From 9b906e159d0af4646e106606fa6410a90c993923 Mon Sep 17 00:00:00 2001
From: Michael De La Rue <mdlr@paddle.com>
Date: Mon, 13 May 2019 14:51:04 +0100
Subject: [PATCH] integration with backup-github

---
 .travis.yml                        |   1 +
 Makefile                           |   2 +-
 backup_cloud/base.py               |  14 ++++++++++++--
 encrypted_build_files.tjz.enc      | Bin 2080 -> 2080 bytes
 features/encrypt-s3-backup.feature |   8 ++++++++
 features/steps/backup-context.py   |  12 ++++++++++++
 6 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index adca3be..281c8c4 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -51,3 +51,4 @@ branches:
   - "/unreviewed.*/"
   - tested
   - "/devel.*/"
+  - "/trial.*/"
diff --git a/Makefile b/Makefile
index 62f8501..06da567 100644
--- a/Makefile
+++ b/Makefile
@@ -69,7 +69,7 @@ encrypted_build_files.tjz: prepare-account prep_test $(ENC_FILES)
 	tar cvvjf $@ -C $(ENC_DIR) $(ENC_FILENAMES)
 
 encrypted_build_files.tjz.enc: encrypted_build_files.tjz
-	travis encrypt-file --no-interactive --org $<
+	travis encrypt-file --force --no-interactive --org $<
 
 prepare-account: prepare-account.yml
 	ansible-playbook -vvv prepare-account.yml --extra-vars=aws_account_name=$(AWS_ACCOUNT_NAME)
diff --git a/backup_cloud/base.py b/backup_cloud/base.py
index de25fdf..acaa550 100644
--- a/backup_cloud/base.py
+++ b/backup_cloud/base.py
@@ -51,6 +51,8 @@ def s3_path(self) -> str:
         ssm_paramdef = dict(Name=ssm_path + "/s3_path")
         try:
             s3_path = self.ssm.get_parameter(**ssm_paramdef)["Parameter"]["Value"]
+            if s3_path.startswith("/"):
+                s3_path = s3_path[1:]
         except ClientError as e:
             eprint("Failed to get parameter: " + ssm_paramdef["Name"])
             raise e
@@ -70,7 +72,12 @@ def s3_bucket(self) -> str:
         return s3.Bucket(s3_bucket_name)
 
     def s3_target_url(self):
-        return self.s3_path() + "/backup"
+        s3path = self.s3_path()
+        if s3path.endswith("/") or not s3path:
+            target = self.s3_path() + "backup"
+        else:
+            target = self.s3_path() + "/backup"
+        return target
 
     def get_gpg_keys(self, gpg_context):
         """recover gpg keys from config/public-keys folder in S3
@@ -85,8 +92,11 @@ def get_gpg_keys(self, gpg_context):
         """
 
         bucket = self.s3_bucket()
-        folder_path = self.s3_path() + "/config/public-keys/"
 
