charm-duplicity

Merge ~llama-charmers/charm-duplicity:develop into ~llama-charmers/charm-duplicity:master

Proposed by Drew Freiberger on 2020-01-14

Status:	Rejected
Rejected by:	Jeremy Lounder on 2020-01-23
Proposed branch:	~llama-charmers/charm-duplicity:develop
Merge into:	~llama-charmers/charm-duplicity:master
Diff against target:	1899 lines (+1584/-0) (has conflicts) 30 files modified .gitignore (+4/-0) CONTRIB.md (+108/-0) Makefile (+8/-0) README.md (+130/-0) actions.yaml (+17/-0) actions/actions.py (+51/-0) actions/do-backup (+1/-0) config.yaml (+101/-0) layer.yaml (+13/-0) lib/lib_duplicity.py (+195/-0) metadata.yaml (+30/-0) reactive/duplicity.py (+247/-0) requirements.txt (+5/-0) scripts/periodic_backup.py (+50/-0) scripts/plugins/check_backup_status.py (+19/-0) templates/periodic_backup (+1/-0) tests/bundles/bionic.yaml (+28/-0) tests/bundles/xenial.yaml (+28/-0) tests/functional/configure.py (+82/-0) tests/functional/requirements.txt (+4/-0) tests/functional/resources/hello-world.txt (+1/-0) tests/functional/resources/testing_id_rsa (+27/-0) tests/functional/resources/testing_id_rsa.pub (+1/-0) tests/functional/test_duplicity.py (+240/-0) tests/functional/utils.py (+54/-0) tests/tests.yaml (+20/-0) tests/unit/conftest.py (+36/-0) tests/unit/test_actions.py (+16/-0) tests/unit/test_lib.py (+31/-0) tox.ini (+36/-0) Conflict in .gitignore Conflict in Makefile Conflict in actions.yaml Conflict in config.yaml Conflict in layer.yaml Conflict in metadata.yaml Conflict in requirements.txt Conflict in tests/functional/requirements.txt Conflict in tests/unit/conftest.py Conflict in tests/unit/test_actions.py Conflict in tests/unit/test_lib.py Conflict in tox.ini
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Jeremy Lounder (community)		2020-01-14	Disapprove on 2020-01-23
Review via email: mp+377615@code.launchpad.net

Revision history for this message

Jeremy Lounder (jldev) wrote on 2020-01-23:

Rejecting due to size and conflicts. Merge has been split into two new MRs, which were rebased onto master

review: Disapprove

Unmerged commits

6bc04f7... by Zachary Zehring on 2019-12-20: Merge branch 'readmes'
9d0460a... by Zachary Zehring on 2019-12-20: Write guide for contributing to project, starting, testing, etc.
f7e111c... by Zachary Zehring on 2019-12-20: Add title of charm to README.
1fa90c8... by Zachary Zehring on 2019-12-20: Add additional information to usage and limited functionality sections.
b174415... by Zachary Zehring on 2019-12-20: [WIP] Add important sections for README.
95aa540... by Zachary Zehring on 2019-12-20: Add CONTRIB.md for guidelines for contributing to the project and howto.
4a9a55b... by Zachary Zehring on 2019-12-19: Merge branch 'nrpe-checks'
96a0a15... by Zachary Zehring on 2019-12-19: Reorder module vars and constants.
ad183c2... by Zachary Zehring on 2019-12-19: Ignore tests files and E402 (line before all imports, needed in some
cases).
230cc89... by Zachary Zehring on 2019-12-19: Add nrpe and corresponding relations for testing.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Llama (LMA) Charmers

charm-duplicity

Merge ~llama-charmers/charm-duplicity:develop into ~llama-charmers/charm-duplicity:master

