From 845507c728c9413ad00c85fe703932fec2a6024c Mon Sep 17 00:00:00 2001
From: Shakar Bakr <5h4k4r.b4kr@gmail.com>
Date: Thu, 23 Oct 2025 15:11:27 +0300
Subject: [PATCH] Refactor test scripts and README for MSSQL backup
 functionality

- Updated README.md to reflect new script paths for MSSQL tests.
- Added new test scripts for Kubernetes and Docker Compose environments, including setup for MinIO.
- Introduced k8s-statefulset-test.yaml for deploying MSSQL with a backup sidecar.
- Created setup-minio-k8s.sh for automated MinIO deployment in Kubernetes.
- Enhanced test-mssql-k8s-with-minio.sh to streamline the testing process with MinIO.
- Added comprehensive test-mssql-k8s.sh for validating MSSQL backup and restore operations.
- Included test-mssql.sh for Docker Compose testing of MSSQL backup functionality.

Signed-off-by: Shakar Bakr <5h4k4r.b4kr@gmail.com>
---
 README.md                                     |  6 +--
 tests/README.md                               | 51 +++++++++++++++++++
 .../k8s-statefulset-test.yaml                 |  0
 .../setup-minio-k8s.sh                        |  0
 .../test-mssql-k8s-with-minio.sh              |  6 +--
 test-mssql-k8s.sh => tests/test-mssql-k8s.sh  | 39 +++++++++++---
 test-mssql.sh => tests/test-mssql.sh          |  0
 7 files changed, 89 insertions(+), 13 deletions(-)
 create mode 100644 tests/README.md
 rename k8s-statefulset-test.yaml => tests/k8s-statefulset-test.yaml (100%)
 rename setup-minio-k8s.sh => tests/setup-minio-k8s.sh (100%)
 rename test-mssql-k8s-with-minio.sh => tests/test-mssql-k8s-with-minio.sh (94%)
 rename test-mssql-k8s.sh => tests/test-mssql-k8s.sh (79%)
 rename test-mssql.sh => tests/test-mssql.sh (100%)

diff --git a/README.md b/README.md
index 5ab7ee9..74cfa88 100644
--- a/README.md
+++ b/README.md
@@ -323,17 +323,17 @@ docker compose up -d
 ### Docker Compose
 ```sh
 # Test MSSQL backup/restore with Docker Compose
-./test-mssql.sh
+./tests/test-mssql.sh
 ```
 
 ### Kubernetes (Recommended - Everything in One Namespace)
 ```sh
 # Complete automated test with local MinIO
 # Creates mssql-backup-test namespace with BOTH MinIO and MSSQL
-./test-mssql-k8s-with-minio.sh
+./tests/test-mssql-k8s-with-minio.sh
 
 # Manual test (if you already have S3/MinIO elsewhere)
-NAMESPACE=mssql-backup-test S3_ENDPOINT=http://your-s3 ./test-mssql-k8s.sh
+NAMESPACE=mssql-backup-test S3_ENDPOINT=http://your-s3 ./tests/test-mssql-k8s.sh
 
 # Clean up (removes everything - one command!)
 kubectl delete namespace mssql-backup-test
diff --git a/tests/README.md b/tests/README.md
new file mode 100644
index 0000000..2c1cd75
--- /dev/null
+++ b/tests/README.md
@@ -0,0 +1,51 @@
+# Test Scripts
+
+This directory contains automated test scripts for validating the backup and restore functionality across different environments.
