credential-rotation #1
6 changed files with 66 additions and 45 deletions
|
@ -5,3 +5,5 @@ ADD resources /tmp/
|
||||||
RUN /tmp/install.sh
|
RUN /tmp/install.sh
|
||||||
ADD local/ /usr/local/lib/dda-backup
|
ADD local/ /usr/local/lib/dda-backup
|
||||||
RUN init-bb.bb
|
RUN init-bb.bb
|
||||||
|
ADD resources2 /tmp/
|
||||||
|
RUN install -m 0700 -o root -g root /tmp/test-me.bb /usr/local/bin/
|
||||||
|
|
|
@ -1,42 +1,3 @@
|
||||||
#!/usr/bin/env bb
|
#!/usr/bin/env bb
|
||||||
|
|
||||||
(require '[babashka.tasks :as tasks]
|
(println "initialized")
|
||||||
'[dda.backup.cred-rot :as cr]
|
|
||||||
'[dda.backup.restic :as rc]
|
|
||||||
'[dda.backup.postgresql :as pg])
|
|
||||||
|
|
||||||
(def restic-repo {:password-file "restic-pwd"
|
|
||||||
:restic-repository "restic-repo"})
|
|
||||||
|
|
||||||
(def file-config (merge restic-repo {:backup-path "files"
|
|
||||||
:files ["test-backup"]
|
|
||||||
:restore-target-directory "test-restore"}))
|
|
||||||
|
|
||||||
(def db-config (merge restic-repo {:backup-path "db"
|
|
||||||
:pg-db "mydb"
|
|
||||||
:pg-user "user"
|
|
||||||
:pg-password "password"}))
|
|
||||||
|
|
||||||
(def cred-config (merge restic-repo {:new-password-file "new-pw-file"}))
|
|
||||||
|
|
||||||
(def dry-run {:dry-run true :debug true})
|
|
||||||
|
|
||||||
(defn prepare!
|
|
||||||
[]
|
|
||||||
(spit "/tmp/file_password" "file-password")
|
|
||||||
(spit "restic-pwd" "ThePassword")
|
|
||||||
(tasks/shell "mkdir" "-p" "test-backup")
|
|
||||||
(spit "test-backup/file" "I was here")
|
|
||||||
(spit "new-pw-file" "newpassword")
|
|
||||||
(tasks/shell "mkdir" "-p" "test-restore")
|
|
||||||
(pg/create-pg-pass! db-config))
|
|
||||||
|
|
||||||
(defn restic-repo-init!
|
|
||||||
[]
|
|
||||||
(rc/init! restic-repo))
|
|
||||||
|
|
||||||
(prepare!)
|
|
||||||
(restic-repo-init!)
|
|
||||||
(cr/list-passwords! cred-config)
|
|
||||||
(cr/maybe-add-new! cred-config)
|
|
||||||
(cr/list-passwords! cred-config)
|
|
||||||
|
|
44
infrastructure/backup/image/resources2/test-me.bb
Executable file
44
infrastructure/backup/image/resources2/test-me.bb
Executable file
|
@ -0,0 +1,44 @@
|
||||||
|
#!/usr/bin/env bb
|
||||||
|
|
||||||
|
(println "initialized")
|
||||||
|
|
||||||
|
(require '[babashka.tasks :as tasks]
|
||||||
|
'[dda.backup.cred-rot :as cr]
|
||||||
|
'[dda.backup.restic :as rc]
|
||||||
|
'[dda.backup.postgresql :as pg])
|
||||||
|
|
||||||
|
(def restic-repo {:password-file "restic-pwd"
|
||||||
|
:restic-repository "restic-repo"})
|
||||||
|
|
||||||
|
(def file-config (merge restic-repo {:backup-path "files"
|
||||||
|
:files ["test-backup"]
|
||||||
|
:restore-target-directory "test-restore"}))
|
||||||
|
|
||||||
|
(def db-config (merge restic-repo {:backup-path "db"
|
||||||
|
:pg-db "mydb"
|
||||||
|
:pg-user "user"
|
||||||
|
:pg-password "password"}))
|
||||||
|
|
||||||
|
(def cred-config (merge restic-repo {:new-password-file "new-pw-file"}))
|
||||||
|
|
||||||
|
(def dry-run {:dry-run true :debug true})
|
||||||
|
|
||||||
|
(defn prepare!