Commit message

Description of the change

Unmerged commits

Preview Diff

Subscribers

 diff --git a/.gitignore b/.gitignore
 index 32e2995..e8a93af 100644
 --- a/.gitignore
 +++ b/.gitignore
@@ -8,6 +8,10 @@ __pycache__/
  .tox/
  .coverage
++<<<<<<< .gitignore
++=======
++.env
++>>>>>>> .gitignore
  # vi
  .*.swp
 diff --git a/CONTRIB.md b/CONTRIB.md
 new file mode 100644
 index 0000000..842df2d
 --- /dev/null
 +++ b/CONTRIB.md
@@ -0,0 +1,108 @@
++# Duplicity - Contributing
++
++This is a quick guide to help developers start contributing to the Duplicity charm project.
++
++## Getting Started
++
++This section will help with setting up the development and testing environment for this charm.
++
++### Prerequisites
++
++What you'll need is:
++
++- charm-tools
++- tox
++- python3
++- juju
++
++To download:
++
++```
++sudo snap install charm --classic
++sudo snap install juju --classic
++
++pip install tox
++```
++
++### Dev Setup
++
++Here's some quick commands to help you get started developing:
++
++```
++# Clone the repo
++git clone git+ssh://git.launchpad.net/charm-duplicity
++
++# Get virtual environment. Then you can set this as your project interpreter (helpful with PyCharm)
++tox -e func-noop
++source .tox/func-noop/bin/activate
++```
++
++### Building the charm
++
++You can build the charm through different methods:
++
++```
++# Build using make command
++make build
++
++# Build using charm tools command
++charm build
++```
++
++You can set various environment variables (e.g. JUJU_REPOSITORY, CHARM_BUILD_DIR) to build into
++your desired directory. By default, the project will build into /tmp/charm-builds/duplicity.
++
++## Running Tests
++
++The following section will review running automated tests in the project.
++
++### Unit Tests
++
++Unit tests utilize the [pytest framework](https://docs.pytest.org/en/latest/).
++
++TODO: Unit tests still need to be implemented fully. However, running them is simple. You can use the make
++command or call pytest directly:
++
++```
++make unittest
++
++# or
++
++pytest
++
++```
++
++### Functional Tests
++
++This project uses [zaza](https://zaza.readthedocs.io/en/latest/addingcharmtests.html) for it's functional
++test framework. This provides a solid structure for testing as well as the `functest` tool for granular
++control over the functional test lifecycle.
++
++**Note**: the bundles zaza uses grab the local charm from the default `/tmp/charm-builds/duplicity`
++directory. You can change this in the bundle, however please refrain from pushing said change as this will
++move away from the default.
++
++You can run the full test suite using make (will also build the charm before running):
++
++```
++make functional
++
++# use tox to skip the build step
++tox -e functional
++```
++
++You can also use `functest` to run the suite in chunks, separating the preparation, deployment, configuration, and
++allowing singular test class to be run. You can find more information regarding these functions in the zaza docs
++[here](https://zaza.readthedocs.io/en/latest/runningcharmtests.html).
++
++### Code Style lint
++
++This project uses various linting techniques and tools. To run against the code run the following:
++
++```
++make lint
++```
++
++## Authors
++
++[Llama (LMA) Charmers](https://launchpad.net/~llama-charmers)
 diff --git a/Makefile b/Makefile
 index 5f771cf..11eea15 100644
 --- a/Makefile
 +++ b/Makefile
@@ -25,15 +25,23 @@ unittest:
  	@tox -e unit
  functional: build
++<<<<<<< Makefile
  	@PYTEST_KEEP_MODEL=$(PYTEST_KEEP_MODEL) \
  	    PYTEST_CLOUD_NAME=$(PYTEST_CLOUD_NAME) \
  	    PYTEST_CLOUD_REGION=$(PYTEST_CLOUD_REGION) \
  	    tox -e functional
++=======
++	@tox -e functional
++>>>>>>> Makefile
  build:
  	@echo "Building charm to base directory $(JUJU_REPOSITORY)"
  	@-git describe --tags > ./repo-info
++<<<<<<< Makefile
  	@LAYER_PATH=./layers INTERFACE_PATH=./interfaces TERM=linux \
++=======
++	@CHARM_LAYERS_DIR=./layers CHARM_INTERFACES_DIR=./interfaces TERM=linux \
++>>>>>>> Makefile
  		JUJU_REPOSITORY=$(JUJU_REPOSITORY) charm build . --force
  release: clean build
 diff --git a/README.md b/README.md
 new file mode 100644
 index 0000000..76c567a
 --- /dev/null
 +++ b/README.md
@@ -0,0 +1,130 @@
++# Duplicity Charm
++
++## Overview
++
++The Duplicity charm provides functionality for both manual and automatic backups for a deployed application.
++As the name suggests, it utilizes the Duplicity tool and acts as an easy-to-use-and-configure interface for
++operators to set up backups.
++
++After relating the [Duplicity](http://duplicity.nongnu.org/) to another charm, you can backup a directory to
++either the local unit, a remote host, or even an AWS S3 bucket. All it takes is a bit of configuration and
++remote destination preparation.
++
++The following backends are currently supported:
++- File (local)
++- S3
++- SCP
++- Rsync
++- FTP/SFTP
++
++# Usage
++
++### Simple deployment
++
++This will get duplicity deployed on whatever deployed charm you want. Here, we see
++it being related to the ubuntu charm.
++
++```bash
++juju deploy ubuntu
++juju deploy duplicity
++juju add-relation duplicity ubuntu
++```
++
++However, we will need to fill out various other, required configs, depending on the backend type selected.
++
++### Local file backups
++
++This will backup a selected directory to the local unit.
++
++```
++juju config duplicity \
++    backend=file \
++    remote_backup_url=file:///home/me/backups
++    aux_backup_dir=/path/to/back/up
++```
++
++### SCP/Rsync/SFTP Backups
++
++Using the backends scp, rsync, and sftp require, at minimum, the following options to be set.
++
++```
++juju config duplicity \
++    backend=scp \
++    remote_backup_url=my.host:22/my_backups
++    known_host_key='my.host,10.10.10.2 ssh-rsa AAABBBCCC' \
++    private_ssh_key=$(base64 my_priv_id)
++```
++
++Alternatively, you can use `remote_password=password` instead of the `private_ssh_key` option if you prefer
++password authentication.
++
++### S3 Backups
++
++The following will backup to S3 buckets. This configuration requires an IAM account
++access and secret key to be passed into the config.
++
++```
++juju config duplicity \
++    backend=s3 \
++    remote_backup_url=s3:my.aws.com/bucket_name/prefix \
++    aws_access_key_id=my_aws_key \
++    aws_secret_access_key=my_aws_secret
++```
++
++### Encryption
++
++To encrypt your backups, you can use symmetric encryption using a passed in password or
++encrypt the backup with a GPG key. Alternative to these methods, you can ignore encryption
++entirely.
++
++```
++# Symmetric password encryption
++juju config duplicity encryption_passphrase=my_passphrase
++
++# Asymmetric GPG encryption
++juju config duplicity gpg_public_key=MY_GPG_KEY
++
++# Disable encryption (not recommended)
++juju config duplicity disable_encryption=True
++```
++
++### Setting Periodic Backups
++
++The big draw of this charm is being able to periodically backup a directory. By default,
++the charm will only backup manually, i.e. through the `do-backup` action. To enable
++periodic backups, set `backup_frequency` to any of the following:
++
++- hourly
++- daily
++- weekly
++- monthly
++- any valid cron schedule string
++
++### Adding NRPE Checks for alerting
++
++Adding NRPE checks allows for alerting when a periodic backup fails to complete.
++
++```bash
++juju deploy nrpe
++juju add-relation nrpe ubuntu       # required on host
++juju add-relation nrpe duplicity
++```
++
++# Known Limitations and Future Features
++
++This charm is currently still under development. The only supported Duplicity action right now
++is full backups (through both an action and periodic backups). The following is the list
++of future Duplicity functionality:
++
++- incremental backups
++- restoring backups
++- verifying backups
++- listing  backed-up files
++- cleaning up backed files
++- additional supported backends
++
++# Upstream and Bugs
++
++The repository can be found [here](https://git.launchpad.net/charm-duplicity).
++
++Please report bugs or feature requests on [Launchpad](https://bugs.launchpad.net/charm-duplicity).
 diff --git a/actions.yaml b/actions.yaml
 index f1b2535..ef702e3 100644
 --- a/actions.yaml
 +++ b/actions.yaml
@@ -1,2 +1,19 @@
++<<<<<<< actions.yaml
  example-action:
    description: "This is just a test"
++=======
++do-backup:
++  description: |
++    Execute the duplicity backup procedure as configured by charm metadata.
++    Config values may be overridden at the command line.
++# restore:
++#  description: |
++#    Executed the duplicity restore procedure using
++#verify:
++#  description: |
++#    Verify restores to a temporary path and checks if the result matches the
++#    checksum saved during backup
++#list-current-files:
++#  description: |
++#    Lists the latest backed up files on the remote repository
++>>>>>>> actions.yaml
 diff --git a/actions/actions.py b/actions/actions.py
 new file mode 100755
 index 0000000..695d313
 --- /dev/null
 +++ b/actions/actions.py
@@ -0,0 +1,51 @@
++#!/usr/local/sbin/charm-env python3
++
++import os
++import sys
++from subprocess import CalledProcessError
++
++sys.path.append('lib')
++
++from charmhelpers.core import hookenv
++from charms.reactive import clear_flag
++
++from lib.lib_duplicity import DuplicityHelper
++
++
++helper = DuplicityHelper()
++error_file = '/var/run/periodic_backup.error'
++
++
++def do_backup(*args):
++    # TODO: Implement checking to see if application is active.
++    output = helper.do_backup(logger=hookenv.log)
++    hookenv.function_set(dict(output=output.decode('utf-8')))
++
++
++ACTIONS = {
++    'do-backup': do_backup
++}
