safedb 0.7.1001 → 0.10.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +50 -3
- data/Dockerfile +46 -0
- data/Jenkinsfile +45 -0
- data/README.md +16 -0
- data/Rakefile +2 -2
- data/cucumber-test.sh +55 -0
- data/lib/cli.rb +20 -7
- data/lib/controller/abstract/controller.rb +2 -3
- data/lib/controller/access/init.rb +11 -7
- data/lib/controller/access/login.rb +0 -2
- data/lib/controller/book/commit.rb +1 -0
- data/lib/controller/db/obliterate.feature +45 -0
- data/lib/controller/db/obliterate.rb +58 -0
- data/lib/controller/db/pull.rb +10 -26
- data/lib/controller/db/push.rb +29 -321
- data/lib/controller/db/{remote.rb → remote-github-keypair.rb} +11 -6
- data/lib/controller/db/remote-github-token.rb +69 -0
- data/lib/controller/db/state.rb +63 -0
- data/lib/controller/query/publish.rb +27 -0
- data/lib/controller/requirer.rb +0 -1
- data/lib/manual/git-interaction.md +176 -0
- data/lib/manual/remote.md +0 -1
- data/lib/model/book.rb +13 -1
- data/lib/model/checkin.feature +15 -27
- data/lib/model/content.rb +25 -27
- data/lib/model/indices.rb +35 -8
- data/lib/model/state_evolve.rb +21 -0
- data/lib/model/text_chunk.rb +1 -1
- data/lib/utils/extend/string.rb +28 -0
- data/lib/utils/git/gitflow.rb +565 -0
- data/lib/utils/git/github.rb +69 -0
- data/lib/utils/identity/machine.id.rb +2 -2
- data/lib/utils/keys/keypair.rb +93 -0
- data/lib/utils/logs/logger.rb +3 -4
- data/lib/utils/time/timestamp.rb +2 -0
- data/lib/version.rb +1 -1
- data/pod-image-builder.yaml +27 -0
- data/pod-image-safetty.yaml +18 -0
- data/safedb.gemspec +1 -6
- metadata +17 -64
- data/genius-decision.txt +0 -25
- data/lib/controller/db/model_git_service.rb +0 -399
- data/lib/plugin/github.rb +0 -53
- data/lib/utils/store/github.rb +0 -27
data/lib/controller/db/push.rb
CHANGED
@@ -2,326 +2,38 @@
|
|
2
2
|
|
3
3
|
module SafeDb
|
4
4
|
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
5
|
+
# A safe push will save the state of the local safe database in a
|
6
|
+
# backend location (currently only a Git repository).
|
7
|
+
#
|
8
|
+
# This class does not require the user to be logged into a book.
|
9
|
+
# Naturally it expects safe remote --provision to have been
|
10
|
+
# called which creates the remote backend and then sets the git
|
11
|
+
# remote origin urls for fetch and push.
|
12
|
+
class Push < Controller
|
13
|
+
|
14
|
+
# Execute the business of pushing to a remote safe
|
15
|
+
# backend repository.
|
16
|
+
def execute()
|
17
|
+
|
18
|
+
# Only required when git pulling on a machine for
|
19
|
+
# the very first time. This is used to grab the
|
20
|
+
# github access token and repository user and repository
|
21
|
+
# name for creating the push origin url.
|
22
|
+
# ----------------------------------------------------------
|
23
|
+
# open_remote_backend_location()
|
24
|
+
# ----------------------------------------------------------
|
25
|
+
|
26
|
+
puts ""
|
27
|
+
puts "Pushing safe commits to the backend repository."
