feat(backup): secret storage

Author: fiftin

db/SecretStorage.go

@@ -10,8 +10,8 @@ const (
 )
 
 type SecretStorage struct {
-	ID        int               `db:"id" json:"id"`
-	ProjectID int               `db:"project_id" json:"project_id"`
+	ID        int               `db:"id" json:"id" backup:"-"`
+	ProjectID int               `db:"project_id" json:"project_id" backup:"-"`
 	Name      string            `db:"name" json:"name"`
 	Type      SecretStorageType `db:"type" json:"type"`
 	Params    MapStringAnyField `db:"params" json:"params"`

services/project/backup.go

@@ -174,6 +174,11 @@ func (b *BackupDB) load(projectID int, store db.Store) (err error) {
 	}
 	//b.schedules = getSchedulesByProject(projectID, schedules)
 
+	b.secretStorages, err = store.GetSecretStorages(projectID)
+	if err != nil {
+		return
+	}
+
 	b.meta, err = store.GetProject(projectID)
 	if err != nil {
 		return
@@ -214,6 +219,7 @@ func (b *BackupDB) load(projectID int, store db.Store) (err error) {
 }
 
 func (b *BackupDB) format() (*BackupFormat, error) {
+
 	schedules := make([]BackupSchedule, len(b.schedules))
 	for i, o := range b.schedules {
 
@@ -236,7 +242,27 @@ func (b *BackupDB) format() (*BackupFormat, error) {
 	keys := make([]BackupAccessKey, len(b.keys))
 	for i, o := range b.keys {
 		keys[i] = BackupAccessKey{
-			o,
+			AccessKey: o,
+		}
+	}
+
+	secretStorages := make([]BackupSecretStorage, len(b.secretStorages))
+	for i, o := range b.secretStorages {
+		secretStorages[i] = BackupSecretStorage{
+			SecretStorage: o,
+		}
+
+		for _, key := range keys {
+			if *key.StorageID == o.ID {
+				secretStorages[i].VaultTokenKeyName = key.Name
+				break
+			}
+		}
+
+		for k := range keys {
+			if *keys[k].SourceStorageID == o.ID {
+				keys[k].SourceStorage = &o.Name
+			}
 		}
 	}
 
@@ -388,6 +414,7 @@ func (b *BackupDB) format() (*BackupFormat, error) {
 		Integration:        integrations,
 		IntegrationAliases: integrationAliases,
 		Schedules:          schedules,
+		SecretStorages:     secretStorages,
 	}, nil
 }
 
@@ -405,7 +432,7 @@ func (b *BackupFormat) Marshal() (res string, err error) {
 		return
 	}
 
-	bytes, err := json.Marshal(data)
+	bytes, err := json.MarshalIndent(data, "", "  ")
 	if err != nil {
 		return
 	}

services/project/restore.go

@@ -32,6 +32,21 @@ func verifyDuplicate[T BackupEntry](name string, items []T) error {
 	return nil
 }
 
+func (e BackupSecretStorage) Verify(backup *BackupFormat) error {
+	return verifyDuplicate[BackupSecretStorage](e.Name, backup.SecretStorages)
+}
+
+func (e BackupSecretStorage) Restore(store db.Store, b *BackupDB) error {
+	st := e.SecretStorage
+	st.ProjectID = b.meta.ID
+	newStorage, err := store.CreateSecretStorage(st)
+	if err != nil {
+		return err
+	}
+	b.secretStorages = append(b.secretStorages, newStorage)
+	return nil
+}
+
 func (e BackupEnvironment) Verify(backup *BackupFormat) error {
 	return verifyDuplicate[BackupEnvironment](e.Name, backup.Environments)
 }
@@ -412,6 +427,11 @@ func (backup *BackupFormat) Verify() error {
 			return fmt.Errorf("error at inventories[%d]: %s", i, err.Error())
 		}
 	}
+	for i, o := range backup.SecretStorages {
+		if err := o.Verify(backup); err != nil {
+			return fmt.Errorf("error at secret storage[%d]: %s", i, err.Error())
+		}
+	}
 	for i, o := range backup.Templates {
 		if err := o.Verify(backup); err != nil {
 			return fmt.Errorf("error at templates[%d]: %s", i, err.Error())
@@ -509,5 +529,11 @@ func (backup *BackupFormat) Restore(user db.User, store db.Store) (*db.Project,
 		}
 	}
 
+	for i, o := range backup.SecretStorages {
+		if err := o.Restore(store, &b); err != nil {
+			return nil, fmt.Errorf("error at secret storage[%d]: %s", i, err.Error())
+		}
+	}
+
 	return &newProject, nil
 }

services/project/types.go

@@ -19,19 +19,22 @@ type BackupDB struct {
 	integrationAliases       map[int][]db.IntegrationAlias
 	integrationMatchers      map[int][]db.IntegrationMatcher
 	integrationExtractValues map[int][]db.IntegrationExtractValue
+
+	secretStorages []db.SecretStorage
 }
 
 type BackupFormat struct {
-	Meta               BackupMeta          `backup:"meta"`
-	Templates          []BackupTemplate    `backup:"templates"`
-	Repositories       []BackupRepository  `backup:"repositories"`
-	Keys               []BackupAccessKey   `backup:"keys"`
-	Views              []BackupView        `backup:"views"`
-	Inventories        []BackupInventory   `backup:"inventories"`
-	Environments       []BackupEnvironment `backup:"environments"`
-	Integration        []BackupIntegration `backup:"integrations"`
-	IntegrationAliases []string            `backup:"integration_aliases"`
-	Schedules          []BackupSchedule    `backup:"schedules"`
+	Meta               BackupMeta            `backup:"meta"`
+	Templates          []BackupTemplate      `backup:"templates"`
+	Repositories       []BackupRepository    `backup:"repositories"`
+	Keys               []BackupAccessKey     `backup:"keys"`
+	Views              []BackupView          `backup:"views"`
+	Inventories        []BackupInventory     `backup:"inventories"`
+	Environments       []BackupEnvironment   `backup:"environments"`
+	Integration        []BackupIntegration   `backup:"integrations"`
+	IntegrationAliases []string              `backup:"integration_aliases"`
+	Schedules          []BackupSchedule      `backup:"schedules"`
+	SecretStorages     []BackupSecretStorage `backup:"secret_storages"`
 }
 
 type BackupMeta struct {
@@ -44,6 +47,7 @@ type BackupEnvironment struct {
 
 type BackupAccessKey struct {
 	db.AccessKey
+	SourceStorage *string `backup:"source_storage"`
 }
 
 type BackupSchedule struct {
@@ -95,6 +99,11 @@ type BackupIntegration struct {
 	AuthSecret    *string                      `backup:"auth_secret"`
 }
 
+type BackupSecretStorage struct {
+	db.SecretStorage
+	VaultTokenKeyName string `backup:"vault_token_key_name"`
+}
+
 type BackupEntry interface {
 	GetName() string
 	Verify(backup *BackupFormat) error
@@ -124,3 +133,7 @@ func (e BackupView) GetName() string {
 func (e BackupTemplate) GetName() string {
 	return e.Name
 }
+
+func (e BackupSecretStorage) GetName() string {
+	return e.Name
+}