backup 3.0.26 → 3.0.27

data/spec-live/encryptor/gpg_spec.rb

@@ -0,0 +1,287 @@
+# encoding: utf-8
+
+require File.expand_path('../../spec_helper.rb', __FILE__)
+
+describe 'Encryptor::GPG',
+    :if => Backup::SpecLive::CONFIG['encryptor']['gpg']['specs_enabled'] do
+
+  def archive_file_for(model)
+    File.join(
+      Backup::SpecLive::TMP_PATH,
+      "#{model.trigger}", model.time, "#{model.trigger}.tar.gpg"
+    )
+  end
+
+  # clear out, then load the encryptor.gpg_homedir with the keys for the
+  # given key_type (:public/:private) for the given identifiers.
+  #
+  def load_gpg_homedir(encryptor, key_type, identifiers)
+    # Clear out any files if the directory exists
+    dir = File.expand_path(encryptor.gpg_homedir)
+    FileUtils.rm(Dir[File.join(dir, '*')]) if File.exists?(dir)
+
+    # Make sure the directory exists with proper permissions.
+    # This will also initialize the keyring files, so this method can be
+    # called with no identifiers to simply reset the directory without
+    # importing any keys.
+    encryptor.send(:setup_gpg_homedir)
+
+    # Import the keys, making sure each import is successful.
+    # #import_key will log a warning for the identifier if the
+    # import fails, so we'll just abort if we get a failure here.
+    [identifiers].flatten.compact.each do |identifier|
+      ret_id = encryptor.send(:import_key,
+        identifier, Backup::SpecLive::GPGKeys[identifier][key_type]
+      )
+      unless ret_id == Backup::SpecLive::GPGKeys[identifier][:long_id]
+        abort("load_gpg_homedir failed")
+      end
+    end
+  end
+
+  # make sure the archive can be decrypted
+  def can_decrypt?(model, passphrase = nil)
+    enc = model.encryptor
+    archive = archive_file_for(model)
+    outfile = File.join(File.dirname(archive), 'outfile')
+
+    pass_opt = "--passphrase '#{ passphrase }'" if passphrase
+    enc.send(:run,
+      "#{ enc.send(:utility, :gpg) } #{ enc.send(:base_options) } " +
+      "#{ pass_opt } -o '#{ outfile }' -d '#{ archive }' 2>&1"
+    )
+
+    if File.exist?(outfile)
+      File.delete(outfile)
+      true
+    else
+      false
+    end
+  end
+
+  context 'using :asymmetric mode with some existing keys' do
+    let(:model) { h_set_trigger('encryptor_gpg_asymmetric') }
+
+    it 'should encrypt the archive' do
+      recipients = [:backup01, :backup02, :backup03, :backup04]
+      # Preload keys for backup01 and backup02.
+      # Keys for backup03 and backup04 are configured in :keys in the model
+      # and will be imported when the model is performed.
+      # The Model specifies all 4 as :recipients.
+      load_gpg_homedir(model.encryptor, :public, recipients[0..1])
+
+      model.perform!
+
+      Backup::Logger.has_warnings?.should be_false
+
+      File.exist?(archive_file_for(model)).should be_true
+
+      # make sure all 4 recipients can decrypt the archive
+      recipients.each do |recipient|
+        load_gpg_homedir(model.encryptor, :private, recipient)
+        can_decrypt?(model).should be_true
+      end
+    end
+  end # context 'using :asymmetric mode with some existing keys'
+
+  context 'using :asymmetric mode with a missing public key' do
+    let(:model) { h_set_trigger('encryptor_gpg_asymmetric_missing') }
+
+    # backup01 will be preloaded.
+    # backup02 will be imported from :keys
+    # backupfoo will be a missing recipient
+    it 'should encrypt the archive' do
+      load_gpg_homedir(model.encryptor, :public, :backup01)
+
+      model.perform!
+
+      Backup::Logger.has_warnings?.should be_true
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /No public key was found in #keys for '<backupfoo@foo.com>'/
+      }.should be_true
+
+      File.exist?(archive_file_for(model)).should be_true
+
+      [:backup01, :backup02].each do |recipient|
+        load_gpg_homedir(model.encryptor, :private, recipient)
+        can_decrypt?(model).should be_true
+      end
+    end
+  end # context 'using :asymmetric mode with a missing public key'
+
+  context 'using :asymmetric mode with no valid public keys' do
+    let(:model) { h_set_trigger('encryptor_gpg_asymmetric_fail') }
+
+    it 'should abort the backup' do
+      model.perform!
+
+      # issues warnings about the missing keys
+      Backup::Logger.has_warnings?.should be_true
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /No public key was found in #keys for '<backupfoo@foo.com>'/
+      }.should be_true
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /No public key was found in #keys for '<backupfoo2@foo.com>'/
+      }.should be_true
+
+      # issues warning about not being able to perform asymmetric encryption
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /No recipients available for asymmetric encryption/
+      }.should be_true
+
+      # Since there are no other options for encryption,
+      # the backup failes with an error.
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /\[error\]\s+ModelError/
+      }.should be_true
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /\[error\]\s+Reason: Encryptor::GPG::EncryptionError/
+      }.should be_true
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /\[error\]\s+Encryption could not be performed for mode 'asymmetric'/
