Merge pull request #163 from ovotech/genericise-git

Genericise Git

Author: Chris Every

README.md

@@ -9,7 +9,7 @@ The tool can update keys held in the following locations:
 
 * CircleCI
 * GCS
-* GitHub
+* Git
 * GoCd
 * K8S (GKE only)
 * SSM (AWS Parameter Store)
@@ -93,7 +93,7 @@ Currently, the following locations are supported:
 * GCS 
 * Secrets in GKE
 * Files (encrypted via [mantle](https://github.com/ovotech/mantle) which
-integrates with KMS) in GitHub
+integrates with KMS) in Git
 * SSM (AWS Parameter Store)
 
 ## Rotation Process
@@ -121,7 +121,7 @@ are stored, e.g.:
 "AccountKeyLocations": [{
   "ServiceAccountName": "cloud-key-client-test",
   "RotationAgeThresholdMins": 60,
-  "GitHub": {
+  "Git": {
     "FilePath": "service-account.txt",
     "OrgRepo": "ovotech/cloud-key-rotator",
     "VerifyCircleCISuccess": true,
@@ -148,17 +148,17 @@ deployment has been successful after committing to a GitHub repository. If that
 verification isn't required, you can disable it using the `VerifyCircleCISuccess`
 boolean.
 
-For any GitHub key location, the whole process will be aborted
+For any Git key location, the whole process will be aborted
 if there is no `KmsKey` value set. Unencrypted keys should **never** be committed
 to a Git repository.
 
 ## GPG Commit Signing
 
-Commits to GitHub repositories are required to be GPG signed. In order to
+Commits to Git repositories are required to be GPG signed. In order to
 achieve this, you need to provide 4 things:
 
-* `Username` of the GitHub user commits will be made on behalf of, set in config
-* `Email` address of GitHub user, set in config
+* `Username` of the Git user commits will be made on behalf of, set in config
+* `Email` address of Git user, set in config
 * `ArmouredKeyRing`, aka GPG private key, stored in `/etc/cloud-key-rotator/akr.asc`
 * `Passphrase` to the ArmouredKeyRing
 

pkg/config/config.go

@@ -71,7 +71,7 @@ type KeyLocations struct {
 	ServiceAccountName       string
 	CircleCI                 []location.CircleCI
 	GCS                      []location.Gcs
-	GitHub                   location.GitHub
+	Git                      location.Git
 	Gocd                     []location.Gocd
 	K8s                      []location.K8s
 	SSM                      []location.Ssm

pkg/cred/creds.go

@@ -17,17 +17,17 @@ package cred
 // Credentials type
 type Credentials struct {
 	CircleCIAPIToken string
-	GitHubAccount    GitHubAccount
+	GitAccount       GitAccount
 	AkrPass          string
 	KmsKey           string
 	GocdServer       GocdServer
 }
 
-// GitHubAccount type
-type GitHubAccount struct {
-	GitHubAccessToken string
-	GitName           string
-	GitEmail          string
+// GitAccount type
+type GitAccount struct {
+	GitAccessToken string
+	GitName        string
+	GitEmail       string
 }
 
 // GocdServer type

pkg/location/github.go pkg/location/git.go

@@ -31,15 +31,15 @@ import (
 	gitHttp "gopkg.in/src-d/go-git.v4/plumbing/transport/http"
 )
 
-//GitHub type
-type GitHub struct {
+//Git type
+type Git struct {
 	Filepath              string
 	OrgRepo               string
 	VerifyCircleCISuccess bool
 	CircleCIDeployJobName string
 }
 
-func (gitHub GitHub) Write(serviceAccountName string, keyWrapper KeyWrapper, creds cred.Credentials) (updated UpdatedLocation, err error) {
+func (git Git) Write(serviceAccountName string, keyWrapper KeyWrapper, creds cred.Credentials) (updated UpdatedLocation, err error) {
 
 	if len(creds.KmsKey) == 0 {
 		err = errors.New("Not updating un-encrypted new key in a Git repository. Use the" +
@@ -56,81 +56,81 @@ func (gitHub GitHub) Write(serviceAccountName string, keyWrapper KeyWrapper, cre
 	defer os.RemoveAll(localDir)
 
 	var signKey *openpgp.Entity
-	if signKey, err = crypt.CommitSignKey(creds.GitHubAccount.GitName, creds.GitHubAccount.GitEmail, creds.AkrPass); err != nil {
+	if signKey, err = crypt.CommitSignKey(creds.GitAccount.GitName, creds.GitAccount.GitEmail, creds.AkrPass); err != nil {
 		return
 	}
 
 	var committed *object.Commit
 	const singleLine = false
 	const disableValidation = true
-	if committed, err = writeKeyToRemoteGitRepo(gitHub, serviceAccountName,
+	if committed, err = writeKeyToRemoteGitRepo(git, serviceAccountName,
 		crypt.EncryptedServiceAccountKey(key, creds.KmsKey),
 		localDir, signKey, creds); err != nil {
 		return
 	}
 
