credential-rotation #1

Merged
jem merged 18 commits from credential-rotation into main 2024-12-27 09:25:09 +00:00
3 changed files with 41 additions and 19 deletions
Showing only changes of commit b60bf5bb87 - Show all commits

View file

@ -3,30 +3,27 @@
[orchestra.core :refer [defn-spec]] [orchestra.core :refer [defn-spec]]
[clojure.spec.alpha :as s] [clojure.spec.alpha :as s]
[dda.backup.cred-rot.domain :as domain] [dda.backup.cred-rot.domain :as domain]
[dda.backup.infrastructure :as i] [dda.backup.infrastructure :as i]))
[cheshire.core :as cc]))
(s/def ::valid-from domain/timestamp?)
(s/def ::new-password-file string?) (s/def ::new-password-file string?)
(s/def ::new-password-config (s/keys :req-un [::new-password-file ::valid-from]))
(s/def ::cred-rot (s/def ::cred-rot
(s/keys :req-un [] (s/keys :req-un []
:opt-un [::new-password-file])) :opt-un [::new-password-config]))
; Refer to "docs/CredentialRotation.md" for specifics ; Refer to "docs/CredentialRotation.md" for specifics
(defn-spec list-passwords! string?
(defn-spec maybe-add-new! nil?
[config ::cred-rot]
(let [{:keys [new-password-file]} config]
(if (not (nil? new-password-file))
(i/execute! (domain/add-password-command config) config))))
(defn-spec list-passwords! map?
[config ::cred-rot] [config ::cred-rot]
(i/execute-out! (domain/list-passwords-command config) config)) (i/execute-out! (domain/list-passwords-command config) config))
(defn-spec parse-passwords! nil? (defn-spec maybe-add-new! nil?
[config ::cred-rot] [config ::cred-rot]
(println (cc/parse-string (list-passwords! config)))) (let [{:keys [new-password-file valid-from]} (:new-password-config config)]
(if (not (nil? new-password-file))
(let [parsed-passwords (parsed-passwords! config)]
(i/execute! (domain/add-password-command config) config)))))
(defn-spec replace-old-password! nil? (defn-spec replace-old-password! nil?
[] []

View file

@ -5,6 +5,7 @@
[clojure.string :as str] [clojure.string :as str]
[dda.backup.core.domain :as cd] [dda.backup.core.domain :as cd]
[dda.backup.restic.domain :as rd] [dda.backup.restic.domain :as rd]
[cheshire.core :as cc]
[cljc.java-time.local-date :as ld] [cljc.java-time.local-date :as ld]
[cljc.java-time.format.date-time-formatter :as df])) [cljc.java-time.format.date-time-formatter :as df]))
@ -26,10 +27,12 @@
(s/def ::hostName (fn [in] (every? #(re-matches lowercase-numeric %) (str/split in #"-")))) (s/def ::hostName (fn [in] (every? #(re-matches lowercase-numeric %) (str/split in #"-"))))
; "2024-10-18 13:08:16" ; "2024-10-18 13:08:16"
(def timestamp-formatter (df/of-pattern "yyyy-MM-dd HH:mm:ss")) (def timestamp-formatter (df/of-pattern "yyyy-MM-dd HH:mm:ss"))
(s/def ::created #(try (defn timestamp? [in]
(ld/parse % timestamp-formatter) (try
(ld/parse in timestamp-formatter)
true true
(catch Exception _ false))) (catch Exception _ false)))
(s/def ::created timestamp?)
(s/def ::entry (s/keys :opt-un [] (s/def ::entry (s/keys :opt-un []
:req-un [::current ::id ::userName ::hostName ::created])) :req-un [::current ::id ::userName ::hostName ::created]))
@ -69,3 +72,7 @@
new-id ::id new-id ::id
old-id ::id] old-id ::id]
[(base-command config ["key" "remove" "--key-hint" new-id old-id])]) [(base-command config ["key" "remove" "--key-hint" new-id old-id])])
(defn-spec parse-response ::response
[response string?]
(s/conform )(cc/parse-string response #(keyword %)))

View file

@ -5,6 +5,24 @@
[clojure.spec.test.alpha :as st] [clojure.spec.test.alpha :as st]
[dda.backup.cred-rot.domain :as cut])) [dda.backup.cred-rot.domain :as cut]))
(deftest test-parse-response
(is (= [] (cut/parse-response "[
{
\"current\": false,
\"id\": \"521e0760\",
\"userName\": \"root\",
\"hostName\": \"backup-restore-65bd9b6ff5-z69sn\",
\"created\": \"2024-10-18 13:08:16\"
},
{
\"current\": true,
\"id\": \"b67161fb\",
\"userName\": \"root\",
\"hostName\": \"backup-restore-65bd9b6ff5-z69sn\",
\"created\": \"2024-10-18 13:16:54\"
}
]"))))
(deftest test-spec-id (deftest test-spec-id
(is (s/valid? ::cut/id "521e0760")) (is (s/valid? ::cut/id "521e0760"))
(is (s/valid? ::cut/id "test")) (is (s/valid? ::cut/id "test"))
@ -24,8 +42,8 @@
(is (valid "test-some-combination-2")) (is (valid "test-some-combination-2"))
(is (valid "backup-restore-65bd9b6ff5-z69sn")))) (is (valid "backup-restore-65bd9b6ff5-z69sn"))))
(deftest test-spec-created (deftest test-spec-timestamp
(let [valid #(s/valid? ::cut/created %)] (let [valid #(s/valid? cut/timestamp? %)]
(is (valid "2024-10-18 13:08:16")) (is (valid "2024-10-18 13:08:16"))
(is (valid "2032-09-01 12:56:59")) (is (valid "2032-09-01 12:56:59"))
(is (not (valid "2024-13-5 13:08:16"))) (is (not (valid "2024-13-5 13:08:16")))