+        if self.s3_path().endswith("/") or not self.s3_path():
+            folder_path = self.s3_path() + "config/public-keys/"
+        else:
+            folder_path = self.s3_path() + "/config/public-keys/"
         for obj in bucket.objects.filter(Prefix=folder_path):
             if obj.key == folder_path:
                 continue
diff --git a/encrypted_build_files.tjz.enc b/encrypted_build_files.tjz.enc
index 0c229091a31208a0a86ba19d9958a72eeab606b7..a0717a47581557a85af5182361a21bcb02a52519 100644
GIT binary patch
literal 2080
zcmV+*2;cWXb)~G}gD!D!;6U%<dMg(H35@%P7}`CUtnOPuTfm{WJz14~&EmC)@e$@U
zP)z-%Vvs=}v_Yb=OQIjlE%D~EWSpaTt|q2sc0;&d*efWt{lGz~d^x=&y{0q5^VN7n
zPy34Rap4K^HIdgNofdX|gQ)O7HYstwNI$|JRnoA%h4QIIECRkT)xOV*<(i+82%B((
zO9T7j4lU~`%3V1@4k^K1<=ycDJD-YbVVx4y5ni>q=Q5lsirUiiB-&O5#d~j4U1oWj
zGO*3)7R)v=G0O8r0Wh9!!CWsB92-FP8Ym~u^;ftN?H8MXE^(C`2FX$8f|i~sJBQZ_
zTA%g*fk|lX#XMd?*CuAt&<<0sy+$a4*{>tO#7j1XpS0?o4{65y+Od8vtS6?GaS=K0
zvf_GKppY`<{?-Jff83V=CzgpO`CElU_01M0gWwG3^6SdXbf~|2xgHbFvkT+%(5f`?
z5!^V;+Bv9riz99*l@-1^CY(&Q(-}hPuM~fPFj=M}k!Q#dLml>kAObn^BU>F0Ky7|=
ziR1LAxO76_e=2V4N<tM89^W$6ve6_YX3eUAIdIl$jD-UEE}%%C$Fw2LuOs*Oty>Cg
z372c13vov(Z^X%8zFFyl=c>H!Cx#F2i0-{mQ3YWNrlS;qqSPnzTe-XyozTb3R39QZ
z0m{i9z*%h4>>nRW44)_%ozy$neH2`q(_U8{OJ*#JI5A4g7nQEA*X{*~OO=Fq#Nq+x
zLo};k5|RbO|Bz8oX-#QKX{6yR3F}wHnRV8x+2h}AYP+^tyvEMgn>rz=QE>S6F-Ka(
z<gJXavs2)g>Q?5<cHGDhO^~p&?YQeZ3vyGMi;p$%QIRZW>}3Ua5>;?-2fU_Zx=6B7
zvSYWG+3R<k+yPiP{`y8g!_M9=*#H&o_a|lT62N_K@Z6giJz|FAH_ggX&CM7MGYm$O
zcP_4+ulzCj1Y^Qt3q*X9^!v1-sN!iqwIk1J4>-8ItXtM>`9`n6Rr$wgwTOVmpDs?3
zvB02EwDg5S?8TqvwdfUbAHyX`m52UT&8gqms+T)`K##6=vv+@l?BC7Jp6QAeifebi
z<wNn}In$@r!GeFrIJRm)Qyrh}d<Np4Y;`&$K7yU{QP0i8m)5HKCTL9+h4#gxOIP%J
zVBfF?n)8W4$$j6mnezF{qCQ~y1KD)Wg1A|<M3Y(ODRP=(+v2ErJ)t$fD=}6xAuu2Z
zCl1#B$b<KF3zUH)p3;Tr{a<9h!-=JoXc%b@IxGwkGb?*W|5n`KYn6aQ`;H~{**41T
zJ9xo=UMJCe6Xrw=qnz@{Tu^l3;BMR)#ufgzsjkxf<@M2CKh8j_+19^;HnXQOuHuMq
zUcZdQykXY2=sqwK7~A^<s1G6hr&)~n(Nce@;~F}-gJvycnInp~j>Ppm=}e7c*IuR8
zom_+~b|3pO_}rGH9gI{WpjkEqFU5cYA2o;th(GZIFg~4B?v@&nfLt2>jd}#>2p<U(
z#VH^8PKoy0U{2Ul;9R52DLlsJ8kfT7zAy+ty<b1G?#chzrKM%e4GyksXY;>S%UR!&
z7GkiLUN1VHa2wDsPm8!ap*Ob9jMZ@4mE(Xn?cT5?Sr*cK7!I@oh_==O$uR|=Ydj7&
zm9@x`1&W@{OY`>6F=jHYcNx(t_^ZW}@L@N-y2Y~=XOjJevYmCaRDNyLXR=?UkeapY
zf&+1vqQuB?v{sJw$eu)=uNTmag?z>b7~FEYu5lqdJd&*YE5(*Rkc-7|rzZ#O!$gfo
z;7<>dU<kjzsIqhbE_K=MA6<p7*dx8?aJ^$S;60_XVqXx^a$<ZG=@|sHjE4s&9mSb6
zQP9l}WriiKUxXxaf>uk|Z#-Q46RZ~!e}3LhtE);=vk^G>I}ZV4w$$tDK=3(cX~Smy
zBgt}GsqBjm@B74ku`ShZVSE`!99S?P6H~+%QkbwIOuQv4>K!!=N-S%l5}^)?1sw?b
z2>fK{u-L|3$9WOK=-t8M#D7@t`~odrg#+GWnSXrkwX0N0AT42<{-=$&4_?#iscXzL
zLD#m5hIQ(?t@%Llny=+erynf!w&-towyon04>!1zHx7mx$e+4SD!RFxn61NQf045R
z5yJ+?oG5kCEOxSavjJ<JES_aZ0LaV?f%J!&yosPgverw7VQq%H4g*U=)?r6X5h_<z
zXaGG0pnU8Ew={gwI0GPUWge~<TLi_xwxscDP*DE9qq~((y!~(?XY$}ZG36bH7I8tN
zg?E3UcyJaFf<J=Ub);;TS*tVIVS1vnWy1tSRh%~YcuQWRxMtY+??r0vb^L$WNuqoY
zSayKT_IPec;?2+O5pM2ZOZwd3HtHlm|J&(TeJnioC}d|4C^FUHzQN^pZlyH@5P<I3
zWJaD{fq{t+rMZZ^=ZBhO;d00Y;7&x-BcwcR83`-q>37_#zC~Q&#`Y1m4F7bH3wjse
zMD)@o03?uaFv>K>6%(x*fqvNRgFYbd!n|hT=37YEyyxJ}nQ3Nd=)6Li(nFQ~{$iW9
z1VQTGmvqqV%Eg*LbSY4aVgEffVvB;`DrUX~jjcBT@(P2or{d|42vb7G?ef?CCl2tT
zEM*Rd$Rzevp00vF$>QGNO))K9I--fwe&Z9aT<daE3%SL*N>Z}<L&J5i3!wp+Q**U%
zD&JUotYMC~_#1R?fO1{e68d(<3uYr+>?~6v9P)iT)E^Q_iN{lnrT>y5WhsWSAj`vn
Ky4J~CcD)j!93zVW

