Compare commits
1 commit
remove-the
...
main
Author | SHA1 | Date | |
---|---|---|---|
7076f44014 |
5 changed files with 113 additions and 18 deletions
9
deps.edn
9
deps.edn
|
@ -17,13 +17,16 @@
|
||||||
;; ---------------------------------------------------------
|
;; ---------------------------------------------------------
|
||||||
:aliases
|
:aliases
|
||||||
{
|
{
|
||||||
|
;; ------------
|
||||||
|
;; Add libraries and paths to support additional test tools
|
||||||
|
:test/env
|
||||||
|
{}
|
||||||
|
|
||||||
;; Test runner - local and CI
|
;; Test runner - local and CI
|
||||||
;; call with :watch? true to start file watcher and re-run tests on saved changes
|
;; call with :watch? true to start file watcher and re-run tests on saved changes
|
||||||
:test/run
|
:test/run
|
||||||
{:extra-paths ["test"]
|
{:extra-paths ["test"]
|
||||||
:extra-deps {lambdaisland/kaocha {:mvn/version "1.91.1392"}
|
:extra-deps {lambdaisland/kaocha {:mvn/version "1.91.1392"}}
|
||||||
expound/expound {:mvn/version "0.9.0"}}
|
|
||||||
:main-opts ["-m" "kaocha.runner"]
|
:main-opts ["-m" "kaocha.runner"]
|
||||||
:exec-fn kaocha.runner/exec-fn
|
:exec-fn kaocha.runner/exec-fn
|
||||||
:exec-args {:randomize? false
|
:exec-args {:randomize? false
|
||||||
|
|
104
docs/CredentialRotation.md
Normal file
104
docs/CredentialRotation.md
Normal file
|
@ -0,0 +1,104 @@
|
||||||
|
# Credential Rotation
|
||||||
|
|
||||||
|
## Example Data
|
||||||
|
|
||||||
|
Default
|
||||||
|
|
||||||
|
```json
|
||||||
|
[{
|
||||||
|
"current": true,
|
||||||
|
"id": "521e0760",
|
||||||
|
"userName": "root",
|
||||||
|
"hostName": "backup-restore-65bd9b6ff5-z69sn",
|
||||||
|
"created": "2024-10-18 13:08:16"
|
||||||
|
}]
|
||||||
|
```
|
||||||
|
|
||||||
|
Add another password
|
||||||
|
|
||||||
|
```json
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"current": true,
|
||||||
|
"id": "521e0760",
|
||||||
|
"userName": "root",
|
||||||
|
"hostName": "backup-restore-65bd9b6ff5-z69sn",
|
||||||
|
"created": "2024-10-18 13:08:16"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"current": false,
|
||||||
|
"id": "b67161fb",
|
||||||
|
"userName": "root",
|
||||||
|
"hostName": "backup-restore-65bd9b6ff5-z69sn",
|
||||||
|
"created": "2024-10-18 13:16:54"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
|
Change current password
|
||||||
|
|
||||||
|
```json
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"current": false,
|
||||||
|
"id": "521e0760",
|
||||||
|
"userName": "root",
|
||||||
|
"hostName": "backup-restore-65bd9b6ff5-z69sn",
|
||||||
|
"created": "2024-10-18 13:08:16"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"current": true,
|
||||||
|
"id": "b67161fb",
|
||||||
|
"userName": "root",
|
||||||
|
"hostName": "backup-restore-65bd9b6ff5-z69sn",
|
||||||
|
"created": "2024-10-18 13:16:54"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
|
Remove old password
|
||||||
|
|
||||||
|
```json
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"current": true,
|
||||||
|
"id": "b67161fb",
|
||||||
|
"userName": "root",
|
||||||
|
"hostName": "backup-restore-65bd9b6ff5-z69sn",
|
||||||
|
"created": "2024-10-18 13:16:54"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
|
## Steps
|
||||||
|
|
||||||
|
Steps need to be validated and performed seperately and work independently of each other.
|
||||||
|
To avoid problems where the program is shut down mid-transition.
|
||||||
|
|
||||||
|
### Stages
|
||||||
|
|
||||||
|
#### Initial State
|
||||||
|
|
||||||
|
Validation:
|
||||||
|
|
||||||
|
- Detect change requested: new password file environment is set
|
||||||
|
|
||||||
|
Steps to perform:
|
||||||
|
|
||||||
|
- Add new password
|
||||||
|
- `restic -r <repo> key add --new-password-file <file>`
|
||||||
|
|
||||||
|
#### New password has been added
|
||||||
|
|
||||||
|
Validation:
|
||||||
|
|
||||||
|
- List of passwords has 2 entries
|
||||||
|
- The password with the newer timestamp is not set as "current"
|
||||||
|
|
||||||
|
Steps to perform:
|
||||||
|
|
||||||
|
- Extract id of new password
|
||||||
|
- Extract id of old password
|
||||||
|
- Remove old password in favour of new one
|
||||||
|
- `restic -r <repo> key remove --key-hint <new-id> <old-id>`
|
||||||
|
- Unset new password file environment
|
|
@ -1,4 +1,3 @@
|
||||||
{:deps {org.babashka/spec.alpha {:git/url "https://github.com/babashka/spec.alpha"
|
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
|
||||||
:git/sha "1a841c4cc1d4f6dab7505a98ed2d532dd9d56b78"}
|
|
||||||
orchestra/orchestra {:mvn/version "2021.01.01-1"}
|
orchestra/orchestra {:mvn/version "2021.01.01-1"}
|
||||||
org.domaindrivenarchitecture/dda-backup {:local/root "/usr/local/lib/dda-backup"}}}
|
org.domaindrivenarchitecture/dda-backup {:local/root "/usr/local/lib/dda-backup"}}}
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
"file2"
|
"file2"
|
||||||
"file2"]]
|
"file2"]]
|
||||||
(cut/backup-files-command {:restic-repository "repo"
|
(cut/backup-files-command {:restic-repository "repo"
|
||||||
;:backup-path "dir-at-repo"
|
:backup-path "dir-at-repo"
|
||||||
:execution-directory "dir-to-backup"
|
:execution-directory "dir-to-backup"
|
||||||
:days-to-keep 39
|
:days-to-keep 39
|
||||||
:months-to-keep 3
|
:months-to-keep 3
|
||||||
|
|
13
tests.edn
13
tests.edn
|
@ -10,15 +10,4 @@
|
||||||
|
|
||||||
;; ---------------------------------------------------------
|
;; ---------------------------------------------------------
|
||||||
|
|
||||||
#kaocha/v1 {:plugins [:orchestra
|
#kaocha/v1 {}
|
||||||
:kaocha.plugin.alpha/info
|
|
||||||
:profiling
|
|
||||||
:print-invocations
|
|
||||||
:hooks
|
|
||||||
:notifier
|
|
||||||
:kaocha.plugin/version-filter]
|
|
||||||
|
|
||||||
:kaocha/bindings {kaocha.stacktrace/*stacktrace-filters* []
|
|
||||||
kaocha.stacktrace/*stacktrace-stop-list* []}
|
|
||||||
|
|
||||||
:reporter kaocha.report/documentation}
|
|
||||||
|
|
Loading…
Reference in a new issue