test & namespace for backup

2025-01-14 11:04:09 +01:00 · 2025-01-14 11:04:09 +01:00 · 7d7526132b
commit 7d7526132b
parent a9bc4c9063
5 changed files with 56 additions and 24 deletions
--- a/src/main/cljc/dda/c4k_taiga/backup.cljc
+++ b/src/main/cljc/dda/c4k_taiga/backup.cljc
@ -1,13 +1,13 @@
 (ns dda.c4k-taiga.backup
- (:require
-  [clojure.spec.alpha :as s]
-  #?(:clj [orchestra.core :refer [defn-spec]]
-     :cljs [orchestra.core :refer-macros [defn-spec]])
-  [dda.c4k-common.yaml :as yaml]
-  [dda.c4k-common.base64 :as b64]
-  [dda.c4k-common.common :as cm]
-  [dda.c4k-common.predicate :as p]
-  #?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])))
+  (:require
+   [clojure.spec.alpha :as s]
+   #?(:clj [orchestra.core :refer [defn-spec]]
+      :cljs [orchestra.core :refer-macros [defn-spec]])
+   [dda.c4k-common.yaml :as yaml]
+   [dda.c4k-common.base64 :as b64]
+   [dda.c4k-common.common :as cm]
+   [dda.c4k-common.predicate :as p]
+   #?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])))

 (s/def ::aws-access-key-id p/bash-env-string?)
 (s/def ::aws-secret-access-key p/bash-env-string?)
@ -31,19 +31,22 @@
     (yaml/load-as-edn "backup/config.yaml")
     (cm/replace-key-value :restic-repository restic-repository))))

-(defn generate-cron []
-   (yaml/load-as-edn "backup/cron.yaml"))
+(defn-spec generate-cron p/map-or-seq?
+  []
+  (yaml/load-as-edn "backup/cron.yaml"))

-(defn generate-backup-restore-deployment [my-conf]
-  (let [backup-restore-yaml (yaml/load-as-edn "backup/backup-restore-deployment.yaml")]
-    (if (and (contains? my-conf :local-integration-test) (= true (:local-integration-test my-conf)))
-      (cm/replace-named-value backup-restore-yaml "CERTIFICATE_FILE" "/var/run/secrets/localstack-secrets/ca.crt")
-      backup-restore-yaml)))
+(defn-spec generate-backup-restore-deployment p/map-or-seq?
+  [my-conf ::config]
+  (yaml/load-as-edn "backup/backup-restore-deployment.yaml"))

-(defn generate-secret [my-auth]
-  (let [{:keys [aws-access-key-id aws-secret-access-key restic-password]} my-auth]
-    (->
-     (yaml/load-as-edn "backup/secret.yaml")
-     (cm/replace-key-value :aws-access-key-id (b64/encode aws-access-key-id))
-     (cm/replace-key-value :aws-secret-access-key (b64/encode aws-secret-access-key))
-     (cm/replace-key-value :restic-password (b64/encode restic-password)))))
+(defn-spec generate-secret p/map-or-seq?
+  [auth ::auth]
+  (let [{:keys [aws-access-key-id aws-secret-access-key
+                restic-password restic-new-password]} auth]
+    (as-> (yaml/load-as-edn "backup/secret.yaml") res
+      (cm/replace-key-value res :aws-access-key-id (b64/encode aws-access-key-id))
+      (cm/replace-key-value res :aws-secret-access-key (b64/encode aws-secret-access-key))
+      (cm/replace-key-value res :restic-password (b64/encode restic-password))
+      (if (contains? auth :restic-new-password)
+        (assoc-in res [:data :restic-new-password] (b64/encode restic-new-password))
+        res))))
--- a/src/main/resources/backup/backup-restore-deployment.yaml
+++ b/src/main/resources/backup/backup-restore-deployment.yaml
@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: backup-restore
+  namespace: taiga
 spec:
  replicas: 0
  selector:
--- a/src/main/resources/backup/cron.yaml
+++ b/src/main/resources/backup/cron.yaml
@ -2,6 +2,7 @@ apiVersion: batch/v1
 kind: CronJob
 metadata:
  name: taiga-backup
+  namespace: taiga
  labels:
    app.kubernetes.part-of: taiga
 spec:
--- a/src/main/resources/backup/secret.yaml
+++ b/src/main/resources/backup/secret.yaml
@ -2,6 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: backup-secret
+  namespace: taiga
 type: Opaque
 data:
  aws-access-key-id: aws-access-key-id
--- a/src/test/cljc/dda/c4k_taiga/backup_test.cljc
+++ b/src/test/cljc/dda/c4k_taiga/backup_test.cljc
@ -18,4 +18,30 @@
                              :app.kubernetes.io/part-of "taiga"}}
          :data
          {:restic-repository "s3:restic-repository"}}
-         (cut/generate-config {:restic-repository "s3:restic-repository"}))))
+         (cut/generate-config {:restic-repository "s3:restic-repository"}))))
+
+(deftest should-generate-secret
+  (is (= {:apiVersion "v1"
+          :kind "Secret"
+          :metadata {:name "backup-secret", :namespace "taiga"}
+          :type "Opaque"
+          :data
+          {:aws-access-key-id "YXdzLWlk",
+           :aws-secret-access-key "YXdzLXNlY3JldA==",
+           :restic-password "cmVzdGljLXB3"}}
+         (cut/generate-secret {:aws-access-key-id "aws-id"
+                               :aws-secret-access-key "aws-secret"
+                               :restic-password "restic-pw"})))
+  (is (= {:apiVersion "v1"
+          :kind "Secret"
+          :metadata {:name "backup-secret", :namespace "taiga"}
+          :type "Opaque"
+          :data
+          {:aws-access-key-id "YXdzLWlk",
+           :aws-secret-access-key "YXdzLXNlY3JldA==",
+           :restic-password "cmVzdGljLXB3"
+           :restic-new-password "bmV3LXJlc3RpYy1wdw=="}}
+         (cut/generate-secret {:aws-access-key-id "aws-id"
+                               :aws-secret-access-key "aws-secret"
+                               :restic-password "restic-pw"
+                               :restic-new-password "new-restic-pw"}))))