integration with backup-github

.travis.yml

@@ -51,3 +51,4 @@ branches:
   - "/unreviewed.*/"
   - tested
   - "/devel.*/"
+  - "/trial.*/"

Makefile

@@ -69,7 +69,7 @@ encrypted_build_files.tjz: prepare-account prep_test $(ENC_FILES)
 	tar cvvjf $@ -C $(ENC_DIR) $(ENC_FILENAMES)
 
 encrypted_build_files.tjz.enc: encrypted_build_files.tjz
-	travis encrypt-file --no-interactive --org $<
+	travis encrypt-file --force --no-interactive --org $<
 
 prepare-account: prepare-account.yml
 	ansible-playbook -vvv prepare-account.yml --extra-vars=aws_account_name=$(AWS_ACCOUNT_NAME)

backup_cloud/base.py

@@ -51,6 +51,8 @@ def s3_path(self) -> str:
         ssm_paramdef = dict(Name=ssm_path + "/s3_path")
         try:
             s3_path = self.ssm.get_parameter(**ssm_paramdef)["Parameter"]["Value"]
+            if s3_path.startswith("/"):
+                s3_path = s3_path[1:]
         except ClientError as e:
             eprint("Failed to get parameter: " + ssm_paramdef["Name"])
             raise e
@@ -70,7 +72,12 @@ def s3_bucket(self) -> str:
         return s3.Bucket(s3_bucket_name)
 
     def s3_target_url(self):
-        return self.s3_path() + "/backup"
+        s3path = self.s3_path()
+        if s3path.endswith("/") or not s3path:
+            target = self.s3_path() + "backup"
+        else:
+            target = self.s3_path() + "/backup"
+        return target
 
     def get_gpg_keys(self, gpg_context):
         """recover gpg keys from config/public-keys folder in S3
@@ -85,8 +92,11 @@ def get_gpg_keys(self, gpg_context):
         """
 
         bucket = self.s3_bucket()
-        folder_path = self.s3_path() + "/config/public-keys/"
 
+        if self.s3_path().endswith("/") or not self.s3_path():
+            folder_path = self.s3_path() + "config/public-keys/"
+        else:
+            folder_path = self.s3_path() + "/config/public-keys/"
         for obj in bucket.objects.filter(Prefix=folder_path):
             if obj.key == folder_path:
                 continue

features/encrypt-s3-backup.feature

@@ -17,6 +17,14 @@ upload and encrypted backup of our data to an S3 bucket.
     when I request a backup of that file using the context
     then a backup object should be created in the S3 destination bucket
      and if I decrypt that file the content with the private key it should match the original
+
+    Scenario: store encrypted backup in S3 with incorrect s3_path
+    given that I have configured my settings in SSM
+     and that I have a file in S3 to backup
+     and that I have a backup context configured with matching users with incorrect s3_path
+    when I request a backup of that file using the context
+    then a backup object should be created in the S3 destination bucket
+     and if I decrypt that file the content with the private key it should match the original
 
     @future
     Scenario: automatically store encrypted backup in S3 based on SSM settings

features/steps/backup-context.py

@@ -23,6 +23,18 @@ def step_impl(context) -> None:
     context.s3_backup_target = bc.s3_path() + "/backup"
 
 
+@given(u"that I have a backup context configured with matching users with incorrect s3_path")
+def step_impl(context) -> None:
+    context.ssm_path = "/testing/backup_context/" + context.random_test_prefix
+
+    bc = context.backup_context = setup_test_backup_context(
+        ssm_path=context.ssm_path,
+        s3_path='/' + context.s3_test_path,
+        recipients=context.gpg_userlist,
+    )
+    context.s3_backup_target = bc.s3_path() + "/backup"
+
+
 @when(u"I configure a backup context")
 def step_impl_0(context) -> None:
     context.ssm_path = "/testing/backup_context/" + context.random_test_prefix