|
||||||
|
[]
|
||||||
|
(spit "/tmp/file_password" "file-password")
|
||||||
|
(spit "restic-pwd" "ThePassword")
|
||||||
|
(tasks/shell "mkdir" "-p" "test-backup")
|
||||||
|
(spit "test-backup/file" "I was here")
|
||||||
|
(spit "new-pw-file" "newpassword")
|
||||||
|
(tasks/shell "mkdir" "-p" "test-restore")
|
||||||
|
(pg/create-pg-pass! db-config))
|
||||||
|
|
||||||
|
(defn restic-repo-init!
|
||||||
|
[]
|
||||||
|
(rc/init! restic-repo))
|
||||||
|
|
||||||
|
(prepare!)
|
||||||
|
(restic-repo-init!)
|
||||||
|
(cr/list-passwords! cred-config)
|
||||||
|
(cr/maybe-add-new! cred-config)
|
||||||
|
(cr/list-passwords! cred-config)
|
|
@ -22,8 +22,11 @@
|
||||||
[config ::cred-rot]
|
[config ::cred-rot]
|
||||||
(let [{:keys [new-password-file valid-from]} (:new-password-config config)]
|
(let [{:keys [new-password-file valid-from]} (:new-password-config config)]
|
||||||
(if (not (nil? new-password-file))
|
(if (not (nil? new-password-file))
|
||||||
(let [parsed-passwords (parsed-passwords! config)]
|
(let [parsed-passwords (domain/parse-response (list-passwords! config))]
|
||||||
(i/execute! (domain/add-password-command config) config)))))
|
(when (> 0 (compare
|
||||||
|
(:created (last parsed-passwords))
|
||||||
|
valid-from))
|
||||||
|
(i/execute! (domain/add-password-command config) config))))))
|
||||||
|
|
||||||
(defn-spec replace-old-password! nil?
|
(defn-spec replace-old-password! nil?
|
||||||
[]
|
[]
|
||||||
|
|
|
@ -75,4 +75,4 @@
|
||||||
|
|
||||||
(defn-spec parse-response ::response
|
(defn-spec parse-response ::response
|
||||||
[response string?]
|
[response string?]
|
||||||
(s/conform )(cc/parse-string response #(keyword %)))
|
(sort-by :created (cc/parse-string response #(keyword %))))
|
||||||
|
|
|
@ -6,13 +6,24 @@
|
||||||
[dda.backup.cred-rot.domain :as cut]))
|
[dda.backup.cred-rot.domain :as cut]))
|
||||||
|
|
||||||
(deftest test-parse-response
|
(deftest test-parse-response
|
||||||
(is (= [] (cut/parse-response "[
|
(is (=
|
||||||
|
[{:current true,
|
||||||
|
:id "b67161fb",
|
||||||
|
:userName "root",
|
||||||
|
:hostName "backup-restore-65bd9b6ff5-z69sn",
|
||||||
|
:created "2024-10-18 13:16:54"}
|
||||||
|
{:current false,
|
||||||
|
:id "521e0760",
|
||||||
|
:userName "root",
|
||||||
|
:hostName "backup-restore-65bd9b6ff5-z69sn",
|
||||||
|
:created "2024-11-18 13:08:16"}]
|
||||||
|
(cut/parse-response "[
|
||||||
{
|
{
|
||||||
\"current\": false,
|
\"current\": false,
|
||||||
\"id\": \"521e0760\",
|
\"id\": \"521e0760\",
|
||||||
\"userName\": \"root\",
|
\"userName\": \"root\",
|
||||||
\"hostName\": \"backup-restore-65bd9b6ff5-z69sn\",
|
\"hostName\": \"backup-restore-65bd9b6ff5-z69sn\",
|
||||||
\"created\": \"2024-10-18 13:08:16\"
|
\"created\": \"2024-11-18 13:08:16\"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
\"current\": true,
|
\"current\": true,
|
||||||
|
|
Loading…
Reference in a new issue