credential-rotation #1
3 changed files with 41 additions and 19 deletions
|
@ -3,30 +3,27 @@
|
|||
[orchestra.core :refer [defn-spec]]
|
||||
[clojure.spec.alpha :as s]
|
||||
[dda.backup.cred-rot.domain :as domain]
|
||||
[dda.backup.infrastructure :as i]
|
||||
[cheshire.core :as cc]))
|
||||
[dda.backup.infrastructure :as i]))
|
||||
|
||||
(s/def ::valid-from domain/timestamp?)
|
||||
(s/def ::new-password-file string?)
|
||||
(s/def ::new-password-config (s/keys :req-un [::new-password-file ::valid-from]))
|
||||
|
||||
(s/def ::cred-rot
|
||||
(s/keys :req-un []
|
||||
:opt-un [::new-password-file]))
|
||||
:opt-un [::new-password-config]))
|
||||
|
||||
; Refer to "docs/CredentialRotation.md" for specifics
|
||||
|
||||
(defn-spec maybe-add-new! nil?
|
||||
[config ::cred-rot]
|
||||
(let [{:keys [new-password-file]} config]
|
||||
(if (not (nil? new-password-file))
|
||||
(i/execute! (domain/add-password-command config) config))))
|
||||
|
||||
(defn-spec list-passwords! map?
|
||||
(defn-spec list-passwords! string?
|
||||
[config ::cred-rot]
|
||||
(i/execute-out! (domain/list-passwords-command config) config))
|
||||
|
||||
(defn-spec parse-passwords! nil?
|
||||
(defn-spec maybe-add-new! nil?
|
||||
[config ::cred-rot]
|
||||
(println (cc/parse-string (list-passwords! config))))
|
||||
(let [{:keys [new-password-file valid-from]} (:new-password-config config)]
|
||||
(if (not (nil? new-password-file))
|
||||
(let [parsed-passwords (parsed-passwords! config)]
|
||||
(i/execute! (domain/add-password-command config) config)))))
|
||||
|
||||
(defn-spec replace-old-password! nil?
|
||||
[]
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
[clojure.string :as str]
|
||||
[dda.backup.core.domain :as cd]
|
||||
[dda.backup.restic.domain :as rd]
|
||||
[cheshire.core :as cc]
|
||||
[cljc.java-time.local-date :as ld]
|
||||
[cljc.java-time.format.date-time-formatter :as df]))
|
||||
|
||||
|
@ -26,10 +27,12 @@
|
|||
(s/def ::hostName (fn [in] (every? #(re-matches lowercase-numeric %) (str/split in #"-"))))
|
||||
; "2024-10-18 13:08:16"
|
||||
(def timestamp-formatter (df/of-pattern "yyyy-MM-dd HH:mm:ss"))
|
||||
(s/def ::created #(try
|
||||
(ld/parse % timestamp-formatter)
|
||||
true
|
||||
(catch Exception _ false)))
|
||||
(defn timestamp? [in]
|
||||
(try
|
||||
(ld/parse in timestamp-formatter)
|
||||
true
|
||||
(catch Exception _ false)))
|
||||
(s/def ::created timestamp?)
|
||||
|
||||
(s/def ::entry (s/keys :opt-un []
|
||||
:req-un [::current ::id ::userName ::hostName ::created]))
|
||||
|
@ -69,3 +72,7 @@
|
|||
new-id ::id
|
||||
old-id ::id]
|
||||
[(base-command config ["key" "remove" "--key-hint" new-id old-id])])
|
||||
|
||||
(defn-spec parse-response ::response
|
||||
[response string?]
|
||||
(s/conform )(cc/parse-string response #(keyword %)))
|
||||
|
|
|
@ -5,6 +5,24 @@
|
|||
[clojure.spec.test.alpha :as st]
|
||||
[dda.backup.cred-rot.domain :as cut]))
|
||||
|
||||
(deftest test-parse-response
|
||||
(is (= [] (cut/parse-response "[
|
||||
{
|
||||
\"current\": false,
|
||||
\"id\": \"521e0760\",
|
||||
\"userName\": \"root\",
|
||||
\"hostName\": \"backup-restore-65bd9b6ff5-z69sn\",
|
||||
\"created\": \"2024-10-18 13:08:16\"
|
||||
},
|
||||
{
|
||||
\"current\": true,
|
||||
\"id\": \"b67161fb\",
|
||||
\"userName\": \"root\",
|
||||
\"hostName\": \"backup-restore-65bd9b6ff5-z69sn\",
|
||||
\"created\": \"2024-10-18 13:16:54\"
|
||||
}
|
||||
]"))))
|
||||
|
||||
(deftest test-spec-id
|
||||
(is (s/valid? ::cut/id "521e0760"))
|
||||
(is (s/valid? ::cut/id "test"))
|
||||
|
@ -24,8 +42,8 @@
|
|||
(is (valid "test-some-combination-2"))
|
||||
(is (valid "backup-restore-65bd9b6ff5-z69sn"))))
|
||||
|
||||
(deftest test-spec-created
|
||||
(let [valid #(s/valid? ::cut/created %)]
|
||||
(deftest test-spec-timestamp
|
||||
(let [valid #(s/valid? cut/timestamp? %)]
|
||||
(is (valid "2024-10-18 13:08:16"))
|
||||
(is (valid "2032-09-01 12:56:59"))
|
||||
(is (not (valid "2024-13-5 13:08:16")))
|
||||
|
|
Loading…
Reference in a new issue