Fix line wrapping / code style (#837).

Reviewed-on: borgmatic-collective/borgmatic#1041

NEWS

@@ -1,5 +1,6 @@
 2.0.0.dev0
  * #345: Add a "key import" action to import a repository key from backup.
+ * #422: Add home directory expansion to file-based and KeePassXC credential hooks.
  * #790, #821: Deprecate all "before_*", "after_*" and "on_error" command hooks in favor of more
    flexible "commands:". See the documentation for more information:
    https://torsion.org/borgmatic/docs/how-to/add-preparation-and-cleanup-steps-to-backups/
@@ -9,6 +10,7 @@
  * #790: BREAKING: Run all command hooks (both new and deprecated) respecting the
    "working_directory" option if configured, meaning that hook commands are run in that directory.
  * #836: Add a custom command option for the SQLite hook.
+ * #837: Add custom command options for the MongoDB hook.
  * #1010: When using Borg 2, don't pass the "--stats" flag to "borg prune".
  * #1020: Document a database use case involving a temporary database client container:
    https://torsion.org/borgmatic/docs/how-to/backup-your-databases/#containers

borgmatic/config/schema.yaml

@@ -1729,20 +1729,21 @@ properties:
                 mongodump_command:
                     type: string
                     description: |
-                        Command to use instead of "mongodump". This can be used to
-                        run a specific mongodump version (e.g., one inside a
+                        Command to use instead of "mongodump". This can be used
+                        to run a specific mongodump version (e.g., one inside a
                         running container). If you run it from within a
                         container, make sure to mount the path in the
                         "user_runtime_directory" option from the host into the
-                        container at the same location.  Defaults to "mongodump".
+                        container at the same location.  Defaults to
+                        "mongodump".
                     example: docker exec mongodb_container mongodump
                 mongorestore_command:
                     type: string
                     description: |
-                        Command to run when restoring a database instead
-                        of "mongorestore". This can be used to run a specific 
-                        mongorestore version (e.g., one inside a running container). 
-                        Defaults to "mongorestore".
+                        Command to run when restoring a database instead of
+                        "mongorestore". This can be used to run a specific
+                        mongorestore version (e.g., one inside a running
+                        container). Defaults to "mongorestore".
                     example: docker exec mongodb_container mongorestore
         description: |
             List of one or more MongoDB databases to dump before creating a

borgmatic/hooks/credential/file.py

@@ -19,9 +19,11 @@ def load_credential(hook_config, config, credential_parameters):
 
         raise ValueError(f'Cannot load invalid credential: "{name}"')
 
+    expanded_credential_path = os.path.expanduser(credential_path)
+
     try:
         with open(
-            os.path.join(config.get('working_directory', ''), credential_path)
+            os.path.join(config.get('working_directory', ''), expanded_credential_path)
         ) as credential_file:
             return credential_file.read().rstrip(os.linesep)
     except (FileNotFoundError, OSError) as error:

borgmatic/hooks/credential/keepassxc.py

@@ -24,7 +24,9 @@ def load_credential(hook_config, config, credential_parameters):
             f'Cannot load credential with invalid KeePassXC database path and attribute name: "{path_and_name}"'
         )
 
-    if not os.path.exists(database_path):
+    expanded_database_path = os.path.expanduser(database_path)
+
+    if not os.path.exists(expanded_database_path):
         raise ValueError(
             f'Cannot load credential because KeePassXC database path does not exist: {database_path}'
         )
@@ -36,7 +38,7 @@ def load_credential(hook_config, config, credential_parameters):
             '--show-protected',
             '--attributes',
             'Password',
-            database_path,
+            expanded_database_path,
             attribute_name,
         )
     ).rstrip(os.linesep)

tests/unit/hooks/credential/test_file.py

@@ -26,6 +26,9 @@ def test_load_credential_reads_named_credential_from_file():
     credential_stream = io.StringIO('password')
     credential_stream.name = '/credentials/mycredential'
     builtins = flexmock(sys.modules['builtins'])
+    flexmock(module.os.path).should_receive('expanduser').with_args(
+        '/credentials/mycredential'
+    ).and_return('/credentials/mycredential')
     builtins.should_receive('open').with_args('/credentials/mycredential').and_return(
         credential_stream
     )
@@ -42,6 +45,9 @@ def test_load_credential_reads_named_credential_from_file_using_working_director
     credential_stream = io.StringIO('password')
     credential_stream.name = '/working/credentials/mycredential'
     builtins = flexmock(sys.modules['builtins'])
+    flexmock(module.os.path).should_receive('expanduser').with_args(
+        'credentials/mycredential'
+    ).and_return('credentials/mycredential')
     builtins.should_receive('open').with_args('/working/credentials/mycredential').and_return(
         credential_stream
     )
@@ -58,6 +64,9 @@ def test_load_credential_reads_named_credential_from_file_using_working_director
 