|
28
|
+
puts ""
|
29
|
+
|
30
|
+
GitFlow.push( Indices::MASTER_CRYPTS_FOLDER_PATH )
|
31
|
+
|
32
|
+
puts ""
|
30
33
|
|
31
|
-
# After backing up local assets the <b>push use case</b> creates a remoe github
|
32
|
-
# repository if necessary and initializes the master crypts as a git repository
|
33
|
-
# if necessary and then adds, commits and pushes the crypts up to the github
|
34
|
-
# remote for safe keeping.
|
35
|
-
def execute()
|
36
|
-
|
37
|
-
open_remote_backend_location()
|
38
|
-
|
39
|
-
###########
|
40
|
-
########### =========================================
|
41
|
-
########### Instead of Private Keys Use Tokens =====
|
42
|
-
########### =========================================
|
43
|
-
###########
|
44
|
-
########### git remote add origin https://<<GITHUB_TOKEN>>@github.com/<<REPO_USERNAME>>/<<REPO_NAME>>.git
|
45
|
-
########### git remote set-url origin https://<<GITHUB_TOKEN>>@github.com/<<REPO_USERNAME>>/<<REPO_NAME>>.git
|
46
|
-
########### git push origin master
|
47
|
-
###########
|
48
|
-
########### Note ==== Query repository with git remote -v to see if an origin has been set
|
49
|
-
########### ==== If no origin set use the set-url variant otherwise use the add variant
|
50
|
-
###########
|
51
|
-
########### ==========================================
|
52
|
-
########### For Pulling (Cloning the Repository =====
|
53
|
-
########### ==========================================
|
54
|
-
###########
|
55
|
-
########### git clone https://github.com/<<REPO_USERNAME>>/<<REPO_NAME>>.git [[safedb-master-crypts]]
|
56
|
-
###########
|
57
|
-
###########
|
58
|
-
###########
|
59
|
-
|
60
|
-
# @todo ------------------------------------------------------------ >>
|
61
|
-
# @todo REFACTOR the below into lib/utils/keys/keypair.rb
|
62
|
-
# @todo REFACTOR And create a utiliy class for bulk of file Writer functionality
|
63
|
-
# @todo Methods in keypair should NOT know about the Indices constants
|
64
|
-
# @todo Refactor name from [Indices] to [Constants]
|
65
|
-
# @todo ------------------------------------------------------------ >>
|
66
|
-
# @todo Method Names
|
67
|
-
# @todo ------------------------------------------------------------ >>
|
68
|
-
# @todo (1) - Constants.write_private_key()
|
69
|
-
# @todo ------------------------------------------------------------ >>
|
70
|
-
|
71
|
-
private_key_path = File.join( Indices::SSH_DIRECTORY_PATH, @verse[ Indices::REMOTE_PRIVATE_KEY_KEYNAME ] )
|
72
|
-
private_key_exists = File.file?( private_key_path )
|
73
|
-
puts "private key found at #{private_key_path}" if private_key_exists
|
74
|
-
|
75
|
-
unless private_key_exists
|
76
|
-
|
77
|
-
puts "private key will be created at #{private_key_path}"
|
78
|
-
file_writer = Write.new()
|
79
|
-
file_writer.file_key = Indices::PRIVATE_KEY_DEFAULT_KEY_NAME
|
80
|
-
file_writer.to_dir = Indices::SSH_DIRECTORY_PATH
|
81
|
-
file_writer.flow()
|
82
|
-
|
83
|
-
FileUtils.chmod( 0600, private_key_path, :verbose => true )
|
84
|
-
|
85
|
-
end
|
86
|
-
|
87
|
-
git_username = @verse[ Indices::GIT_REPOSITORY_USER_KEYNAME ]
|
88
|
-
git_reponame = @verse[ Indices::GIT_REPOSITORY_NAME_KEYNAME ]
|
89
|
-
|
90
|
-
ssh_host_name = @verse[ Indices::REMOTE_MIRROR_SSH_HOST_KEYNAME ]
|
91
|
-
ssh_config_exists = File.file?( Indices::SSH_CONFIG_FILE_PATH )
|
92
|
-
config_file_contents = File.read( Indices::SSH_CONFIG_FILE_PATH ) if ssh_config_exists
|
93
|
-
ssh_config_written = ssh_config_exists && config_file_contents.include?( ssh_host_name )
|
94
|
-
puts "ssh config for host #{ssh_host_name} has already been written" if ssh_config_written