+      }.should be_true
+
+      # Although, any further backup models would be run, as this error
+      # is rescued in Backup::Model#perform
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /Backup will now attempt to continue/
+      }.should be_true
+
+      File.exist?(archive_file_for(model)).should be_false
+    end
+  end # context 'using :asymmetric mode with no valid public keys'
+
+  context 'using :symmetric mode' do
+    let(:model) { h_set_trigger('encryptor_gpg_symmetric') }
+
+    it 'should encrypt the archive' do
+      model.perform!
+
+      Backup::Logger.has_warnings?.should be_false
+
+      File.exist?(archive_file_for(model)).should be_true
+
+      can_decrypt?(model, 'a secret').should be_true
+
+      # note that without specifying any preferences, the default
+      # algorithm used is CAST5
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /gpg: CAST5 encrypted data/
+      }.should be_true
+    end
+  end # context 'using :symmetric mode'
+
+  # The #gpg_config preferences should also be able to override the algorithm
+  # preferences in the recipients' public keys, but the gpg output doesn't
+  # give us an easy way to check this. You'd have to inspect the leading bytes
+  # of the encrypted file per RFC4880, and I'm not going that far :)
+  context 'using :symmetric mode with given gpg_config' do
+    let(:model) { h_set_trigger('encryptor_gpg_symmetric_with_config') }
+
+    it 'should encrypt the archive using the proper algorithm preference' do
+      model.perform!
+
+      Backup::Logger.has_warnings?.should be_false
+
+      File.exist?(archive_file_for(model)).should be_true
+
+      can_decrypt?(model, 'a secret').should be_true
+
+      # preferences set in #gpg_config specified using AES256 before CAST5
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /gpg: AES256 encrypted data/
+      }.should be_true
+    end
+  end # context 'using :symmetric mode with given gpg_config'
+
+  context 'using :both mode' do
+    let(:model) { h_set_trigger('encryptor_gpg_both') }
+
+    it 'should encrypt the archive' do
+      # Preload key for backup01.
+      # Key for backup03 will be imported when the model is performed.
+      load_gpg_homedir(model.encryptor, :public, :backup01)
+
+      model.perform!
+
+      Backup::Logger.has_warnings?.should be_false
+
+      File.exist?(archive_file_for(model)).should be_true
+
+      # make sure both recipients can decrypt the archive
+      [:backup01, :backup03].each do |recipient|
+        load_gpg_homedir(model.encryptor, :private, recipient)
+        can_decrypt?(model).should be_true
+      end
+
+      # with no private keys in the keyring,
+      # archive can be decrypted using the passphrase.
+      load_gpg_homedir(model.encryptor, :private, nil)
+      can_decrypt?(model, 'a secret').should be_true
+    end
+  end # context 'using :both mode'
+
+  context 'using :both mode with no valid asymmetric recipients' do
+    let(:model) { h_set_trigger('encryptor_gpg_both_no_asymmetric') }
+
+    it 'should encrypt the archive using only symmetric encryption' do
+      # we'll load backup02, but this isn't one of the :recipients
+      load_gpg_homedir(model.encryptor, :public, :backup02)
+
+      model.perform!
+
+      # issues warnings about the missing keys
+      Backup::Logger.has_warnings?.should be_true
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /No public key was found in #keys for '16325C61'/
+      }.should be_true
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /No public key was found in #keys for '<backup03@foo.com>'/
+      }.should be_true
+
+      # issues warning about not being able to perform asymmetric encryption
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /No recipients available for asymmetric encryption/
+      }.should be_true
+
+      # backup proceeded, since symmetric encryption could still be performed
+      File.exist?(archive_file_for(model)).should be_true
+
+      # with no private keys in the keyring,
+      # archive can be decrypted using the passphrase.
+      load_gpg_homedir(model.encryptor, :private, nil)
+      can_decrypt?(model, 'a secret').should be_true
+    end
+  end # context 'using :both mode with no valid asymmetric recipients'
+
+  context 'when using the deprecated #key accessor' do
+    let(:model) {
+      # See notes in spec-live/spec_helper.rb
+      h_set_single_model do
+        Backup::Model.new(:encryptor_gpg_deprecate_key, 'test_label') do
+          archive :test_archive, &Backup::SpecLive::ARCHIVE_JOB
+          encrypt_with 'GPG' do |e|
+            e.key = Backup::SpecLive::GPGKeys[:backup03][:public]
+          end
+          store_with 'Local'
+        end
+      end
+    }
+
+    it 'should log a warning and store an encrypted archive' do
+      model.perform!
+
+      Backup::Logger.has_warnings?.should be_true
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /GPG#key has been deprecated/
+      }.should be_true
+
+      File.exist?(archive_file_for(model)).should be_true
+
+      load_gpg_homedir(model.encryptor, :private, :backup03)
+
+      can_decrypt?(model).should be_true
+    end
+  end # context 'when using the deprecated #key accessor'
+
+end

