git.delta.rocks / jrsonnet / refs/commits / fb6d3038c4a7

difftreelog

refactor drop old db

Yaroslav Bolyukin2021-09-18parent: #4ad5065.patch.diff
in: trunk

8 files changed

deletedsrc/cmds/generate_secrets.rsdiffbeforeafterboth
--- a/src/cmds/generate_secrets.rs
+++ /dev/null
@@ -1,56 +0,0 @@
-use std::collections::HashSet;
-
-use anyhow::Result;
-use clap::Clap;
-use log::info;
-
-use crate::{
-	db::{
-		secret::{list_secrets, SecretDb},
-		Db, DbData,
-	},
-	host::FleetOpts,
-};
-
-#[derive(Clap)]
-pub struct GenerateSecrets {
-	#[clap(flatten)]
-	fleet_opts: FleetOpts,
-
-	/// If set - remove orphaned secrets
-	#[clap(long)]
-	cleanup: bool,
-}
-
-impl GenerateSecrets {
-	pub fn run(self) -> Result<()> {
-		let db = Db::new(".fleet")?;
-		let mut secrets = SecretDb::open(&db)?;
-
-		let defined_secrets = list_secrets()?;
-		for (secret, data) in defined_secrets.iter() {
-			//let keys = KeyDb::open(&db)?;
-			secrets.ensure_generated(&self.fleet_opts, secret, data)?;
-		}
-		let key_names = defined_secrets
-			.keys()
-			.filter(|s| !secrets.has_secret(s))
-			.cloned()
-			.collect::<HashSet<_>>();
-		if !key_names.is_empty() {
-			if self.cleanup {
-				info!("Removed orphan secrets:");
-			} else {
-				info!("Orphan secrets found, run with --cleanup to remove them from db:");
-			}
-			for key in key_names {
-				info!("- {}", key);
-				if self.cleanup {
-					secrets.remove_secret(&key)
-				}
-			}
-		}
-
-		Ok(())
-	}
-}
modifiedsrc/cmds/mod.rsdiffbeforeafterboth
--- a/src/cmds/mod.rs
+++ b/src/cmds/mod.rs
@@ -1,4 +1,2 @@
 pub mod build_systems;
-// pub mod fetch_keys;
-pub mod generate_secrets;
 pub mod secrets;
deletedsrc/db/dbr.rsdiffbeforeafterboth
--- a/src/db/dbr.rs
+++ /dev/null
@@ -1,117 +0,0 @@
-//! Small .toml based readable data store
-
-use anyhow::{Context, Result};
-use serde::{de::DeserializeOwned, Serialize};
-use std::{
-	cell::Cell,
-	collections::HashSet,
-	io::Write,
-	ops::{Deref, DerefMut},
-	path::Path,
-	path::PathBuf,
-	sync::{Arc, Mutex},
-};
-
-struct DbInternal {
-	root: PathBuf,
-	locked_paths: HashSet<PathBuf>,
-}
-
-pub trait DbData: DeserializeOwned + Serialize + Default {
-	const DB_NAME: &'static str;
-
-	fn open(db: &Db) -> Result<DbFile<Self>> {
-		db.db::<Self>()
-	}
-}
-
-#[derive(Clone)]
-pub struct Db(Arc<Mutex<DbInternal>>);
-impl Db {
-	pub fn new(root: impl AsRef<Path>) -> Result<Self> {
-		let root: &Path = root.as_ref();
-		std::fs::create_dir_all(&root).context("db root")?;
-		Ok(Db(Arc::new(Mutex::new(DbInternal {
-			root: root.to_owned(),
-			locked_paths: HashSet::new(),
-		}))))
-	}
-
-	pub fn db<T: DbData>(&self) -> Result<DbFile<T>> {
-		let name = T::DB_NAME;
-		assert!(!name.contains('/') && !name.contains('\\'));
-		let mut db = self.0.lock().unwrap();
-		let mut data_path = db.root.clone();
-		data_path.push(format!("{}.toml", name));
-
-		if !db.locked_paths.insert(data_path.clone()) {
-			anyhow::bail!("file is already open");
-		}
-
-		let data = if data_path.exists() {
-			let raw_data = std::fs::read(&data_path).context("reading file")?;
-			toml::from_slice(&raw_data).context("parsing file")?
-		} else {
-			T::default()
-		};
-
-		Ok(DbFile {
-			db: self.clone(),
-			root: db.root.clone(),
-			path: data_path,
-			data,
-			dirty: Cell::new(false),
-		})
-	}
-}
-
-pub struct DbFile<T: DbData> {
-	db: Db,
-	root: PathBuf,
-	path: PathBuf,
-	data: T,
-	dirty: Cell<bool>,
-}
-
-impl<T: DbData> Deref for DbFile<T> {
-	type Target = T;
-
-	fn deref(&self) -> &Self::Target {
-		&self.data
-	}
-}
-
-impl<T: DbData> DerefMut for DbFile<T> {
-	fn deref_mut(&mut self) -> &mut Self::Target {
-		self.dirty.set(true);
-		&mut self.data
-	}
-}
-
-impl<T: DbData> DbFile<T> {
-	pub fn write(&self) -> Result<()> {
-		if !self.dirty.get() {
-			return Ok(());
-		}
-		let mut temp = tempfile::Builder::new()
-			.prefix("~")
-			.suffix(".toml")
-			.tempfile_in(&self.root)?;
-		let mut out = String::new();
-		let mut serializer = toml::Serializer::new(&mut out);
-		serializer.pretty_array(true).pretty_string(true);
-		self.data.serialize(&mut serializer)?;
-		temp.write_all(out.as_bytes())?;
-		temp.persist(&self.path)?;
-		self.dirty.set(false);
-		Ok(())
-	}
-}
-
-impl<T: DbData> Drop for DbFile<T> {
-	fn drop(&mut self) {
-		let mut db = self.db.0.lock().unwrap();
-		self.write().unwrap();
-		db.locked_paths.remove(&self.path);
-	}
-}
deletedsrc/db/mod.rsdiffbeforeafterboth
--- a/src/db/mod.rs
+++ /dev/null
@@ -1,4 +0,0 @@
-mod dbr;
-pub mod secret;
-
-pub use dbr::*;
deletedsrc/db/secret.rsdiffbeforeafterboth