++
++
++def main(args):
++    action_name = os.path.basename(args[0])
++    action = ACTIONS.get(action_name)
++    if not action_name:
++        return 'Action "{}" is undefined'.format(action_name)
++    try:
++        action(args)
++    except CalledProcessError as e:
++        err_msg = 'Command "{}" failed with return code "{}" and error output:\n{}'.format(
++            e.cmd, e.returncode, e.output.decode('utf-8'))
++        hookenv.log(err_msg, level=hookenv.ERROR)
++        hookenv.function_fail(err_msg)
++    except Exception as e:
++        hookenv.function_fail(str(e))
++    else:
++        clear_flag('duplicity.failed_backup')
++        if os.path.exists(error_file):
++            os.remove(error_file)
++
++
++if __name__ == '__main__':
++    sys.exit(main(sys.argv))
 diff --git a/actions/do-backup b/actions/do-backup
 new file mode 120000
 index 0000000..405a394
 --- /dev/null
 +++ b/actions/do-backup
@@ -0,0 +1 @@
++actions.py
 \ No newline at end of file
 diff --git a/config.yaml b/config.yaml
 index 29ed5a5..9f2d2e7 100644
 --- a/config.yaml
 +++ b/config.yaml
@@ -1,4 +1,5 @@
  options:
++<<<<<<< config.yaml
    string-option:
      type: string
      default: "Default Value"
@@ -11,3 +12,103 @@ options:
      type: int
      default: 9001
      description: "A short description of the configuration option"
++=======
++  aux_backup_directory:
++    type: string
++    default: "/tmp/duplicity"
++    description: |
++      Specifies an additional directory paths which duplicity will monitor on
++      all units for backup.
++  backend:
++    type: string
++    default: ""
++    description: |
++      Accepted values are s3 | ssh | scp | ftp | rsync | file
++      An empty string will disable backups.
++  remote_backup_url:
++    type: string
++    default: ""
++    description: |
++      URL to the remote server and its local path to be used as the
++      backup destination.
++
++      Backends and their URL formats:
++        file:      'file:///some_dir'
++        ftp & sftp: 'remote.host[:port]/some_dir'
++        rsync:      'other.host[:port]::/module/some_dir'
++                    'other.host[:port]/relative_path'
++                    'other.host[:port]//absolute_path'
++        s3:         's3:other.host[:port]/bucket_name[/prefix]'
++                    's3+http://bucket_name[/prefix]'
++        scp:        'other.host[:port]/some_dir'
++        ssh:        'other.host[:port]/some_dir'
++  aws_access_key_id:
++    type: string
++    default: ""
++    description: |
++      Access key id for the AWS IMA user. The user must have a policy that
++      grants it privileges to upload to the S3 bucket. This value is required
++      when backend='s3'.
++  aws_secret_access_key:
++    type: string
++    default: ""
++    description: |
++      Secret access key for the AWS IMA user. The user must have a policy that
++      grants it privileges to upload to the S3 bucket. This value is required
++      when backend='s3'.
++  remote_user:
++    type: string
++    default: ""
++    description: |
++      This value sets the remote host username for ssh or ftp backups. This is
++      required for ftp type backups and optional for ssh, which if unset it
++      will default to using the local hosts username.
++  remote_password:
++    type: string
++    default: ""
++    description: |
++      This value sets the remote server's password to be used for ssh or ftp
++      backups. This is required for ftp backups and optional for ssh, which if
++      unset may still be able to authenticate via trusted host keys.
++  backup_frequency:
++    type: string
++    default: "manual"
++    description: |
++      Sets the crontab backup frequency to a valid cron string or one of the following:
++      hourly|daily|weekly|monthly|manual
++      If set to manual, crontab backup will not run.
++  disable_encryption:
++    type: boolean
++    default: False
++    description: |
++      By default, duplicity uses symmetric encryption on backup, requiring a
++      simple password. Duplicity also supports asymmetric encryption, via GPG
++      keys. Setting this value to True disables encryption across the entire
++      application.
++  encryption_passphrase:
++    type: string
++    default: ""
++    description: |
++      Set a passphrase required to perform symmetric encryption.
++  gpg_public_key:
++    type: string
++    default: ""
++    description: |
++      Sets the GPG Public Key used for asymmetrical encryption. When set, this
++      becomes the primary method for encryption.
++  known_host_key:
++    type: string
++    default: ''
++    description: |
++      Host key for remote backup host when using scp, rsync, and sftp backends.
++      Valid host key required when using these backends. The format is:
++      hostname[,ip] algo public_key
++
++      ex: example.com,10.0.0.0 ssh-rsa AAABBBCCC...
++  private_ssh_key:
++    type: string
++    default: ''
++    description:
++      base64 encoded private SSH key for SSH authentication from duplicity
++      application unit and the remote backup host.
++>>>>>>> config.yaml
 diff --git a/layer.yaml b/layer.yaml
 index cb74697..aa5a1df 100644
 --- a/layer.yaml
 +++ b/layer.yaml
@@ -4,4 +4,17 @@ exclude:
    - layers
  # include required layers here
  includes:
++<<<<<<< layer.yaml
    - layer:basic
++=======
++  - layer:apt
++  - layer:nagios
++  - interface:juju-info
++options:
++  basic:
++    python_packages:
++      - croniter
++      - pidfile
++    use_venv: True
++    include_system_packages: true
++>>>>>>> layer.yaml
 diff --git a/lib/lib_duplicity.py b/lib/lib_duplicity.py
 new file mode 100644
 index 0000000..5333bea
 --- /dev/null
 +++ b/lib/lib_duplicity.py
@@ -0,0 +1,195 @@
++import subprocess
++import os
++
++from charmhelpers.core import hookenv, templating
++
++
++BACKUP_CRON_FILE = '/etc/cron.d/periodic_backup'
++BACKUP_CRON_LOG_PATH = '/var/log/duplicity'
++
++
++def safe_remove_backup_cron():
++    if os.path.exists(BACKUP_CRON_FILE):
++        hookenv.log('Removing backup cron file.', level=hookenv.DEBUG)
++        os.remove(BACKUP_CRON_FILE)
++        hookenv.log('Backup cron file removed.', level=hookenv.DEBUG)
++
++
++class DuplicityHelper():
++    def __init__(self):
++        self.charm_config = hookenv.config()
++
++    @property
++    def backup_cmd(self):
++        cmd = ['duplicity']
++        if self.charm_config.get('private_ssh_key'):
++            cmd.append('--ssh-options=-oIdentityFile=/root/.ssh/duplicity_id_rsa')
++        # later switch to cmd.append('full' if self.charm_config.get('full_backup') else 'incr')
++        # when full_backup implemented
++        cmd.append('full')
++        cmd.extend([self.charm_config.get('aux_backup_directory'), self._backup_url()])
++        cmd.extend(self._additional_options())
++        return cmd
++
++    @property
++    def list_files_cmd(self):
++        cmd = ['duplicity', 'list-current-files', self._backup_url()]
++        cmd.extend(self._additional_options())
++        return cmd
++
++    def _backup_url(self):
++        """
++        Helper function to assemble the backup url into a format accepted
++        by duplicity, based off of the 'backend' and 'remote_backup_url'
++        defined in the charm config. _backup_url will be appended with the
++        charms unit name
++        """
++        backend = self.charm_config.get("backend").lower()
++        prefix = "{}://".format(backend)
++        remote_path = self.charm_config.get("remote_backup_url")
++
++        # start building the url
++        url = ""
++
++        if backend in ["rsync", "scp", "ssh", "ftp", "sftp"]:
++            # These all require SSH Type Authentication and will attempt to use
++            # the provided remote host credentials
++            user = self.charm_config.get("remote_user")
++            password = self.charm_config.get("remote_password")
++            if user:
++                if password:
++                    url += "{}:{}@".format(user, password)
++                else:
++                    url += "{}@".format(user)
++            url += remote_path.replace(prefix, "")
++        elif backend in ["s3", "file"]:
++            url = remote_path.replace(prefix, "")
++        else:
++            return None
++
++        url = "{}://".format(backend) + url + "/{}".format(
++            hookenv.local_unit().replace("/", "-"))
++        return url
++
++    def _set_environment_vars(self):
++        """
++        Helper function sets the required environmental variables used by
++        duplicity.
++        :return:
++        """
++        # Set the Aws Credentials. It doesnt matter if they are used or not
++        os.environ["AWS_SECRET_ACCESS_KEY"] = self.charm_config.get(
++            "aws_secret_access_key")
++        os.environ["AWS_ACCESS_KEY_ID"] = self.charm_config.get(
++            "aws_access_key_id")
++        os.environ["PASSWORD"] = self.charm_config.get(
++            "encryption_passphrase")
++
++    def _additional_options(self):
++        """
++        Parses the config options and provides a list of args to be passed to
++        duplicity, and useful for multiple duplicity actions.
++        :return:
++        """
++        # backups named after the unit
++        cmd = []
++
++        if self.charm_config.get("disable_encryption"):
++            cmd.append("--no-encryption")
++        elif self.charm_config.config.get("gpg_public_key"):
++            cmd.append("--gpg-key={}".format(
++                self.charm_config.config.get("gpg_public_key")))
++        return cmd
++
++    def setup_backup_cron(self):
++        """