data/spec-live/notifier/mail_spec.rb

@@ -9,33 +9,49 @@ describe 'Notifier::Mail',
 
     it 'should send a success email' do
       model = h_set_trigger(trigger)
-      expect do
-        model.perform!
-      end.not_to raise_error
+      model.perform!
+
+      Backup::Logger.has_warnings?.should be_false
+      Backup::Logger.messages.any? {|msg| msg =~ /\[error\]/ }.should be_false
     end
 
     it 'should send a warning email' do
       model = h_set_trigger(trigger)
       Backup::Logger.warn 'You have been warned!'
-      expect do
-        model.perform!
-      end.not_to raise_error
+      model.perform!
+
+      Backup::Logger.has_warnings?.should be_true
+      Backup::Logger.messages.any? {|msg| msg =~ /\[error\]/ }.should be_false
     end
 
     it 'should send a failure email for non-fatal errors' do
       model = h_set_trigger(trigger)
       model.stubs(:databases).raises('A successful failure?')
-      expect do
-        model.perform!
-      end.not_to raise_error
+      model.perform!
+
+      Backup::Logger.has_warnings?.should be_false
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /\[error\]\s+A successful failure/
+      }.should be_true
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /Backup will now attempt to continue/
+      }.should be_true
     end
 
-    it 'should send a failure email fatal errors' do
+    it 'should send a failure email for fatal errors' do
       model = h_set_trigger(trigger)
       model.stubs(:databases).raises(NoMemoryError, 'with increasing frequency...')
       expect do
         model.perform!
-      end.to raise_error
+      end.to raise_error(SystemExit)
+
+      Backup::Logger.has_warnings?.should be_false
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /with increasing frequency/
+      }.should be_true
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /Backup will now exit/
+      }.should be_true
     end
   end # describe 'Notifier::Mail :smtp'
 
@@ -45,9 +61,11 @@ describe 'Notifier::Mail',
 
     it 'should send a success email' do
       model = h_set_trigger(trigger)
-      expect do
-        model.perform!
-      end.not_to raise_error
+      model.perform!
+
+      Backup::Logger.has_warnings?.should be_false
+      Backup::Logger.messages.any? {|msg| msg =~ /\[error\]/ }.should be_false
+
       File.exist?(test_email).should be_true
       File.read(test_email).should match(/without any errors/)
     end
@@ -55,9 +73,11 @@ describe 'Notifier::Mail',
     it 'should send a warning email' do
       model = h_set_trigger(trigger)
       Backup::Logger.warn 'You have been warned!'
-      expect do
-        model.perform!
-      end.not_to raise_error
+      model.perform!
+
+      Backup::Logger.has_warnings?.should be_true
+      Backup::Logger.messages.any? {|msg| msg =~ /\[error\]/ }.should be_false
+
       File.exist?(test_email).should be_true
       File.read(test_email).should match(/You have been warned/)
     end
@@ -65,19 +85,35 @@ describe 'Notifier::Mail',
     it 'should send a failure email for non-fatal errors' do
       model = h_set_trigger(trigger)
       model.stubs(:databases).raises('A successful failure?')
-      expect do
-        model.perform!
-      end.not_to raise_error
+      model.perform!
+
+      Backup::Logger.has_warnings?.should be_false
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /\[error\]\s+A successful failure/
+      }.should be_true
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /Backup will now attempt to continue/
+      }.should be_true
+
       File.exist?(test_email).should be_true
       File.read(test_email).should match(/successful failure/)
     end
 