+
+## Files
+
+### Docker Compose Tests
+- **`test-mssql.sh`**: Tests MSSQL backup/restore using Docker Compose with local MinIO
+
+### Kubernetes Tests
+- **`test-mssql-k8s.sh`**: Tests MSSQL StatefulSet with backup sidecar (requires existing S3/MinIO)
+- **`test-mssql-k8s-with-minio.sh`**: Complete automated test that deploys MinIO alongside MSSQL
+- **`setup-minio-k8s.sh`**: Helper script to deploy MinIO in Kubernetes
+- **`k8s-statefulset-test.yaml`**: Test StatefulSet configuration used by the test scripts
+
+## Usage
+
+### Quick Start (Recommended)
+Run the complete automated test with MinIO:
+```bash
+./tests/test-mssql-k8s-with-minio.sh
+```
+
+This will:
+- Create a test namespace (`mssql-backup-test`)
+- Deploy MinIO
+- Deploy MSSQL StatefulSet with backup sidecar
+- Run backup and restore tests
+- Verify encryption is working
+
+### Manual Kubernetes Test
+If you have an existing S3 endpoint:
+```bash
+NAMESPACE=mssql-backup-test \
+S3_ENDPOINT=http://your-s3:9000 \
+S3_ACCESS_KEY_ID=your-key \
+S3_SECRET_ACCESS_KEY=your-secret \
+./tests/test-mssql-k8s.sh
+```
+
+### Docker Compose Test
+```bash
+./tests/test-mssql.sh
+```
+
+## Cleanup
+Delete the test namespace to remove all resources:
+```bash
+kubectl delete namespace mssql-backup-test
+```
+
diff --git a/k8s-statefulset-test.yaml b/tests/k8s-statefulset-test.yaml
similarity index 100%
rename from k8s-statefulset-test.yaml
rename to tests/k8s-statefulset-test.yaml
diff --git a/setup-minio-k8s.sh b/tests/setup-minio-k8s.sh
similarity index 100%
rename from setup-minio-k8s.sh
rename to tests/setup-minio-k8s.sh
diff --git a/test-mssql-k8s-with-minio.sh b/tests/test-mssql-k8s-with-minio.sh
similarity index 94%
rename from test-mssql-k8s-with-minio.sh
rename to tests/test-mssql-k8s-with-minio.sh
index 94719fb..4719151 100755
--- a/test-mssql-k8s-with-minio.sh
+++ b/tests/test-mssql-k8s-with-minio.sh
@@ -30,7 +30,7 @@ MINIO_EXISTS=$(kubectl get pod minio -n $TEST_NAMESPACE 2>/dev/null | grep -c "m
 
 if [ "$MINIO_EXISTS" -eq 0 ]; then
     echo -e "${YELLOW}📦 MinIO not found. Deploying MinIO in $TEST_NAMESPACE...${NC}"
-    NAMESPACE=$TEST_NAMESPACE ./setup-minio-k8s.sh
+    NAMESPACE=$TEST_NAMESPACE "$(dirname "$0")/setup-minio-k8s.sh"
 else
     echo -e "${GREEN}✅ MinIO already running in $TEST_NAMESPACE namespace${NC}"
 
@@ -54,12 +54,12 @@ echo ""
 
 # Run the test with MinIO configuration (same namespace)
 NAMESPACE="$TEST_NAMESPACE" \
-STATEFULSET_FILE="k8s-statefulset-test.yaml" \
+STATEFULSET_FILE="$(dirname "$0")/k8s-statefulset-test.yaml" \
 S3_ENDPOINT="$MINIO_ENDPOINT" \
 S3_ACCESS_KEY_ID="$MINIO_USER" \
 S3_SECRET_ACCESS_KEY="$MINIO_PASSWORD" \
 S3_BUCKET="$BUCKET_NAME" \
-./test-mssql-k8s.sh
+"$(dirname "$0")/test-mssql-k8s.sh"
 
 echo ""
 echo -e "${GREEN}🎉 All tests completed successfully!${NC}"
diff --git a/test-mssql-k8s.sh b/tests/test-mssql-k8s.sh
similarity index 79%
rename from test-mssql-k8s.sh
rename to tests/test-mssql-k8s.sh
index 04d0f5a..263ab39 100755
--- a/test-mssql-k8s.sh
+++ b/tests/test-mssql-k8s.sh
@@ -16,9 +16,10 @@ STATEFULSET_NAME="mssql"
 POD_NAME="mssql-0"
 MSSQL_PASSWORD="YourStrong@Passw0rd"
 DATABASE_NAME="TestDB"
+MSSQL_BACKUP_DIR="${MSSQL_BACKUP_DIR:-/var/opt/mssql/data}"
 S3_BUCKET="${S3_BUCKET:-test-backups}"
 S3_ENDPOINT="${S3_ENDPOINT:-}"  # Set this if using MinIO or other S3-compatible storage
-STATEFULSET_FILE="${STATEFULSET_FILE:-k8s-statefulset-with-sidecar.yaml}"