|
95
|
-
|
96
|
-
unless ssh_config_written
|
97
|
-
|
98
|
-
puts "ssh config for host #{ssh_host_name} will be written"
|
99
|
-
config_backup_path = File.join( Indices::SSH_DIRECTORY_PATH, "safe.clobbered.ssh.config-#{TimeStamp.yyjjj_hhmm_sst()}" )
|
100
|
-
File.write( config_backup_path, config_file_contents ) if ssh_config_exists
|
101
|
-
puts "original ssh config at #{config_backup_path}" if ssh_config_exists
|
102
|
-
|
103
|
-
File.open( Indices::SSH_CONFIG_FILE_PATH, "a" ) do |line|
|
104
|
-
line.puts( "\n" )
|
105
|
-
line.puts( "Host #{ ssh_host_name }" )
|
106
|
-
line.puts( "HostName github.com" )
|
107
|
-
line.puts( "User #{ git_username }" )
|
108
|
-
line.puts( "IdentityFile #{ private_key_path }" )
|
109
|
-
line.puts( "StrictHostKeyChecking no" )
|
110
34
|
end
|
111
35
|
|
112
|
-
puts "ssh config has been successfully written"
|
113
|
-
|
114
|
-
end
|
115
|
-
|
116
|
-
puts ""
|
117
|
-
|
118
|
-
ssh_test_cmd_string = "ssh -i #{private_key_path} -vT git@github.com"
|
119
|
-
system( ssh_test_cmd_string )
|
120
|
-
ssh_cmd_exit_status = $?.exitstatus
|
121
|
-
|
122
|
-
unless ssh_cmd_exit_status == 1
|
123
|
-
|
124
|
-
puts ""
|
125
|
-
puts "The command exit status is #{ssh_test_exitstatus}"
|
126
|
-
puts ""
|
127
|
-
puts "### ##### : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
|
128
|
-
puts "### Error : SSH test result did not contain expected string."
|
129
|
-
puts "### Query : #{ ssh_test_cmd_string }"
|
130
|
-
puts "### ##### : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
|
131
|
-
puts ""
|
132
|
-
|
133
|
-
return
|
134
|
-
|
135
|
-
end
|
136
|
-
|
137
|
-
puts ""
|
138
|
-
puts "### ####### : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
|
139
|
-
puts "### Success : The SSH connection test was a roaring success."
|
140
|
-
puts "### Command : #{ ssh_test_cmd_string }"
|
141
|
-
puts "### ####### : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
|
142
|
-
puts ""
|
143
|
-
|
144
|
-
## ==========>>> git rev-parse HEAD
|
145
|
-
|
146
|
-
# git init
|
147
|
-
# git clone `URLTORepository`
|
148
|
-
# cd `into your cloned folder`
|
149
|
-
# git checkout commithash
|
150
|
-
|
151
|
-
puts ""
|
152
|
-
return
|
153
|
-
|
154
|
-
=begin
|
155
|
-
ssh -i ~/.ssh/safedb.code.private.key.pem -vT git@safedb.code
|
156
|
-
git clone https://github.com/devops4me/safedb.net safedb.net
|
157
|
-
git remote set-url --push origin git@safedb.code:devops4me/safedb.net.git
|
158
|
-
=end
|
159
|
-
|
160
|
-
unless ssh_config_file contains git_reponame
|
161
|
-
|
162
|
-
#write out the SSH private key
|
163
|
-
# @todo change the write method to change the file permissions
|
164
|
-
|
165
|
-
# SAFE_PRIVATE_KEY_KEYNAME
|
166
|
-
|
167
|
-
# @todo - Write the chunk of text into .ssh/config file (name is git_reponame)
|
168
|
-
# @todo - the User is git_username
|
169
|
-
# @todo - the IdentityFile is Dir.home() joined to .ssh and User is git_username
|
170
|
-
|
171
|
-
user_host_name = "#{Etc.getlogin()}@#{Socket.gethostname()}"
|
172
|
-
@verse.store( Indices::REMOTE_LAST_PUSH_ON, TimeStamp.readable() )
|
173
|
-
@verse.store( Indices::REMOTE_LAST_PUSH_BY, user_host_name )
|
174
|
-
|
175
|
-
end # end the unless block
|
176
|
-
|
177
|
-
|
178
|
-
# -- SAFE_REMOTE_SSH_HOST = "safe.remote"
|
179
|
-
# -- SAFE_REMOTE_HOST_NAME = "github.com"
|
180
|
-
|
181
|
-
# @todo - link this to the Keys class to use the same string constant
|
182
|
-
# -- SAFE_PRIVATE_KEY_KEYNAME = "private.key"
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
# Do a git init if no .git folder found
|
