archive: %w", err)
-		}
-		s.logger.Infof("Stored copy of backup `%s` in local archive `%s`.", s.file, s.c.BackupArchive)
-		if s.c.BackupLatestSymlink != "" {
-			symlink := path.Join(s.c.BackupArchive, s.c.BackupLatestSymlink)
-			if _, err := os.Lstat(symlink); err == nil {
-				os.Remove(symlink)
-			}
-			if err := os.Symlink(name, symlink); err != nil {
-				return fmt.Errorf("copyBackup: error creating latest symlink: %w", err)
-			}
-			s.logger.Infof("Created/Updated symlink `%s` for latest backup.", s.c.BackupLatestSymlink)
-		}
-	}
 	return nil
 }
 
@@ -628,208 +527,28 @@ func (s *script) pruneBackups() error {
 
 	deadline := time.Now().AddDate(0, 0, -int(s.c.BackupRetentionDays)).Add(s.c.BackupPruningLeeway)
 
-	// doPrune holds general control flow that applies to any kind of storage.
-	// Callers can pass in a thunk that performs the actual deletion of files.
-	var doPrune = func(lenMatches, lenCandidates int, description string, doRemoveFiles func() error) error {
-		if lenMatches != 0 && lenMatches != lenCandidates {
-			if err := doRemoveFiles(); err != nil {
+	eg := errgroup.Group{}
+	for _, backend := range s.storages {
+		b := backend
+		eg.Go(func() error {
+			stats, err := b.Prune(deadline, s.c.BackupPruningPrefix)
+			if err != nil {
 				return err
 			}
-			s.logger.Infof(
-				"Pruned %d out of %d %s as their age exceeded the configured retention period of %d days.",
-				lenMatches,
-				lenCandidates,
-				description,
-				s.c.BackupRetentionDays,
-			)
-		} else if lenMatches != 0 && lenMatches == lenCandidates {
-			s.logger.Warnf("The current configuration would delete all %d existing %s.", lenMatches, description)
-			s.logger.Warn("Refusing to do so, please check your configuration.")
-		} else {
-			s.logger.Infof("None of %d existing %s were pruned.", lenCandidates, description)
-		}
-		return nil
-	}
-
-	if s.minioClient != nil {
-		candidates := s.minioClient.ListObjects(context.Background(), s.c.AwsS3BucketName, minio.ListObjectsOptions{
-			WithMetadata: true,
-			Prefix:       filepath.Join(s.c.AwsS3Path, s.c.BackupPruningPrefix),
-			Recursive:    true,
-		})
-
-		var matches []minio.ObjectInfo
-		var lenCandidates int
-		for candidate := range candidates {
-			lenCandidates++
-			if candidate.Err != nil {
-				return fmt.Errorf(
-					"pruneBackups: error looking up candidates from remote storage: %w",
-					candidate.Err,
-				)
-			}
-			if candidate.LastModified.Before(deadline) {
-				matches = append(matches, candidate)
-			}
-		}
-
-		s.stats.Storages.S3 = StorageStats{
-			Total:  uint(lenCandidates),
-			Pruned: uint(len(matches)),
-		}
-
-		doPrune(len(matches), lenCandidates, "remote backup(s)", func() error {
-			objectsCh := make(chan minio.ObjectInfo)
-			go func() {
-				for _, match := range matches {
-					objectsCh <- match
-				}
-				close(objectsCh)
-			}()
-			errChan := s.minioClient.RemoveObjects(context.Background(), s.c.AwsS3BucketName, objectsCh, minio.RemoveObjectsOptions{})
-			var removeErrors []error
-			for result := range errChan {
-				if result.Err != nil {
-					removeErrors = append(removeErrors, result.Err)
-				}
-			}
-			if len(removeErrors) != 0 {
-				return join(removeErrors...)
+			s.stats.Lock()
+			s.stats.Storages[b.Name()] = StorageStats{
+				Total:  stats.Total,
+				Pruned: stats.Pruned,
 			}
+			s.stats.Unlock()
 			return nil
 		})
 	}
 
-	if s.webdavClient != nil {
-		candidates, err := s.webdavClient.ReadDir(s.c.WebdavPath)
-		if err != nil {
-			return fmt.Errorf("pruneBackups: error looking up candidates from remote storage: %w", err)
-		}
-		var matches []fs.FileInfo
-		var lenCandidates int
-		for _, candidate := range candidates {
-			if !strings.HasPrefix(candidate.Name(), s.c.BackupPruningPrefix) {
-				continue
-			}
-			lenCandidates++
-			if candidate.ModTime().Before(deadline) {
-				matches = append(matches, candidate)
-			}
-		}
-
-		s.stats.Storages.WebDAV = StorageStats{
-			Total:  uint(lenCandidates),
-			Pruned: uint(len(matches)),
-		}
-
-		doPrune(len(matches), lenCandidates, "WebDAV backup(s)", func() error {
-			for _, match := range matches {
-				if err := s.webdavClient.Remove(filepath.Join(s.c.WebdavPath, match.Name())); err != nil {
-					return fmt.Errorf("pruneBackups: error removing file from WebDAV storage: %w", err)
-				}
-			}
-			return nil
-		})
+	if err := eg.Wait(); err != nil {
+		return fmt.Errorf("pruneBackups: error pruning backups: %w", err)
 	}
 
