Write new secret manager using existing RSA logic

2025-06-22 17:17:56 +02:00
parent 5985a726e3
commit 82ec7fabb4
34 changed files with 2042 additions and 640 deletions
--- a/packages/sshecret-admin/migrations/env.py
+++ b/packages/sshecret-admin/migrations/env.py
@ -1,11 +1,11 @@
 import os
 from logging.config import fileConfig

-from sqlalchemy import engine_from_config
-from sqlalchemy import pool
+from sqlalchemy import Engine, engine_from_config, pool, create_engine

 from alembic import context
 from sshecret_admin.auth.models import Base
+from sshecret_admin.core.settings import AdminServerSettings

 # this is the Alembic Config object, which provides
 # access to the values within the .ini file in use.
@ -14,9 +14,30 @@ config = context.config

 def get_database_url() -> str | None:
    """Get database URL."""
-    if db_file := os.getenv("SSHECRET_ADMIN_DATABASE"):
-        return f"sqlite:///{db_file}"
-    return config.get_main_option("sqlalchemy.url")
+    try:
+        settings = AdminServerSettings()  # pyright: ignore[reportCallIssue]
+        return str(settings.admin_db)
+    except Exception:
+        if db_file := os.getenv("SSHECRET_ADMIN_DATABASE"):
+            return f"sqlite:///{db_file}"
+        return config.get_main_option("sqlalchemy.url")
+
+
+def get_engine() -> Engine:
+    """Get engine."""
+    try:
+        settings = AdminServerSettings()  # pyright: ignore[reportCallIssue]
+        engine = create_engine(settings.admin_db)
+        return engine
+    except Exception:
+        connectable = engine_from_config(
+            config.get_section(config.config_ini_section, {}),
+            prefix="sqlalchemy.",
+            poolclass=pool.NullPool,
+        )
+        return connectable
+
+


 # Interpret the config file for Python logging.
@ -68,12 +89,7 @@ def run_migrations_online() -> None:
    and associate a connection with the context.

    """
-    connectable = engine_from_config(
-        config.get_section(config.config_ini_section, {}),
-        prefix="sqlalchemy.",
-        poolclass=pool.NullPool,
-    )
-
+    connectable = get_engine()
    with connectable.connect() as connection:
        context.configure(
            connection=connection, target_metadata=target_metadata, render_as_batch=True
--- a/packages/sshecret-admin/migrations/versions/84356d0ea85f_implement_db_structures_for_internal_.py
+++ b/packages/sshecret-admin/migrations/versions/84356d0ea85f_implement_db_structures_for_internal_.py
@ -0,0 +1,44 @@
+"""Implement db structures for internal password manager
+
+Revision ID: 84356d0ea85f
+Revises: 6c148590471f
+Create Date: 2025-06-21 07:21:02.257865
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision: str = '84356d0ea85f'
+down_revision: Union[str, None] = '6c148590471f'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Upgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('groups',
+    sa.Column('id', sa.Uuid(), nullable=False),
+    sa.Column('name', sa.String(), nullable=False),
+    sa.Column('parent_id', sa.Uuid(), nullable=True),
+    sa.ForeignKeyConstraint(['parent_id'], ['groups.id'], ),
+    sa.PrimaryKeyConstraint('id')
+    )
+    with op.batch_alter_table('password_db', schema=None) as batch_op:
+        batch_op.add_column(sa.Column('client_id', sa.Uuid(), nullable=True))
+
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    """Downgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table('password_db', schema=None) as batch_op:
+        batch_op.drop_column('client_id')
+
+    op.drop_table('groups')
+    # ### end Alembic commands ###
--- a/packages/sshecret-admin/migrations/versions/c34707a1ea3a_implement_managed_secrets.py
+++ b/packages/sshecret-admin/migrations/versions/c34707a1ea3a_implement_managed_secrets.py
@ -0,0 +1,48 @@
+"""Implement managed secrets
+
+Revision ID: c34707a1ea3a
+Revises: 84356d0ea85f
+Create Date: 2025-06-21 07:38:12.994535
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision: str = 'c34707a1ea3a'
+down_revision: Union[str, None] = '84356d0ea85f'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Upgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('managed_secrets',
+    sa.Column('id', sa.Uuid(), nullable=False),
+    sa.Column('name', sa.String(), nullable=False),
+    sa.Column('is_deleted', sa.Boolean(), nullable=False),
+    sa.Column('group_id', sa.Uuid(), nullable=True),
+    sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('(CURRENT_TIMESTAMP)'), nullable=False),
+    sa.Column('updated_at', sa.DateTime(timezone=True), server_default=sa.text('(CURRENT_TIMESTAMP)'), nullable=True),
+    sa.Column('deleted_at', sa.DateTime(timezone=True), nullable=True),
+    sa.ForeignKeyConstraint(['group_id'], ['groups.id'], ondelete='SET NULL'),
+    sa.PrimaryKeyConstraint('id')
+    )
+    with op.batch_alter_table('groups', schema=None) as batch_op:
+        batch_op.add_column(sa.Column('description', sa.String(), nullable=True))
+
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    """Downgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table('groups', schema=None) as batch_op:
+        batch_op.drop_column('description')
+
+    op.drop_table('managed_secrets')
+    # ### end Alembic commands ###