188
|
-
# do git local config (for name and email) if necessary
|
189
|
-
# do git set remote url add
|
190
|
-
# do git add
|
191
|
-
# do git commit
|
192
|
-
# do git push origin master
|
193
|
-
|
194
|
-
# @verse.store( Indices::REMOTE_LAST_PUSH_ID, )
|
195
|
-
# @todo set git remote url (for push) in the @verse
|
196
|
-
# @todo set git clone url in the @verse
|
197
|
-
# @todo set git commit id in the @verse
|
198
|
-
|
199
|
-
# @todo now set the git clone url and commit ID in the master index file
|
200
|
-
|
201
|
-
# Make sure git pull --from=/path/to/dir LOGS in and writes the /path/to/dir with KEY as the User@hostname
|
202
|
-
|
203
|
-
## Now the git push --to=/path/to/this/dir => IF no path read from @verse
|
204
|
-
## If no verse with user@host path the WRITE to present working directory
|
205
|
-
|
206
|
-
|
207
|
-
|
208
36
|
=begin
|
209
|
-
|
210
|
-
Setting up passwordless git interactions (cloning, pulling, pushing) is the same as setting up passwordless ssh login.
|
211
|
-
|
212
|
-
To interact with Git without passwords you need to
|
213
|
-
|
214
|
-
- setup a public private SSH keypair
|
215
|
-
- install and lock down the private key
|
216
|
-
- create a SSH IdentityFile called config in `$HOME/.ssh/config`
|
217
|
-
- install the public key into BitBucket, GitLab, GitHub or a SSH accessible repo
|
218
|
-
|
219
|
-
### Setup Passwordless SSH
|
220
|
-
|
221
|
-
Passwordless SSH is a prerequisite to passwordless git interaction.
|
222
|
-
|
223
|
-
### The SSH Identity File
|
224
|
-
|
225
|
-
The Identity File is telling the SSH subsystem that when you see this particular hostname (IP Address) - you submit this private key because that host will for sure have the corresponding public key in its authorized keys cache.
|
226
|
-
|
227
|
-
When using Github, Gitlab or BitBucket - you go to a screen and enter in the public key portion.
|
228
|
-
|
229
|
-
```
|
230
|
-
Host bitbucket.server
|
231
|
-
StrictHostKeyChecking no
|
232
|
-
HostName bitbucket.org
|
233
|
-
User joebloggs276
|
234
|
-
IdentityFile /home/joebloggs/.ssh/bitbucket-repo-private-key.pem
|
235
|
-
```
|
236
|
-
|
237
|
-
### The Passwordless SSH Setup Commands
|
238
|
-
|
239
|
-
Our local user `joebloggs` has an account with `bitbucket.org` with username `joebloggs276` and has submitted the public key to it. He has created a private key at `/home/joebloggs/.ssh/bitbucket-repo-private-key.pem` (locked with a 400) and an identity file at `/home/joebloggs/.ssh/config`.
|
240
|
-
|
241
|
-
``` bash
|
242
|
-
ssh-keygen -t rsa # enter /home/joebloggs/.ssh/bitbucket-repo-private-key.pem
|
243
|
-
chmod 400 /home/joebloggs/.ssh/bitbucket-repo-private-key.pem # restrict to user read-only permissions
|
244
|
-
GIT_HOST_IP=bitbucket.org # set the hostname as bitbucket.org
|
245
|
-
ssh-keyscan $GIT_HOST_IP >> /home/joebloggs/.ssh/known_hosts # prevents a authenticity of host cant be established prompt
|
246
|
-
ssh -i /home/joebloggs/.ssh/bitbucket-repo-private-key.pem -vT "joebloggs276@$GIT_HOST_IP" # test that all will be okay
|
247
|
-
git clone git@bitbucket.org:joeltd/bigdata.git mirror.bigdata # this clone against bigdata account and repo is bigdata
|
248
|
-
```
|
249
|
-
|
250
|
-
BITBUCKET_USER=joebloggs276;
|
251
|
-
# curl --user ${BITBUCKET_USER} https://api.bitbucket.org/2.0/repositories/joeltd
|
252
|
-
curl --user ${BITBUCKET_USER} git@api.bitbucket.org/2.0/repositories/joeltd
|
253
|
-
|
254
|
-
|
255
|
-
Note that the clone command uses the bitbucket account called joeltd and the repository is called big_data_scripts.