-	if s.sshClient != nil {
-		candidates, err := s.sftpClient.ReadDir(s.c.SSHRemotePath)
-		if err != nil {
-			return fmt.Errorf("pruneBackups: error reading directory from SSH storage: %w", err)
-		}
-
-		var matches []string
-		for _, candidate := range candidates {
-			if !strings.HasPrefix(candidate.Name(), s.c.BackupPruningPrefix) {
-				continue
-			}
-			if candidate.ModTime().Before(deadline) {
-				matches = append(matches, candidate.Name())
-			}
-		}
-
-		s.stats.Storages.SSH = StorageStats{
-			Total:  uint(len(candidates)),
-			Pruned: uint(len(matches)),
-		}
-
-		doPrune(len(matches), len(candidates), "SSH backup(s)", func() error {
-			for _, match := range matches {
-				if err := s.sftpClient.Remove(filepath.Join(s.c.SSHRemotePath, match)); err != nil {
-					return fmt.Errorf("pruneBackups: error removing file from SSH storage: %w", err)
-				}
-			}
-			return nil
-		})
-	}
-
-	if _, err := os.Stat(s.c.BackupArchive); !os.IsNotExist(err) {
-		globPattern := path.Join(
-			s.c.BackupArchive,
-			fmt.Sprintf("%s*", s.c.BackupPruningPrefix),
-		)
-		globMatches, err := filepath.Glob(globPattern)
-		if err != nil {
-			return fmt.Errorf(
-				"pruneBackups: error looking up matching files using pattern %s: %w",
-				globPattern,
-				err,
-			)
-		}
-
-		var candidates []string
-		for _, candidate := range globMatches {
-			fi, err := os.Lstat(candidate)
-			if err != nil {
-				return fmt.Errorf(
-					"pruneBackups: error calling Lstat on file %s: %w",
-					candidate,
-					err,
-				)
-			}
-
-			if fi.Mode()&os.ModeSymlink != os.ModeSymlink {
-				candidates = append(candidates, candidate)
-			}
-		}
-
-		var matches []string
-		for _, candidate := range candidates {
-			fi, err := os.Stat(candidate)
-			if err != nil {
-				return fmt.Errorf(
-					"pruneBackups: error calling stat on file %s: %w",
-					candidate,
-					err,
-				)
-			}
-			if fi.ModTime().Before(deadline) {
-				matches = append(matches, candidate)
-			}
-		}
-
-		s.stats.Storages.Local = StorageStats{
-			Total:  uint(len(candidates)),
-			Pruned: uint(len(matches)),
-		}
-
-		doPrune(len(matches), len(candidates), "local backup(s)", func() error {
-			var removeErrors []error
-			for _, match := range matches {
-				if err := os.Remove(match); err != nil {
-					removeErrors = append(removeErrors, err)
-				}
-			}
-			if len(removeErrors) != 0 {
-				return fmt.Errorf(
-					"pruneBackups: %d error(s) deleting local files, starting with: %w",
-					len(removeErrors),
-					join(removeErrors...),
-				)
-			}
-			return nil
-		})
-	}
 	return nil
 }
 

cmd/backup/stats.go

@@ -5,6 +5,7 @@ package main
 
 import (
 	"bytes"
+	"sync"
 	"time"
 )
 
@@ -30,16 +31,9 @@ type StorageStats struct {
 	PruneErrors uint
 }
 
-// StoragesStats stats about each possible archival location (Local, WebDAV, SSH, S3)
-type StoragesStats struct {
-	Local  StorageStats
-	WebDAV StorageStats
-	SSH    StorageStats
-	S3     StorageStats
-}
-
 // Stats global stats regarding script execution
 type Stats struct {
+	sync.Mutex
 	StartTime  time.Time
 	EndTime    time.Time
 	TookTime   time.Duration
@@ -47,5 +41,5 @@ type Stats struct {
 	LogOutput  *bytes.Buffer
 	Containers ContainersStats
 	BackupFile BackupFileStats
-	Storages   StoragesStats
+	Storages   map[string]StorageStats
 }

cmd/backup/util.go

@@ -5,51 +5,13 @@ package main
 
 import (
 	"bytes"
-	"errors"
 	"fmt"
 	"io"
 	"os"
-	"strings"
 )
 
 var noop = func() error { return nil }
 
-// copy creates a copy of the file located at `dst` at `src`.
-func copyFile(src, dst string) error {
-	in, err := os.Open(src)
-	if err != nil {
-		return err
-	}
-	defer in.Close()
-
-	out, err := os.Create(dst)
-	if err != nil {
-		return err
-	}
-
-	_, err = io.Copy(out, in)
-	if err != nil {
-		out.Close()
-		return err
-	}
-	return out.Close()
-}
-
-// join takes a list of errors and joins them into a single error
-func join(errs ...error) error {
-	if len(errs) == 1 {
-		return errs[0]
-	}
-	var msgs []string
-	for _, err := range errs {
-		if err == nil {
-			continue
-		}
-		msgs = append(msgs, err.Error())
-	}
-	return errors.New("[" + strings.Join(msgs, ", ") + "]")
-}
-
 // remove removes the given file or directory from disk.
 func remove(location string) error {
 	fi, err := os.Lstat(location)
@@ -84,7 +46,7 @@ type bufferingWriter struct {
 
 func (b *bufferingWriter) Write(p []byte) (n int, err error) {
 	if n, err := b.buf.Write(p); err != nil {
-		return n, fmt.Errorf("bufferingWriter: error writing to buffer: %w", err)
+		return n, fmt.Errorf("(*bufferingWriter).Write: error writing to buffer: %w", err)
 	}
 	return b.writer.Write(p)
 }

entrypoint.sh

@@ -13,6 +13,7 @@ if [ ! -d "/etc/dockervolumebackup/conf.d" ]; then
 else
   echo "/etc/dockervolumebackup/conf.d was found, using configuration files from this directory."
 
+  crontab -r && crontab /dev/null
   for file in /etc/dockervolumebackup/conf.d/*; do
     source $file
     BACKUP_CRON_EXPRESSION="${BACKUP_CRON_EXPRESSION:-@daily}"

go.mod

@@ -1,6 +1,6 @@
 module github.com/offen/docker-volume-backup
 
-go 1.18
+go 1.19
 
 require (
 	github.com/containrrr/shoutrrr v0.5.2
@@ -9,12 +9,12 @@ require (
 	github.com/gofrs/flock v0.8.1
 	github.com/kelseyhightower/envconfig v1.4.0
 	github.com/leekchan/timeutil v0.0.0-20150802142658-28917288c48d
-	github.com/minio/minio-go/v7 v7.0.16
+	github.com/minio/minio-go/v7 v7.0.44
 	github.com/otiai10/copy v1.7.0
 	github.com/pkg/sftp v1.13.5
-	github.com/sirupsen/logrus v1.8.1
+	github.com/sirupsen/logrus v1.9.0
 	github.com/studio-b12/gowebdav v0.0.0-20220128162035-c7b1ff8a5e62
-	golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
+	golang.org/x/crypto v0.3.0
 	golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f
 )
 
@@ -32,15 +32,14 @@ require (
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/gorilla/mux v1.7.3 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.15.6 // indirect
-	github.com/klauspost/cpuid/v2 v2.0.9 // indirect
+	github.com/klauspost/compress v1.15.12 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.1 // indirect
 	github.com/kr/fs v0.1.0 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/mattn/go-colorable v0.1.8 // indirect
 	github.com/mattn/go-isatty v0.0.12 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
 	github.com/minio/sha256-simd v1.0.0 // indirect
-	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/moby/term v0.0.0-20200312100748-672ec06f55cd // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
@@ -52,16 +51,16 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/rs/xid v1.3.0 // indirect
-	golang.org/x/net v0.0.0-20220607020251-c690dde0001d // indirect
-	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
-	golang.org/x/text v0.3.7 // indirect
+	github.com/rs/xid v1.4.0 // indirect
+	golang.org/x/net v0.2.0 // indirect
+	golang.org/x/sys v0.2.0 // indirect
+	golang.org/x/text v0.4.0 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
 	google.golang.org/genproto v0.0.0-20220602131408-e326c6e8e9c8 // indirect
 	google.golang.org/grpc v1.47.0 // indirect
 	google.golang.org/protobuf v1.28.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
-	gopkg.in/ini.v1 v1.65.0 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )

go.sum

@@ -146,7 +146,6 @@ github.com/jarcoal/httpmock v1.0.4 h1:jp+dy/+nonJE4g4xbVtl9QdrUNbn6/3hDT5R4nDIZn
 github.com/jarcoal/httpmock v1.0.4/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
 github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
@@ -158,15 +157,12 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.11.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.15.6 h1:6D9PcO8QWu0JyaQ2zUMmu16T1T+zjjEpP91guRsvDfY=
-github.com/klauspost/compress v1.15.6/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
-github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
-github.com/klauspost/cpuid v1.3.1/go.mod h1:bYW4mA6ZgKPob1/Dlai2LviZJO7KGI3uoWLd42rAQw4=
+github.com/klauspost/compress v1.15.12 h1:YClS/PImqYbn+UILDnqxQCZ3RehC9N318SU3kElDUEM=
+github.com/klauspost/compress v1.15.12/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
 github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.0.9 h1:lgaqFMSdTdQYdZ04uHyN2d/eKdOMyi2YLSvlQIBFYa4=
-github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.2.1 h1:U33DW0aiEj633gHYw3LoDNfkDiYnE5Q8M/TKJn2f2jI=
+github.com/klauspost/cpuid/v2 v2.2.1/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
 github.com/knq/sysutil v0.0.0-20181215143952-f05b59f0f307/go.mod h1:BjPj+aVjl9FW/cCGiF3nGh5v+9Gd3VCgBQbod/GlMaQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -198,15 +194,12 @@ github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2y
 github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/minio/md5-simd v1.1.0/go.mod h1:XpBqgZULrMYD3R+M28PcmP0CkI7PEMzB3U77ZrKZ0Gw=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
-github.com/minio/minio-go/v7 v7.0.16 h1:GspaSBS8lOuEUCAqMe0W3UxSoyOA4b4F8PTspRVI+k4=
-github.com/minio/minio-go/v7 v7.0.16/go.mod h1:pUV0Pc+hPd1nccgmzQF/EXh48l/Z/yps6QPF1aaie4g=
-github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM=
+github.com/minio/minio-go/v7 v7.0.44 h1:9zUJ7iU7ax2P1jOvTp6nVrgzlZq3AZlFm0XfRFDKstM=
+github.com/minio/minio-go/v7 v7.0.44/go.mod h1:nCrRzjoSUQh8hgKKtu3Y708OLvRLtuASMg2/nvmbarw=
 github.com/minio/sha256-simd v1.0.0 h1:v1ta+49hkWZyvaKwrQB8elexRqm6Y0aMLjCNsrYxo6g=
 github.com/minio/sha256-simd v1.0.0/go.mod h1:OuYzVNI5vcoYIAmbIvHPl3N3jUzVedXbKy5RFepssQM=
-github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.2.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
@@ -271,17 +264,16 @@ github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7z
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
-github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
-github.com/rs/xid v1.3.0 h1:6NjYksEUlhurdVehpc7S7dk6DAmcKv8V9gG0FsVN2U4=
-github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
+github.com/rs/xid v1.4.0 h1:qd7wPTDkN6KQx2VmMBLrpHkiyQwgFXRnkOLacUiaSNY=
+github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.0.5/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
-github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
@@ -329,9 +321,9 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
-golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 h1:0es+/5331RGQPcXlMfP+WrnIIS6dNnNRe0WB02W0F4M=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A=
+golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -353,14 +345,13 @@ golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220607020251-c690dde0001d h1:4SFsTMi4UahlKoloni7L4eYzhFRifURQLw+yv0QDCx8=
-golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -394,7 +385,6 @@ golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210113181707-4bcb84eeeb78/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -405,18 +395,19 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
+golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY=
+golang.org/x/term v0.2.0 h1:z85xZCsEl7bi/KwbNADeBYoOP0++7W1ipu+aGnpwzRM=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac h1:7zkz7BUtwNFFqcowJ+RIgu2MaV/MapERkDIy+mwPyjs=
@@ -479,9 +470,8 @@ gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMy
 gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
 gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.55.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ini.v1 v1.65.0 h1:B2//IEITFk89S+Nl2tozBeqUvFEpUAY6daarSlrx8jU=
-gopkg.in/ini.v1 v1.65.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=

