crowdsec/tests/bats/05_config_yaml_local.bats

#!/usr/bin/env bats
# vim: ft=bats:list:ts=8:sts=4:sw=4:et:ai:si:

set -u

fake_log() {
    for _ in $(seq 1 6); do
        echo "$(LC_ALL=C date '+%b %d %H:%M:%S ')"'sd-126005 sshd[12422]: Invalid user netflix from 1.1.1.172 port 35424'
    done
}

setup_file() {
    load "../lib/setup_file.sh"
}

teardown_file() {
    load "../lib/teardown_file.sh"
}

setup() {
    load "../lib/setup.sh"
    ./instance-data load
    run -0 yq e '.api.client.credentials_path' "${CONFIG_YAML}"
    LOCAL_API_CREDENTIALS="${output}"
    export LOCAL_API_CREDENTIALS
}

teardown() {
    ./instance-crowdsec stop
}

#----------

@test "${FILE} config.yaml.local - cscli (log_level)" {
    yq e '.common.log_level="warning"' -i "${CONFIG_YAML}"
    run -0 cscli config show --key Config.Common.LogLevel
    assert_output "warning"

    echo "{'common':{'log_level':'debug'}}" >"${CONFIG_YAML}.local"
    run -0 cscli config show --key Config.Common.LogLevel
    assert_output "debug"
}

@test "${FILE} config.yaml.local - cscli (log_level - with envvar)" {
    yq e '.common.log_level="warning"' -i "${CONFIG_YAML}"
    run -0 cscli config show --key Config.Common.LogLevel
    assert_output "warning"

    export CROWDSEC_LOG_LEVEL=debug
    echo "{'common':{'log_level':'${CROWDSEC_LOG_LEVEL}'}}" >"${CONFIG_YAML}.local"
    run -0 cscli config show --key Config.Common.LogLevel
    assert_output "debug"
}

@test "${FILE} config.yaml.local - crowdsec (listen_url)" {
    # disable the agent or we'll need to patch api client credentials too
    run -0 yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
    ./instance-crowdsec start
    run -0 ./lib/util/wait-for-port -q 8080
    ./instance-crowdsec stop
    run -1 ./lib/util/wait-for-port -q 8080

    echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local"

    ./instance-crowdsec start
    run -0 ./lib/util/wait-for-port -q 8083
    run -1 ./lib/util/wait-for-port -q 8080
    ./instance-crowdsec stop

    rm -f "${CONFIG_YAML}.local"
    ./instance-crowdsec start
    run -1 ./lib/util/wait-for-port -q 8083
    run -0 ./lib/util/wait-for-port -q 8080
}

@test "${FILE} local_api_credentials.yaml.local" {
    run -0 yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
    echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local"
    ./instance-crowdsec start
    run -0 ./lib/util/wait-for-port -q 8083

    run -1 cscli decisions list
    echo "{'url':'http://127.0.0.1:8083'}" >"${LOCAL_API_CREDENTIALS}.local"

    run -0 cscli decisions list
}

@test "${FILE} simulation.yaml.local" {
    run -0 yq e '.config_paths.simulation_path' "${CONFIG_YAML}"
    refute_output null
    SIMULATION="${output}"

    echo "simulation: off" >"${SIMULATION}"
    run -0 cscli simulation status -o human
    assert_output --partial "global simulation: disabled"

    echo "simulation: on" >"${SIMULATION}"
    run -0 cscli simulation status -o human
    assert_output --partial "global simulation: enabled"

    echo "simulation: off" >"${SIMULATION}.local"
    run -0 cscli simulation status -o human
    assert_output --partial "global simulation: disabled"

    rm -f "${SIMULATION}.local"
    run -0 cscli simulation status -o human
    assert_output --partial "global simulation: enabled"
}

