hippogrief/pobsync
1
0
Fork 0
Code Issues 21 Pull Requests Actions Packages Projects Releases 3 Wiki Activity
Files
eb121453c81132f6f1f990bde1452a06f57a3eb8
pobsync/src/pobsync_backend/tests/test_django_config_source.py

162 lines
7.2 KiB
Python
Raw Normal View History

refactor: inject config sources into scheduled backups Introduce a ConfigSource interface so scheduled backups no longer need to load host configuration directly from runtime YAML. Add a Django-backed config source for SQL-driven backup runs, keep file-based config as the CLI default, and make scheduled prune execution actually apply retention after successful runs.
2026-05-19 04:57:10 +02:00
from __future__ import annotations
(feature) Add Django-managed SSH credentials Add SSH credentials as first-class Django data so backup keys can be uploaded through the control panel instead of mounted into containers. Credentials can be selected globally or overridden per host. At runtime the selected key is materialized inside the container with restrictive file permissions and injected into the rsync SSH command via IdentityFile. Known hosts entries are handled the same way when configured. Add control panel views for creating and listing SSH keys, expose the fields in config forms and admin, document the workflow, and cover global and host credential selection with tests.
2026-05-19 14:37:38 +02:00
import stat
from pathlib import Path
from tempfile import TemporaryDirectory
from django.test import TestCase, override_settings
refactor: inject config sources into scheduled backups Introduce a ConfigSource interface so scheduled backups no longer need to load host configuration directly from runtime YAML. Add a Django-backed config source for SQL-driven backup runs, keep file-based config as the CLI default, and make scheduled prune execution actually apply retention after successful runs.
2026-05-19 04:57:10 +02:00
from pobsync_backend.config_source import DjangoConfigSource
(feature) Add Django-managed SSH credentials Add SSH credentials as first-class Django data so backup keys can be uploaded through the control panel instead of mounted into containers. Credentials can be selected globally or overridden per host. At runtime the selected key is materialized inside the container with restrictive file permissions and injected into the rsync SSH command via IdentityFile. Known hosts entries are handled the same way when configured. Add control panel views for creating and listing SSH keys, expose the fields in config forms and admin, document the workflow, and cover global and host credential selection with tests.
2026-05-19 14:37:38 +02:00
from pobsync_backend.models import GlobalConfig, HostConfig, SshCredential
refactor: inject config sources into scheduled backups Introduce a ConfigSource interface so scheduled backups no longer need to load host configuration directly from runtime YAML. Add a Django-backed config source for SQL-driven backup runs, keep file-based config as the CLI default, and make scheduled prune execution actually apply retention after successful runs.
2026-05-19 04:57:10 +02:00
class DjangoConfigSourceTests(TestCase):
def test_returns_effective_config_from_database(self) -> None:
GlobalConfig.objects.create(
name="default",
backup_root="/backups",
refactor: promote backup configuration to structured SQL fields Add explicit Django model fields for global and host backup settings, including SSH, rsync, source, excludes, and retention configuration. Populate them from legacy JSON during migration, make the config repository prefer structured fields, and update import/admin/tests around the SQL-first configuration model.
2026-05-19 05:04:49 +02:00
rsync_args=["--archive"],
rsync_extra_args=["--numeric-ids"],
## Summary - Add per-host rsync bandwidth limit overrides with inherit/unlimited semantics. - Store the effective bwlimit in run metadata/results and show it in host/run detail views. - Document recommended starting values for VPN and remote backups. ## Tests - `.venv/bin/python manage.py makemigrations --check --dry-run` - `.venv/bin/python manage.py test src.pobsync_backend.tests.test_django_config_source.DjangoConfigSourceTests.test_returns_effective_config_from_database src.pobsync_backend.tests.test_django_config_source.DjangoConfigSourceTests.test_host_can_disable_global_rsync_bandwidth_limit src.pobsync_backend.tests.test_configure_commands.ConfigureCommandsTests.test_configure_host_uses_global_retention_defaults src.pobsync_backend.tests.test_run_scheduled_config_source.RunScheduledConfigSourceTests.test_dry_run_applies_configured_bandwidth_limit src.pobsync_backend.tests.test_run_scheduled_config_source.RunScheduledConfigSourceTests.test_real_run_can_request_verbose_output_args --verbosity 2` - `.venv/bin/python manage.py test src.pobsync_backend.tests.test_views.ViewTests.test_create_host_config_form_creates_host src.pobsync_backend.tests.test_views.ViewTests.test_host_detail_renders_effective_config_preview src.pobsync_backend.tests.test_views.ViewTests.test_run_detail_renders_result_payload src.pobsync_backend.tests.test_views.ViewTests.test_host_config_form_updates_host_config --verbosity 2` - `.venv/bin/python manage.py check` Closes #51
2026-05-23 00:59:55 +02:00
rsync_bwlimit_kbps=10000,
refactor: promote backup configuration to structured SQL fields Add explicit Django model fields for global and host backup settings, including SSH, rsync, source, excludes, and retention configuration. Populate them from legacy JSON during migration, make the config repository prefer structured fields, and update import/admin/tests around the SQL-first configuration model.
