Skip to content

Commit d51ec66

Browse files
johnstcnjohnstcn
committed
dbcrypt-rotate -> server dbcrypt rotate
1 parent cce0244 commit d51ec66

14 files changed

+87
-35
lines changed

docs/cli.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,6 @@ Coder — A tool for provisioning self-hosted development environments with Terr
2727
| ------------------------------------------------------ | ----------------------------------------------------------------------------------------------------- |
2828
| [<code>config-ssh</code>](./cli/config-ssh.md) | Add an SSH Host entry for your workspaces "ssh coder.workspace" |
2929
| [<code>create</code>](./cli/create.md) | Create a workspace |
30-
| [<code>dbcrypt-rotate</code>](./cli/dbcrypt-rotate.md) | Rotate database encryption keys |
3130
| [<code>delete</code>](./cli/delete.md) | Delete a workspace |
3231
| [<code>dotfiles</code>](./cli/dotfiles.md) | Personalize your workspace by applying a canonical dotfiles repository |
3332
| [<code>features</code>](./cli/features.md) | List Enterprise features |

docs/cli/server.md

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/cli/server_dbcrypt.md

Lines changed: 17 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/cli/dbcrypt-rotate.md renamed to docs/cli/server_dbcrypt_rotate.md

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/manifest.json

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -547,11 +547,6 @@
547547
"description": "Create a workspace",
548548
"path": "cli/create.md"
549549
},
550-
{
551-
"title": "dbcrypt-rotate",
552-
"description": "Rotate database encryption keys",
553-
"path": "cli/dbcrypt-rotate.md"
554-
},
555550
{
556551
"title": "delete",
557552
"description": "Delete a workspace",
@@ -711,6 +706,16 @@
711706
"description": "Create a new admin user with the given username, email and password and adds it to every organization.",
712707
"path": "cli/server_create-admin-user.md"
713708
},
709+
{
710+
"title": "server dbcrypt",
711+
"description": "Manage database encryption",
712+
"path": "cli/server_dbcrypt.md"
713+
},
714+
{
715+
"title": "server dbcrypt rotate",
716+
"description": "Rotate database encryption keys",
717+
"path": "cli/server_dbcrypt_rotate.md"
718+
},
714719
{
715720
"title": "server postgres-builtin-serve",
716721
"description": "Run the built-in PostgreSQL deployment.",

enterprise/cli/dbcrypt_rotate_slim.go

Lines changed: 0 additions & 20 deletions
This file was deleted.

enterprise/cli/root.go

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,6 @@ func (r *RootCmd) enterpriseOnly() []*clibase.Cmd {
1717
r.licenses(),
1818
r.groups(),
1919
r.provisionerDaemons(),
20-
r.dbcryptRotate(),
2120
}
2221
}
2322

enterprise/cli/server.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -98,5 +98,9 @@ func (r *RootCmd) Server(_ func()) *clibase.Cmd {
9898
}
9999
return api.AGPL, api, nil
100100
})
101+
102+
cmd.AddSubcommands(
103+
r.dbcryptCmd(),
104+
)
101105
return cmd
102106
}

enterprise/cli/dbcrypt_rotate.go renamed to enterprise/cli/server_dbcrypt_rotate.go

Lines changed: 17 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,14 +19,28 @@ import (
1919
"golang.org/x/xerrors"
2020
)
2121