++        Sets up the backup cron to run on the unit. Renders the cron and ensures logging
++        directory exists.
++        """
++        if not os.path.exists(BACKUP_CRON_LOG_PATH):
++            os.mkdir(BACKUP_CRON_LOG_PATH)
++        self._render_backup_cron()
++
++    def _render_backup_cron(self):
++        """
++        Render backup cron.
++        """
++        backup_frequency = self.charm_config.get('backup_frequency')
++        if backup_frequency in ['hourly', 'daily', 'weekly', 'monthly']:
++            backup_frequency = '@{}'.format(backup_frequency)
++        cron_ctx = dict(
++            frequency=backup_frequency,
++            unit_name=hookenv.local_unit(),
++            charm_dir=hookenv.charm_dir()
++        )
++        templating.render('periodic_backup', BACKUP_CRON_FILE, cron_ctx)
++        with open('/etc/cron.d/periodic_backup', 'a') as cron_file:
++            cron_file.write('\n')
++
++    @staticmethod
++    def update_known_host_file(known_host_key):
++        permissions = 'a+' if os.path.exists('root_known_host_path') else 'w+'
++        with open('/root/.ssh/known_hosts', permissions) as known_host_file:
++            if known_host_key not in known_host_file.read():
++                print(known_host_key, file=known_host_file)
++
++    def do_backup(self, **kwargs):
++        """ Execute the backup call to duplicity as configured by the charm
++
++        :param: kwargs
++        :type: dictionary of values that may be used instead of config values
++        """
++        self._set_environment_vars()
++        cmd = self.backup_cmd
++        # TODO: Clean password from command!!!
++        hookenv.log("Duplicity Command: {}".format(cmd))
++        return subprocess.check_output(cmd, stderr=subprocess.STDOUT)
++
++    def cleanup(self):
++        #TODO
++        # duplicity cleanup <target_url>
++        raise NotImplementedError()
++
++    def verify(self):
++        #TODO
++        # duplicity verify <target_url> <source_dir>
++        raise NotImplementedError()
++
++    def collection_status(self):
++        #TODO
++        # duplicity collection-status <target_url>
++        raise NotImplementedError()
++
++    def list_current_files(self, **kwargs):
++        """
++        Function that runs duplicity list current files in the remote
++        directory.
++        :return:
++        """
++        raise NotImplementedError()
++        # self._set_environment_vars()
++        # cmd = self.list_files_cmd
++        # try:
++        #     subprocess.check_call(cmd)
++        # except subprocess.CalledProcessError as e:
++        #     pass
++
++    def restore(self):
++        #TODO
++        # duplicity restore <source_url> <target_dir>
++        raise NotImplementedError()
++
++    def remove_older_than(self):
++        #TODO
++        # duplicity remove-older-than time [options] target_url
++        raise NotImplementedError()
++
++    def remove_all_but_n_full(self):
++        #TODO
++        # duplicity remove-all-but-n-full <count> <target_url>
++        raise NotImplementedError()
++
++    def remove_all_inc_of_but_n_full(self):
++        #TODO
++        # duplicity remove-all-inc-of-but-n-full <count> <target_url>
++        raise NotImplementedError()
 diff --git a/metadata.yaml b/metadata.yaml
 index bf95c82..8d707fb 100644
 --- a/metadata.yaml
 +++ b/metadata.yaml
@@ -1,3 +1,4 @@
++<<<<<<< metadata.yaml
  name: charm-duplicity
  summary: <Fill in summary here>
  maintainer: Ryan Farrell <Ryan.Farrell@ryancision7250>
@@ -20,3 +21,32 @@ series:
  # peers:
  #   peer-relation:
  #     interface: interface-name
++=======
++name: duplicity
++summary: Duplicity offers encrypted bandwidth-efficient backup
++maintainer: Ryan Farrell <Ryan.Farrell@ryancision7250>
++description: |
++  Duplicity backs directories by producing encrypted tar-format volumes
++  and uploading them to a remote or local file server. Because duplicity
++  uses librsync, the incremental archives are space efficient and only
++  record the parts of files that have changed since the last backup.
++  Because duplicity uses GnuPG to encrypt and/or sign these archives,
++  they will be safe from spying and/or modification by the server.
++tags:
++  # Replace "misc" with one or more whitelisted tags from this list:
++  # https://jujucharms.com/docs/stable/authors-charm-metadata
++  - backup
++subordinate: true
++series:
++  - bionic
++  - xenial
++provides:
++  nrpe-external-master:
++    interface: nrpe-external-master
++    scope: container
++    optional: true
++requires:
++  general-info:
++    interface: juju-info
++    scope: container
++>>>>>>> metadata.yaml
 diff --git a/reactive/duplicity.py b/reactive/duplicity.py
 new file mode 100644
 index 0000000..10ce0b2
 --- /dev/null
 +++ b/reactive/duplicity.py
@@ -0,0 +1,247 @@
++"""
++This is the collection of the duplicity charm's reactive scripts. It defines
++functions used as callbacks to shape the charm's behavior during various state
++change events such as relations being added, config values changing, relations
++joining etc.
++
++See the following for information about reactive charms:
++  * https://jujucharms.com/docs/devel/developer-getting-started
++  * https://github.com/juju-solutions/layer-basic#overview
++"""
++import base64
++import os
++
++from charmhelpers.core import hookenv, host
++from charmhelpers.contrib.charmsupport.nrpe import NRPE
++from charmhelpers import fetch
++from charms.reactive import set_flag, clear_flag, when_not, when, hook, when_any, when_all
++import croniter
++
++from lib_duplicity import DuplicityHelper, safe_remove_backup_cron
++
++PRIVATE_SSH_KEY_PATH = '/root/.ssh/duplicity_id_rsa'
++PLUGINS_DIR = '/usr/local/lib/nagios/plugins/'
++
++helper = DuplicityHelper()
++
++
++@when_not('duplicity.installed')
++def install_duplicity():
++    """
++    Apt install duplicity's dependencies:
++      - duplicity
++      - python-paramiko for ssh
++      - python-boto for aws
++
++    :return:
++    """
++    hookenv.status_set("maintenance", "Installing duplicity")
++    fetch.apt_install("duplicity")
++    fetch.apt_install("python-paramiko")
++    fetch.apt_install("python-boto")
++    fetch.apt_install("lftp")
++    hookenv.status_set('active', '')
++    set_flag('duplicity.installed')
++
++
++@when_any('config.changed.backend',
++          'config.changed.aws_access_key_id',
++          'config.changed.aws_secret_access_key'
++          'config.changed.remote_backup_url',
++          'config.changed.known_host_key',
++          'config.changed.remote_password',
++          'config.changed.private_ssh_key')
++def validate_backend():
++    """
++    Validates that the config value for 'backend' is something that duplicity
++    can use (see config description for backend for the accepted types). For S3
++    only, check that the AWS IMA credentials are also set.
++    """
++    backend = hookenv.config().get("backend").lower()
++    if backend not in ["s3", "ssh", "scp", "sftp", "ftp", "rsync", "file"]:
++        hookenv.status_set('blocked',
++                           'Unrecognized backend "{}"'.format(backend))
++        clear_flag('duplicity.valid_backend')
++        return
++    elif backend == "s3":
++        # make sure 'aws_access_key_id' and 'aws_secret_access_key' exist
++        if not hookenv.config().get("aws_access_key_id") and \
++                not hookenv.config().get("aws_secret_access_key"):
++            hookenv.status_set('blocked', 'S3 backups require \
++"aws_access_key_id" and "aws_secret_access_key" to be set')
++            clear_flag('duplicity.valid_backend')
++            return
++    if backend in ['scp', 'rsync', 'sftp']:
++        known_host_key = hookenv.config().get('known_host_key')
++        if not known_host_key:
++            hookenv.status_set('blocked', '{} backend requires known_host_key to be set.'.format(backend))
++            clear_flag('duplicity.valid_backend')
++            return
++        else:
++            helper.update_known_host_file(known_host_key)
++        if not hookenv.config().get('remote_password') and not hookenv.config().get('private_ssh_key'):
++            hookenv.status_set(
++                'blocked',
++                'Backend "{}" requires either remote_password or private_ssh_key to be set'.format(backend))
++            clear_flag('duplicity.valid_backend')
++            return
++    if not hookenv.config().get("remote_backup_url"):
++        # remote url is unset
++        hookenv.status_set('blocked', 'Backup path is required. Set config \
++for "remote_backup_url"')
++        clear_flag('duplicity.valid_backend')
++        return
++    set_flag('duplicity.valid_backend')
++
++
++@when('config.changed.aux_backup_directory')
++def create_aux_backup_directory():
++    aux_backup_dir = hookenv.config().get("aux_backup_directory")
++    if aux_backup_dir:
++        # if the data is not ok to make a directory path then let juju catch it
++        if not os.path.exists(aux_backup_dir):
++            os.makedirs(aux_backup_dir)
++            hookenv.log("Creating auxiliary backup directory: {}".format(
++                aux_backup_dir))
++
++
++@when('config.changed.backup_frequency')
++def validate_cron_frequency():
++    cron_frequency = hookenv.config().get("backup_frequency").lower()
++    no_cron_options = ['manual']
++    create_cron_options = ['hourly', 'daily', 'weekly', 'monthly']
++    if cron_frequency in no_cron_options:
++        set_flag('duplicity.remove_backup_cron')
++    elif cron_frequency in create_cron_options:
++        set_flag('duplicity.create_backup_cron')
++    else:
++        try:
++            croniter.croniter(cron_frequency)
++            set_flag('duplicity.create_backup_cron')
++        except (croniter.CroniterBadCronError, croniter.CroniterBadDateError, croniter.CroniterNotAlphaError):
++            clear_flag('duplicity.valid_backup_frequency')
++            clear_flag('duplicity.create_backup_cron')
++            hookenv.status_set('blocked',
++                               'Invalid value "{}" for cron frequency'.format(cron_frequency))
++            return
++    set_flag('duplicity.valid_backup_frequency')
++
++
++@when_any('config.changed.encryption_passphrase',
++          'config.changed.gpg_public_key',
++          'config.changed.disable_encryption')
++def validate_encryption_method():
++    """
++    Function to check that a viable encryption method is configured.
++    """
++    passphrase = hookenv.config().get("encryption_passphrase")
++    gpg_key = hookenv.config().get("gpg_public_key")
++    disable = hookenv.config().get("disable_encryption")
++    if not passphrase and not gpg_key and not disable:
++        hookenv.status_set('blocked', 'Must set either an encryption \
++passphrase, GPG public key, or disable encryption')
++        clear_flag('duplicity.valid_encryption_method')
++        return
++    set_flag('duplicity.valid_encryption_method')
++
++
++@when_all('duplicity.valid_encryption_method',
++          'duplicity.valid_backend',
++          'duplicity.valid_backup_frequency')
++@when_not('duplicity.invalid_private_ssh_key')
++def app_ready():
++    hookenv.status_set('active', 'Ready')
++
++
++@when_all('duplicity.create_backup_cron',
++          'duplicity.valid_encryption_method',
++          'duplicity.valid_backend')
++def create_backup_cron():
++    """
++    Finalizes the backup cron script when duplicity has been configured
++    successfully. The cron script will be a call to juju run-action do-backup
++    """
++    hookenv.status_set('active', 'Rendering duplicity crontab')
++    helper.setup_backup_cron()
++    hookenv.status_set('active', 'Ready.')
++    clear_flag('duplicity.create_backup_cron')
++
++
++@when('duplicity.remove_backup_cron')
++def remove_backup_cron():
++    """
++    Stops and removes the backup cron in case of duplicity not being configured correctly or manual|auto
++    config option is set. The former ensures backups won't run under an incorrect config.
++    """
++    cron_backup_frequency = hookenv.config().get('backup_frequency')
++    hookenv.log(
++        'Backup frequency set to {}. Skipping or removing cron setup.'.format(cron_backup_frequency))
++    safe_remove_backup_cron()
++    clear_flag('duplicity.remove_backup_cron')
++
++
++@when('config.changed.private_ssh_key')
++def update_private_ssh_key():
++    private_key = hookenv.config().get('private_ssh_key')
++    if private_key:
++        hookenv.log('Updating private ssh key file.')
++        encoded_private_key = hookenv.config().get('private_ssh_key')
++        try:
++            decoded_private_key = base64.b64decode(encoded_private_key).decode('utf-8')
++        except UnicodeDecodeError as e:
++            hookenv.log(
++                'Failed to decode private key {} to utf-8 with error: {}.\nNot creating ssh key file'.format(
++                    encoded_private_key, e),
++                level=hookenv.ERROR)
++            hookenv.status_set(workload_state='blocked',
++                               message='invalid private_ssh_key. ensure that key is base64 encoded')
++            set_flag('duplicity.invalid_private_ssh_key')
++            return
++        with open(PRIVATE_SSH_KEY_PATH, 'w') as f:
++            f.write(decoded_private_key)
++        hookenv.log('Updated private ssh key file.')
++    else:
++        if os.path.exists(PRIVATE_SSH_KEY_PATH):
++            os.remove(PRIVATE_SSH_KEY_PATH)
++    clear_flag('duplicity.invalid_private_ssh_key')
++
++
++@when('nrpe-external-master.available')
++@when_not('nrpe-external-master.initial-config')
++def initial_nrpe_config():
++    set_flag('nrpe-external-master.initial-config')
++    render_checks()
++
++
++@when('nrpe-external-master.initial-config')
++@when_any('config.changed.nagios_context',
++          'config.changed.nagios_servicegroups')
++def render_checks():
++    hookenv.log('Creating NRPE checks.')
++    charm_plugin_dir = os.path.join(hookenv.charm_dir(), 'scripts', 'plugins/')
++    if not os.path.exists(PLUGINS_DIR):
++        os.makedirs(PLUGINS_DIR)
++    host.rsync(charm_plugin_dir, PLUGINS_DIR)
++    nrpe = NRPE()
++    unit_name = hookenv.local_unit()
++    nrpe.add_check(
++        check_cmd=os.path.join(PLUGINS_DIR, 'check_backup_status.py'),
++        shortname='backups',
++        description='Check that periodic backups have not failed.'
++    )
++    nrpe.write()
++    set_flag('nrpe-external-master.configured')
++    hookenv.log('NRPE checks created.')
++
++
++@when('nrpe-external-master.configured')
++@when_not('nrpe-external-master.available')
++def remove_nrpe_checks():
++    nrpe = NRPE()
++    nrpe.remove_check(shortname='backups')
++    clear_flag('nrpe-external-master.configured')
++
++
++@hook()
++def stop():
++    safe_remove_backup_cron()
 diff --git a/requirements.txt b/requirements.txt
 index 8462291..371d4f8 100644
 --- a/requirements.txt
 +++ b/requirements.txt
@@ -1 +1,6 @@
  # Include python requirements here
++<<<<<<< requirements.txt
++=======
++croniter
++pidfile
++>>>>>>> requirements.txt
 diff --git a/scripts/periodic_backup.py b/scripts/periodic_backup.py
 new file mode 100755
 index 0000000..db00bee
 --- /dev/null
 +++ b/scripts/periodic_backup.py
@@ -0,0 +1,50 @@
++#!/usr/local/sbin/charm-env python3
++import sys
++import subprocess
++import os
++
++sys.path.append('lib')
++
++from charmhelpers.core import hookenv
++from charms.reactive import clear_flag
++from pidfile import PidFile
++
++from lib import lib_duplicity
++
++
++pidfile = '/var/run/periodic_backup.pid'
++error_file = '/var/run/periodic_backup.error'
++
++
++def write_error_file(message):
++    with open(error_file, 'w') as f:
++        f.write(message)
++
++
++def main():
++    try:
++        hookenv.log('Performing backup.')
++        output = lib_duplicity.DuplicityHelper().do_backup()
++        hookenv.log('Periodic backup complete with following output:\n{}'.format(output.decode('utf-8')))
++    except subprocess.CalledProcessError as e:
++        err_msg = 'Periodic backup failed. Command "{}" failed with return code "{}" and error output:\n{}'.format(
++            e.cmd, e.returncode, e.output.decode('utf-8'))
++        hookenv.log(err_msg, level=hookenv.ERROR)
++        write_error_file(err_msg)
++    except Exception as e:
++        err_msg = 'Periodic backup failed: {}'.format(str(e))
++        hookenv.log(err_msg, level=hookenv.ERROR)
++        write_error_file(err_msg)
++    else:
++        clear_flag('duplicity.failed_backup')
++        if os.path.exists(error_file):
++            os.remove(error_file)
++
++
++if __name__ == "__main__":
++    status, workload_msg = hookenv.status_get()
++    if status != 'active':
++        hookenv.log('Duplicity unit must be in ready state to execute backup command.', level=hookenv.WARNING)
++        sys.exit()
++    with PidFile(pidfile):
++        main()
 diff --git a/scripts/plugins/check_backup_status.py b/scripts/plugins/check_backup_status.py
 new file mode 100755
 index 0000000..7c34410
 --- /dev/null
 +++ b/scripts/plugins/check_backup_status.py
@@ -0,0 +1,19 @@
++#!/usr/bin/env python3
++
++import sys
++import os
++
++error_file = '/var/run/periodic_backup.error'
++
++
++def main():
++    if os.path.exists(error_file):
++        with open(error_file) as f:
++            print('WARNING: Backup not completed successfully:\n', f.read())
++        return 1
++    print('OK')
++    return 0
++
++
++if __name__ == '__main__':
++    sys.exit(main())
 diff --git a/templates/periodic_backup b/templates/periodic_backup
 new file mode 100644
 index 0000000..8a5fd24
 --- /dev/null
 +++ b/templates/periodic_backup
@@ -0,0 +1 @@
++{{ frequency }} root /usr/bin/juju-run {{ unit_name }} {{ charm_dir }}/scripts/periodic_backup.py
 \ No newline at end of file
 diff --git a/tests/bundles/bionic.yaml b/tests/bundles/bionic.yaml
 new file mode 100644
 index 0000000..5f60792
 --- /dev/null
 +++ b/tests/bundles/bionic.yaml
@@ -0,0 +1,28 @@
++series: bionic
++
++applications:
++  ubuntu:
++    charm: cs:ubuntu
++    num_units: 1
++
++  backup-host:
++    charm: cs:ubuntu
++    num_units: 1
++
++  nrpe:
++    charm: cs:nrpe
++
++  duplicity:
++    charm: /tmp/charm-builds/duplicity
++    options:
++      backend: file
++      remote_backup_url: 'file:///home/ubuntu/somedir'
++      disable_encryption: True
++
++relations:
++  - - ubuntu
++    - duplicity
++  - - nrpe
++    - duplicity
++  - - nrpe
++    - ubuntu
 \ No newline at end of file
 diff --git a/tests/bundles/xenial.yaml b/tests/bundles/xenial.yaml
 new file mode 100644
 index 0000000..809ad44
 --- /dev/null
 +++ b/tests/bundles/xenial.yaml
@@ -0,0 +1,28 @@
++series: xenial
++
++applications:
++  ubuntu:
++    charm: cs:ubuntu
++    num_units: 1
++
++  backup-host:
++    charm: cs:ubuntu
++    num_units: 1
++
++  nrpe:
++    charm: cs:nrpe
++
++  duplicity:
++    charm: /tmp/charm-builds/duplicity
++    options:
++      backend: file
++      remote_backup_url: 'file:///home/ubuntu/somedir'
++      disable_encryption: True
++
++relations:
++  - - ubuntu
++    - duplicity
++  - - duplicity
++    - nrpe
++  - - nrpe
++    - ubuntu
 diff --git a/tests/functional/configure.py b/tests/functional/configure.py
 new file mode 100644
 index 0000000..fa6b612
 --- /dev/null