|
256
|
-
|
257
|
-
The response to the SSH test against a bitbucket repository for user
|
258
|
-
|
259
|
-
`ssh -i /home/joebloggs/.ssh/bitbucket-repo-private-key.pem -vT "joebloggs276@$GIT_HOST_IP"`
|
260
|
-
|
261
|
-
## Setup Git in Existing Directory
|
262
|
-
|
263
|
-
To hook up with a new repository from a directory with files you first
|
264
|
-
|
265
|
-
- create the remote repository (use safe's github and gitlab tooling)
|
266
|
-
- safe will have created a public / private keypair and installed it in the remote repo
|
267
|
-
- locally their should be a private key (with 0600 permissions) and an entry in ~/.ssh/config
|
268
|
-
- go to the git directory (without a .git folder)
|
269
|
-
|
270
|
-
The commands to run
|
271
|
-
|
272
|
-
git init
|
273
|
-
git add -A
|
274
|
-
git status
|
275
|
-
git commit -am "First checkin of project."
|
276
|
-
git remote add origin git@<<Host>>:<<userOrGroup>>/<<repo-name>>.git
|
277
|
-
git remote -v
|
278
|
-
git push --set-upstream origin master
|
279
|
-
|
280
|
-
=end
|
281
|
-
|
282
|
-
|
283
|
-
# @todo -- also see temp-git-code.rb class in this directory
|
284
|
-
# @todo -- also see temp-git-code.rb class in this directory
|
285
|
-
# @todo -- also see temp-git-code.rb class in this directory
|
286
|
-
# @todo -- also see temp-git-code.rb class in this directory
|
287
|
-
# @todo -- also see temp-git-code.rb class in this directory
|
288
|
-
# @todo -- also see temp-git-code.rb class in this directory
|
289
|
-
# @todo -- also see temp-git-code.rb class in this directory
|
290
|
-
# @todo -- also see temp-git-code.rb class in this directory
|
291
|
-
# @todo -- also see temp-git-code.rb class in this directory
|
292
|
-
# @todo -- also see temp-git-code.rb class in this directory
|
293
|
-
|
294
|
-
|
295
|
-
puts ""
|
296
|
-
the_384_key = OpenSSL::PKey::EC.new('secp384r1')
|
297
|
-
the_384_key.generate_key!
|
298
|
-
|
299
|
-
puts "#############################"
|
300
|
-
puts "the 384 key"
|
301
|
-
puts "#############################"
|
302
|
-
puts the_384_key.private_key.to_pem()
|
303
|
-
puts "#############################"
|
304
|
-
puts the_384_key.private_key.export()
|
305
|
-
puts "#############################"
|
306
|
-
puts the_384_key.public_key.export()
|
307
|
-
puts "#############################"
|
308
|
-
puts the_384_key.public_key.to_pem()
|
309
|
-
puts "#############################"
|
310
|
-
puts the_384_key.to_pem()
|
311
|
-
puts "#############################"
|
312
|
-
puts the_384_key.to_text()
|
313
|
-
puts ""
|
314
|
-
|
315
|
-
ec_private_key_encoded = Base64.urlsafe_encode64( the_384_key.to_pem() )
|
316
|
-
|
317
|
-
puts "Private Key Encoded"
|
318
|
-
puts "ec_private_key_encoded"
|
319
|
-
puts ""
|
320
|
-
return
|
321
|
-
|
322
|
-
return
|
323
|
-
puts ""
|
324
|
-
|
325
37
|
removable_drive_path = xxx # ~~~~ read this from the --to variable
|
326
38
|
removable_drive_file = File.join( removable_drive_path, Indices::MASTER_INDICES_FILE_NAME )
|
327
39
|
removable_drive_file_exists = File.exist?( removable_drive_file ) && File.file?( removable_drive_file )
|
@@ -338,15 +50,11 @@ return
|
|
338
50
|
|
339
51
|
is_git = File.exist?( Indices::MASTER_CRYPTS_GIT_PATH ) && File.directory?( Indices::MASTER_CRYPTS_GIT_PATH )
