#!/usr/bin/env bash set -euo pipefail repo_root="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" fail() { echo "ERROR: $*" >&2 exit 1 } tmp_dir="$(mktemp -d /tmp/baron-sso-upload-cloud-test.XXXXXX)" trap 'rm -rf "$tmp_dir"' EXIT INT TERM backup_dir="$tmp_dir/baron-sso-backup-20260605-000000Z" mkdir -p "$backup_dir/postgres" "$backup_dir/reports" printf '{"format_version":"1"}\n' >"$backup_dir/manifest.json" printf 'postgres dump fixture\n' >"$backup_dir/postgres/baron.dump" printf '# Baron SSO Backup Report\n' >"$backup_dir/reports/backup-report.md" (cd "$backup_dir" && sha256sum manifest.json postgres/baron.dump > checksums.sha256) if "$repo_root/scripts/backup/upload_cloud.sh" >/tmp/baron-sso-upload-missing.out 2>&1; then fail "upload_cloud.sh must require BACKUP." fi if ! grep -Fq "BACKUP is required" /tmp/baron-sso-upload-missing.out; then fail "missing BACKUP error must be explicit." fi curl_log="$tmp_dir/curl.log" fake_curl="$tmp_dir/fake-curl.sh" fake_bin="$tmp_dir/bin" mkdir -p "$fake_bin" cat >"$fake_curl" <<'EOF' #!/usr/bin/env bash set -euo pipefail printf '%s\n' "$*" >>"${FAKE_CURL_LOG}" last_arg="${!#}" case "$last_arg" in https://www.worksapis.com/v1.0/sharedrives/shared-drive-1/files/folder-1/children) printf '{"files":[]}' ;; https://www.worksapis.com/v1.0/sharedrives/shared-drive-1/files/folder-1/createfolder) printf '{"fileId":"reports-folder-1","fileName":"reports","fileType":"FOLDER"}' ;; https://www.worksapis.com/v1.0/sharedrives/shared-drive-1/files/folder-1) printf '{"uploadUrl":"https://upload.example.test/upload-1"}' ;; https://www.worksapis.com/v1.0/sharedrives/shared-drive-1/files/reports-folder-1) printf '{"uploadUrl":"https://upload.example.test/upload-report-1"}' ;; https://upload.example.test/upload-1) printf '{"fileId":"file-1"}' ;; https://upload.example.test/upload-report-1) printf '{"fileId":"report-file-1"}' ;; *) echo "unexpected curl URL: $last_arg" >&2 exit 2 ;; esac EOF chmod +x "$fake_curl" cat >"$fake_bin/zstd" <<'EOF' #!/usr/bin/env bash cat EOF chmod +x "$fake_bin/zstd" WORKS_DRIVE_ACCESS_TOKEN="test-access-token" \ WORKS_DRIVE_TARGET="sharedrive" \ WORKS_DRIVE_SHARED_DRIVE_ID="shared-drive-1" \ WORKS_DRIVE_PARENT_FILE_ID="folder-1" \ WORKS_DRIVE_CURL_BIN="$fake_curl" \ FAKE_CURL_LOG="$curl_log" \ PATH="$fake_bin:$PATH" \ BACKUP="$backup_dir" \ "$repo_root/scripts/backup/upload_cloud.sh" >"$tmp_dir/upload.out" grep -Fq "Upload complete" "$tmp_dir/upload.out" || fail "upload must complete with fake curl." grep -Fq "sharedrives/shared-drive-1/files/folder-1" "$curl_log" || fail "must create upload URL for the configured shared drive folder." grep -Fq "https://upload.example.test/upload-1" "$curl_log" || fail "must upload to the issued upload URL." grep -Fq "Authorization: Bearer test-access-token" "$curl_log" || fail "must pass bearer token to WORKS API calls." grep -Fq "Filedata=@" "$curl_log" || fail "must upload the packaged backup as multipart Filedata." grep -Fq ".tar.zst" "$curl_log" || fail "backup directory uploads must be packaged as .tar.zst." grep -Fq "createfolder" "$curl_log" || fail "must create or resolve a report subfolder." grep -Fq "reports-folder-1" "$curl_log" || fail "must upload markdown reports to the reports folder." grep -Eq "backup-report-[0-9]{8}-[0-9]{6}Z.md" "$curl_log" || fail "must upload timestamped backup markdown report." if grep -Fq "cloud-upload.json" "$curl_log"; then fail "cloud-upload.json must not be uploaded to WORKS Drive." fi report_file="$backup_dir/reports/cloud-upload.json" [[ -f "$report_file" ]] || fail "upload must write reports/cloud-upload.json." jq -e '.target == "sharedrive" and .files[0].status == "uploaded" and .report_files[0].status == "uploaded" and (.report_files[0].file_name | test("^backup-report-[0-9]{8}-[0-9]{6}Z[.]md$"))' "$report_file" >/dev/null || fail "upload report must include timestamped markdown report file status." WORKS_DRIVE_DRY_RUN=true \ WORKS_DRIVE_TARGET="sharedrive" \ WORKS_DRIVE_SHARED_DRIVE_ID="shared-drive-1" \ WORKS_DRIVE_PARENT_FILE_ID="folder-1" \ PATH="$fake_bin:$PATH" \ BACKUP="$backup_dir" \ "$repo_root/scripts/backup/upload_cloud.sh" >"$tmp_dir/dry-run.out" grep -Fq "Dry run" "$tmp_dir/dry-run.out" || fail "dry-run must not require a token or call curl." echo "OK: upload_cloud uploads current backup artifacts to WORKS Drive"