internal/storage/local/local.go

@@ -0,0 +1,160 @@
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
+// SPDX-License-Identifier: MPL-2.0
+
+package local
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"path"
+	"path/filepath"
+	"time"
+
+	"github.com/offen/docker-volume-backup/internal/storage"
+	"github.com/offen/docker-volume-backup/internal/utilities"
+)
+
+type localStorage struct {
+	*storage.StorageBackend
+	latestSymlink string
+}
+
+// Config allows configuration of a local storage backend.
+type Config struct {
+	ArchivePath   string
+	LatestSymlink string
+}
+
+// NewStorageBackend creates and initializes a new local storage backend.
+func NewStorageBackend(opts Config, logFunc storage.Log) storage.Backend {
+	return &localStorage{
+		StorageBackend: &storage.StorageBackend{
+			DestinationPath: opts.ArchivePath,
+			Log:             logFunc,
+		},
+		latestSymlink: opts.LatestSymlink,
+	}
+}
+
+// Name return the name of the storage backend
+func (b *localStorage) Name() string {
+	return "Local"
+}
+
+// Copy copies the given file to the local storage backend.
+func (b *localStorage) Copy(file string) error {
+	_, name := path.Split(file)
+
+	if err := copyFile(file, path.Join(b.DestinationPath, name)); err != nil {
+		return fmt.Errorf("(*localStorage).Copy: Error copying file to local archive: %w", err)
+	}
+	b.Log(storage.LogLevelInfo, b.Name(), "Stored copy of backup `%s` in local archive `%s`.", file, b.DestinationPath)
+
+	if b.latestSymlink != "" {
+		symlink := path.Join(b.DestinationPath, b.latestSymlink)
+		if _, err := os.Lstat(symlink); err == nil {
+			os.Remove(symlink)
+		}
+		if err := os.Symlink(name, symlink); err != nil {
+			return fmt.Errorf("(*localStorage).Copy: error creating latest symlink: %w", err)
+		}
+		b.Log(storage.LogLevelInfo, b.Name(), "Created/Updated symlink `%s` for latest backup.", b.latestSymlink)
+	}
+
+	return nil
+}
+
+// Prune rotates away backups according to the configuration and provided deadline for the local storage backend.
+func (b *localStorage) Prune(deadline time.Time, pruningPrefix string) (*storage.PruneStats, error) {
+	globPattern := path.Join(
+		b.DestinationPath,
+		fmt.Sprintf("%s*", pruningPrefix),
+	)
+	globMatches, err := filepath.Glob(globPattern)
+	if err != nil {
+		return nil, fmt.Errorf(
+			"(*localStorage).Prune: Error looking up matching files using pattern %s: %w",
+			globPattern,
+			err,
+		)
+	}
+
+	var candidates []string
+	for _, candidate := range globMatches {
+		fi, err := os.Lstat(candidate)
+		if err != nil {
+			return nil, fmt.Errorf(
+				"(*localStorage).Prune: Error calling Lstat on file %s: %w",
+				candidate,
+				err,
+			)
+		}
+
+		if fi.Mode()&os.ModeSymlink != os.ModeSymlink {
+			candidates = append(candidates, candidate)
+		}
+	}
+
+	var matches []string
+	for _, candidate := range candidates {
+		fi, err := os.Stat(candidate)
+		if err != nil {
+			return nil, fmt.Errorf(
+				"(*localStorage).Prune: Error calling stat on file %s: %w",
+				candidate,
+				err,
+			)
+		}
+		if fi.ModTime().Before(deadline) {
+			matches = append(matches, candidate)
+		}
+	}
+
+	stats := &storage.PruneStats{
+		Total:  uint(len(candidates)),
+		Pruned: uint(len(matches)),
+	}
+
+	if err := b.DoPrune(b.Name(), len(matches), len(candidates), "local backup(s)", func() error {
+		var removeErrors []error
+		for _, match := range matches {
+			if err := os.Remove(match); err != nil {
+				removeErrors = append(removeErrors, err)
+			}
+		}
+		if len(removeErrors) != 0 {
+			return fmt.Errorf(
+				"(*localStorage).Prune: %d error(s) deleting local files, starting with: %w",
+				len(removeErrors),
+				utilities.Join(removeErrors...),
+			)
+		}
+		return nil
+	}); err != nil {
+		return stats, err
+	}
+
+	return stats, nil
+}
+
+// copy creates a copy of the file located at `dst` at `src`.
+func copyFile(src, dst string) error {
+	in, err := os.Open(src)
+	if err != nil {
+		return err
+	}
+	defer in.Close()
+
+	out, err := os.Create(dst)
+	if err != nil {
+		return err
+	}
+
+	_, err = io.Copy(out, in)
+	if err != nil {
+		out.Close()
+		return err
+	}
+	return out.Close()
+}

internal/storage/s3/s3.go

@@ -0,0 +1,170 @@
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
+// SPDX-License-Identifier: MPL-2.0
+
+package s3
+
+import (
+	"context"
+	"crypto/x509"
+	"errors"
+	"fmt"
+	"path"
+	"path/filepath"
+	"time"
+
+	"github.com/minio/minio-go/v7"
+	"github.com/minio/minio-go/v7/pkg/credentials"
+	"github.com/offen/docker-volume-backup/internal/storage"
+	"github.com/offen/docker-volume-backup/internal/utilities"
+)
+
+type s3Storage struct {
+	*storage.StorageBackend
+	client       *minio.Client
+	bucket       string
+	storageClass string
+}
+
+// Config contains values that define the configuration of a S3 backend.
+type Config struct {
+	Endpoint         string
+	AccessKeyID      string
+	SecretAccessKey  string
+	IamRoleEndpoint  string
+	EndpointProto    string
+	EndpointInsecure bool
+	RemotePath       string
+	BucketName       string
+	StorageClass     string
+	CACert           *x509.Certificate
+}
+
+// NewStorageBackend creates and initializes a new S3/Minio storage backend.
+func NewStorageBackend(opts Config, logFunc storage.Log) (storage.Backend, error) {
+	var creds *credentials.Credentials
+	if opts.AccessKeyID != "" && opts.SecretAccessKey != "" {
+		creds = credentials.NewStaticV4(
+			opts.AccessKeyID,
+			opts.SecretAccessKey,
+			"",
+		)
+	} else if opts.IamRoleEndpoint != "" {
+		creds = credentials.NewIAM(opts.IamRoleEndpoint)
+	} else {
+		return nil, errors.New("NewStorageBackend: AWS_S3_BUCKET_NAME is defined, but no credentials were provided")
+	}
+
+	options := minio.Options{
+		Creds:  creds,
+		Secure: opts.EndpointProto == "https",
+	}
+
+	transport, err := minio.DefaultTransport(true)
+	if err != nil {
+		return nil, fmt.Errorf("NewStorageBackend: failed to create default minio transport: %w", err)
+	}
+
+	if opts.EndpointInsecure {
+		if !options.Secure {
+			return nil, errors.New("NewStorageBackend: AWS_ENDPOINT_INSECURE = true is only meaningful for https")
+		}
+		transport.TLSClientConfig.InsecureSkipVerify = true
+	} else if opts.CACert != nil {
+		if transport.TLSClientConfig.RootCAs == nil {
+			transport.TLSClientConfig.RootCAs = x509.NewCertPool()
+		}
+		transport.TLSClientConfig.RootCAs.AddCert(opts.CACert)
+	}
+	options.Transport = transport
+
+	mc, err := minio.New(opts.Endpoint, &options)
+	if err != nil {
+		return nil, fmt.Errorf("NewStorageBackend: error setting up minio client: %w", err)
+	}
+
+	return &s3Storage{
+		StorageBackend: &storage.StorageBackend{
+			DestinationPath: opts.RemotePath,
+			Log:             logFunc,
+		},
+		client:       mc,
+		bucket:       opts.BucketName,
+		storageClass: opts.StorageClass,
+	}, nil
+}
+
+// Name returns the name of the storage backend
+func (v *s3Storage) Name() string {
+	return "S3"
+}
+
+// Copy copies the given file to the S3/Minio storage backend.
+func (b *s3Storage) Copy(file string) error {
+	_, name := path.Split(file)
+
+	if _, err := b.client.FPutObject(context.Background(), b.bucket, filepath.Join(b.DestinationPath, name), file, minio.PutObjectOptions{
+		ContentType:  "application/tar+gzip",
+		StorageClass: b.storageClass,
+	}); err != nil {
+		if errResp := minio.ToErrorResponse(err); errResp.Message != "" {
+			return fmt.Errorf("(*s3Storage).Copy: error uploading backup to remote storage: [Message]: '%s', [Code]: %s, [StatusCode]: %d", errResp.Message, errResp.Code, errResp.StatusCode)
+		}
+		return fmt.Errorf("(*s3Storage).Copy: error uploading backup to remote storage: %w", err)
+	}
+	b.Log(storage.LogLevelInfo, b.Name(), "Uploaded a copy of backup `%s` to bucket `%s`.", file, b.bucket)
+
+	return nil
+}
+
+// Prune rotates away backups according to the configuration and provided deadline for the S3/Minio storage backend.
+func (b *s3Storage) Prune(deadline time.Time, pruningPrefix string) (*storage.PruneStats, error) {
+	candidates := b.client.ListObjects(context.Background(), b.bucket, minio.ListObjectsOptions{
+		Prefix:    filepath.Join(b.DestinationPath, pruningPrefix),
+		Recursive: true,
+	})
+
+	var matches []minio.ObjectInfo
+	var lenCandidates int
+	for candidate := range candidates {
+		lenCandidates++
+		if candidate.Err != nil {
+			return nil, fmt.Errorf(
+				"(*s3Storage).Prune: Error looking up candidates from remote storage! %w",
+				candidate.Err,
+			)
+		}
+		if candidate.LastModified.Before(deadline) {
+			matches = append(matches, candidate)
+		}
+	}
+
+	stats := &storage.PruneStats{
+		Total:  uint(lenCandidates),
+		Pruned: uint(len(matches)),
+	}
+
+	if err := b.DoPrune(b.Name(), len(matches), lenCandidates, "remote backup(s)", func() error {
+		objectsCh := make(chan minio.ObjectInfo)
+		go func() {
+			for _, match := range matches {
+				objectsCh <- match
+			}
+			close(objectsCh)
+		}()
+		errChan := b.client.RemoveObjects(context.Background(), b.bucket, objectsCh, minio.RemoveObjectsOptions{})
+		var removeErrors []error
+		for result := range errChan {
+			if result.Err != nil {
+				removeErrors = append(removeErrors, result.Err)
+			}
+		}
+		if len(removeErrors) != 0 {
+			return utilities.Join(removeErrors...)
+		}
+		return nil
+	}); err != nil {
+		return stats, err
+	}
+
+	return stats, nil
+}