-	if gitHub.VerifyCircleCISuccess {
-		err = verifyCircleCIJobSuccess(gitHub.OrgRepo,
+	if git.VerifyCircleCISuccess {
+		err = verifyCircleCIJobSuccess(git.OrgRepo,
 			fmt.Sprintf("%s", committed.ID()),
-			gitHub.CircleCIDeployJobName, creds.CircleCIAPIToken)
+			git.CircleCIDeployJobName, creds.CircleCIAPIToken)
 	}
 
 	updated = UpdatedLocation{
-		LocationType: "GitHub",
-		LocationURI:  gitHub.OrgRepo,
-		LocationIDs:  []string{gitHub.Filepath}}
+		LocationType: "Git",
+		LocationURI:  git.OrgRepo,
+		LocationIDs:  []string{git.Filepath}}
 
 	return
 }
 
 //writeKeyToRemoteGitRepo handles the writing of the supplied key to the *remote*
-// Git repo defined in the GitHub struct
-func writeKeyToRemoteGitRepo(gitHub GitHub, serviceAccountName string,
+// Git repo defined in the Git struct
+func writeKeyToRemoteGitRepo(gitt Git, serviceAccountName string,
 	key []byte, localDir string, signKey *openpgp.Entity, creds cred.Credentials) (committed *object.Commit, err error) {
 	var repo *git.Repository
-	if repo, err = cloneGitRepo(localDir, gitHub.OrgRepo,
-		creds.GitHubAccount.GitHubAccessToken); err != nil {
+	if repo, err = cloneGitRepo(localDir, gitt.OrgRepo,
+		creds.GitAccount.GitAccessToken); err != nil {
 		return
 	}
-	logger.Infof("Cloned git repo: %s", gitHub.OrgRepo)
+	logger.Infof("Cloned git repo: %s", gitt.OrgRepo)
 	var commit plumbing.Hash
-	if commit, err = writeKeyToLocalGitRepo(gitHub, repo, key, serviceAccountName,
+	if commit, err = writeKeyToLocalGitRepo(gitt, repo, key, serviceAccountName,
 		localDir, signKey, creds); err != nil {
 		return
 	}
 	if committed, err = repo.CommitObject(commit); err != nil {
 		return
 	}
-	logger.Infof("Committed to local git repo: %s", gitHub.OrgRepo)
+	logger.Infof("Committed to local git repo: %s", gitt.OrgRepo)
 	if err = repo.Push(&git.PushOptions{Auth: &gitHttp.BasicAuth{
 		Username: "abc123", // yes, this can be anything except an empty string
-		Password: creds.GitHubAccount.GitHubAccessToken,
+		Password: creds.GitAccount.GitAccessToken,
 	},
 		Progress: os.Stdout}); err != nil {
 		return
 	}
-	logger.Infof("Pushed to remote git repo: %s", gitHub.OrgRepo)
+	logger.Infof("Pushed to remote git repo: %s", gitt.OrgRepo)
 	return
 }
 
 //writeKeyToLocalGitRepo handles the writing of the supplied key to the *local*
-// Git repo defined in the GitHub struct
-func writeKeyToLocalGitRepo(gitHub GitHub, repo *git.Repository, key []byte,
+// Git repo defined in the Git struct
+func writeKeyToLocalGitRepo(gitt Git, repo *git.Repository, key []byte,
 	serviceAccountName, localDir string, signKey *openpgp.Entity, creds cred.Credentials) (commmit plumbing.Hash, err error) {
 	var w *git.Worktree
 	if w, err = repo.Worktree(); err != nil {
 		return
 	}
-	fullFilePath := localDir + "/" + gitHub.Filepath
+	fullFilePath := localDir + "/" + gitt.Filepath
 	if err = ioutil.WriteFile(fullFilePath, key, 0644); err != nil {
 		return
 	}
 	w.Add(fullFilePath)
 	autoStage := true
 	return w.Commit(fmt.Sprintf("CKR updating %s", serviceAccountName), &git.CommitOptions{
 		Author: &object.Signature{
-			Name:  creds.GitHubAccount.GitName,
-			Email: creds.GitHubAccount.GitEmail,
+			Name:  creds.GitAccount.GitName,
+			Email: creds.GitAccount.GitEmail,
 			When:  time.Now(),
 		},
 		All:     autoStage,

pkg/location/keywriter.go

@@ -14,7 +14,7 @@
 
 package location
 
-//keyWriter defines the function signature for writing key to a location, e.g. CircleCI, K8S cluster or GitHub.
+//keyWriter defines the function signature for writing key to a location, e.g. CircleCI, K8S cluster or Git.
 import "github.com/ovotech/cloud-key-rotator/pkg/cred"
 
 //KeyWriter interface

pkg/rotate/rotatekeys.go

@@ -281,8 +281,8 @@ func locationsToUpdate(keyLocation config.KeyLocations) (kws []location.KeyWrite
 		googleAppCredsRequired = true
 	}
 
-	if len(keyLocation.GitHub.OrgRepo) > 0 {
-		kws = append(kws, keyLocation.GitHub)
+	if len(keyLocation.Git.OrgRepo) > 0 {
+		kws = append(kws, keyLocation.Git)
 	}
 
 	for _, gocd := range keyLocation.Gocd {
@@ -305,7 +305,7 @@ func locationsToUpdate(keyLocation config.KeyLocations) (kws []location.KeyWrite
 	return
 }
 
-//updateKeyLocation updates locations specified in keyLocations with the new key, e.g. GitHub, CircleCI and K8s
+//updateKeyLocation updates locations specified in keyLocations with the new key, e.g. Git, CircleCI and K8s
 func updateKeyLocation(account string, keyLocations config.KeyLocations,
 	keyWrapper location.KeyWrapper, creds cred.Credentials) (err error) {