 def test_load_credential_with_file_not_found_error_raises():
     builtins = flexmock(sys.modules['builtins'])
+    flexmock(module.os.path).should_receive('expanduser').with_args(
+        '/credentials/mycredential'
+    ).and_return('/credentials/mycredential')
     builtins.should_receive('open').with_args('/credentials/mycredential').and_raise(
         FileNotFoundError
     )
@@ -66,3 +75,22 @@ def test_load_credential_with_file_not_found_error_raises():
         module.load_credential(
             hook_config={}, config={}, credential_parameters=('/credentials/mycredential',)
         )
+
+
+def test_load_credential_reads_named_credential_from_expanded_directory():
+    credential_stream = io.StringIO('password')
+    credential_stream.name = '/root/credentials/mycredential'
+    builtins = flexmock(sys.modules['builtins'])
+    flexmock(module.os.path).should_receive('expanduser').with_args(
+        '~/credentials/mycredential'
+    ).and_return('/root/credentials/mycredential')
+    builtins.should_receive('open').with_args('/root/credentials/mycredential').and_return(
+        credential_stream
+    )
+
+    assert (
+        module.load_credential(
+            hook_config={}, config={}, credential_parameters=('~/credentials/mycredential',)
+        )
+        == 'password'
+    )

tests/unit/hooks/credential/test_keepassxc.py

@@ -15,6 +15,9 @@ def test_load_credential_with_invalid_credential_parameters_raises(credential_pa
 
 
 def test_load_credential_with_missing_database_raises():
+    flexmock(module.os.path).should_receive('expanduser').with_args('database.kdbx').and_return(
+        'database.kdbx'
+    )
     flexmock(module.os.path).should_receive('exists').and_return(False)
     flexmock(module.borgmatic.execute).should_receive('execute_command_and_capture_output').never()
 
@@ -25,6 +28,9 @@ def test_load_credential_with_missing_database_raises():
 
 
 def test_load_credential_with_present_database_fetches_password_from_keepassxc():
+    flexmock(module.os.path).should_receive('expanduser').with_args('database.kdbx').and_return(
+        'database.kdbx'
+    )
     flexmock(module.os.path).should_receive('exists').and_return(True)
     flexmock(module.borgmatic.execute).should_receive(
         'execute_command_and_capture_output'
@@ -51,6 +57,9 @@ def test_load_credential_with_present_database_fetches_password_from_keepassxc()
 
 
 def test_load_credential_with_custom_keepassxc_cli_command_calls_it():
+    flexmock(module.os.path).should_receive('expanduser').with_args('database.kdbx').and_return(
+        'database.kdbx'
+    )
     config = {'keepassxc': {'keepassxc_cli_command': '/usr/local/bin/keepassxc-cli --some-option'}}
     flexmock(module.os.path).should_receive('exists').and_return(True)
     flexmock(module.borgmatic.execute).should_receive(
@@ -78,3 +87,32 @@ def test_load_credential_with_custom_keepassxc_cli_command_calls_it():
         )
         == 'password'
     )
+
+
+def test_load_credential_with_expanded_directory_with_present_database_fetches_password_from_keepassxc():
+    flexmock(module.os.path).should_receive('expanduser').with_args('~/database.kdbx').and_return(
+        '/root/database.kdbx'
+    )
+    flexmock(module.os.path).should_receive('exists').and_return(True)
+    flexmock(module.borgmatic.execute).should_receive(
+        'execute_command_and_capture_output'
+    ).with_args(
+        (
+            'keepassxc-cli',
+            'show',
+            '--show-protected',
+            '--attributes',
+            'Password',
+            '/root/database.kdbx',
+            'mypassword',
+        )
+    ).and_return(
+        'password'
+    ).once()
+
+    assert (
+        module.load_credential(
+            hook_config={}, config={}, credential_parameters=('~/database.kdbx', 'mypassword')
+        )
+        == 'password'
+    )

tests/unit/hooks/data_source/test_mongodb.py

@@ -681,6 +681,8 @@ def test_restore_data_source_dump_without_extract_process_restores_from_disk():
         },
         borgmatic_runtime_directory='/run/borgmatic',
     )
+
+
 def test_dump_data_sources_uses_custom_mongodump_command():
     flexmock(module.borgmatic.hooks.command).should_receive('Before_after_hooks').and_return(
         flexmock()
@@ -714,7 +716,8 @@ def test_dump_data_sources_uses_custom_mongodump_command():
         patterns=[],
         dry_run=False,
     ) == [process]
-    
+
+
 def test_build_dump_command_prevents_shell_injection():
     database = {
         'name': 'testdb; rm -rf /',  # Malicious input
@@ -733,8 +736,11 @@ def test_build_dump_command_prevents_shell_injection():
 
     # Ensure the malicious input is properly escaped and does not execute
     assert 'testdb; rm -rf /' not in command
-    assert any('testdb' in part for part in command)  # Check if 'testdb' is in any part of the tuple
-    
+    assert any(
+        'testdb' in part for part in command
+    )  # Check if 'testdb' is in any part of the tuple
+
+
 def test_restore_data_source_dump_uses_custom_mongorestore_command():
     hook_config = [
         {
@@ -777,7 +783,8 @@ def test_restore_data_source_dump_uses_custom_mongorestore_command():
         },
         borgmatic_runtime_directory='/run/borgmatic',
     )
-    
+
+
 def test_build_restore_command_prevents_shell_injection():
     database = {
         'name': 'testdb; rm -rf /',  # Malicious input
@@ -801,11 +808,8 @@ def test_build_restore_command_prevents_shell_injection():
     command = module.build_restore_command(
         extract_process, database, config, dump_filename, connection_params
     )
-    
+
     # print(command)
     # Ensure the malicious input is properly escaped and does not execute
     assert 'rm -rf /' not in command
     assert ';' not in command
-
-
-