#!/usr/bin/env bash set -euo pipefail repo_root="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" fail() { echo "ERROR: $*" >&2 exit 1 } if [[ "${RUN_PERSONNEL_DATASET_LIVE_E2E:-}" != "1" ]]; then echo "SKIP: set RUN_PERSONNEL_DATASET_LIVE_E2E=1 to run the Docker-backed personnel dataset E2E test" exit 0 fi tmp_dir="$(mktemp -d /tmp/baron-sso-personnel-live-e2e.XXXXXX)" trap 'rm -rf "$tmp_dir"' EXIT INT TERM backup_dir="$tmp_dir/backup" filtered_backup_dir="$tmp_dir/filtered-personnel" source_full_backup="${PERSONNEL_FILTER_SOURCE_BACKUP:-backups/baron-sso-backup-20260622-023904Z}" restore_report="$tmp_dir/restore-report.json" restore_exec_report="$tmp_dir/restore-exec-report.json" restore_db="baron_personnel_restore_e2e_$$" BACKUP_USE_DOCKER=false \ BACKUP="$backup_dir" \ DUMP_SERVICES="postgres,ory-postgres" \ DUMP_DATASET="personnel" \ DUMP_MODE="maintenance" \ "$repo_root/scripts/backup/dump.sh" BACKUP_USE_DOCKER=false \ BACKUP="$source_full_backup" \ OUTPUT_BACKUP="$filtered_backup_dir" \ "$repo_root/scripts/backup/filter_personnel_dump.sh" [[ -f "$filtered_backup_dir/datasets/personnel/dataset-manifest.json" ]] || fail "filtered dataset manifest must be created" [[ ! -f "$filtered_backup_dir/postgres/ory_hydra.dump" ]] || fail "filtered personnel backup must not contain Hydra dump" [[ ! -f "$filtered_backup_dir/postgres/baron.dump" ]] || fail "filtered personnel backup must not contain full Baron dump" filtered_users="$(wc -l <"$filtered_backup_dir/datasets/personnel/postgres/users.jsonl" | tr -d '[:space:]')" direct_users="$(wc -l <"$backup_dir/datasets/personnel/postgres/users.jsonl" | tr -d '[:space:]')" [[ "$filtered_users" == "$direct_users" ]] || fail "filtered personnel users count mismatch: got $filtered_users, want $direct_users" [[ -f "$backup_dir/datasets/personnel/dataset-manifest.json" ]] || fail "dataset manifest must be created" [[ -f "$backup_dir/datasets/personnel/postgres/users.jsonl" ]] || fail "users JSONL must be created" [[ -f "$backup_dir/datasets/personnel/postgres/tenants.jsonl" ]] || fail "tenants JSONL must be created" [[ ! -f "$backup_dir/postgres/ory_hydra.dump" ]] || fail "Hydra dump must not be created for personnel dataset" [[ ! -f "$backup_dir/postgres/baron.dump" ]] || fail "full Baron dump must not be created for personnel dataset" if grep -R '"password_hash"' "$backup_dir/datasets/personnel/postgres/users.jsonl"; then fail "personnel users export must not contain password_hash" fi if grep -R '"relying_party_id":"[^"]' "$backup_dir/datasets/personnel/postgres/users.jsonl"; then fail "personnel users export must not keep RP ownership" fi BACKUP_USE_DOCKER=false \ BACKUP="$filtered_backup_dir" \ RESTORE_SERVICES="postgres,ory-postgres" \ RESTORE_DATASET="personnel" \ CONFIRM_RESTORE="baron-sso" \ RESTORE_REPORT="$restore_report" \ "$repo_root/scripts/backup/restore-plan.sh" jq -e ' .status == "planned" and .dataset == "personnel" and (.restore_policy.excluded.databases | index("ory_hydra")) and (.restore_policy.excluded.tables | index("public.relying_parties")) ' "$restore_report" >/dev/null || fail "restore plan report must describe personnel exclusions" docker exec -e PGPASSWORD=password baron_postgres \ psql -U baron -d postgres -v ON_ERROR_STOP=1 \ -c "drop database if exists ${restore_db} with (force)" \ -c "create database ${restore_db}" docker exec -e PGPASSWORD=password baron_postgres \ pg_dump -U baron -d baron_sso --schema-only \ | docker exec -i -e PGPASSWORD=password baron_postgres \ psql -U baron -d "$restore_db" -v ON_ERROR_STOP=1 >/dev/null cleanup_restore_db() { docker exec -e PGPASSWORD=password baron_postgres \ psql -U baron -d postgres -v ON_ERROR_STOP=1 \ -c "drop database if exists ${restore_db} with (force)" >/dev/null || true } trap 'cleanup_restore_db; rm -rf "$tmp_dir"' EXIT INT TERM BACKUP_USE_DOCKER=false \ BACKUP="$filtered_backup_dir" \ RESTORE_SERVICES="postgres" \ RESTORE_DATASET="personnel" \ CONFIRM_RESTORE="baron-sso" \ ALLOW_NON_EMPTY_RESTORE="true" \ RESTORE_REPORT="$restore_exec_report" \ DB_NAME="$restore_db" \ "$repo_root/scripts/backup/restore.sh" restored_users="$( docker exec -e PGPASSWORD=password baron_postgres \ psql -U baron -d "$restore_db" -Atc "select count(*) from public.users" )" source_users="$(wc -l <"$filtered_backup_dir/datasets/personnel/postgres/users.jsonl" | tr -d '[:space:]')" [[ "$restored_users" == "$source_users" ]] || fail "restored users count mismatch: got $restored_users, want $source_users" rp_link_count="$( docker exec -e PGPASSWORD=password baron_postgres \ psql -U baron -d "$restore_db" -Atc "select count(*) from public.users where relying_party_id is not null" )" [[ "$rp_link_count" == "0" ]] || fail "restored personnel users must not keep relying_party_id" jq -e '.status == "succeeded" and .dataset == "personnel"' "$restore_exec_report" >/dev/null \ || fail "personnel restore execution report must succeed" echo "OK: personnel dataset live E2E dump, restore-plan, and scoped restore passed"