|
340
52
|
|
53
|
+
=end
|
341
54
|
|
342
55
|
|
343
|
-
return
|
344
|
-
|
345
56
|
|
346
57
|
end
|
347
58
|
|
348
59
|
|
349
|
-
end
|
350
|
-
|
351
|
-
|
352
60
|
end
|
@@ -2,7 +2,12 @@
|
|
2
2
|
|
3
3
|
module SafeDb
|
4
4
|
|
5
|
-
#
|
5
|
+
# This class gives a flavour of setting up a git repository to be accessed
|
6
|
+
# with PUBLIC / PRIVATE keys (using SSH) rather than via a GitHub access token
|
7
|
+
# that uses HTTPS (see remote.rb).
|
8
|
+
#
|
9
|
+
# THIS IMPLEMENTATION IS AS YET UNFINISHED BECAUSE IT DOES NOT WRITE INTO THE
|
10
|
+
# SSH CONFIG FILE IN ~/.ssh/config
|
6
11
|
#
|
7
12
|
# A number of setup tasks are executed when you ask that the backend repository be created.
|
8
13
|
#
|
@@ -14,7 +19,7 @@ module SafeDb
|
|
14
19
|
# - the private and public keys are placed within the chapter/verse
|
15
20
|
# - the public (deploy) key is registered with the github repository
|
16
21
|
#
|
17
|
-
class
|
22
|
+
class RemoteGithubKeypair < EditVerse
|
18
23
|
|
19
24
|
attr_writer :provision
|
20
25
|
|
@@ -27,7 +32,7 @@ module SafeDb
|
|
27
32
|
github_access_token = @verse[ Indices::GITHUB_ACCESS_TOKEN ]
|
28
33
|
return unless is_github_access_token_valid( github_access_token )
|
29
34
|
|
30
|
-
repository_name = "
|
35
|
+
repository_name = "safe-#{TimeStamp.yyjjj_hhmm_sst()}"
|
31
36
|
@verse.store( Indices::GIT_REPOSITORY_NAME_KEYNAME, repository_name )
|
32
37
|
private_key_simple_filename = "safe.#{@book.get_open_chapter_name()}.#{@book.get_open_verse_name()}.#{TimeStamp.yyjjj_hhmm_sst()}"
|
33
38
|
@verse.store( Indices::REMOTE_PRIVATE_KEY_KEYNAME, "#{private_key_simple_filename}.pem" )
|
@@ -56,7 +61,7 @@ module SafeDb
|
|
56
61
|
|
57
62
|
github_client = Octokit::Client.new( :access_token => github_access_token )
|
58
63
|
github_user = github_client.user
|
59
|
-
repo_creator = "#{
|
64
|
+
repo_creator = "#{ENV[ "USER" ]}@#{Socket.gethostname()}"
|
60
65
|
repo_description = "This github repository was auto-created by safedb.net to be a remote database backend on behalf of #{repo_creator} on #{TimeStamp.readable()}."
|
61
66
|
repo_homepage = "https://github.com/devops4me/safedb.net/"
|
62
67
|
repository_id = "#{github_user[:login]}/#{repository_name}"
|
@@ -82,11 +87,11 @@ module SafeDb
|
|
82
87
|
:has_issues => false,
|
83
88
|
:has_wiki => false,
|
84
89
|
:has_downloads => false,
|
85
|
-
:auto_init =>
|
90
|
+
:auto_init => false
|
86
91
|
}
|
87
92
|
|
88
93
|
github_client.create_repository( repository_name, options_hash )
|
89
|
-
github_client.add_deploy_key( repository_id, "your safe
|
94
|
+
github_client.add_deploy_key( repository_id, "your safe crypt deployment key with ID #{TimeStamp.yyjjj_hhmm_sst()}", repo_public_key )
