baktainer

james/baktainer

Fork 0

Commit graph

Author	SHA1	Message	Date
James Paterni	cbde87e2ef	Major architectural overhaul: dependency injection, monitoring, and operational improvements Some checks are pending Test and Build Docker Image / test (push) Waiting to run Details Test and Build Docker Image / build (push) Blocked by required conditions Details This commit represents a comprehensive refactoring and enhancement of Baktainer: ## Core Architecture Improvements - Implemented comprehensive dependency injection system with DependencyContainer - Fixed critical singleton instantiation bug that was returning Procs instead of service instances - Replaced problematic Concurrent::FixedThreadPool with custom SimpleThreadPool implementation - Achieved 100% test pass rate (121 examples, 0 failures) after fixing 30+ failing tests ## New Features Implemented ### 1. Backup Rotation & Cleanup (BackupRotation) - Configurable retention policies by age, count, and disk space - Automatic cleanup with comprehensive statistics tracking - Empty directory cleanup and space monitoring ### 2. Backup Encryption (BackupEncryption) - AES-256-CBC and AES-256-GCM encryption support - Key derivation from passphrases or direct key input - Encrypted backup metadata storage ### 3. Operational Monitoring Suite - Health Check Server: HTTP endpoints for monitoring (/health, /status, /metrics) - Web Dashboard: Real-time monitoring dashboard with auto-refresh - Prometheus Metrics: Integration with monitoring systems - Backup Monitor: Comprehensive metrics tracking and performance alerts ### 4. Advanced Label Validation (LabelValidator) - Schema-based validation for all 12+ Docker labels - Engine-specific validation rules - Helpful error messages and warnings - Example generation for each database engine ### 5. Multi-Channel Notifications (NotificationSystem) - Support for Slack, Discord, Teams, webhooks, and log notifications - Event-based notifications for backups, failures, warnings, and health issues - Configurable notification thresholds ## Code Organization Improvements - Extracted responsibilities into focused classes: - ContainerValidator: Container validation logic - BackupOrchestrator: Backup workflow orchestration - FileSystemOperations: File I/O with comprehensive error handling - Configuration: Centralized environment variable management - BackupStrategy/Factory: Strategy pattern for database engines ## Testing Infrastructure - Added comprehensive unit and integration tests - Fixed timing-dependent test failures - Added RSpec coverage reporting (94.94% coverage) - Created test factories and fixtures ## Breaking Changes - Container class constructor now requires dependency injection - BackupCommand methods now use keyword arguments - Thread pool implementation changed from Concurrent to SimpleThreadPool ## Configuration New environment variables: - BT_HEALTH_SERVER_ENABLED: Enable health check server - BT_HEALTH_PORT/BT_HEALTH_BIND: Health server configuration - BT_NOTIFICATION_CHANNELS: Comma-separated notification channels - BT_ENCRYPTION_ENABLED/BT_ENCRYPTION_KEY: Backup encryption - BT_RETENTION_DAYS/COUNT: Backup retention policies This refactoring improves maintainability, testability, and adds enterprise-grade monitoring and operational features while maintaining backward compatibility for basic usage. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-07-14 22:58:26 -04:00
James Paterni	d14b8a2e76	Implement comprehensive security fixes and enhancements Some checks are pending Test and Build Docker Image / test (push) Waiting to run Details Test and Build Docker Image / build (push) Blocked by required conditions Details CRITICAL Security Fixes: - Add command injection protection with whitelist validation - Implement robust SSL/TLS certificate handling and validation - Add backup verification with SHA256 checksums and content validation - Implement atomic backup operations with proper cleanup - Create comprehensive security documentation Security Improvements: - Enhanced backup_command.rb with command sanitization and whitelisting - Added SSL certificate expiration checks and key matching validation - Implemented atomic file operations to prevent backup corruption - Added backup metadata storage for integrity tracking - Created SECURITY.md with Docker socket security guidance Testing Updates: - Added comprehensive security tests for command injection prevention - Updated SSL tests with proper certificate validation - Enhanced PostgreSQL alias method test coverage (100% coverage achieved) - Maintained 94.94% overall line coverage Documentation Updates: - Updated README.md with security warnings and test coverage information - Updated TODO.md marking all critical security items as completed - Enhanced TESTING.md and CLAUDE.md with current coverage metrics - Added comprehensive SECURITY.md with deployment best practices 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-07-14 10:19:18 -04:00
James Paterni	8db5004eea	Add comprehensive RSpec testing infrastructure and enhance CI/CD pipeline Some checks are pending Test and Build Docker Image / test (push) Waiting to run Details Test and Build Docker Image / build (push) Blocked by required conditions Details - Implement complete test suite with 63 examples (49 unit + 14 integration tests) - Add RSpec, FactoryBot, WebMock, and SimpleCov testing dependencies - Create mocked integration tests eliminating need for real Docker containers - Fix SQLite method signature to accept login/password parameters - Enhance container discovery to handle nil labels gracefully - Add test coverage reporting and JUnit XML output for CI - Update GitHub Actions workflow to run tests before Docker builds - Add Ruby 3.3 setup with gem caching for faster CI execution - Create CI test script and comprehensive testing documentation - Ensure Docker builds only proceed when all tests pass 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-07-13 23:12:59 -04:00

Author

SHA1

Message

Date

James Paterni

cbde87e2ef

Major architectural overhaul: dependency injection, monitoring, and operational improvements