internal/storage/ssh/ssh.go

@@ -0,0 +1,190 @@
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
+// SPDX-License-Identifier: MPL-2.0
+
+package ssh
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/offen/docker-volume-backup/internal/storage"
+	"github.com/pkg/sftp"
+	"golang.org/x/crypto/ssh"
+)
+
+type sshStorage struct {
+	*storage.StorageBackend
+	client     *ssh.Client
+	sftpClient *sftp.Client
+	hostName   string
+}
+
+// Config allows to configure a SSH backend.
+type Config struct {
+	HostName           string
+	Port               string
+	User               string
+	Password           string
+	IdentityFile       string
+	IdentityPassphrase string
+	RemotePath         string
+}
+
+// NewStorageBackend creates and initializes a new SSH storage backend.
+func NewStorageBackend(opts Config, logFunc storage.Log) (storage.Backend, error) {
+	var authMethods []ssh.AuthMethod
+
+	if opts.Password != "" {
+		authMethods = append(authMethods, ssh.Password(opts.Password))
+	}
+
+	if _, err := os.Stat(opts.IdentityFile); err == nil {
+		key, err := ioutil.ReadFile(opts.IdentityFile)
+		if err != nil {
+			return nil, errors.New("NewStorageBackend: error reading the private key")
+		}
+
+		var signer ssh.Signer
+		if opts.IdentityPassphrase != "" {
+			signer, err = ssh.ParsePrivateKeyWithPassphrase(key, []byte(opts.IdentityPassphrase))
+			if err != nil {
+				return nil, errors.New("NewStorageBackend: error parsing the encrypted private key")
+			}
+			authMethods = append(authMethods, ssh.PublicKeys(signer))
+		} else {
+			signer, err = ssh.ParsePrivateKey(key)
+			if err != nil {
+				return nil, errors.New("NewStorageBackend: error parsing the private key")
+			}
+			authMethods = append(authMethods, ssh.PublicKeys(signer))
+		}
+	}
+
+	sshClientConfig := &ssh.ClientConfig{
+		User:            opts.User,
+		Auth:            authMethods,
+		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
+	}
+	sshClient, err := ssh.Dial("tcp", fmt.Sprintf("%s:%s", opts.HostName, opts.Port), sshClientConfig)
+
+	if err != nil {
+		return nil, fmt.Errorf("NewStorageBackend: Error creating ssh client: %w", err)
+	}
+	_, _, err = sshClient.SendRequest("keepalive", false, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	sftpClient, err := sftp.NewClient(sshClient)
+	if err != nil {
+		return nil, fmt.Errorf("NewStorageBackend: error creating sftp client: %w", err)
+	}
+
+	return &sshStorage{
+		StorageBackend: &storage.StorageBackend{
+			DestinationPath: opts.RemotePath,
+			Log:             logFunc,
+		},
+		client:     sshClient,
+		sftpClient: sftpClient,
+		hostName:   opts.HostName,
+	}, nil
+}
+
+// Name returns the name of the storage backend
+func (b *sshStorage) Name() string {
+	return "SSH"
+}
+
+// Copy copies the given file to the SSH storage backend.
+func (b *sshStorage) Copy(file string) error {
+	source, err := os.Open(file)
+	_, name := path.Split(file)
+	if err != nil {
+		return fmt.Errorf("(*sshStorage).Copy: Error reading the file to be uploaded: %w", err)
+	}
+	defer source.Close()
+
+	destination, err := b.sftpClient.Create(filepath.Join(b.DestinationPath, name))
+	if err != nil {
+		return fmt.Errorf("(*sshStorage).Copy: Error creating file on SSH storage: %w", err)
+	}
+	defer destination.Close()
+
+	chunk := make([]byte, 1000000)
+	for {
+		num, err := source.Read(chunk)
+		if err == io.EOF {
+			tot, err := destination.Write(chunk[:num])
+			if err != nil {
+				return fmt.Errorf("(*sshStorage).Copy: Error uploading the file to SSH storage: %w", err)
+			}
+
+			if tot != len(chunk[:num]) {
+				return errors.New("(*sshStorage).Copy: failed to write stream")
+			}
+
+			break
+		}
+
+		if err != nil {
+			return fmt.Errorf("(*sshStorage).Copy: Error uploading the file to SSH storage: %w", err)
+		}
+
+		tot, err := destination.Write(chunk[:num])
+		if err != nil {
+			return fmt.Errorf("(*sshStorage).Copy: Error uploading the file to SSH storage: %w", err)
+		}
+
+		if tot != len(chunk[:num]) {
+			return fmt.Errorf("(*sshStorage).Copy: failed to write stream")
+		}
+	}
+
+	b.Log(storage.LogLevelInfo, b.Name(), "Uploaded a copy of backup `%s` to SSH storage '%s' at path '%s'.", file, b.hostName, b.DestinationPath)
+
+	return nil
+}
+
+// Prune rotates away backups according to the configuration and provided deadline for the SSH storage backend.
+func (b *sshStorage) Prune(deadline time.Time, pruningPrefix string) (*storage.PruneStats, error) {
+	candidates, err := b.sftpClient.ReadDir(b.DestinationPath)
+	if err != nil {
+		return nil, fmt.Errorf("(*sshStorage).Prune: Error reading directory from SSH storage: %w", err)
+	}
+
+	var matches []string
+	for _, candidate := range candidates {
+		if !strings.HasPrefix(candidate.Name(), pruningPrefix) {
+			continue
+		}
+		if candidate.ModTime().Before(deadline) {
+			matches = append(matches, candidate.Name())
+		}
+	}
+
+	stats := &storage.PruneStats{
+		Total:  uint(len(candidates)),
+		Pruned: uint(len(matches)),
+	}
+
+	if err := b.DoPrune(b.Name(), len(matches), len(candidates), "SSH backup(s)", func() error {
+		for _, match := range matches {
+			if err := b.sftpClient.Remove(filepath.Join(b.DestinationPath, match)); err != nil {
+				return fmt.Errorf("(*sshStorage).Prune: Error removing file from SSH storage: %w", err)
+			}
+		}
+		return nil
+	}); err != nil {
+		return stats, err
+	}
+
+	return stats, nil
+}