22-
func (*RootCmd) dbcryptRotate() *clibase.Cmd {
22+
func (r *RootCmd) dbcryptCmd() *clibase.Cmd {
23+
dbcryptCmd := &clibase.Cmd{
24+
Use: "dbcrypt",
25+
Short: "Manage database encryption.",
26+
Handler: func(inv *clibase.Invocation) error {
27+
return inv.Command.HelpHandler(inv)
28+
},
29+
}
30+
dbcryptCmd.AddSubcommands(
31+
r.dbcryptRotateCmd(),
32+
)
33+
return dbcryptCmd
34+
}
35+
36+
func (*RootCmd) dbcryptRotateCmd() *clibase.Cmd {
2337
var (
2438
vals = new(codersdk.DeploymentValues)
2539
opts = vals.Options()
2640
)
2741
cmd := &clibase.Cmd{
28-
Use: "dbcrypt-rotate --postgres-url <postgres_url> --external-token-encryption-keys <new-key>,<old-keys>",
29-
Short: "Rotate database encryption keys",
42+
Use: "rotate",
43+
Short: "Rotate database encryption keys.",
3044
Options: clibase.OptionSet{
3145
*opts.ByName("Postgres Connection URL"),
3246
*opts.ByName("External Token Encryption Keys"),

enterprise/cli/dbcrypt_rotate_test.go renamed to enterprise/cli/server_dbcrypt_rotate_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ func TestDBCryptRotate(t *testing.T) {
5050
require.NoError(t, err)
5151

5252
// Encrypt all the data with the initial cipher.
53-
inv, _ := newCLI(t, "dbcrypt-rotate",
53+
inv, _ := newCLI(t, "server", "dbcrypt", "rotate",
5454
"--postgres-url", connectionURL,
5555
"--external-token-encryption-keys", base64.StdEncoding.EncodeToString([]byte(keyA)),
5656
)
@@ -79,7 +79,7 @@ func TestDBCryptRotate(t *testing.T) {
7979
base64.StdEncoding.EncodeToString([]byte(keyA)),
8080
)
8181

82-
inv, _ = newCLI(t, "dbcrypt-rotate",
82+
inv, _ = newCLI(t, "server", "dbcrypt", "rotate",
8383
"--postgres-url", connectionURL,
8484
"--external-token-encryption-keys", externalTokensArg,
8585
)

enterprise/cli/testdata/coder_--help.golden

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,6 @@ Coder v0.0.0-devel — A tool for provisioning self-hosted development environme
1010
 $ coder templates init 
1111

1212
Subcommands
13-
dbcrypt-rotate Rotate database encryption keys
1413
features List Enterprise features
1514
groups Manage groups
1615
licenses Add, delete, and list licenses

enterprise/cli/testdata/coder_server_--help.golden

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ Start a Coder server
66
create-admin-user Create a new admin user with the given username,
77
email and password and adds it to every
88
organization.
9+
dbcrypt Manage database encryption.
910
postgres-builtin-serve Run the built-in PostgreSQL deployment.
1011
postgres-builtin-url Output the connection URL for the built-in
1112
PostgreSQL deployment.

enterprise/cli/testdata/coder_server_dbcrypt_--help.golden

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
Usage: coder server dbcrypt
2+
3+
Manage database encryption.
4+
5+
Subcommands
6+
rotate Rotate database encryption keys.
7+
8+
---
9+
Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_server_dbcrypt_rotate_--help.golden

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
Usage: coder server dbcrypt rotate [flags]
2+
3+
Rotate database encryption keys.
4+
5+
Options
6+
--postgres-url string, $CODER_PG_CONNECTION_URL
7+
URL of a PostgreSQL database. If empty, PostgreSQL binaries will be
8+
downloaded from Maven (https://repo1.maven.org/maven2) and store all
9+
data in the config root. Access the built-in database with "coder
10+
server postgres-builtin-url".
11+
12+
Enterprise Options
13+
These options are only available in the Enterprise Edition.
14+
15+
--external-token-encryption-keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_KEYS
16+
Encrypt OIDC and Git authentication tokens with AES-256-GCM in the
17+
database. The value must be a comma-separated list of base64-encoded
18+
keys. Each key, when base64-decoded, must be exactly 32 bytes in
19+
length. The first key will be used to encrypt new values. Subsequent
20+
keys will be used as a fallback when decrypting. During normal
21+
operation it is recommended to only set one key.
22+
23+
---
24+
Run `coder --help` for a list of global options.

0 commit comments

Comments
 (0)