no changes

modifiedsrc/fleetdata.rsdiffbeforeafterboth
--- a/src/fleetdata.rs
+++ b/src/fleetdata.rs
@@ -1,16 +1,30 @@
+use chrono::{DateTime, Utc};
 use serde::{Deserialize, Serialize};
 use std::collections::BTreeMap;
 
 #[derive(Serialize, Deserialize, Default)]
+#[serde(rename_all = "camelCase")]
 pub struct HostData {
 	#[serde(default)]
+	#[serde(skip_serializing_if = "String::is_empty")]
 	pub encryption_key: String,
-	#[serde(default)]
-	pub encrypted_secrets: BTreeMap<String, String>,
 }
 
 #[derive(Serialize, Deserialize)]
 pub struct FleetData {
 	#[serde(default)]
 	pub hosts: BTreeMap<String, HostData>,
+	#[serde(default)]
+	#[serde(skip_serializing_if = "BTreeMap::is_empty")]
+	pub secrets: BTreeMap<String, FleetSecret>,
+}
+
+#[derive(Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct FleetSecret {
+	pub owners: Vec<String>,
+	#[serde(default)]
+	#[serde(skip_serializing_if = "Option::is_none")]
+	pub expire_at: Option<DateTime<Utc>>,
+	pub data: BTreeMap<String, String>,
 }
modifiedsrc/keys.rsdiffbeforeafterboth
--- a/src/keys.rs
+++ b/src/keys.rs
@@ -20,14 +20,6 @@
 		let host = data.hosts.entry(host.to_string()).or_default();
 		host.encryption_key = key.trim().to_string();
 	}
-	pub fn update_secret(&self, host: &str, name: &str, value: &[u8]) {
-		let mut data = self.data_mut();
-		let host = data.hosts.entry(host.to_string()).or_default();
-		host.encrypted_secrets.insert(
-			name.to_string(),
-			format!("[ENCRYPTED:{}]", base64::encode(value)),
-		);
-	}
 
 	pub fn key(&self, host: &str) -> anyhow::Result<String> {
 		if let Some(key) = self.cached_key(host) {
@@ -35,7 +27,7 @@
 		} else {
 			warn!("Loading key for {}", host);
 			let key = self
-				.command_on("host", "cat", false)
+				.command_on(&host, "cat", false)
 				.arg("/etc/ssh/ssh_host_ed25519_key.pub")
 				.run_string()?;
 			self.update_key(host, key.clone());
modifiedsrc/main.rsdiffbeforeafterboth
--- a/src/main.rs
+++ b/src/main.rs
@@ -5,7 +5,6 @@
 pub mod keys;
 
 pub mod cmds;
-pub mod db;
 pub mod nix;
 
 mod fleetdata;
@@ -13,14 +12,12 @@
 use anyhow::Result;
 use clap::Clap;
 
-use cmds::{build_systems::BuildSystems, generate_secrets::GenerateSecrets, secrets::Secrets};
+use cmds::{build_systems::BuildSystems, secrets::Secrets};
 use host::{Config, FleetOpts};
 
 #[derive(Clap)]
 #[clap(version = "1.0", author = "CertainLach <iam@lach.pw>")]
 enum Opts {
-	/// Force generation of missing secrets
-	GenerateSecrets(GenerateSecrets),
 	/// Prepare systems for deployments
 	BuildSystems(BuildSystems),
 	/// Secret management
@@ -38,7 +35,6 @@
 fn run_command(config: &Config, command: Opts) -> Result<()> {
 	match command {
 		Opts::BuildSystems(c) => c.run(config)?,
-		Opts::GenerateSecrets(c) => c.run()?,
 		Opts::Secrets(s) => s.run(config)?,
 	};
 	Ok(())