-    it 'should send a failure email fatal errors' do
+    it 'should send a failure email for fatal errors' do
       model = h_set_trigger(trigger)
       model.stubs(:databases).raises(NoMemoryError, 'with increasing frequency...')
       expect do
         model.perform!
-      end.to raise_error
+      end.to raise_error(SystemExit)
+
+      Backup::Logger.has_warnings?.should be_false
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /with increasing frequency/
+      }.should be_true
+      Backup::Logger.messages.any? {|msg|
+        msg =~ /Backup will now exit/
+      }.should be_true
+
       File.exist?(test_email).should be_true
       File.read(test_email).should match(/with increasing frequency/)
     end

data/spec-live/spec_helper.rb

@@ -8,6 +8,11 @@ require 'bundler/setup'
 # Load Backup
 require 'backup'
 
+# Backup::SpecLive::GPGKeys
+# Loaded here so these are available in backups/models.rb
+# as well as within encryptor/gpg_spec.rb
+require File.expand_path('../encryptor/gpg_keys.rb', __FILE__)
+
 module Backup
   module SpecLive
     PATH = File.expand_path('..', __FILE__)
@@ -15,6 +20,11 @@ module Backup
     TMP_PATH = PATH + '/tmp'
     SYNC_PATH = PATH + '/sync'
 
+    ARCHIVE_JOB = lambda do |archive|
+      archive.add     File.expand_path('../../lib/backup', __FILE__)
+      archive.exclude File.expand_path('../../lib/backup/storage', __FILE__)
+    end
+
     config = PATH + '/backups/config.yml'
     if File.exist?(config)
       CONFIG = YAML.load_file(config)
@@ -24,14 +34,57 @@ module Backup
       exit!
     end
 
+    class << self
+      attr_accessor :load_models
+    end
+
     module ExampleHelpers
 
+      # This method loads all defaults in config.rb and all the Models
+      # in models.rb, then returns the Model for the given trigger.
       def h_set_trigger(trigger)
+        Backup::SpecLive.load_models = true
+        Backup::Logger.clear!
+        Backup::Model.all.clear
+        Backup::Config.load_config!
+        model = Backup::Model.find(trigger)
+        model.prepare!
+        model
+      end
+
+      # This method can be used to setup a test where you need to setup
+      # and perform a single Model that can not be setup in models.rb.
+      # This is primarily for Models used to test deprecations, since
+      # those warnings will be output when the Model is instantiated
+      # and will pollute the output of all other tests.
+      #
+      # Usage:
+      #   model = h_set_single_model do
+      #     Backup::Model.new(:test_trigger, 'test label') do
+      #       ...setup model...
+      #     end
+      #   end
+      #
+      # The block doesn't have to return the model, as it will be retrieved
+      # from Model.all (since it will be the only one).
+      #
+      # Remember when defining the model that the DSL constants won't be
+      # available, as the block is not being evaluated in the context of
+      # the Backup::Config module. So, just use strings instead.
+      # e.g. store_with 'Local' vs store_with Local
+      #
+      # Note this will still load any defaults setup in config.rb, so don't
+      # do anything in config.rb that would generate a deprecation warning :)
+      #
+      def h_set_single_model(&block)
+        Backup::SpecLive.load_models = false
         Backup::Logger.clear!
         Backup::Model.all.clear
         Backup::Config.load_config!
-        FileUtils.mkdir_p(File.join(Backup::Config.data_path, trigger))
-        Backup::Model.find(trigger)
+        block.call
+        model = Backup::Model.all.first
+        model.prepare!
+        model
       end
 
       def h_clean_data_paths!
@@ -82,4 +135,17 @@ RSpec.configure do |config|
   end
 end
 
-puts "\n\nRuby version: #{RUBY_DESCRIPTION}\n\n"
+puts "\nRuby version: #{ RUBY_DESCRIPTION }\n"
+
+unless ENV['VERBOSE']
+  puts <<-EOS
+
+    Some of these tests can be slow, so be patient.
+    It's recommended you run these with:
+      $ VERBOSE=1 rspec spec-live/
+    For some tests, [error] and [warning] messages are normal.
+    Some could pass, but still have problems.
+    So, pay attention to the messages :)
+
+  EOS
+end