internal/storage/storage.go

@@ -0,0 +1,61 @@
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
+// SPDX-License-Identifier: MPL-2.0
+
+package storage
+
+import (
+	"time"
+)
+
+// Backend is an interface for defining functions which all storage providers support.
+type Backend interface {
+	Copy(file string) error
+	Prune(deadline time.Time, pruningPrefix string) (*PruneStats, error)
+	Name() string
+}
+
+// StorageBackend is a generic type of storage. Everything here are common properties of all storage types.
+type StorageBackend struct {
+	DestinationPath string
+	RetentionDays   int
+	Log             Log
+}
+
+type LogLevel int
+
+const (
+	LogLevelInfo LogLevel = iota
+	LogLevelWarning
+	LogLevelError
+)
+
+type Log func(logType LogLevel, context string, msg string, params ...interface{})
+
+// PruneStats is a wrapper struct for returning stats after pruning
+type PruneStats struct {
+	Total  uint
+	Pruned uint
+}
+
+// DoPrune holds general control flow that applies to any kind of storage.
+// Callers can pass in a thunk that performs the actual deletion of files.
+func (b *StorageBackend) DoPrune(context string, lenMatches, lenCandidates int, description string, doRemoveFiles func() error) error {
+	if lenMatches != 0 && lenMatches != lenCandidates {
+		if err := doRemoveFiles(); err != nil {
+			return err
+		}
+		b.Log(LogLevelInfo, context,
+			"Pruned %d out of %d %s as their age exceeded the configured retention period of %d days.",
+			lenMatches,
+			lenCandidates,
+			description,
+			b.RetentionDays,
+		)
+	} else if lenMatches != 0 && lenMatches == lenCandidates {
+		b.Log(LogLevelWarning, context, "The current configuration would delete all %d existing %s.", lenMatches, description)
+		b.Log(LogLevelWarning, context, "Refusing to do so, please check your configuration.")
+	} else {
+		b.Log(LogLevelInfo, context, "None of %d existing %s were pruned.", lenCandidates, description)
+	}
+	return nil
+}

internal/storage/webdav/webdav.go

@@ -0,0 +1,121 @@
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
+// SPDX-License-Identifier: MPL-2.0
+
+package webdav
+
+import (
+	"errors"
+	"fmt"
+	"io/fs"
+	"net/http"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/offen/docker-volume-backup/internal/storage"
+	"github.com/studio-b12/gowebdav"
+)
+
+type webDavStorage struct {
+	*storage.StorageBackend
+	client *gowebdav.Client
+	url    string
+}
+
+// Config allows to configure a WebDAV storage backend.
+type Config struct {
+	URL         string
+	RemotePath  string
+	Username    string
+	Password    string
+	URLInsecure bool
+}
+
+// NewStorageBackend creates and initializes a new WebDav storage backend.
+func NewStorageBackend(opts Config, logFunc storage.Log) (storage.Backend, error) {
+	if opts.Username == "" || opts.Password == "" {
+		return nil, errors.New("NewStorageBackend: WEBDAV_URL is defined, but no credentials were provided")
+	} else {
+		webdavClient := gowebdav.NewClient(opts.URL, opts.Username, opts.Password)
+
+		if opts.URLInsecure {
+			defaultTransport, ok := http.DefaultTransport.(*http.Transport)
+			if !ok {
+				return nil, errors.New("NewStorageBackend: unexpected error when asserting type for http.DefaultTransport")
+			}
+			webdavTransport := defaultTransport.Clone()
+			webdavTransport.TLSClientConfig.InsecureSkipVerify = opts.URLInsecure
+			webdavClient.SetTransport(webdavTransport)
+		}
+
+		return &webDavStorage{
+			StorageBackend: &storage.StorageBackend{
+				DestinationPath: opts.RemotePath,
+				Log:             logFunc,
+			},
+			client: webdavClient,
+		}, nil
+	}
+}
+
+// Name returns the name of the storage backend
+func (b *webDavStorage) Name() string {
+	return "WebDAV"
+}
+
+// Copy copies the given file to the WebDav storage backend.
+func (b *webDavStorage) Copy(file string) error {
+	bytes, err := os.ReadFile(file)
+	_, name := path.Split(file)
+	if err != nil {
+		return fmt.Errorf("(*webDavStorage).Copy: Error reading the file to be uploaded: %w", err)
+	}
+	if err := b.client.MkdirAll(b.DestinationPath, 0644); err != nil {
+		return fmt.Errorf("(*webDavStorage).Copy: Error creating directory '%s' on WebDAV server: %w", b.DestinationPath, err)
+	}
+	if err := b.client.Write(filepath.Join(b.DestinationPath, name), bytes, 0644); err != nil {
+		return fmt.Errorf("(*webDavStorage).Copy: Error uploading the file to WebDAV server: %w", err)
+	}
+	b.Log(storage.LogLevelInfo, b.Name(), "Uploaded a copy of backup '%s' to WebDAV URL '%s' at path '%s'.", file, b.url, b.DestinationPath)
+
+	return nil
+}
+
+// Prune rotates away backups according to the configuration and provided deadline for the WebDav storage backend.
+func (b *webDavStorage) Prune(deadline time.Time, pruningPrefix string) (*storage.PruneStats, error) {
+	candidates, err := b.client.ReadDir(b.DestinationPath)
+	if err != nil {
+		return nil, fmt.Errorf("(*webDavStorage).Prune: Error looking up candidates from remote storage: %w", err)
+	}
+	var matches []fs.FileInfo
+	var lenCandidates int
+	for _, candidate := range candidates {
+		if !strings.HasPrefix(candidate.Name(), pruningPrefix) {
+			continue
+		}
+		lenCandidates++
+		if candidate.ModTime().Before(deadline) {
+			matches = append(matches, candidate)
+		}
+	}
+
+	stats := &storage.PruneStats{
+		Total:  uint(lenCandidates),
+		Pruned: uint(len(matches)),
+	}
+
+	if err := b.DoPrune(b.Name(), len(matches), lenCandidates, "WebDAV backup(s)", func() error {
+		for _, match := range matches {
+			if err := b.client.Remove(filepath.Join(b.DestinationPath, match.Name())); err != nil {
+				return fmt.Errorf("(*webDavStorage).Prune: Error removing file from WebDAV storage: %w", err)
+			}
+		}
+		return nil
+	}); err != nil {
+		return stats, err
+	}
+
+	return stats, nil
+}

