credential-rotation #1
3 changed files with 41 additions and 19 deletions
|
@ -3,30 +3,27 @@
|
||||||
[orchestra.core :refer [defn-spec]]
|
[orchestra.core :refer [defn-spec]]
|
||||||
[clojure.spec.alpha :as s]
|
[clojure.spec.alpha :as s]
|
||||||
[dda.backup.cred-rot.domain :as domain]
|
[dda.backup.cred-rot.domain :as domain]
|
||||||
[dda.backup.infrastructure :as i]
|
[dda.backup.infrastructure :as i]))
|
||||||
[cheshire.core :as cc]))
|
|
||||||
|
|
||||||
|
(s/def ::valid-from domain/timestamp?)
|
||||||
(s/def ::new-password-file string?)
|
(s/def ::new-password-file string?)
|
||||||
|
(s/def ::new-password-config (s/keys :req-un [::new-password-file ::valid-from]))
|
||||||
|
|
||||||
(s/def ::cred-rot
|
(s/def ::cred-rot
|
||||||
(s/keys :req-un []
|
(s/keys :req-un []
|
||||||
:opt-un [::new-password-file]))
|
:opt-un [::new-password-config]))
|
||||||
|
|
||||||
; Refer to "docs/CredentialRotation.md" for specifics
|
; Refer to "docs/CredentialRotation.md" for specifics
|
||||||
|
(defn-spec list-passwords! string?
|
||||||
(defn-spec maybe-add-new! nil?
|
|
||||||
[config ::cred-rot]
|
|
||||||
(let [{:keys [new-password-file]} config]
|
|
||||||
(if (not (nil? new-password-file))
|
|
||||||
(i/execute! (domain/add-password-command config) config))))
|
|
||||||
|
|
||||||
(defn-spec list-passwords! map?
|
|
||||||
[config ::cred-rot]
|
[config ::cred-rot]
|
||||||
(i/execute-out! (domain/list-passwords-command config) config))
|
(i/execute-out! (domain/list-passwords-command config) config))
|
||||||
|
|
||||||
(defn-spec parse-passwords! nil?
|
(defn-spec maybe-add-new! nil?
|
||||||
[config ::cred-rot]
|
[config ::cred-rot]
|
||||||
(println (cc/parse-string (list-passwords! config))))
|
(let [{:keys [new-password-file valid-from]} (:new-password-config config)]
|
||||||
|
(if (not (nil? new-password-file))
|
||||||
|
(let [parsed-passwords (parsed-passwords! config)]
|
||||||
|
(i/execute! (domain/add-password-command config) config)))))
|
||||||
|
|
||||||
(defn-spec replace-old-password! nil?
|
(defn-spec replace-old-password! nil?
|
||||||
[]
|
[]
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
[clojure.string :as str]
|
[clojure.string :as str]
|
||||||
[dda.backup.core.domain :as cd]
|
[dda.backup.core.domain :as cd]
|
||||||
[dda.backup.restic.domain :as rd]
|
[dda.backup.restic.domain :as rd]
|
||||||
|
[cheshire.core :as cc]
|
||||||
[cljc.java-time.local-date :as ld]
|
[cljc.java-time.local-date :as ld]
|
||||||
[cljc.java-time.format.date-time-formatter :as df]))
|
[cljc.java-time.format.date-time-formatter :as df]))
|
||||||
|
|
||||||
|
@ -26,10 +27,12 @@
|
||||||
(s/def ::hostName (fn [in] (every? #(re-matches lowercase-numeric %) (str/split in #"-"))))
|
(s/def ::hostName (fn [in] (every? #(re-matches lowercase-numeric %) (str/split in #"-"))))
|
||||||
; "2024-10-18 13:08:16"
|
; "2024-10-18 13:08:16"
|
||||||
(def timestamp-formatter (df/of-pattern "yyyy-MM-dd HH:mm:ss"))
|
(def timestamp-formatter (df/of-pattern "yyyy-MM-dd HH:mm:ss"))
|
||||||
(s/def ::created #(try
|
(defn timestamp? [in]
|
||||||
(ld/parse % timestamp-formatter)
|
(try
|
||||||
true
|
(ld/parse in timestamp-formatter)
|
||||||
(catch Exception _ false)))
|
true
|
||||||
|
(catch Exception _ false)))
|
||||||
|
(s/def ::created timestamp?)
|
||||||
|
|
||||||
(s/def ::entry (s/keys :opt-un []
|
(s/def ::entry (s/keys :opt-un []
|
||||||
:req-un [::current ::id ::userName ::hostName ::created]))
|
:req-un [::current ::id ::userName ::hostName ::created]))
|
||||||
|
@ -69,3 +72,7 @@
|
||||||
new-id ::id
|
new-id ::id
|
||||||
old-id ::id]
|
old-id ::id]
|
||||||
[(base-command config ["key" "remove" "--key-hint" new-id old-id])])
|
[(base-command config ["key" "remove" "--key-hint" new-id old-id])])
|
||||||
|
|
||||||
|
(defn-spec parse-response ::response
|
||||||
|
[response string?]
|
||||||
|
(s/conform )(cc/parse-string response #(keyword %)))
|
||||||
|
|
|
@ -5,6 +5,24 @@
|
||||||
[clojure.spec.test.alpha :as st]
|
[clojure.spec.test.alpha :as st]
|
||||||
[dda.backup.cred-rot.domain :as cut]))
|
[dda.backup.cred-rot.domain :as cut]))
|
||||||
|
|
||||||
|
(deftest test-parse-response
|
||||||
|
(is (= [] (cut/parse-response "[
|
||||||
|
{
|
||||||
|
\"current\": false,
|
||||||
|
\"id\": \"521e0760\",
|
||||||
|
\"userName\": \"root\",
|
||||||
|
\"hostName\": \"backup-restore-65bd9b6ff5-z69sn\",
|
||||||
|
\"created\": \"2024-10-18 13:08:16\"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
\"current\": true,
|
||||||
|
\"id\": \"b67161fb\",
|
||||||
|
\"userName\": \"root\",
|
||||||
|
\"hostName\": \"backup-restore-65bd9b6ff5-z69sn\",
|
||||||
|
\"created\": \"2024-10-18 13:16:54\"
|
||||||
|
}
|
||||||
|
]"))))
|
||||||
|
|
||||||
(deftest test-spec-id
|
(deftest test-spec-id
|
||||||
(is (s/valid? ::cut/id "521e0760"))
|
(is (s/valid? ::cut/id "521e0760"))
|
||||||
(is (s/valid? ::cut/id "test"))
|
(is (s/valid? ::cut/id "test"))
|
||||||
|
@ -24,8 +42,8 @@
|
||||||
(is (valid "test-some-combination-2"))
|
(is (valid "test-some-combination-2"))
|
||||||
(is (valid "backup-restore-65bd9b6ff5-z69sn"))))
|
(is (valid "backup-restore-65bd9b6ff5-z69sn"))))
|
||||||
|
|
||||||
(deftest test-spec-created
|
(deftest test-spec-timestamp
|
||||||
(let [valid #(s/valid? ::cut/created %)]
|
(let [valid #(s/valid? cut/timestamp? %)]
|
||||||
(is (valid "2024-10-18 13:08:16"))
|
(is (valid "2024-10-18 13:08:16"))
|
||||||
(is (valid "2032-09-01 12:56:59"))
|
(is (valid "2032-09-01 12:56:59"))
|
||||||
(is (not (valid "2024-13-5 13:08:16")))
|
(is (not (valid "2024-13-5 13:08:16")))
|
||||||
|
|
Loading…
Reference in a new issue