2026-05-19 05:04:49 +02:00
excludes_default=["/proc/***"],
retention_daily=7,
retention_weekly=4,
retention_monthly=3,
retention_yearly=1,
refactor: inject config sources into scheduled backups Introduce a ConfigSource interface so scheduled backups no longer need to load host configuration directly from runtime YAML. Add a Django-backed config source for SQL-driven backup runs, keep file-based config as the CLI default, and make scheduled prune execution actually apply retention after successful runs.
2026-05-19 04:57:10 +02:00
)
HostConfig.objects.create(
host="web-01",
address="web-01.example.test",
refactor: promote backup configuration to structured SQL fields Add explicit Django model fields for global and host backup settings, including SSH, rsync, source, excludes, and retention configuration. Populate them from legacy JSON during migration, make the config repository prefer structured fields, and update import/admin/tests around the SQL-first configuration model.
2026-05-19 05:04:49 +02:00
excludes_add=["/tmp/***"],
rsync_extra_args=["--delete"],
## Summary - Add per-host rsync bandwidth limit overrides with inherit/unlimited semantics. - Store the effective bwlimit in run metadata/results and show it in host/run detail views. - Document recommended starting values for VPN and remote backups. ## Tests - `.venv/bin/python manage.py makemigrations --check --dry-run` - `.venv/bin/python manage.py test src.pobsync_backend.tests.test_django_config_source.DjangoConfigSourceTests.test_returns_effective_config_from_database src.pobsync_backend.tests.test_django_config_source.DjangoConfigSourceTests.test_host_can_disable_global_rsync_bandwidth_limit src.pobsync_backend.tests.test_configure_commands.ConfigureCommandsTests.test_configure_host_uses_global_retention_defaults src.pobsync_backend.tests.test_run_scheduled_config_source.RunScheduledConfigSourceTests.test_dry_run_applies_configured_bandwidth_limit src.pobsync_backend.tests.test_run_scheduled_config_source.RunScheduledConfigSourceTests.test_real_run_can_request_verbose_output_args --verbosity 2` - `.venv/bin/python manage.py test src.pobsync_backend.tests.test_views.ViewTests.test_create_host_config_form_creates_host src.pobsync_backend.tests.test_views.ViewTests.test_host_detail_renders_effective_config_preview src.pobsync_backend.tests.test_views.ViewTests.test_run_detail_renders_result_payload src.pobsync_backend.tests.test_views.ViewTests.test_host_config_form_updates_host_config --verbosity 2` - `.venv/bin/python manage.py check` Closes #51
2026-05-23 00:59:55 +02:00
rsync_bwlimit_kbps=2500,
refactor: promote backup configuration to structured SQL fields Add explicit Django model fields for global and host backup settings, including SSH, rsync, source, excludes, and retention configuration. Populate them from legacy JSON during migration, make the config repository prefer structured fields, and update import/admin/tests around the SQL-first configuration model.
2026-05-19 05:04:49 +02:00
retention_daily=7,
retention_weekly=4,
retention_monthly=3,
retention_yearly=1,
refactor: inject config sources into scheduled backups Introduce a ConfigSource interface so scheduled backups no longer need to load host configuration directly from runtime YAML. Add a Django-backed config source for SQL-driven backup runs, keep file-based config as the CLI default, and make scheduled prune execution actually apply retention after successful runs.