|
90
95
|
|
91
96
|
end
|
92
97
|
|
@@ -0,0 +1,69 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
module SafeDb
|
4
|
+
|
5
|
+
# This class uses Github (https) along with an access token (as opposed to ssh keypairs)
|
6
|
+
# to provision a remote backend for a safe database.
|
7
|
+
#
|
8
|
+
# == Github Access Token
|
9
|
+
#
|
10
|
+
# The safe book must be opened at a chapter/verse that contains a line named
|
11
|
+
# `@github.access.token` with a viable token value. This is the only pre-condition to
|
12
|
+
# the `safe remote --provision` command.
|
13
|
+
#
|
14
|
+
# == Flow of Events
|
15
|
+
#
|
16
|
+
# To provision a Github token-based remote backend for the safe database means
|
17
|
+
#
|
18
|
+
# - a repository is created in github
|
19
|
+
# - the repository name and user are stored in the verse
|
20
|
+
# - the fetch/pull/clone url is put into configuration visible before login
|
21
|
+
# - the push origin url is added using the `git remote add origin` command
|
22
|
+
#
|
23
|
+
# Finally prompt the user to issue a commit followed by a push.
|
24
|
+
class RemoteGithubToken < EditVerse
|
25
|
+
|
26
|
+
attr_writer :provision
|
27
|
+
|
28
|
+
# We want to provision (create) the safe's remote (github) backend.
|
29
|
+
# A number of setup tasks are executed when you ask that the backend repository be created.
|
30
|
+
def edit_verse()
|
31
|
+
|
32
|
+
return unless @provision
|
33
|
+
|
34
|
+
github_access_token = @verse[ Indices::GITHUB_ACCESS_TOKEN ]
|
35
|
+
return unless is_github_access_token_valid( github_access_token )
|
36
|
+
|
37
|
+
repository_name = "safe-#{TimeStamp.yyjjj_hhmm_sst()}"
|
38
|
+
@verse.store( Indices::GIT_REPOSITORY_NAME_KEYNAME, repository_name )
|
39
|
+
|
40
|
+
# We could hardcode this to genesis:remote/github which will be
|
41
|
+
# referenced only on the first ever safe pull --from=https://github.com/devops4me/safe-xxxx
|
42
|
+
# This is required for setting the push origin url.
|
43
|
+
remote_mirror_page = "#{@book.book_id()}/#{@book.get_open_chapter_name()}/#{@book.get_open_verse_name()}"
|
44
|
+
Master.new().set_backend_coordinates( remote_mirror_page )
|
45
|
+
|
46
|
+
repository_user = Github.create_repo( github_access_token, repository_name )
|
47
|
+
@verse.store( Indices::GIT_REPOSITORY_USER_KEYNAME, repository_user )
|
48
|
+
|
49
|
+
fetch_url = "https://github.com/#{repository_user}/#{repository_name}.git"
|
50
|
+
push_url = "https://#{repository_user}:#{github_access_token}@github.com/#{repository_user}/#{repository_name}.git"
|
51
|
+
GitFlow.add_origin_url( Indices::MASTER_CRYPTS_FOLDER_PATH, fetch_url )
|
52
|
+
GitFlow.set_push_origin_url( Indices::MASTER_CRYPTS_FOLDER_PATH, push_url )
|
53
|
+
|
54
|
+
end
|
55
|
+
|
56
|
+
|
57
|
+
def is_github_access_token_valid( github_access_token )
|
58
|
+
|
59
|
+
is_invalid = github_access_token.nil?() || github_access_token.strip().length() < 7
