Support authentication by login & password, refactor API

.gitignore

@@ -7,8 +7,6 @@
 /test-postgres.yaml
 
 # Arch Linux build
-src
-pkg
 /.build/backup-maker
 /*.tar.zst
 /*.tar.gz

Makefile

@@ -16,18 +16,19 @@ push-docker: ## Release docker
 	docker push ghcr.io/riotkit-org/br-backup-maker:${DOCKER_TAG}
 
 ensure-mysql:
-	if [[ $$CI == "true" ]]; then \
+	@if [[ $$CI == "true" ]]; then \
 		sudo apt-get update && sudo apt-get install mariadb-client -y && mysql --version; \
 	fi
 
 ensure-go-junit-report:
 	command -v go-junit-report || (cd /tmp && go install github.com/jstemmer/go-junit-report/v2@latest)
-coverage: ensure-mysql ensure-go-junit-report test
+
+coverage: test
 
 download-k3d:
 	[[ -f ".build/k3d" ]] || (mkdir -p .build && wget https://github.com/k3d-io/k3d/releases/download/v5.4.7/k3d-linux-amd64 -O .build/k3d && chmod +x .build/k3d)
 
-test: prepare_e2e_workspace build download-k3d
+test: prepare_e2e_workspace build download-k3d ensure-go-junit-report ensure-mysql
 	# see versions.mk
 	export TEST_BACKUP_REPOSITORY_VERSION=${TEST_BACKUP_REPOSITORY_VERSION}; \
 	export TEST_POSTGRES_VERSION=${TEST_POSTGRES_VERSION}; \

README.md

@@ -86,7 +86,7 @@ It is very similar as in backup operation.
 Our suggested approach is to maintain a community-driven repository of automation scripts templates
 together with a tool that generates Backup & Restore procedures. Those procedures could be easily understood and be customized by the user.
 
-### [Documentation for 'bmg' (Backup Maker procedure Generator)](./generate/README.md)
+### [Documentation for 'bmg' (Backup Maker procedure Generator)](pkg/generate/README.md)
 
 ## Hints
 
@@ -108,7 +108,7 @@ Pack `backup-maker` into docker image and trigger backups from internal or exter
 
 ### Scenario 3: Kubernetes usage with plain `kind: Crojob` resources
 
-Use [bmg](./generate/README.md) to generate Kubernetes resources that could be applied to cluster with `kubectl` or added to repository and applied by [FluxCD](https://fluxcd.io/) or [ArgoCD](https://argo-cd.readthedocs.io/en/stable/).
+Use [bmg](pkg/generate/README.md) to generate Kubernetes resources that could be applied to cluster with `kubectl` or added to repository and applied by [FluxCD](https://fluxcd.io/) or [ArgoCD](https://argo-cd.readthedocs.io/en/stable/).
 
 ### Scenario 4: Kubernetes usage with Argo Workflows or Tekton
 
@@ -123,15 +123,56 @@ Environment variables
 
 Environment variables are optional, if present will cover values of appropriate commandline switches.
 
-| Type    | Name                | Description                                                                               |
-|---------|---------------------|-------------------------------------------------------------------------------------------|
-| path    | BM_PUBLIC_KEY_PATH  | Path to the public key used for encryption                                                |
-| string  | BM_CMD              | Command used to encrypt or decrypt (depends on context)                                   |
-| string  | BM_PASSPHRASE       | Passphrase for the GPG key                                                                |
-| string  | BM_VERSION          | Version to restore (defaults to "latest"), e.g. v1                                        |
-| email   | BM_RECIPIENT        | E-mail address of GPG recipient key                                                       |
-| url     | BM_URL              | Backup Repository URL address e.g. https://example.org                                    |
-| uuidv4  | BM_COLLECTION_ID    | Existing collection ID                                                                    |
-| jwt     | BM_AUTH_TOKEN       | JSON Web Token generated in Backup Repository that allows to write to given collection id |
-| integer | BM_TIMEOUT          | Connection and read timeouts in seconds                                                   |
-| path    | BM_PRIVATE_KEY_PATH | GPG private key used to decrypt backup                                                    |
+| Type    | Name                | Description                                                                                    |
+|---------|---------------------|------------------------------------------------------------------------------------------------|
+| path    | BM_PUBLIC_KEY_PATH  | Path to the public key used for encryption                                                     |
+| string  | BM_CMD              | Command used to encrypt or decrypt (depends on context)                                        |
+| string  | BM_PASSPHRASE       | Passphrase for the GPG key                                                                     |
+| string  | BM_VERSION          | Version to restore (defaults to "latest"), e.g. v1                                             |
+| email   | BM_RECIPIENT        | E-mail address of GPG recipient key                                                            |
+| url     | BM_URL              | Backup Repository URL address e.g. https://example.org                                         |
+| uuidv4  | BM_COLLECTION_ID    | Existing collection ID                                                                         |
+| jwt     | BM_AUTH_TOKEN       | JSON Web Token generated in Backup Repository that allows to write to given collection id      |
+| string  | BM_AUTH_LOGIN       | Alternatively - username to authenticate instead of using a JWT token                          |
+| string  | BM_AUTH_PASSWORD    | Alternatively - password (required username also to be supplied) to use instead of JWT token   | 
+| integer | BM_TIMEOUT          | Connection and read timeouts in seconds                                                        |
+| path    | BM_PRIVATE_KEY_PATH | GPG private key used to decrypt backup                                                         |
+
+Authentication
+--------------
+
+There are two ways of authentication - one way is to use a pre-generated JWT token, second way is to supply a `username` and `password` (JWT will be generated automatically).
+
+What's the difference?
+
+### Username & Password
+
+Easiest way. Suggested way is to use an `access key` service account with limited scope, just type e.g. `my-account$keyname` and a password.
+
+```bash
+export BM_PASSPHRASE=riotkit
+export BM_AUTH_PASSWORD=...
+
+backup-maker restore -u http://127.0.0.1:8050  \ 
+  -c 'psql -h ... -U ...'  \
+  --auth-login='some-user$uploader' \
+  --collection-id \
+  iwa-ait \
+  -p ./resources/test/gpg-key.asc
+```
+
+### Pre-Generated JWT token
+
+Increase your security by pre-generating tokens outside your backup process. Keep login & password in one place, generate a token, then distribute the token
+to the target backup & restore environments. JWT tokens could be quick expiring, so with a proper automation you could generate them on demand.
+
+```bash
+export BM_PASSPHRASE=riotkit
+export BM_AUTH_TOKEN=...
+
+backup-maker restore -u http://127.0.0.1:8050 \ 
+  -c 'psql -h ... -U ...'  \
+  --collection-id \
+  iwa-ait \
+  -p ./resources/test/gpg-key.asc
+```