 +++ b/tests/functional/configure.py
@@ -0,0 +1,82 @@
++import logging
++import subprocess
++from pprint import pprint
++
++import zaza.model
++
++
++ubuntu_user_pass = 'ubuntu:sUp3r5ecr3tP45SW0rd'
++ubuntu_backup_directory_source = '/home/ubuntu/test-files'
++
++
++def set_ubuntu_password_on_backup_host():
++    command = 'echo "{}" | chpasswd'.format(ubuntu_user_pass)
++    backup_host_unit = _get_unit('backup-host')
++    result = zaza.model.run_on_unit(backup_host_unit.name, command, timeout=15)
++    _check_run_result(result)
++
++
++def set_ssh_password_access_on_backup_host():
++    backup_host_unit = _get_unit('backup-host')
++    command = "sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config && " \
++              "service sshd reload"
++    result = zaza.model.run_on_unit(backup_host_unit.name, command, timeout=15)
++    _check_run_result(result)
++
++
++def setup_test_files_for_backup():
++    ubuntu_unit = _get_unit('ubuntu')
++    command = 'runuser -l ubuntu -c "mkdir {}"'.format(ubuntu_backup_directory_source)
++    result = zaza.model.run_on_unit(ubuntu_unit.name, command, timeout=15)
++    _check_run_result(result, codes=['1'])
++    zaza.model.scp_to_unit(
++        unit_name=ubuntu_unit.name,
++        source='./tests/functional/resources/hello-world.txt',
++        destination=ubuntu_backup_directory_source
++    )
++
++
++def set_backup_host_known_host_key():
++    backup_host_ip = _get_unit('backup-host').public_address
++    command = ['ssh-keyscan', '-t', 'rsa', backup_host_ip]
++    output = subprocess.check_output(command)
++    zaza.model.set_application_config('duplicity', dict(known_host_key=output.decode('utf-8')))
++
++
++def add_pub_key_to_backup_host():
++    backup_host_unit = _get_unit('backup-host')
++    with open('./tests/functional/resources/testing_id_rsa.pub') as f:
++        pub_key = f.read().strip()
++    command = 'echo "{}" >> /home/ubuntu/.ssh/authorized_keys'.format(pub_key)
++    result = zaza.model.run_on_unit(backup_host_unit.name, command, timeout=15)
++    _check_run_result(result)
++
++
++def setup_ftp():
++    backup_host_unit = _get_unit('backup-host')
++    install_command = 'apt install -y vsftpd'
++    result = zaza.model.run_on_unit(backup_host_unit.name, install_command, timeout=15)
++    _check_run_result(result)
++    vsconf = ['write_enable', 'ascii_upload_enable', 'ascii_download_enable', 'chroot_local_user',
++              'chroot_list_enable', 'ls_recurse_enable']
++    configure_command = 'for i in {}; do sed -i "s/#$i/$i/" /etc/vsftpd.conf; done && ' \
++                        'echo ubuntu > /etc/vsftpd.chroot_list && ' \
++                        'systemctl restart vsftpd'.format(' '.join(vsconf))
++    result = zaza.model.run_on_unit(backup_host_unit.name, configure_command, timeout=15)
++    _check_run_result(result)
++
++
++def _check_run_result(result, codes=None):
++    if not result:
++        raise Exception('Failed to get a result from run_on_unit command.')
++    allowed_codes = list('0')
++    if codes:
++        allowed_codes.extend(codes)
++    if result['Code'] not in allowed_codes:
++        logging.error('Bad result code received. Result code: {}'.format(result['Code']))
++        logging.error('Returned: \n{}'.format(result))
++        raise Exception('Command returned non-zero return code.')
++
++
++def _get_unit(app):
++    return zaza.model.get_units(app)[0]
 diff --git a/tests/functional/requirements.txt b/tests/functional/requirements.txt
 index f76bfbb..bc5e8ea 100644
 --- a/tests/functional/requirements.txt
 +++ b/tests/functional/requirements.txt
@@ -1,6 +1,10 @@
  flake8
  juju
  mock
++<<<<<<< tests/functional/requirements.txt
  pytest
  pytest-asyncio
  requests
++=======
++git+https://github.com/openstack-charmers/zaza.git#egg=zaza
++>>>>>>> tests/functional/requirements.txt
 diff --git a/tests/functional/resources/hello-world.txt b/tests/functional/resources/hello-world.txt
 new file mode 100644
 index 0000000..a042389
 --- /dev/null
 +++ b/tests/functional/resources/hello-world.txt
@@ -0,0 +1 @@
++hello world!
 diff --git a/tests/functional/resources/testing_id_rsa b/tests/functional/resources/testing_id_rsa
 new file mode 100644
 index 0000000..747d27a
 --- /dev/null
 +++ b/tests/functional/resources/testing_id_rsa
@@ -0,0 +1,27 @@
++-----BEGIN RSA PRIVATE KEY-----
++MIIEpAIBAAKCAQEAsavU+J2Rot++0nJWNP0phRHa49tiXrDSthapHiqoPwE8uVWE
++3fFhE7Reil7VaKHiLtof2eD506JtOeFAvyQAoMpFXkN3s1QFXqacx5pZBav/TP/Y
++ss7P7avRmR8Y5xyxEtbnYZFgUgXua4491KgcAwzqfQjuWSXalubthFbrOwKy+G0M
++5JT5GCfZNzIKuxz8TPHzwEr1f9w/vUoQQvt2CzVn3M9ka/RTcmrVqzOTfmNCh/j7
++Qcg1c5gYBuQv/TmZae8bixhC/P6CD07qDZ1Q00iYk3mhuqkPNY8kq8XRmVNJQowf
++/tyoQ/WAznNBdOY7qoDGmfv0jyQX83BqCOuy3QIDAQABAoIBAEuopLSKRO5a4WO0
++lMlT1U55YAEP9z/jhJdN5w6Vk7fgyv8RT9dDZteBQ5Eg+TfpV+wjrtSVXU2mKWUw
++auX6atoNyKRvjpWq/e5kfPby313u9HTRrnHWZ+0J8eOGvpAMQ8uGAFooEiBbrj/W
++/rWEMQmLgn9kQjtsRz1jcVmdueYSdkG9f1uHLv9kvrnPC6luGKTwMcx4PH1fGHAQ
++NFLlDmf5M4GnRL+37zl6hmMuoFPhFrcSehvkCnzJEBo8958sBX8LEZ9c1vaye3Sh
++n6UPL6iUh/zlGUCag7TbT2svvu2m1IM8sUCGGDNF5IJu+ocqWaUNWiHJmg5NhsjZ
++COEzZnECgYEA4WIVG/nqtbeEI5/h0qkxauLBxbgrC8Gv5qrIMt0Z+yK8QitaIZe9
++d5rIVMsEmb83n0nYxgsULAR+iD7cBd0cJ6jg6zpPBdPZucZw/Yhlmezv/RX1TjlZ
++ORHcueuj2UxxsoVPDdYRiO+CYupoLXINb4UK/iZP0eSBII3e00H1BmsCgYEAyc6F
++bdftyjvNl5cdF/XMSZSrefpiGLsFgt9HhWHU/i698xGaMBaxo8z6YcgtecdgYH+c
++LePoC1WaYQrNLvevCDMpjgqSXPCyuVKLLlI5+5beme+n3GyL3JpeK28Wd0dJs2nT
++nRnK2+ChbI4wT8ylDedi7koHiV5IzeBXfV2nrdcCgYEAmdPRyIhok6IvhAkJnjhw
++TB18V7B9YMbPgcYqYdzacLeieh8Qo0DnxgxUktsFxtHl6sgCNhk1qV1f5ynQDgh9
++wOvYp3Pin32aattwHvrLLaWznq8wADXQGc2BMzwLVrKAH3IxJKZozWd7PHv0op/n
++X6gUeqY3cHBfWZK69MFdtQUCgYEAu3nLRN8rPgvOk/xDf+XN0bF2l8u+ZAEiPpFU
++rRnUuAoOVohMuE3s2yHqnPpNHOvWoe8K1Sr7f8QXtf1F3lMk3LZC7Xzuub62GioP
++uImU6iAfTdxxEfoY+GjEAQ+jTE4CrtUqTLEQXrHQ5Ls3MHsJ/t+tbXeCht/7PJ8k
++SAfAZWMCgYBFw1VNBCE6fxGBpsZpo8RHHaGWVJDdI1mxzGNqTO6hcAqPVXzBYYaz
++l1pdVXC0wVjKYa6+pS+4WNQSkUNLlrgeVqY3PC6YJMfyxR/+vOezjLOqGQk3lLna
++Ds1QkNKV+2nOHGL9QQhfhuR+t7SmTkr/7ZWGv8iScNMYc8f59r5TTw==
++-----END RSA PRIVATE KEY-----
 diff --git a/tests/functional/resources/testing_id_rsa.pub b/tests/functional/resources/testing_id_rsa.pub
 new file mode 100644
 index 0000000..0ae5825
 --- /dev/null
 +++ b/tests/functional/resources/testing_id_rsa.pub
@@ -0,0 +1 @@
++ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxq9T4nZGi377SclY0/SmFEdrj22JesNK2FqkeKqg/ATy5VYTd8WETtF6KXtVooeIu2h/Z4PnTom054UC/JACgykVeQ3ezVAVeppzHmlkFq/9M/9iyzs/tq9GZHxjnHLES1udhkWBSBe5rjj3UqBwDDOp9CO5ZJdqW5u2EVus7ArL4bQzklPkYJ9k3Mgq7HPxM8fPASvV/3D+9ShBC+3YLNWfcz2Rr9FNyatWrM5N+Y0KH+PtByDVzmBgG5C/9OZlp7xuLGEL8/oIPTuoNnVDTSJiTeaG6qQ81jySrxdGZU0lCjB/+3KhD9YDOc0F05juqgMaZ+/SPJBfzcGoI67Ld zackz@zackz-Precision-5530
 diff --git a/tests/functional/test_duplicity.py b/tests/functional/test_duplicity.py
 new file mode 100644
 index 0000000..f6acc13
 --- /dev/null
 +++ b/tests/functional/test_duplicity.py
@@ -0,0 +1,240 @@
++import unittest
++import asyncio
++import concurrent.futures
++from pprint import pprint
++import base64
++
++import zaza.model
++
++from tests.functional import utils
++from tests.functional.configure import (
++    ubuntu_backup_directory_source,
++    ubuntu_user_pass
++)
++
++
++def _run(coro):
++    """ A wrapper function to allow for the running of async functions in unittest.TestCase """
++    return asyncio.get_event_loop().run_until_complete(coro)
++
++
++class BaseDuplicityTest(unittest.TestCase):
++    """ Base class for Duplicity charm tests. """
++
++    @classmethod
++    def setUpClass(cls):
++        """ Run setup for Duplicity tests. """
++        cls.model_name = zaza.model.get_juju_model()
++        cls.application_name = 'duplicity'
++
++
++class DuplicityBackupCronTest(BaseDuplicityTest):
++
++    @classmethod
++    def setUpClass(cls):
++        super().setUpClass()
++
++    @utils.config_restore('duplicity')
++    def test_cron_creation(self):
++        options = ['daily', 'weekly', 'monthly']
++        for option in options:
++            new_config = dict(backup_frequency=option)
++            zaza.model.set_application_config(self.application_name, new_config)
++            try:
++                zaza.model.block_until_file_has_contents(
++                    application_name=self.application_name,
++                    remote_file='/etc/cron.d/periodic_backup',
++                    expected_contents=option,
++                    timeout=60
++                )
++            except concurrent.futures._base.TimeoutError:
++                self.fail(
++                    'Cron file /etc/cron.d/period_backup never populated with option <{}>'.format(option))
++
++    @utils.config_restore('duplicity')
++    def test_cron_creation_cron_string(self):
++        cron_string = '* * * * *'
++        new_config = dict(backup_frequency=cron_string)
++        zaza.model.set_application_config(self.application_name, new_config)
++        try:
++            zaza.model.block_until_file_has_contents(
++                application_name=self.application_name,
++                remote_file='/etc/cron.d/periodic_backup',
++                expected_contents=cron_string,
++                timeout=60
++            )
++        except concurrent.futures._base.TimeoutError:
++            self.fail(
++                'Cron file /etc/cron.d/period_backup never populated with option <{}>'.format(cron_string))
++
++    @utils.config_restore('duplicity')
++    def test_cron_invalid_cron_string(self):
++        cron_string = '* * * *'
++        new_config = dict(backup_frequency=cron_string)
++        zaza.model.set_application_config(self.application_name, new_config)
++        try:
++            duplicity_workload_checker = utils.get_workload_application_status_checker(
++                self.application_name, 'blocked')
++            _run(zaza.model.async_block_until(duplicity_workload_checker, timeout=15))
++            a_unit = zaza.model.get_units(self.application_name)[0]
++            self.assertEquals(a_unit.workload_status_message,
++                              'Invalid value "{}" for cron frequency'.format(cron_string))
++        except concurrent.futures._base.TimeoutError:
++            self.fail('Failed to enter blocked state with invalid backup_frequency.')
++
++    @utils.config_restore('duplicity')
++    def test_no_cron(self):
++        options = ['auto', 'manual']
++        for option in options:
++            new_config = dict(backup_frequency=option)
++            zaza.model.set_application_config(self.application_name, new_config)
++            try:
++                zaza.model.block_until_file_missing(
++                    model_name=self.model_name,
++                    app=self.application_name,
++                    path='/etc/cron.d/periodic_backup',
++                    timeout=60
++                )
++            except concurrent.futures._base.TimeoutError:
++                self.fail(
++                    'Cron file /etc/cron.d/period_backup exists with option <{}>'.format(option))
++
++
++class DuplicityEncryptionValidationTest(BaseDuplicityTest):
++
++    @classmethod
++    def setUpClass(cls):
++        super().setUpClass()
++
++    @utils.config_restore('duplicity')
++    def test_encryption_true_no_key_no_passphrase_blocks(self):
++        new_config = dict(
++            encryption_passphrase='',
++            gpg_public_key='',
++            disable_encryption='False'
++        )
++        zaza.model.set_application_config(self.application_name, new_config, self.model_name)
++        try:
++            duplicity_workload_checker = utils.get_workload_application_status_checker(
++                self.application_name, 'blocked')
++            _run(zaza.model.async_block_until(duplicity_workload_checker, timeout=15))
++            a_unit = zaza.model.get_units(self.application_name)[0]
++            self.assertEquals(a_unit.workload_status_message,
++                              'Must set either an encryption passphrase, GPG public key, or disable encryption')
++        except concurrent.futures._base.TimeoutError:
++            self.fail('Failed to enter blocked state with encryption enables and no passphrase or key.')
++
++    @utils.config_restore('duplicity')
++    def test_encryption_true_with_key(self):
++        zaza.model.set_application_config(self.application_name, dict(disable_encryption='False'), self.model_name)
++        try:
++            duplicity_workload_checker = utils.get_workload_application_status_checker(
++                self.application_name, 'blocked')
++            _run(zaza.model.async_block_until(duplicity_workload_checker, timeout=15))
++        except concurrent.futures._base.TimeoutError:
++            self.fail('Failed to enter blocked state with encryption enables and no passphrase or key.')
++        zaza.model.set_application_config(self.application_name, dict(gpg_public_key='S0M3k3Y'))
++        try:
++            zaza.model.block_until_all_units_idle()
++        except concurrent.futures._base.TimeoutError:
++            self.fail('Not all units entered idle state. Config change back failed to achieve active/idle.')
++
++    @utils.config_restore('duplicity')
++    def test_encryption_true_with_passphrase(self):
++        zaza.model.set_application_config(self.application_name, dict(disable_encryption='False'), self.model_name)
++        try:
++            duplicity_workload_checker = utils.get_workload_application_status_checker(
++                self.application_name, 'blocked')
++            _run(zaza.model.async_block_until(duplicity_workload_checker, timeout=15))
++        except concurrent.futures._base.TimeoutError:
++            self.fail('Failed to enter blocked state with encryption enables and no passphrase or key.')
++        zaza.model.set_application_config(self.application_name, dict(encryption_passphrase='somephrase'))
++        try:
++            zaza.model.block_until_all_units_idle()
++        except concurrent.futures._base.TimeoutError:
++            self.fail('Not all units entered idle state. Config change back failed to achieve active/idle.')
++
++
++class DuplicityBackupCommandTest(BaseDuplicityTest):
++    @classmethod
++    def setUpClass(cls):
++        super().setUpClass()
++        cls.backup_host = zaza.model.get_units('backup-host')[0]
++        cls.duplicity_unit = zaza.model.get_units('duplicity')[0]
++        cls.backup_host_ip = cls.backup_host.public_address
++        user_pass_pair = ubuntu_user_pass.split(':')
++        cls.remote_user = user_pass_pair[0]
++        cls.remote_pass = user_pass_pair[1]
++        cls.action = 'do-backup'
++        cls.ssh_priv_key = cls.get_ssh_priv_key()
++
++    def get_config(self, **kwargs):
++        base_config = dict(
++            remote_backup_url=self.backup_host_ip,
++            aux_backup_directory=ubuntu_backup_directory_source,
++            remote_user=self.remote_user,
++            remote_password=self.remote_pass,
++        )
++        for key, value in kwargs.items():
++            base_config[key] = value
++        return base_config
++
++    @staticmethod
++    def get_ssh_priv_key():
++        with open('./tests/functional/resources/testing_id_rsa', 'rb') as f:
++            ssh_private_key = f.read()
++        encoded_ssh_private_key = base64.b64encode(ssh_private_key)
++        return encoded_ssh_private_key.decode('utf-8')
++
++    @utils.config_restore('duplicity')
++    def test_scp_full_do_backup_action(self):
++        additional_config = dict(backend='scp')
++        new_config = self.get_config(**additional_config)
++        utils.set_config_and_wait(self.application_name, new_config)
++        zaza.model.run_action(self.duplicity_unit.name, self.action, raise_on_failure=True)
++
++    @utils.config_restore('duplicity')
++    def test_rsync_full_do_backup_action(self):
++        additional_config = dict(backend='scp')
++        new_config = self.get_config(**additional_config)
++        utils.set_config_and_wait(self.application_name, new_config)
++        zaza.model.run_action(self.duplicity_unit.name, self.action, raise_on_failure=True)
++
++    @utils.config_restore('duplicity')
++    def test_file_full_do_backup_action(self):
++        additional_config = dict(backend='file', remote_backup_url='/home/ubuntu/test-backups')
++        new_config = self.get_config(**additional_config)
++        utils.set_config_and_wait(self.application_name, new_config)
++        zaza.model.run_action(self.duplicity_unit.name, self.action, raise_on_failure=True)
++
++    @utils.config_restore('duplicity')
++    def test_scp_full_ssh_key_auth_backup_action(self):
++        additional_config = dict(backend='scp',
++                                 private_ssh_key=self.ssh_priv_key,
++                                 remote_password='')
++        new_config = self.get_config(**additional_config)
++        utils.set_config_and_wait(self.application_name, new_config)
++        zaza.model.run_action(self.duplicity_unit.name, self.action, raise_on_failure=True)
++
++    @utils.config_restore('duplicity')
++    def test_sftp_full_do_backup(self):
++        additional_config = dict(backend='sftp')
++        new_config = self.get_config(**additional_config)
++        utils.set_config_and_wait(self.application_name, new_config)
++        zaza.model.run_action(self.duplicity_unit.name, self.action, raise_on_failure=True)
++
++    @utils.config_restore('duplicity')
++    def test_sftp_full_ssh_key_do_backup(self):
++        additional_config = dict(backend='sftp',
++                                 private_ssh_key=self.ssh_priv_key,
++                                 remote_password='')
++        new_config = self.get_config(**additional_config)
++        utils.set_config_and_wait(self.application_name, new_config)
++        zaza.model.run_action(self.duplicity_unit.name, self.action, raise_on_failure=True)
++
++    @utils.config_restore('duplicity')
++    def test_ftp_full_do_backup(self):
++        additional_config = dict(backend='ftp')
++        new_config = self.get_config(**additional_config)
++        utils.set_config_and_wait(self.application_name, new_config)
++        zaza.model.run_action(self.duplicity_unit.name, self.action, raise_on_failure=True)
 diff --git a/tests/functional/utils.py b/tests/functional/utils.py
 new file mode 100644
 index 0000000..a3e58b5
 --- /dev/null
 +++ b/tests/functional/utils.py
@@ -0,0 +1,54 @@
++from functools import wraps
++from collections import namedtuple
++
++import zaza.model
++
++
++def get_app_config(app_name):
++    return _convert_config(zaza.model.get_application_config(app_name))
++
++
++def get_workload_application_status_checker(application_name, target_status):
++    """ Returns a function for checking the status of all units of an application. """
++    async def checker():
++        units = await zaza.model.async_get_units(application_name)
++        unit_statuses_blocked = [unit.workload_status == target_status for unit in units]
++        return all(unit_statuses_blocked)
++    return checker
++
++
++def config_restore(*applications):
++    def config_restore_wrap(f):
++        AppConfigPair = namedtuple('AppConfigPair', ['app_name', 'config'])
++        @wraps(f)
++        def wrapped_f(*args):
++            original_configs = [AppConfigPair(app, get_app_config(app)) for app in applications]