@test "${FILE} profiles.yaml.local" {
    run -0 yq e '.api.server.profiles_path' "${CONFIG_YAML}"
    refute_output null
    PROFILES="${output}"

    cat <<-EOT >"${PROFILES}.local"
	name: default_ip_remediation
	filters:
	 - Alert.Remediation == true && Alert.GetScope() == "Ip"
	decisions:
	 - type: captcha
	   duration: 2h
	on_success: break
	EOT

    tmpfile=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp)
    touch "${tmpfile}"
    ACQUIS_YAML=$(config_yq '.crowdsec_service.acquisition_path')
    echo -e "---\nfilename: ${tmpfile}\nlabels:\n  type: syslog\n" >>"${ACQUIS_YAML}"

    ./instance-crowdsec start
    fake_log >>"${tmpfile}"
    sleep 1
    rm -f -- "${tmpfile}"
    run -0 cscli decisions list -o json
    run -0 jq -c '.[].decisions[0] | [.value,.type]' <(output)
    assert_output '["1.1.1.172","captcha"]'
}
fix #1385: .yaml.local (#1497) Added support for .yaml.local files to override values in .yaml 2022-05-18 08:08:37 +00:00			`#!/usr/bin/env bats`
			`# vim: ft=bats:list:ts=8:sts=4:sw=4:et:ai:si:`

			`set -u`

			`fake_log() {`
			`for _ in $(seq 1 6); do`
			`echo "$(LC_ALL=C date '+%b %d %H:%M:%S ')"'sd-126005 sshd[12422]: Invalid user netflix from 1.1.1.172 port 35424'`
			`done`
			`}`

			`setup_file() {`
			`load "../lib/setup_file.sh"`
			`}`

			`teardown_file() {`
			`load "../lib/teardown_file.sh"`
			`}`

			`setup() {`
			`load "../lib/setup.sh"`
			`./instance-data load`
[wip] serve metrics only after agent and/or lapi are ready; fixed some func tests (#1613) 2022-06-24 13:55:21 +00:00			`run -0 yq e '.api.client.credentials_path' "${CONFIG_YAML}"`
			`LOCAL_API_CREDENTIALS="${output}"`
			`export LOCAL_API_CREDENTIALS`
fix #1385: .yaml.local (#1497) Added support for .yaml.local files to override values in .yaml 2022-05-18 08:08:37 +00:00			`}`

			`teardown() {`
			`./instance-crowdsec stop`
			`}`

			`#----------`

			`@test "${FILE} config.yaml.local - cscli (log_level)" {`
			`yq e '.common.log_level="warning"' -i "${CONFIG_YAML}"`
			`run -0 cscli config show --key Config.Common.LogLevel`
			`assert_output "warning"`

updated bats to 1.7.0; shellcheck fixes and moved cfssl dir under testdata/ (#1584) 2022-06-13 19:54:47 +00:00			`echo "{'common':{'log_level':'debug'}}" >"${CONFIG_YAML}.local"`
fix #1385: .yaml.local (#1497) Added support for .yaml.local files to override values in .yaml 2022-05-18 08:08:37 +00:00			`run -0 cscli config show --key Config.Common.LogLevel`
			`assert_output "debug"`
			`}`

			`@test "${FILE} config.yaml.local - cscli (log_level - with envvar)" {`
			`yq e '.common.log_level="warning"' -i "${CONFIG_YAML}"`
			`run -0 cscli config show --key Config.Common.LogLevel`
			`assert_output "warning"`

			`export CROWDSEC_LOG_LEVEL=debug`
updated bats to 1.7.0; shellcheck fixes and moved cfssl dir under testdata/ (#1584) 2022-06-13 19:54:47 +00:00			`echo "{'common':{'log_level':'${CROWDSEC_LOG_LEVEL}'}}" >"${CONFIG_YAML}.local"`
fix #1385: .yaml.local (#1497) Added support for .yaml.local files to override values in .yaml 2022-05-18 08:08:37 +00:00			`run -0 cscli config show --key Config.Common.LogLevel`
			`assert_output "debug"`
			`}`