internal/utilities/util.go

@@ -0,0 +1,24 @@
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
+// SPDX-License-Identifier: MPL-2.0
+
+package utilities
+
+import (
+	"errors"
+	"strings"
+)
+
+// Join takes a list of errors and joins them into a single error
+func Join(errs ...error) error {
+	if len(errs) == 1 {
+		return errs[0]
+	}
+	var msgs []string
+	for _, err := range errs {
+		if err == nil {
+			continue
+		}
+		msgs = append(msgs, err.Error())
+	}
+	return errors.New("[" + strings.Join(msgs, ", ") + "]")
+}

test/certs/docker-compose.yml

@@ -0,0 +1,48 @@
+version: '3'
+
+services:
+  minio:
+    hostname: minio.local
+    image: minio/minio:RELEASE.2020-08-04T23-10-51Z
+    environment:
+      MINIO_ROOT_USER: test
+      MINIO_ROOT_PASSWORD: test
+      MINIO_ACCESS_KEY: test
+      MINIO_SECRET_KEY: GMusLtUmILge2by+z890kQ
+    entrypoint: /bin/ash -c 'mkdir -p /data/backup && minio server --certs-dir "/certs" --address ":443" /data'
+    volumes:
+      - minio_backup_data:/data
+      - ./minio.crt:/certs/public.crt
+      - ./minio.key:/certs/private.key
+
+  backup:
+    image: offen/docker-volume-backup:${TEST_VERSION:-canary}
+    depends_on:
+      - minio
+    restart: always
+    environment:
+      BACKUP_FILENAME: test.tar.gz
+      AWS_ACCESS_KEY_ID: test
+      AWS_SECRET_ACCESS_KEY: GMusLtUmILge2by+z890kQ
+      AWS_ENDPOINT: minio.local:443
+      AWS_ENDPOINT_CA_CERT: /root/minio-rootCA.crt
+      AWS_S3_BUCKET_NAME: backup
+      BACKUP_CRON_EXPRESSION: 0 0 5 31 2 ?
+      BACKUP_RETENTION_DAYS: ${BACKUP_RETENTION_DAYS:-7}
+      BACKUP_PRUNING_LEEWAY: 5s
+    volumes:
+      - app_data:/backup/app_data:ro
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./rootCA.crt:/root/minio-rootCA.crt
+
+  offen:
+    image: offen/offen:latest
+    labels:
+      - docker-volume-backup.stop-during-backup=true
+    volumes:
+      - app_data:/var/opt/offen
+
+volumes:
+  minio_backup_data:
+    name: minio_backup_data
+  app_data:

test/certs/run.sh

@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd "$(dirname "$0")"
+. ../util.sh
+current_test=$(basename $(pwd))
+
+openssl genrsa -des3 -passout pass:test -out rootCA.key 4096
+openssl req -passin pass:test \
+  -subj "/C=DE/ST=BE/O=IntegrationTest, Inc." \
+  -x509 -new -key rootCA.key -sha256 -days 1 -out rootCA.crt
+
+openssl genrsa -out minio.key 4096
+openssl req -new -sha256 -key minio.key \
+  -subj "/C=DE/ST=BE/O=IntegrationTest, Inc./CN=minio" \
+  -out minio.csr
+
+openssl x509 -req -passin pass:test \
+  -in minio.csr \
+  -CA rootCA.crt -CAkey rootCA.key -CAcreateserial \
+  -extfile san.cnf \
+  -out minio.crt -days 1 -sha256
+
+openssl x509 -in minio.crt -noout -text
+
+docker-compose up -d
+sleep 5
+
+docker-compose exec backup backup
+
+sleep 5
+
+expect_running_containers "3"
+
+docker run --rm -it \
+  -v minio_backup_data:/minio_data \
+  alpine \
+  ash -c 'tar -xvf /minio_data/backup/test.tar.gz -C /tmp && test -f /tmp/backup/app_data/offen.db'
+
+pass "Found relevant files in untared remote backups."
+
+docker-compose down --volumes

test/certs/san.cnf

@@ -0,0 +1 @@
+subjectAltName = DNS:minio.local

test/commands/docker-compose.yml

@@ -17,6 +17,20 @@ services:
     volumes:
       - app_data:/tmp/volume
 
+  other_database:
+    image: mariadb:10.7
+    deploy:
+      restart_policy:
+        condition: on-failure
+    environment:
+      MARIADB_ROOT_PASSWORD: test
+      MARIADB_DATABASE: backup
+    labels:
+      - docker-volume-backup.archive-pre=touch /tmp/volume/not-relevant.txt
+      - docker-volume-backup.exec-label=not-relevant
+    volumes:
+      - app_data:/tmp/volume
+
   backup:
     image: offen/docker-volume-backup:${TEST_VERSION:-canary}
     deploy:

test/commands/run.sh

@@ -18,6 +18,11 @@ if [ ! -f ./backup/data/dump.sql ]; then
 fi
 pass "Found expected file."
 