++            try:
++                f(*args)
++            finally:
++                for app_config_pair in original_configs:
++                    zaza.model.set_application_config(app_config_pair.app_name, app_config_pair.config)
++                zaza.model.block_until_all_units_idle(timeout=60)
++        return wrapped_f
++    return config_restore_wrap
++
++
++def set_config_and_wait(application_name, config, model_name=None):
++    zaza.model.set_application_config(
++        application_name=application_name,
++        configuration=config,
++        model_name=model_name
++    )
++    zaza.model.block_until_all_units_idle()
++
++
++def _convert_config(config):
++    """
++    Converts config dictionary from get_config to one valid for set_config.
++    """
++    clean_config = dict()
++    for key, value in config.items():
++        clean_config[key] = "{}".format(value["value"])
++    return clean_config
++
++
 diff --git a/tests/tests.yaml b/tests/tests.yaml
 new file mode 100644
 index 0000000..d45d5a4
 --- /dev/null
 +++ b/tests/tests.yaml
@@ -0,0 +1,20 @@
++#charm_name: duplicity
++tests:
++  - tests.functional.test_duplicity.DuplicityBackupCronTest
++  - tests.functional.test_duplicity.DuplicityEncryptionValidationTest
++  - tests.functional.test_duplicity.DuplicityBackupCommandTest
++configure:
++  - tests.functional.configure.set_ubuntu_password_on_backup_host
++  - tests.functional.configure.set_ssh_password_access_on_backup_host
++  - tests.functional.configure.setup_test_files_for_backup
++  - tests.functional.configure.set_backup_host_known_host_key
++  - tests.functional.configure.add_pub_key_to_backup_host
++  - tests.functional.configure.setup_ftp
++gate_bundles:
++  - xenial
++  - bionic
++dev_bundles:
++  - xenial
++  - bionic
++smoke_bundles:
++  - bionic
 diff --git a/tests/unit/conftest.py b/tests/unit/conftest.py
 index 8957d36..bdf00ed 100644
 --- a/tests/unit/conftest.py
 +++ b/tests/unit/conftest.py
@@ -3,8 +3,13 @@ import mock
  import pytest
++<<<<<<< tests/unit/conftest.py
  # If layer options are used, add this to charmduplicity
  # and import layer in lib_charm_duplicity
++=======
++# If layer options are used, add this to duplicity
++# and import layer in lib_duplicity
++>>>>>>> tests/unit/conftest.py
  @pytest.fixture
  def mock_layers(monkeypatch):
      import sys
@@ -20,7 +25,11 @@ def mock_layers(monkeypatch):
          else:
              return None
++<<<<<<< tests/unit/conftest.py
      monkeypatch.setattr('lib_charm_duplicity.layer.options', options)
++=======
++    monkeypatch.setattr('lib_duplicity.layer.options', options)
++>>>>>>> tests/unit/conftest.py
  @pytest.fixture
@@ -39,11 +48,16 @@ def mock_hookenv_config(monkeypatch):
          # cfg['my-other-layer'] = 'mock'
          return cfg
++<<<<<<< tests/unit/conftest.py
      monkeypatch.setattr('lib_charm_duplicity.hookenv.config', mock_config)
++=======
++    monkeypatch.setattr('lib_duplicity.hookenv.config', mock_config)
++>>>>>>> tests/unit/conftest.py
  @pytest.fixture
  def mock_remote_unit(monkeypatch):
++<<<<<<< tests/unit/conftest.py
      monkeypatch.setattr('lib_charm_duplicity.hookenv.remote_unit', lambda: 'unit-mock/0')
@@ -56,6 +70,24 @@ def mock_charm_dir(monkeypatch):
  def charmduplicity(tmpdir, mock_hookenv_config, mock_charm_dir, monkeypatch):
      from lib_charm_duplicity import CharmduplicityHelper
      helper = CharmduplicityHelper()
++=======
++    monkeypatch.setattr('lib_duplicity.hookenv.remote_unit', lambda: 'unit-mock/0')
++
++@pytest.fixture
++def mock_local_unit(monkeypatch):
++    monkeypatch.setattr('lib_duplicity.hookenv.local_unit', lambda: 'unit-mock/0')
++
++@pytest.fixture
++def mock_charm_dir(monkeypatch):
++    monkeypatch.setattr('lib_duplicity.hookenv.charm_dir', lambda: '/mock/charm/dir')
++
++
++@pytest.fixture
++def duplicity(tmpdir, mock_hookenv_config, mock_charm_dir, mock_local_unit,
++              monkeypatch):
++    from lib_duplicity import DuplicityHelper
++    helper = DuplicityHelper()
++>>>>>>> tests/unit/conftest.py
      # Example config file patching
      cfg_file = tmpdir.join('example.cfg')
@@ -64,6 +96,10 @@ def charmduplicity(tmpdir, mock_hookenv_config, mock_charm_dir, monkeypatch):
      helper.example_config_file = cfg_file.strpath
      # Any other functions that load helper will get this version
++<<<<<<< tests/unit/conftest.py
      monkeypatch.setattr('lib_charm_duplicity.CharmduplicityHelper', lambda: helper)
++=======
++    monkeypatch.setattr('lib_duplicity.DuplicityHelper', lambda: helper)
++>>>>>>> tests/unit/conftest.py
      return helper
 diff --git a/tests/unit/test_actions.py b/tests/unit/test_actions.py
 index f02df4e..369908c 100644
 --- a/tests/unit/test_actions.py
 +++ b/tests/unit/test_actions.py
@@ -4,9 +4,25 @@ import mock
  class TestActions():
++<<<<<<< tests/unit/test_actions.py
      def test_example_action(self, charmduplicity, monkeypatch):
          mock_function = mock.Mock()
          monkeypatch.setattr(charmduplicity, 'action_function', mock_function)
          assert mock_function.call_count == 0
          imp.load_source('action_function', './actions/example-action')
          assert mock_function.call_count == 1
++=======
++    def test_verify(self, duplicity, monkeypatch):
++        mock_function = mock.Mock()
++        monkeypatch.setattr(duplicity, 'verify', mock_function)
++        assert mock_function.call_count == 0
++        imp.load_source('verify', './actions/verify')
++        assert mock_function.call_count == 1
++
++    def test_do_backup(self, duplicity, monkeypatch):
++        mock_function = mock.Mock()
++        monkeypatch.setattr(duplicity, 'do_backup', mock_function)
++        assert mock_function.call_count == 0
++        imp.load_source('do_backup', './actions/do-backup')
++        assert mock_function.call_count == 1
++>>>>>>> tests/unit/test_actions.py
 diff --git a/tests/unit/test_lib.py b/tests/unit/test_lib.py
 index 879d76c..ea6e67b 100644
 --- a/tests/unit/test_lib.py
 +++ b/tests/unit/test_lib.py
@@ -1,12 +1,43 @@
  #!/usr/bin/python3
++<<<<<<< tests/unit/test_lib.py
++=======
++import pytest
++>>>>>>> tests/unit/test_lib.py
  class TestLib():
      def test_pytest(self):
          assert True
++<<<<<<< tests/unit/test_lib.py
      def test_charmduplicity(self, charmduplicity):
          ''' See if the helper fixture works to load charm configs '''
          assert isinstance(charmduplicity.charm_config, dict)
      # Include tests for functions in lib_charm_duplicity
++=======
++    def test_duplicity_charm_config(self, duplicity):
++        """ See if the helper fixture works to load charm configs """
++        assert isinstance(duplicity.charm_config, dict)
++
++
++    @pytest.mark.parametrize("backend,username,password,path,expected",
++[("rsync", "user", "", "other.host:44/bak", "rsync://user@other.host:44/bak"),
++ ("ssh", "user", "pass", "ssh://other.host:55/bak",
++                                        "ssh://user:pass@other.host:55/bak"),
++ ("scp", "", "pass", "scp://other.host//bak", "scp://other.host//bak"),
++ ("s3", "user", "pass", "s3://aws-remote-host/bak", "s3://aws-remote-host/bak"),
++ pytest.param("ftp", "user", "pass", "ftp-host:bak",
++                    "ftp://user:pass@ftp-host:bak", marks=pytest.mark.xfail),
++])
++    def test_duplicity_url(self, duplicity, backend, username, password, path,
++                           expected):
++        """ Test formation of duplicity urls for the various backend types """
++
++        duplicity.charm_config["backend"] = backend
++        duplicity.charm_config["remote_user"] = username
++        duplicity.charm_config["remote_password"] = password
++        duplicity.charm_config["remote_backup_url"] = path
++
++        assert duplicity._backup_url() == expected + "/unit-mock-0"
++>>>>>>> tests/unit/test_lib.py
 diff --git a/tox.ini b/tox.ini
 index 6ad05cf..5c962df 100644
 --- a/tox.ini
 +++ b/tox.ini
@@ -1,12 +1,21 @@
  [tox]
++<<<<<<< tox.ini
  skipsdist=True
++=======
++skipsdist = True
++>>>>>>> tox.ini
  envlist = unit, functional
  skip_missing_interpreters = True
  [testenv]
  basepython = python3
  setenv =
++<<<<<<< tox.ini
    PYTHONPATH = .
++=======
++  PYTHONPATH = {toxinidir}/reactive:{toxinidir}/lib/:{toxinidir}/tests
++passenv = HOME
++>>>>>>> tox.ini
  [testenv:unit]
  commands = pytest -v --ignore {toxinidir}/tests/functional \
@@ -18,6 +27,7 @@ commands = pytest -v --ignore {toxinidir}/tests/functional \
  	   --cov-report=html:report/html
  deps = -r{toxinidir}/tests/unit/requirements.txt
         -r{toxinidir}/requirements.txt
++<<<<<<< tox.ini
  setenv = PYTHONPATH={toxinidir}/lib
  [testenv:functional]
@@ -29,6 +39,18 @@ passenv =
    PYTEST_CLOUD_NAME
    PYTEST_CLOUD_REGION
  commands = pytest -v --ignore {toxinidir}/tests/unit
++=======
++
++[testenv:functional]
++commands = functest-run-suite --keep-model
++deps = -r{toxinidir}/tests/functional/requirements.txt
++       -r{toxinidir}/requirements.txt
++
++[testenv:func-noop]
++basepython = python3
++commands =
++    functest-run-suite --help
++>>>>>>> tox.ini
  deps = -r{toxinidir}/tests/functional/requirements.txt
         -r{toxinidir}/requirements.txt
@@ -46,5 +68,19 @@ exclude =
      .git,
      __pycache__,
      .tox,
++<<<<<<< tox.ini
++max-line-length = 120
++max-complexity = 10
++=======
++    tests,
  max-line-length = 120
  max-complexity = 10
++ignore = E402
++
++[pytest]
++markers =
++    deploy: mark deployment tests to allow running w/o redeploy
++    relate: mark relations to allow running w/o re-relating
++filterwarnings =
++    ignore::DeprecationWarning
++>>>>>>> tox.ini