|
60
|
+
puts "No valid github access token found." if is_invalid
|
61
|
+
return !is_invalid
|
62
|
+
|
63
|
+
end
|
64
|
+
|
65
|
+
|
66
|
+
end
|
67
|
+
|
68
|
+
|
69
|
+
end
|
@@ -0,0 +1,63 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
module SafeDb
|
4
|
+
|
5
|
+
# Querying the state of the safe on the current machine is what this command
|
6
|
+
# facilitates.
|
7
|
+
#
|
8
|
+
# == Strategy re Safe Events and Commits
|
9
|
+
#
|
10
|
+
# - 1. changes to the safe back-end repository should occur only when a book login occurs
|
11
|
+
# for the first time since the machine booted up (already implemented) OR when a book
|
12
|
+
# is created, destroyed or changes after edits are committed. Also after a password
|
13
|
+
# reset "safe password" the indices will be changed and committed.
|
14
|
+
# Things like last accessed time must come out of the master indices file.
|
15
|
+
#
|
16
|
+
# - 2. 7 key events must be recorded at the JSON path safedb-event-tracking/safedb-events-<<bootup-id>>.json
|
17
|
+
# (above the repository) and these events should be presented in a table in
|
18
|
+
# response to the **`safe state`** command.
|
19
|
+
#
|
20
|
+
# - 3. the 7 events are book create, book destroy, edit, login, logout, commit, refresh
|
21
|
+
# and they must be stored at the bootup ID referenced path and in conjunction with
|
22
|
+
# the branch ID, book name, book ID and the time the event occurred.
|
23
|
+
#
|
24
|
+
# == Touched Use Cases
|
25
|
+
#
|
26
|
+
# This event tracking strategy requires changes in roughly 10 use cases.
|
27
|
+
#
|
28
|
+
# 1. safe prune - as well as pruning branches with unrecognized bootup IDs we also prune old events files
|
29
|
+
# 2. safe state - prints the table of branch, book name, book ID, last state event and the event time
|
30
|
+
# 3. safe state - a column titled S has an asterix (*) if edits occur without being followed by a commit or logout
|
31
|
+
# 4. safe state - the branch column states "this one" if branch ID matches current branch ID
|
32
|
+
# 5. safe state - the table is ordered by the time the branch/books are written in SO THAT the rows do not jump about
|
33
|
+
# 6. safe logout - trashes branches and marks the event (branch/book) row so that it is displayed by safe state
|
34
|
+
# 6. safe login - changes to trashes branches and marks the event (branch/book) row so that it is displayed by safe state
|
35
|
+
# 7. safe destroy <<book>>: - only enact this if the book is not logged in (since boot time) or has been logged out
|
36
|
+
# 8. safe destroy <<book>>: - trash branches, master indices and crypts and referencing rows in the event tracker file
|
37
|
+
# 9. safe rename <<book>>: - only change section header in INI indices to rename the book
|
38
|
+
# 10. safe password - Only allow when no other branch is logged in (its fine if they subsequently logged out)
|
39
|
+
#
|
40
|
+
#
|
41
|
+
# == Limit Occurrences of Book ID
|
42
|
+
#
|
43
|
+
# Do not write book ID everywhere because renaming and destroying books change will cascade.
|
44
|
+
# Book IDs should not be used to name directories or files or crypt headers - (use a reference instead)
|
45
|
+
#
|
46
|
+
#
|
47
|
+
#
|
48
|
+
#
|
49
|
+
class State < Controller
|
50
|
+
|
51
|
+
def execute()
|
52
|
+
|
53
|
+
|
54
|
+
return
|
55
|
+
|
56
|
+
|
57
|
+
end
|
58
|
+
|
59
|
+
|
60
|
+
end
|
61
|
+
|
62
|
+
|
63
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
module SafeDb
|
4
|
+
|
5
|
+
# The safe publish command knows how to talk to external credential consumers
|
6
|
+
# like Kubernetes Secrets, Jenkins Credentials, Git Secrets, Terraform Secrets,
|
7
|
+
# Docker Secrets, HashiCorp's Vault and more besides.
|
8
|
+
#
|
9
|
+
# Use publish to tell safe what to publish, what to publish it as and if
|
10
|
+
# necessary where to publish it to.
|
11
|
+
#
|
12
|
+
# - `safe publish --docker-registry-credentials --kubernetes-secret`
|
13
|
+
# - `safe publish --username-password --jenkins --at http://localhost:8080`
|
14
|
+
#
|
15
|
+
# Visit documentation at https://www.safedb.net/docs/copy-paste
|
16
|
+
class Publish < QueryVerse
|
17
|
+
|
18
|
+
def query_verse()
|
19
|
+
|
20
|
+
|
21
|
+
end
|
22
|
+
|
23
|
+
|
24
|
+
end
|
25
|
+
|
26
|
+
|
27
|
+
end
|