literal 2080
zcmV+*2;cW-l-Hdlw#L$=Z8$i!6lqV8$Rw5go}N;lw0Cose2M>{6?X#>)j?7bzTSrz
z0sz+l>k?`Wu$f=Zxvn*9*CTQ13h%W!droRw_?`l(TP_%&4BGG&OiZ|Yo3=$^J3{Zt
z|Gy}^R_kfZhzw9QJT`j5bo_%s6eCzcKRDdFyNc{SdR8qcI%y<*Ar?p+uV*y1PN#}p
z4N-m>i>>QMM}aS{62pVqCj}9(XW8Mh56$LF>-aLI_@W85(I!pjRbgLWZ=={>7#c&7
zltPBp#3pXmpkcl(LG&o}Efng@9ZR%oo-)L#8LlF3?!=%X_)(SSd;S)`UoVFC=)swQ
z&cF{HYX#{ou|38xRUHHvj10PPUZET#6C`Ru1tR)}<KHs=tlc|m-xuqqmc;?{Ng+-R
zEI&)r3)_I9ocHUBM4J161b_7G&dN3l<I8RwjDJ#75iYIAe>L7~?M#~0s8gpI8svcf
zi5t<DmuIB)kev;fGN%`wtBpg<M5VQ8d3eAx#4JV!WE=d5f_$-ZHV|G@Jg=?*{7Trk
zYH#rD5;F;uXNH9LiKKz6@ndBli~bt!QF<(h@!IN1WyN|a%4jFF$hWVWlbpi<(;^&z
zSApvIWoAsj@K6Ej6OxOUzNV6<!ozi2MPlV2h(I*zL3ibtIO!ZG-)ho^;@g;Z@u<iG
z!gjrZUk??RGV~rC`w%T6p#R0qI%=??F+6XEymbGUZMBWN>y;XeP;s%_Gr_|EUIjb$
zUkZX?W%z(eZ5k<~+G(H>mvT*B?D>!laYRoixdr^_6gqzitJ2ul7Ve4@r&M;ysp6~u
zB4Vl8Ff!4Us>`^M3*L<caxE!Thr@7`2jl%3fTn&IbJf-`ZAEwhXOe*a*Unq0ffB@A
z^BNe__I{-;v%pORrPtkwIrYATHD<0;@)lUImUP*tLY`NA`1|vDr0)DUs_6n52V{Uc
z8RfJ(75T37<<$}7ZcISs`J5dBUdGk+9vg%D%}&dGEa5n);*Ae@=V~Qe(1;0J{$Qin
zTU8uYa%W5G0a0R_k5yKxm%4=K$I)qrW_AOe?A}ubw`kxjLDcC&N{^suZ9}c_erQvg
z<MnyHe|y-%r?m%8`(CrIHcm#3l76R&mRnW;YsbylaNJT7xeEpJz9sy7Mn=KNTUsC!
zhg7JoV~lIb9R_Y_N0?SgVGb#~5{SDKwc@DCo!&a=37~MUK_TK#4qb*Tnv}yKwKpJL
z_^9cp?)8K{9((iex8-SeTUw+O3{d7)l(C=QZf(S<+f`8DpBb3ig{M1Wme>6`r5~LV
zryjQN^~bvo)qgXmc=Tx{<iPUUn;#dQ&8Eq7Ew2}fD@Mi-TqH_PmW*-!7A$V}z_SZ)
zP<0=AHVSBFPA#9Atw&%qb;l2Dp4I$w*A%R>2w;w@^vr=lwa}uxyAexNCANi{I9rxt
zImHK4iVCuN@V|BT`aj#?ghLX&js}YfYuMWH3d++ITQ0Jn`wKrLm>5GA0Rplt=wCF0
ziiu3@$ibTF7WH7=$lCO;kPx}Gu_`#4MnD{@P-6(I{kT%d<?HQ_iP*2R6j$O24Qp`f
zW`wIrzW?Ry7b0un>uKIVVdter3|luB;w6!t_AeBCJHrq#SZAL7xl*b;NOsV9##VG(
zlD}|5b7>b<=JML&o^A4-q)ltp>f~T%8QJyV0H?Mkuwa*OH3{+FC^)o6Ml~U+GOf(k
zkpsyj;3BC!Ii<%~!`8OwMvM+8W^V5UuFYxlu2Z5-xfq!kr~F)*i;jYh$73n;gWm<U
zYWDX}Oom1uen<y9M~})w?w^OC9(rc`GByF{CcY7xYj>O4UGGM(a7APf2#yAhfjTk<
z!r0+U;fsFp$ahjJ!|t`lZFx}!;wt;U#N<@&)`vDe3Jt{(Xc_VG2Un3p^myo(+0t5g
z(b2O!{hf$r%fup6;%5GlW`xtk>^Mn-@(b<pbRRx=3)lF{!T){t-Q$+Nrj2Yb207k{
zbMcjf0aqIk<k7tK<r?VKSJH~G4P#}*8IK~D)`ZROyQ`k<JYPTY25T2Qx4F+)DFWz*
ztTnKYE*I;Thf3iNIZcG)TAW*AAWep{p<I_5rOd}r|3>JRQq9`q{`B@y5+n&{m+cCp
z4oqFm>m~R{UGO_y>i4R4D0c#>;auwt4unLR`=Tf{5{60zV@}aP5sOQAuwb}?1Lke$
z9{v`?7kV^2L-LH3%`_H^y03ThPfxYO0U38t6s2M;JhKplS7rZ8>Kmq_`5l<~g`qIf
zl>1q_;t_Jv7c4)<8komQUfOD+>_OmN`@}j_W|^!HqnT`oETfdMim+2uvaRnClnhU>
zE%MwZRlN}&A^MIEJQE`R1o8{t_qgZ1ck%GjIRHRiqivoXf$pY6Jbxc~BB|bSe>trk
zf&9WGj#W1a$aymt1S})ae&g3{txVE-@{xH6D46q|in@T_q>^o#w8d@V>s~g&I|Gj|
zz~h)YH~dv<H{u#f<QkJPdi)i>Myl^EQ_CW4>GJVw)|##2&${l)+~%1$k3i$MK@yKH
zOi(S9Kcy~V2V5-rN1UH)d??N7e}nN&^!21}-+aR-y7(hypsn}Y<}0?p5G8S|{tz2O
z5#^o~jIcMdm6wS03ty)R^2uJSzcK$j&h&J)c7aj~;}}bM#zwge5R!x9g!%kxy}OIR
z@^OGPu+8!Wpd)4T)j+_pRf%%+5Y7-vH=EJ;3rWtJi0@kbZXa2yl6woo<RB8dL+PR*
KdPAmL(Tafh^BgV!

