diff --git a/src/main/cljc/dda/c4k_taiga/backup.cljc b/src/main/cljc/dda/c4k_taiga/backup.cljc
index da77b15..c934ff4 100644
--- a/src/main/cljc/dda/c4k_taiga/backup.cljc
+++ b/src/main/cljc/dda/c4k_taiga/backup.cljc
@@ -1,13 +1,13 @@
(ns dda.c4k-taiga.backup
- (:require
- [clojure.spec.alpha :as s]
- #?(:clj [orchestra.core :refer [defn-spec]]
- :cljs [orchestra.core :refer-macros [defn-spec]])
- [dda.c4k-common.yaml :as yaml]
- [dda.c4k-common.base64 :as b64]
- [dda.c4k-common.common :as cm]
- [dda.c4k-common.predicate :as p]
- #?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])))
+ (:require
+ [clojure.spec.alpha :as s]
+ #?(:clj [orchestra.core :refer [defn-spec]]
+ :cljs [orchestra.core :refer-macros [defn-spec]])
+ [dda.c4k-common.yaml :as yaml]
+ [dda.c4k-common.base64 :as b64]
+ [dda.c4k-common.common :as cm]
+ [dda.c4k-common.predicate :as p]
+ #?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])))
(s/def ::aws-access-key-id p/bash-env-string?)
(s/def ::aws-secret-access-key p/bash-env-string?)
@@ -31,19 +31,22 @@
(yaml/load-as-edn "backup/config.yaml")
(cm/replace-key-value :restic-repository restic-repository))))
-(defn generate-cron []
- (yaml/load-as-edn "backup/cron.yaml"))
+(defn-spec generate-cron p/map-or-seq?
+ []
+ (yaml/load-as-edn "backup/cron.yaml"))
-(defn generate-backup-restore-deployment [my-conf]
- (let [backup-restore-yaml (yaml/load-as-edn "backup/backup-restore-deployment.yaml")]
- (if (and (contains? my-conf :local-integration-test) (= true (:local-integration-test my-conf)))
- (cm/replace-named-value backup-restore-yaml "CERTIFICATE_FILE" "/var/run/secrets/localstack-secrets/ca.crt")
- backup-restore-yaml)))
+(defn-spec generate-backup-restore-deployment p/map-or-seq?
+ [my-conf ::config]
+ (yaml/load-as-edn "backup/backup-restore-deployment.yaml"))
-(defn generate-secret [my-auth]
- (let [{:keys [aws-access-key-id aws-secret-access-key restic-password]} my-auth]
- (->
- (yaml/load-as-edn "backup/secret.yaml")
- (cm/replace-key-value :aws-access-key-id (b64/encode aws-access-key-id))
- (cm/replace-key-value :aws-secret-access-key (b64/encode aws-secret-access-key))
- (cm/replace-key-value :restic-password (b64/encode restic-password)))))
+(defn-spec generate-secret p/map-or-seq?
+ [auth ::auth]
+ (let [{:keys [aws-access-key-id aws-secret-access-key
+ restic-password restic-new-password]} auth]
+ (as-> (yaml/load-as-edn "backup/secret.yaml") res
+ (cm/replace-key-value res :aws-access-key-id (b64/encode aws-access-key-id))
+ (cm/replace-key-value res :aws-secret-access-key (b64/encode aws-secret-access-key))
+ (cm/replace-key-value res :restic-password (b64/encode restic-password))
+ (if (contains? auth :restic-new-password)
+ (assoc-in res [:data :restic-new-password] (b64/encode restic-new-password))
+ res))))
diff --git a/src/main/resources/backup/backup-restore-deployment.yaml b/src/main/resources/backup/backup-restore-deployment.yaml
index d4379ab..557d18c 100644
--- a/src/main/resources/backup/backup-restore-deployment.yaml
+++ b/src/main/resources/backup/backup-restore-deployment.yaml
@@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: backup-restore
+ namespace: taiga
spec:
replicas: 0
selector:
diff --git a/src/main/resources/backup/cron.yaml b/src/main/resources/backup/cron.yaml
index aafe3ee..aa4c419 100644
--- a/src/main/resources/backup/cron.yaml
+++ b/src/main/resources/backup/cron.yaml
@@ -2,6 +2,7 @@ apiVersion: batch/v1
kind: CronJob
metadata:
name: taiga-backup
+ namespace: taiga
labels:
app.kubernetes.part-of: taiga
spec:
diff --git a/src/main/resources/backup/secret.yaml b/src/main/resources/backup/secret.yaml
index c5809e0..7f4a98f 100644
--- a/src/main/resources/backup/secret.yaml
+++ b/src/main/resources/backup/secret.yaml
@@ -2,6 +2,7 @@ apiVersion: v1
kind: Secret
metadata:
name: backup-secret
+ namespace: taiga
type: Opaque
data:
aws-access-key-id: aws-access-key-id
diff --git a/src/test/cljc/dda/c4k_taiga/backup_test.cljc b/src/test/cljc/dda/c4k_taiga/backup_test.cljc
index 47703b2..9769c78 100644
--- a/src/test/cljc/dda/c4k_taiga/backup_test.cljc
+++ b/src/test/cljc/dda/c4k_taiga/backup_test.cljc
@@ -18,4 +18,30 @@
:app.kubernetes.io/part-of "taiga"}}
:data
{:restic-repository "s3:restic-repository"}}
- (cut/generate-config {:restic-repository "s3:restic-repository"}))))
\ No newline at end of file
+ (cut/generate-config {:restic-repository "s3:restic-repository"}))))
+
+(deftest should-generate-secret
+ (is (= {:apiVersion "v1"
+ :kind "Secret"
+ :metadata {:name "backup-secret", :namespace "taiga"}
+ :type "Opaque"
+ :data
+ {:aws-access-key-id "YXdzLWlk",
+ :aws-secret-access-key "YXdzLXNlY3JldA==",
+ :restic-password "cmVzdGljLXB3"}}
+ (cut/generate-secret {:aws-access-key-id "aws-id"
+ :aws-secret-access-key "aws-secret"
+ :restic-password "restic-pw"})))
+ (is (= {:apiVersion "v1"
+ :kind "Secret"
+ :metadata {:name "backup-secret", :namespace "taiga"}
+ :type "Opaque"
+ :data
+ {:aws-access-key-id "YXdzLWlk",
+ :aws-secret-access-key "YXdzLXNlY3JldA==",
+ :restic-password "cmVzdGljLXB3"
+ :restic-new-password "bmV3LXJlc3RpYy1wdw=="}}
+ (cut/generate-secret {:aws-access-key-id "aws-id"
+ :aws-secret-access-key "aws-secret"
+ :restic-password "restic-pw"
+ :restic-new-password "new-restic-pw"}))))
\ No newline at end of file