+if [ -f ./backup/data/not-relevant.txt ]; then
+  fail "Command ran for container with other label."
+fi
+pass "Command did not run for container with other label."
+
 if [ -f ./backup/data/post.txt ]; then
   fail "File created in post command was present in backup."
 fi

test/extend/Dockerfile

@@ -0,0 +1,4 @@
+ARG version=canary
+FROM offen/docker-volume-backup:$version
+
+RUN apk add rsync

test/extend/docker-compose.yml

@@ -0,0 +1,26 @@
+version: '3'
+
+services:
+  backup:
+    image: offen/docker-volume-backup:${TEST_VERSION:-canary}
+    restart: always
+    labels:
+      - docker-volume-backup.copy-post=/bin/sh -c 'mkdir -p /tmp/unpack && tar -xvf $$COMMAND_RUNTIME_ARCHIVE_FILEPATH -C /tmp/unpack && rsync -r /tmp/unpack/backup/app_data /local'
+    environment:
+      BACKUP_FILENAME: test.tar.gz
+      BACKUP_CRON_EXPRESSION: 0 0 5 31 2 ?
+      EXEC_FORWARD_OUTPUT: "true"
+    volumes:
+      - ./local:/local
+      - app_data:/backup/app_data:ro
+      - /var/run/docker.sock:/var/run/docker.sock
+
+  offen:
+    image: offen/offen:latest
+    labels:
+      - docker-volume-backup.stop-during-backup=true
+    volumes:
+      - app_data:/var/opt/offen
+
+volumes:
+  app_data:

test/extend/run.sh

@@ -0,0 +1,28 @@
+#!/bin/sh
+
+set -e
+
+cd "$(dirname "$0")"
+. ../util.sh
+current_test=$(basename $(pwd))
+
+mkdir -p local
+
+export TEST_VERSION="${TEST_VERSION:-canary}-with-rsync"
+
+docker build . -t offen/docker-volume-backup:$TEST_VERSION
+
+docker-compose up -d
+sleep 5
+
+docker-compose exec backup backup
+
+sleep 5
+
+expect_running_containers "2"
+
+if [ ! -f "./local/app_data/offen.db" ]; then
+  fail "Could not find expected file in untared archive."
+fi
+
+docker-compose down --volumes

test/gpg/docker-compose.yml

@@ -9,7 +9,7 @@ services:
       BACKUP_FILENAME: test.tar.gz
       BACKUP_LATEST_SYMLINK: test-latest.tar.gz.gpg
       BACKUP_RETENTION_DAYS: ${BACKUP_RETENTION_DAYS:-7}
-      GPG_PASSPHRASE: 1234secret
+      GPG_PASSPHRASE: 1234#$$ecret
     volumes:
       - ./local:/archive
       - app_data:/backup/app_data:ro

test/gpg/run.sh

@@ -17,9 +17,8 @@ expect_running_containers "2"
 
 tmp_dir=$(mktemp -d)
 
-echo 1234secret | gpg -d --pinentry-mode loopback --yes --passphrase-fd 0 ./local/test.tar.gz.gpg > ./local/decrypted.tar.gz
+echo "1234#\$ecret" | gpg -d --pinentry-mode loopback --yes --passphrase-fd 0 ./local/test.tar.gz.gpg > ./local/decrypted.tar.gz
 tar -xf ./local/decrypted.tar.gz -C $tmp_dir
-ls -lah $tmp_dir
 if [ ! -f $tmp_dir/backup/app_data/offen.db ]; then
   fail "Could not find expected file in untared archive."
 fi

test/secrets/docker-compose.yml

@@ -0,0 +1,78 @@
+# Copyright 2020-2021 - Offen Authors <hioffen@posteo.de>
+# SPDX-License-Identifier: Unlicense
+
+version: '3.8'
+
+services:
+  minio:
+    image: minio/minio:RELEASE.2020-08-04T23-10-51Z
+    deploy:
+      restart_policy:
+        condition: on-failure
+    environment:
+      MINIO_ROOT_USER: test
+      MINIO_ROOT_PASSWORD: test
+      MINIO_ACCESS_KEY: test
+      MINIO_SECRET_KEY: GMusLtUmILge2by+z890kQ
+    entrypoint: /bin/ash -c 'mkdir -p /data/backup && minio server /data'
+    volumes:
+      - backup_data:/data
+
+  backup:
+    image: offen/docker-volume-backup:${TEST_VERSION:-canary}
+    depends_on:
+      - minio
+    deploy:
+      restart_policy:
+        condition: on-failure
+    environment:
+      AWS_ACCESS_KEY_ID_FILE: /run/secrets/minio_root_user
+      AWS_SECRET_ACCESS_KEY_FILE: /run/secrets/minio_root_password
+      AWS_ENDPOINT: minio:9000
+      AWS_ENDPOINT_PROTO: http
+      AWS_S3_BUCKET_NAME: backup
+      BACKUP_FILENAME: test.tar.gz
+      BACKUP_CRON_EXPRESSION: 0 0 5 31 2 ?
+      BACKUP_RETENTION_DAYS: 7
+      BACKUP_PRUNING_LEEWAY: 5s
+    volumes:
+      - pg_data:/backup/pg_data:ro
+      - /var/run/docker.sock:/var/run/docker.sock
+    secrets:
+      - minio_root_user
+      - minio_root_password
+
+  offen:
+    image: offen/offen:latest
+    labels:
+      - docker-volume-backup.stop-during-backup=true
+    healthcheck:
+      disable: true
+    deploy:
+      replicas: 2
+      restart_policy:
+        condition: on-failure
+
+  pg:
+    image: postgres:14-alpine
+    environment:
+      POSTGRES_PASSWORD: example
+    labels:
+      - docker-volume-backup.stop-during-backup=true
+    volumes:
+      - pg_data:/var/lib/postgresql/data
+    deploy:
+      restart_policy:
+        condition: on-failure
+
+volumes:
+  backup_data:
+    name: backup_data
+  pg_data:
+    name: pg_data
+
+secrets:
+  minio_root_user:
+    external: true
+  minio_root_password:
+    external: true

test/secrets/run.sh

@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+. ../util.sh
+current_test=$(basename $(pwd))
+
+docker swarm init
+
+printf "test" | docker secret create minio_root_user -
+printf "GMusLtUmILge2by+z890kQ" | docker secret create minio_root_password -
+
+docker stack deploy --compose-file=docker-compose.yml test_stack
+
+while [ -z $(docker ps -q -f name=backup) ]; do
+  info "Backup container not ready yet. Retrying."
+  sleep 1
+done
+
+sleep 20
+
+docker exec $(docker ps -q -f name=backup) backup
+
+docker run --rm -it \
+  -v backup_data:/data alpine \
+  ash -c 'tar -xf /data/backup/test.tar.gz && test -f /backup/pg_data/PG_VERSION'
+
+pass "Found relevant files in untared backup."
+
+sleep 5
+expect_running_containers "5"
+
+docker stack rm test_stack
+
+docker secret rm minio_root_password
+docker secret rm minio_root_user
+
+docker swarm leave --force
+
+sleep 10
+
+docker volume rm backup_data
+docker volume rm pg_data

test/swarm/docker-compose.yml

@@ -66,3 +66,4 @@ volumes:
   backup_data:
     name: backup_data
   pg_data:
+    name: pg_data

test/swarm/run.sh

@@ -30,3 +30,8 @@ expect_running_containers "5"
 
 docker stack rm test_stack
 docker swarm leave --force
+
+sleep 10
+
+docker volume rm backup_data
+docker volume rm pg_data