diff --git a/features/encrypt-s3-backup.feature b/features/encrypt-s3-backup.feature
index 49d268d..d1e4f17 100644
--- a/features/encrypt-s3-backup.feature
+++ b/features/encrypt-s3-backup.feature
@@ -17,6 +17,14 @@ upload and encrypted backup of our data to an S3 bucket.
     when I request a backup of that file using the context
     then a backup object should be created in the S3 destination bucket
      and if I decrypt that file the content with the private key it should match the original
+    
+    Scenario: store encrypted backup in S3 with incorrect s3_path
+    given that I have configured my settings in SSM
+     and that I have a file in S3 to backup
+     and that I have a backup context configured with matching users with incorrect s3_path
+    when I request a backup of that file using the context
+    then a backup object should be created in the S3 destination bucket
+     and if I decrypt that file the content with the private key it should match the original
 
     @future
     Scenario: automatically store encrypted backup in S3 based on SSM settings
diff --git a/features/steps/backup-context.py b/features/steps/backup-context.py
index ee2ef98..ffa31f4 100644
--- a/features/steps/backup-context.py
+++ b/features/steps/backup-context.py
@@ -23,6 +23,18 @@ def step_impl(context) -> None:
     context.s3_backup_target = bc.s3_path() + "/backup"
 
 
+@given(u"that I have a backup context configured with matching users with incorrect s3_path")
+def step_impl(context) -> None:
+    context.ssm_path = "/testing/backup_context/" + context.random_test_prefix
+
+    bc = context.backup_context = setup_test_backup_context(
+        ssm_path=context.ssm_path,
+        s3_path='/' + context.s3_test_path,
+        recipients=context.gpg_userlist,
+    )
+    context.s3_backup_target = bc.s3_path() + "/backup"
+
+
 @when(u"I configure a backup context")
 def step_impl_0(context) -> None:
     context.ssm_path = "/testing/backup_context/" + context.random_test_prefix