Merge pull request #20 from offen/gpg-testcase

Add testcase for gpg encryption

.circleci/config.yml

@@ -11,6 +11,10 @@ jobs:
           name: Build
           command: |
             docker build . -t offen/docker-volume-backup:canary
+      - run:
+          name: Install gnupg
+          command: |
+            sudo apt-get install -y gnupg
       - run:
           name: Run tests
           working_directory: ~/docker-volume-backup/test

src/backup.sh

@@ -103,36 +103,67 @@ fi
 info "Backup finished"
 echo "Will wait for next scheduled backup."
 
-prune () {
+probe_expired () {
-  target=$1
+  local target=$1
+  local is_local=$2
+  if [ -z "$is_local" ]; then
     if [ ! -z "$BACKUP_PRUNING_PREFIX" ]; then
-    target="$target/${BACKUP_PRUNING_PREFIX}"
+      target="${target}/${BACKUP_PRUNING_PREFIX}"
     fi
-
-  rule_applies_to=$(
     mc rm $MC_GLOBAL_OPTIONS --fake --recursive --force \
       --older-than "${BACKUP_RETENTION_DAYS}d" \
-      "$target" \
+      "$target"
-      | wc -l
+  else
-  )
+    find $target -name "${BACKUP_PRUNING_PREFIX:-*}" -type f -mtime "+${BACKUP_RETENTION_DAYS}"
-  if [ "$rule_applies_to" == "0" ]; then
-    echo "No backups found older than the configured retention period of $BACKUP_RETENTION_DAYS days."
-    echo "Doing nothing."
-    exit 0
   fi
+}
 
-  total=$(mc ls $MC_GLOBAL_OPTIONS "$target" | wc -l)
+probe_all () {
+  local target=$1
+  local is_local=$2
+  if [ -z "$is_local" ]; then
+    if [ ! -z "$BACKUP_PRUNING_PREFIX" ]; then
+      target="${target}/${BACKUP_PRUNING_PREFIX}"
+    fi
+    mc ls $MC_GLOBAL_OPTIONS "$target"
+  else
+    find $target -name "${BACKUP_PRUNING_PREFIX:-*}" -type f
+  fi
+}
+
+delete () {
+  local target=$1
+  local is_local=$2
+  if [ -z "$is_local" ]; then
+    if [ ! -z "$BACKUP_PRUNING_PREFIX" ]; then
+      target="${target}/${BACKUP_PRUNING_PREFIX}"
+    fi
+    mc rm $MC_GLOBAL_OPTIONS --recursive --force \
+      --older-than "${BACKUP_RETENTION_DAYS}d" \
+      "$target"
+  else
+    find $target -name "${BACKUP_PRUNING_PREFIX:-*}" -type f -mtime "+${BACKUP_RETENTION_DAYS}" -delete
+  fi
+}
+
+prune () {
+  local target=$1
+  local is_local=$2
+  rule_applies_to=$(probe_expired "$target" "$is_local" | wc -l)
+  if [ "$rule_applies_to" == "0" ]; then
+    echo "No backups found older than the configured retention period of ${BACKUP_RETENTION_DAYS} days."
+    echo "Doing nothing."
+  else
+    total=$(probe_all "$target" "$is_local" | wc -l)
 
     if [ "$rule_applies_to" == "$total" ]; then
       echo "Using a retention of ${BACKUP_RETENTION_DAYS} days would prune all currently existing backups, will not continue."
       echo "If this is what you want, please remove files manually instead of using this script."
-    exit 1
+    else
-  fi
+      delete "$target" "$is_local"
-
-  mc rm $MC_GLOBAL_OPTIONS \
-    --recursive --force \
-    --older-than "${BACKUP_RETENTION_DAYS}d" "$target"
       echo "Successfully pruned ${rule_applies_to} backups older than ${BACKUP_RETENTION_DAYS} days."
+    fi
+  fi
 }
 
 if [ ! -z "$BACKUP_RETENTION_DAYS" ]; then
@@ -145,6 +176,6 @@ if [ ! -z "$BACKUP_RETENTION_DAYS" ]; then
   fi
   if [ -d "$BACKUP_ARCHIVE" ]; then
     info "Pruning old backups from local archive"
-    prune "$BACKUP_ARCHIVE"
+    prune "$BACKUP_ARCHIVE" "local"
   fi
 fi

test/compose/docker-compose.yml

@@ -25,6 +25,10 @@ services:
       AWS_S3_BUCKET_NAME: backup
       BACKUP_FILENAME: test.tar.gz
       BACKUP_CRON_EXPRESSION: 0 0 5 31 2 ?
+      BACKUP_RETENTION_DAYS: ${BACKUP_RETENTION_DAYS:-7}
+      BACKUP_PRUNING_LEEWAY: 5s
+      BACKUP_PRUNING_PREFIX: test
+      GPG_PASSPHRASE: 1234secret
     volumes:
       - ./local:/archive
       - app_data:/backup/app_data:ro

test/compose/run.sh

@@ -13,11 +13,13 @@ docker-compose exec backup backup
 
 docker run --rm -it \
   -v compose_backup_data:/data alpine \
-  ash -c 'tar -xf /data/backup/test.tar.gz && test -f /backup/app_data/offen.db'
+  ash -c 'apk add gnupg && echo 1234secret | gpg -d --pinentry-mode loopback --passphrase-fd 0 --yes /data/backup/test.tar.gz.gpg > /tmp/test.tar.gz && tar -xf /tmp/test.tar.gz -C /tmp && test -f /tmp/backup/app_data/offen.db'
 
 echo "[TEST:PASS] Found relevant files in untared remote backup."
 
-tar -xf ./local/test.tar.gz -C /tmp && test -f /tmp/backup/app_data/offen.db
+echo 1234secret | gpg -d --yes --passphrase-fd 0 ./local/test.tar.gz.gpg > ./local/decrypted.tar.gz
+tar -xf ./local/decrypted.tar.gz -C /tmp && test -f /tmp/backup/app_data/offen.db
+rm ./local/decrypted.tar.gz
 
 echo "[TEST:PASS] Found relevant files in untared local backup."
 
@@ -29,4 +31,25 @@ fi
 
 echo "[TEST:PASS] All containers running post backup."
 
+# The second part of this test checks if backups get deleted when the retention
+# is set to 0 days (which it should not as it would mean all backups get deleted)
+# TODO: find out if we can test actual deletion without having to wait for a day
+BACKUP_RETENTION_DAYS="0" docker-compose up -d
+sleep 5
+
+docker-compose exec backup backup
+
+docker run --rm -it \
+  -v compose_backup_data:/data alpine \
+  ash -c '[ $(find /data/backup/ -type f | wc -l) = "1" ]'
+
+echo "[TEST:PASS] Remote backups have not been deleted."
+
+if [ "$(find ./local -type f | wc -l)" != "1" ]; then
+  echo "[TEST:FAIL] Backups should not have been deleted, instead seen:"
+  find ./local -type f
+fi
+
+echo "[TEST:PASS] Local backups have not been deleted."
+
 docker-compose down --volumes

test/swarm/docker-compose.yml

@@ -33,6 +33,8 @@ services:
       AWS_S3_BUCKET_NAME: backup
       BACKUP_FILENAME: test.tar.gz
       BACKUP_CRON_EXPRESSION: 0 0 5 31 2 ?
+      BACKUP_RETENTION_DAYS: 7
+      BACKUP_PRUNING_LEEWAY: 5s
     volumes:
       - pg_data:/backup/pg_data:ro
       - /var/run/docker.sock:/var/run/docker.sock