+STATEFULSET_FILE="${STATEFULSET_FILE:-$(dirname "$0")/../k8s-statefulset-with-sidecar.yaml}"
 
 # Cleanup function
 cleanup() {
@@ -139,15 +140,31 @@ kubectl logs $POD_NAME -c backup -n $NAMESPACE --tail=20
 # Optional: List S3 backups if aws CLI is available in the backup container
 echo ""
 echo -e "${YELLOW}📋 Checking S3 for backups...${NC}"
-kubectl exec $POD_NAME -c backup -n $NAMESPACE -- aws s3 ls s3://$S3_BUCKET/mssql-backups/ 2>/dev/null || echo "Note: Could not list S3 bucket (this is OK for local testing)"
+if [ -n "$S3_ENDPOINT" ]; then
+    kubectl exec $POD_NAME -c backup -n $NAMESPACE -- aws s3 ls s3://$S3_BUCKET/mssql-backups/ --endpoint-url="$S3_ENDPOINT" 2>/dev/null || echo "Note: Could not list S3 bucket (this is OK for local testing)"
+else
+    kubectl exec $POD_NAME -c backup -n $NAMESPACE -- aws s3 ls s3://$S3_BUCKET/mssql-backups/ 2>/dev/null || echo "Note: Could not list S3 bucket (this is OK for local testing)"
+fi
 
 echo ""
 echo -e "${YELLOW}🔐 Verifying backup is encrypted...${NC}"
-BACKUP_LIST=$(kubectl exec $POD_NAME -c backup -n $NAMESPACE -- aws s3 ls s3://$S3_BUCKET/mssql-backups/ --endpoint-url=${S3_ENDPOINT:-http://localhost:9000} 2>/dev/null || echo "")
-if echo "$BACKUP_LIST" | grep -q ".gpg"; then
-    echo -e "${GREEN}✅ Backup is encrypted (.gpg extension found)${NC}"
+# Check the backup logs for encryption activity
+BACKUP_LOGS=$(kubectl logs $POD_NAME -c backup -n $NAMESPACE --tail=100 2>/dev/null || echo "")
+if echo "$BACKUP_LOGS" | grep -q "Encrypting backup"; then
+    echo -e "${GREEN}✅ Backup encryption confirmed${NC}"
+elif echo "$BACKUP_LOGS" | grep -q "\.bak\.gpg"; then
+    echo -e "${GREEN}✅ Backup is encrypted (.gpg extension detected in logs)${NC}"
+elif echo "$BACKUP_LOGS" | grep -q "\.dump\.gpg"; then
+    echo -e "${GREEN}✅ Backup is encrypted (.gpg extension detected in logs)${NC}"
 else
-    echo -e "${RED}❌ Warning: Backup does not appear to be encrypted${NC}"
+    # Final check: was PASSPHRASE set?
+    PASSPHRASE_SET=$(kubectl exec $POD_NAME -c backup -n $NAMESPACE -- sh -c 'test -n "$PASSPHRASE" && echo "yes" || echo "no"' 2>/dev/null)
+    if [ "$PASSPHRASE_SET" = "yes" ]; then
+        echo -e "${YELLOW}⚠️  PASSPHRASE is set, but cannot confirm encryption from logs${NC}"
+        echo -e "${YELLOW}   (Encryption should be active, will verify during restore)${NC}"
+    else
+        echo -e "${RED}❌ Warning: PASSPHRASE not set - backups are NOT encrypted${NC}"
+    fi
 fi
 
 echo ""
@@ -164,7 +181,15 @@ kubectl exec $POD_NAME -c mssql -n $NAMESPACE -- /opt/mssql-tools18/bin/sqlcmd \
 
 echo ""
 echo -e "${YELLOW}♻️  Restoring from backup...${NC}"
-kubectl exec $POD_NAME -c backup -n $NAMESPACE -- sh restore.sh
+RESTORE_OUTPUT=$(kubectl exec $POD_NAME -c backup -n $NAMESPACE -- sh restore.sh 2>&1)
+echo "$RESTORE_OUTPUT"
+
+# Verify decryption happened during restore
+if echo "$RESTORE_OUTPUT" | grep -q "Decrypting backup"; then
+    echo -e "${GREEN}✅ Backup was successfully decrypted during restore${NC}"
+elif echo "$RESTORE_OUTPUT" | grep -q "encrypted with 1 passphrase"; then
+    echo -e "${GREEN}✅ GPG decryption confirmed${NC}"
+fi
 
 echo ""
 echo -e "${YELLOW}📊 Data after restore (should show both John and Jane):${NC}"
diff --git a/test-mssql.sh b/tests/test-mssql.sh
similarity index 100%
rename from test-mssql.sh
rename to tests/test-mssql.sh