2026-05-19 04:57:10 +02:00
config={
refactor: promote backup configuration to structured SQL fields Add explicit Django model fields for global and host backup settings, including SSH, rsync, source, excludes, and retention configuration. Populate them from legacy JSON during migration, make the config repository prefer structured fields, and update import/admin/tests around the SQL-first configuration model.
2026-05-19 05:04:49 +02:00
"retention": {"daily": 99, "weekly": 99, "monthly": 99, "yearly": 99},
"excludes_add": ["/ignored/***"],
"rsync": {"extra_args": ["--ignored"]},
refactor: inject config sources into scheduled backups Introduce a ConfigSource interface so scheduled backups no longer need to load host configuration directly from runtime YAML. Add a Django-backed config source for SQL-driven backup runs, keep file-based config as the CLI default, and make scheduled prune execution actually apply retention after successful runs.
2026-05-19 04:57:10 +02:00
},
)
cfg = DjangoConfigSource().effective_config_for_host("web-01")
self.assertEqual(cfg["backup_root"], "/backups")
self.assertEqual(cfg["host"], "web-01")
self.assertEqual(cfg["address"], "web-01.example.test")
self.assertEqual(cfg["excludes_effective"], ["/proc/***", "/tmp/***"])
self.assertEqual(cfg["rsync"]["args_effective"], ["--archive", "--numeric-ids", "--delete"])
## Summary - Add per-host rsync bandwidth limit overrides with inherit/unlimited semantics. - Store the effective bwlimit in run metadata/results and show it in host/run detail views. - Document recommended starting values for VPN and remote backups. ## Tests - `.venv/bin/python manage.py makemigrations --check --dry-run` - `.venv/bin/python manage.py test src.pobsync_backend.tests.test_django_config_source.DjangoConfigSourceTests.test_returns_effective_config_from_database src.pobsync_backend.tests.test_django_config_source.DjangoConfigSourceTests.test_host_can_disable_global_rsync_bandwidth_limit src.pobsync_backend.tests.test_configure_commands.ConfigureCommandsTests.test_configure_host_uses_global_retention_defaults src.pobsync_backend.tests.test_run_scheduled_config_source.RunScheduledConfigSourceTests.test_dry_run_applies_configured_bandwidth_limit src.pobsync_backend.tests.test_run_scheduled_config_source.RunScheduledConfigSourceTests.test_real_run_can_request_verbose_output_args --verbosity 2` - `.venv/bin/python manage.py test src.pobsync_backend.tests.test_views.ViewTests.test_create_host_config_form_creates_host src.pobsync_backend.tests.test_views.ViewTests.test_host_detail_renders_effective_config_preview src.pobsync_backend.tests.test_views.ViewTests.test_run_detail_renders_result_payload src.pobsync_backend.tests.test_views.ViewTests.test_host_config_form_updates_host_config --verbosity 2` - `.venv/bin/python manage.py check` Closes #51
2026-05-23 00:59:55 +02:00
self.assertEqual(cfg["rsync"]["bwlimit_kbps"], 2500)
def test_host_can_disable_global_rsync_bandwidth_limit(self) -> None:
GlobalConfig.objects.create(
name="default",
backup_root="/backups",
rsync_args=["--archive"],
rsync_bwlimit_kbps=5000,
)
HostConfig.objects.create(
host="web-01",
address="web-01.example.test",
rsync_bwlimit_kbps=0,
)
cfg = DjangoConfigSource().effective_config_for_host("web-01")
self.assertEqual(cfg["rsync"]["bwlimit_kbps"], 0)
(feature) Add Django-managed SSH credentials Add SSH credentials as first-class Django data so backup keys can be uploaded through the control panel instead of mounted into containers. Credentials can be selected globally or overridden per host. At runtime the selected key is materialized inside the container with restrictive file permissions and injected into the rsync SSH command via IdentityFile. Known hosts entries are handled the same way when configured. Add control panel views for creating and listing SSH keys, expose the fields in config forms and admin, document the workflow, and cover global and host credential selection with tests.