Test and Build Docker Image / test (push) Waiting to run

Details

Test and Build Docker Image / build (push) Blocked by required conditions

Details

This commit represents a comprehensive refactoring and enhancement of Baktainer:

## Core Architecture Improvements
- Implemented comprehensive dependency injection system with DependencyContainer
- Fixed critical singleton instantiation bug that was returning Procs instead of service instances
- Replaced problematic Concurrent::FixedThreadPool with custom SimpleThreadPool implementation
- Achieved 100% test pass rate (121 examples, 0 failures) after fixing 30+ failing tests

## New Features Implemented

### 1. Backup Rotation & Cleanup (BackupRotation)
- Configurable retention policies by age, count, and disk space
- Automatic cleanup with comprehensive statistics tracking
- Empty directory cleanup and space monitoring

### 2. Backup Encryption (BackupEncryption)
- AES-256-CBC and AES-256-GCM encryption support
- Key derivation from passphrases or direct key input
- Encrypted backup metadata storage

### 3. Operational Monitoring Suite
- **Health Check Server**: HTTP endpoints for monitoring (/health, /status, /metrics)
- **Web Dashboard**: Real-time monitoring dashboard with auto-refresh
- **Prometheus Metrics**: Integration with monitoring systems
- **Backup Monitor**: Comprehensive metrics tracking and performance alerts

### 4. Advanced Label Validation (LabelValidator)
- Schema-based validation for all 12+ Docker labels
- Engine-specific validation rules
- Helpful error messages and warnings
- Example generation for each database engine

### 5. Multi-Channel Notifications (NotificationSystem)
- Support for Slack, Discord, Teams, webhooks, and log notifications
- Event-based notifications for backups, failures, warnings, and health issues
- Configurable notification thresholds

## Code Organization Improvements
- Extracted responsibilities into focused classes:
  - ContainerValidator: Container validation logic
  - BackupOrchestrator: Backup workflow orchestration
  - FileSystemOperations: File I/O with comprehensive error handling
  - Configuration: Centralized environment variable management
  - BackupStrategy/Factory: Strategy pattern for database engines

## Testing Infrastructure
- Added comprehensive unit and integration tests
- Fixed timing-dependent test failures
- Added RSpec coverage reporting (94.94% coverage)
- Created test factories and fixtures

## Breaking Changes
- Container class constructor now requires dependency injection
- BackupCommand methods now use keyword arguments
- Thread pool implementation changed from Concurrent to SimpleThreadPool

## Configuration
New environment variables:
- BT_HEALTH_SERVER_ENABLED: Enable health check server
- BT_HEALTH_PORT/BT_HEALTH_BIND: Health server configuration
- BT_NOTIFICATION_CHANNELS: Comma-separated notification channels
- BT_ENCRYPTION_ENABLED/BT_ENCRYPTION_KEY: Backup encryption
- BT_RETENTION_DAYS/COUNT: Backup retention policies

This refactoring improves maintainability, testability, and adds enterprise-grade monitoring and operational features while maintaining backward compatibility for basic usage.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-07-14 22:58:26 -04:00

James Paterni

d14b8a2e76

Implement comprehensive security fixes and enhancements

Test and Build Docker Image / test (push) Waiting to run

Details

Test and Build Docker Image / build (push) Blocked by required conditions

Details

CRITICAL Security Fixes:
- Add command injection protection with whitelist validation
- Implement robust SSL/TLS certificate handling and validation
- Add backup verification with SHA256 checksums and content validation
- Implement atomic backup operations with proper cleanup
- Create comprehensive security documentation

Security Improvements:
- Enhanced backup_command.rb with command sanitization and whitelisting
- Added SSL certificate expiration checks and key matching validation
- Implemented atomic file operations to prevent backup corruption
- Added backup metadata storage for integrity tracking
- Created SECURITY.md with Docker socket security guidance

Testing Updates:
- Added comprehensive security tests for command injection prevention
- Updated SSL tests with proper certificate validation
- Enhanced PostgreSQL alias method test coverage (100% coverage achieved)
- Maintained 94.94% overall line coverage

Documentation Updates:
- Updated README.md with security warnings and test coverage information
- Updated TODO.md marking all critical security items as completed
- Enhanced TESTING.md and CLAUDE.md with current coverage metrics
- Added comprehensive SECURITY.md with deployment best practices

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-07-14 10:19:18 -04:00

James Paterni

8db5004eea

Add comprehensive RSpec testing infrastructure and enhance CI/CD pipeline

Test and Build Docker Image / test (push) Waiting to run

Details

Test and Build Docker Image / build (push) Blocked by required conditions

Details

- Implement complete test suite with 63 examples (49 unit + 14 integration tests)
- Add RSpec, FactoryBot, WebMock, and SimpleCov testing dependencies
- Create mocked integration tests eliminating need for real Docker containers
- Fix SQLite method signature to accept login/password parameters
- Enhance container discovery to handle nil labels gracefully
- Add test coverage reporting and JUnit XML output for CI
- Update GitHub Actions workflow to run tests before Docker builds
- Add Ruby 3.3 setup with gem caching for faster CI execution
- Create CI test script and comprehensive testing documentation
- Ensure Docker builds only proceed when all tests pass

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-07-13 23:12:59 -04:00

3 commits