diff --git a/.travis.yml b/.travis.yml index adca3be..281c8c4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -51,3 +51,4 @@ branches: - "/unreviewed.*/" - tested - "/devel.*/" + - "/trial.*/" diff --git a/Makefile b/Makefile index 62f8501..06da567 100644 --- a/Makefile +++ b/Makefile @@ -69,7 +69,7 @@ encrypted_build_files.tjz: prepare-account prep_test $(ENC_FILES) tar cvvjf $@ -C $(ENC_DIR) $(ENC_FILENAMES) encrypted_build_files.tjz.enc: encrypted_build_files.tjz - travis encrypt-file --no-interactive --org $< + travis encrypt-file --force --no-interactive --org $< prepare-account: prepare-account.yml ansible-playbook -vvv prepare-account.yml --extra-vars=aws_account_name=$(AWS_ACCOUNT_NAME) diff --git a/backup_cloud/base.py b/backup_cloud/base.py index de25fdf..acaa550 100644 --- a/backup_cloud/base.py +++ b/backup_cloud/base.py @@ -51,6 +51,8 @@ def s3_path(self) -> str: ssm_paramdef = dict(Name=ssm_path + "/s3_path") try: s3_path = self.ssm.get_parameter(**ssm_paramdef)["Parameter"]["Value"] + if s3_path.startswith("/"): + s3_path = s3_path[1:] except ClientError as e: eprint("Failed to get parameter: " + ssm_paramdef["Name"]) raise e @@ -70,7 +72,12 @@ def s3_bucket(self) -> str: return s3.Bucket(s3_bucket_name) def s3_target_url(self): - return self.s3_path() + "/backup" + s3path = self.s3_path() + if s3path.endswith("/") or not s3path: + target = self.s3_path() + "backup" + else: + target = self.s3_path() + "/backup" + return target def get_gpg_keys(self, gpg_context): """recover gpg keys from config/public-keys folder in S3 @@ -85,8 +92,11 @@ def get_gpg_keys(self, gpg_context): """ bucket = self.s3_bucket() - folder_path = self.s3_path() + "/config/public-keys/" + if self.s3_path().endswith("/") or not self.s3_path(): + folder_path = self.s3_path() + "config/public-keys/" + else: + folder_path = self.s3_path() + "/config/public-keys/" for obj in bucket.objects.filter(Prefix=folder_path): if obj.key == folder_path: continue diff --git a/encrypted_build_files.tjz.enc b/encrypted_build_files.tjz.enc index 0c22909..a0717a4 100644 Binary files a/encrypted_build_files.tjz.enc and b/encrypted_build_files.tjz.enc differ diff --git a/features/encrypt-s3-backup.feature b/features/encrypt-s3-backup.feature index 49d268d..d1e4f17 100644 --- a/features/encrypt-s3-backup.feature +++ b/features/encrypt-s3-backup.feature @@ -17,6 +17,14 @@ upload and encrypted backup of our data to an S3 bucket. when I request a backup of that file using the context then a backup object should be created in the S3 destination bucket and if I decrypt that file the content with the private key it should match the original + + Scenario: store encrypted backup in S3 with incorrect s3_path + given that I have configured my settings in SSM + and that I have a file in S3 to backup + and that I have a backup context configured with matching users with incorrect s3_path + when I request a backup of that file using the context + then a backup object should be created in the S3 destination bucket + and if I decrypt that file the content with the private key it should match the original @future Scenario: automatically store encrypted backup in S3 based on SSM settings diff --git a/features/steps/backup-context.py b/features/steps/backup-context.py index ee2ef98..ffa31f4 100644 --- a/features/steps/backup-context.py +++ b/features/steps/backup-context.py @@ -23,6 +23,18 @@ def step_impl(context) -> None: context.s3_backup_target = bc.s3_path() + "/backup" +@given(u"that I have a backup context configured with matching users with incorrect s3_path") +def step_impl(context) -> None: + context.ssm_path = "/testing/backup_context/" + context.random_test_prefix + + bc = context.backup_context = setup_test_backup_context( + ssm_path=context.ssm_path, + s3_path='/' + context.s3_test_path, + recipients=context.gpg_userlist, + ) + context.s3_backup_target = bc.s3_path() + "/backup" + + @when(u"I configure a backup context") def step_impl_0(context) -> None: context.ssm_path = "/testing/backup_context/" + context.random_test_prefix