2026-05-19 14:37:38 +02:00
def test_materializes_global_ssh_credential_for_runtime_config(self) -> None:
credential = SshCredential.objects.create(
name="backup-key",
private_key="PRIVATE KEY",
known_hosts="web-01.example.test ssh-ed25519 AAAATEST",
)
GlobalConfig.objects.create(
name="default",
backup_root="/backups",
default_ssh_credential=credential,
ssh_options=["-oBatchMode=yes"],
)
HostConfig.objects.create(host="web-01", address="web-01.example.test")
with TemporaryDirectory() as tmp, override_settings(POBSYNC_HOME=str(Path(tmp) / "home")):
cfg = DjangoConfigSource().effective_config_for_host("web-01")
identity_file = Path(tmp) / "home" / "state" / "ssh-credentials" / str(credential.pk) / "identity"
known_hosts = identity_file.parent / "known_hosts"
self.assertEqual(identity_file.read_text(encoding="utf-8"), "PRIVATE KEY\n")
self.assertEqual(known_hosts.read_text(encoding="utf-8"), "web-01.example.test ssh-ed25519 AAAATEST\n")
self.assertEqual(stat.S_IMODE(identity_file.stat().st_mode), 0o600)
self.assertIn("-oBatchMode=yes", cfg["ssh"]["options"])
self.assertIn(f"-oIdentityFile={identity_file}", cfg["ssh"]["options"])
self.assertIn(f"-oUserKnownHostsFile={known_hosts}", cfg["ssh"]["options"])
(bugfix) Use service-level known_hosts for generated SSH keys When a selected SSH credential has no pinned known_hosts entries, create and use a pobsync service-level known_hosts file under POBSYNC_HOME/state. Pass UserKnownHostsFile and StrictHostKeyChecking=accept-new to SSH so unattended backups no longer depend on root's known_hosts or an interactive shell session. Keep pinned credential known_hosts behavior unchanged when entries are configured explicitly.
2026-05-19 20:01:39 +02:00
self.assertNotIn("-oStrictHostKeyChecking=accept-new", cfg["ssh"]["options"])
(bugfix) Surface rsync SSH failure details in run results Include the selected SSH credential metadata and rsync log tail in dry-run and failed backup results so Django shows the actual SSH or rsync failure instead of only the exit code. Warn in host checks when a host still uses database-stored private key material, making it easier to spot old credentials after switching to generated filesystem keys.
2026-05-19 19:49:33 +02:00
self.assertEqual(cfg["ssh_credential"]["storage"], "database")
(feature) Add Django-managed SSH credentials Add SSH credentials as first-class Django data so backup keys can be uploaded through the control panel instead of mounted into containers. Credentials can be selected globally or overridden per host. At runtime the selected key is materialized inside the container with restrictive file permissions and injected into the rsync SSH command via IdentityFile. Known hosts entries are handled the same way when configured. Add control panel views for creating and listing SSH keys, expose the fields in config forms and admin, document the workflow, and cover global and host credential selection with tests.
2026-05-19 14:37:38 +02:00
def test_host_ssh_credential_overrides_global_credential(self) -> None:
global_credential = SshCredential.objects.create(name="global-key", private_key="GLOBAL")
host_credential = SshCredential.objects.create(name="host-key", private_key="HOST")
GlobalConfig.objects.create(
name="default",
backup_root="/backups",
default_ssh_credential=global_credential,
)
HostConfig.objects.create(
host="web-01",
address="web-01.example.test",
ssh_credential=host_credential,
)
with TemporaryDirectory() as tmp, override_settings(POBSYNC_HOME=str(Path(tmp) / "home")):
cfg = DjangoConfigSource().effective_config_for_host("web-01")
host_identity_file = Path(tmp) / "home" / "state" / "ssh-credentials" / str(host_credential.pk) / "identity"
global_identity_file = Path(tmp) / "home" / "state" / "ssh-credentials" / str(global_credential.pk) / "identity"
self.assertEqual(host_identity_file.read_text(encoding="utf-8"), "HOST\n")
self.assertFalse(global_identity_file.exists())
self.assertIn(f"-oIdentityFile={host_identity_file}", cfg["ssh"]["options"])
(feature) Generate filesystem-backed SSH credentials Add filesystem-backed SSH credentials for the native systemd deployment path. Generated keys are stored below POBSYNC_HOME with 0600 permissions, while Django keeps the public key, fingerprint, path, and selection metadata. Add a Django SSH key generation view, delete action for unused generated keys, and a management command used by the installer to ensure a default backup key exists. Update runtime config to use generated key paths directly as IdentityFile, extend host checks to verify key readability, and keep legacy uploaded keys available for compatibility.
2026-05-19 19:41:40 +02:00
def test_filesystem_ssh_credential_uses_existing_key_path(self) -> None:
with TemporaryDirectory() as tmp:
identity_file = Path(tmp) / "identity"
identity_file.write_text("PRIVATE KEY\n", encoding="utf-8")
identity_file.chmod(0o600)
credential = SshCredential.objects.create(name="backup-key", key_path=str(identity_file), public_key="PUBLIC")
GlobalConfig.objects.create(
name="default",
backup_root="/backups",
default_ssh_credential=credential,
)
HostConfig.objects.create(host="web-01", address="web-01.example.test")
## Summary - Override `POBSYNC_HOME` in the filesystem SSH credential test. - Keep credential materialization tests self-contained and writable in local development. - Leave production runtime defaults unchanged. ## Tests - `.venv/bin/python manage.py test src.pobsync_backend.tests.test_django_config_source --verbosity 2` - `.venv/bin/python manage.py test src.pobsync_backend --verbosity 2` Closes #55
2026-05-23 01:06:22 +02:00
with override_settings(POBSYNC_HOME=str(Path(tmp) / "home")):
cfg = DjangoConfigSource().effective_config_for_host("web-01")
(feature) Generate filesystem-backed SSH credentials Add filesystem-backed SSH credentials for the native systemd deployment path. Generated keys are stored below POBSYNC_HOME with 0600 permissions, while Django keeps the public key, fingerprint, path, and selection metadata. Add a Django SSH key generation view, delete action for unused generated keys, and a management command used by the installer to ensure a default backup key exists. Update runtime config to use generated key paths directly as IdentityFile, extend host checks to verify key readability, and keep legacy uploaded keys available for compatibility.
2026-05-19 19:41:40 +02:00
self.assertIn(f"-oIdentityFile={identity_file}", cfg["ssh"]["options"])
(bugfix) Surface rsync SSH failure details in run results Include the selected SSH credential metadata and rsync log tail in dry-run and failed backup results so Django shows the actual SSH or rsync failure instead of only the exit code. Warn in host checks when a host still uses database-stored private key material, making it easier to spot old credentials after switching to generated filesystem keys.
2026-05-19 19:49:33 +02:00
self.assertEqual(cfg["ssh_credential"]["storage"], "filesystem")
(bugfix) Use service-level known_hosts for generated SSH keys When a selected SSH credential has no pinned known_hosts entries, create and use a pobsync service-level known_hosts file under POBSYNC_HOME/state. Pass UserKnownHostsFile and StrictHostKeyChecking=accept-new to SSH so unattended backups no longer depend on root's known_hosts or an interactive shell session. Keep pinned credential known_hosts behavior unchanged when entries are configured explicitly.
2026-05-19 20:01:39 +02:00
def test_missing_known_hosts_uses_service_accept_new_file(self) -> None:
with TemporaryDirectory() as tmp:
identity_file = Path(tmp) / "identity"
identity_file.write_text("PRIVATE KEY\n", encoding="utf-8")
identity_file.chmod(0o600)
credential = SshCredential.objects.create(name="backup-key", key_path=str(identity_file), public_key="PUBLIC")
GlobalConfig.objects.create(
name="default",
backup_root="/backups",
default_ssh_credential=credential,
)
HostConfig.objects.create(host="web-01", address="web-01.example.test")
with override_settings(POBSYNC_HOME=str(Path(tmp) / "home")):
cfg = DjangoConfigSource().effective_config_for_host("web-01")
service_known_hosts = Path(tmp) / "home" / "state" / "known_hosts"
self.assertTrue(service_known_hosts.exists())
self.assertIn(f"-oUserKnownHostsFile={service_known_hosts}", cfg["ssh"]["options"])
self.assertIn("-oStrictHostKeyChecking=accept-new", cfg["ssh"]["options"])
Reference in New Issue Copy Permalink