			`@test "${FILE} config.yaml.local - crowdsec (listen_url)" {`
[wip] serve metrics only after agent and/or lapi are ready; fixed some func tests (#1613) 2022-06-24 13:55:21 +00:00			`# disable the agent or we'll need to patch api client credentials too`
			`run -0 yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"`
Fixed bats tests for freebsd (#1600) 2022-06-22 08:00:51 +00:00			`./instance-crowdsec start`
fix #1385: .yaml.local (#1497) Added support for .yaml.local files to override values in .yaml 2022-05-18 08:08:37 +00:00			`run -0 ./lib/util/wait-for-port -q 8080`
Fixed bats tests for freebsd (#1600) 2022-06-22 08:00:51 +00:00			`./instance-crowdsec stop`
[wip] serve metrics only after agent and/or lapi are ready; fixed some func tests (#1613) 2022-06-24 13:55:21 +00:00			`run -1 ./lib/util/wait-for-port -q 8080`
fix #1385: .yaml.local (#1497) Added support for .yaml.local files to override values in .yaml 2022-05-18 08:08:37 +00:00
updated bats to 1.7.0; shellcheck fixes and moved cfssl dir under testdata/ (#1584) 2022-06-13 19:54:47 +00:00			`echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local"`
[wip] serve metrics only after agent and/or lapi are ready; fixed some func tests (#1613) 2022-06-24 13:55:21 +00:00
Fixed bats tests for freebsd (#1600) 2022-06-22 08:00:51 +00:00			`./instance-crowdsec start`
fix #1385: .yaml.local (#1497) Added support for .yaml.local files to override values in .yaml 2022-05-18 08:08:37 +00:00			`run -0 ./lib/util/wait-for-port -q 8083`
			`run -1 ./lib/util/wait-for-port -q 8080`
Fixed bats tests for freebsd (#1600) 2022-06-22 08:00:51 +00:00			`./instance-crowdsec stop`
fix #1385: .yaml.local (#1497) Added support for .yaml.local files to override values in .yaml 2022-05-18 08:08:37 +00:00
			`rm -f "${CONFIG_YAML}.local"`
Fixed bats tests for freebsd (#1600) 2022-06-22 08:00:51 +00:00			`./instance-crowdsec start`
fix #1385: .yaml.local (#1497) Added support for .yaml.local files to override values in .yaml 2022-05-18 08:08:37 +00:00			`run -1 ./lib/util/wait-for-port -q 8083`
			`run -0 ./lib/util/wait-for-port -q 8080`
			`}`

			`@test "${FILE} local_api_credentials.yaml.local" {`
[wip] serve metrics only after agent and/or lapi are ready; fixed some func tests (#1613) 2022-06-24 13:55:21 +00:00			`run -0 yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"`
updated bats to 1.7.0; shellcheck fixes and moved cfssl dir under testdata/ (#1584) 2022-06-13 19:54:47 +00:00			`echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local"`
Fixed bats tests for freebsd (#1600) 2022-06-22 08:00:51 +00:00			`./instance-crowdsec start`
func test: replaced one-shot bin/nc with a loop (#1542) 2022-05-19 08:51:45 +00:00			`run -0 ./lib/util/wait-for-port -q 8083`
fix #1385: .yaml.local (#1497) Added support for .yaml.local files to override values in .yaml 2022-05-18 08:08:37 +00:00
			`run -1 cscli decisions list`
updated bats to 1.7.0; shellcheck fixes and moved cfssl dir under testdata/ (#1584) 2022-06-13 19:54:47 +00:00			`echo "{'url':'http://127.0.0.1:8083'}" >"${LOCAL_API_CREDENTIALS}.local"`
[wip] serve metrics only after agent and/or lapi are ready; fixed some func tests (#1613) 2022-06-24 13:55:21 +00:00
fix #1385: .yaml.local (#1497) Added support for .yaml.local files to override values in .yaml 2022-05-18 08:08:37 +00:00			`run -0 cscli decisions list`
			`}`

			`@test "${FILE} simulation.yaml.local" {`
Fixed bats tests for freebsd (#1600) 2022-06-22 08:00:51 +00:00			`run -0 yq e '.config_paths.simulation_path' "${CONFIG_YAML}"`
fix #1385: .yaml.local (#1497) Added support for .yaml.local files to override values in .yaml 2022-05-18 08:08:37 +00:00			`refute_output null`
			`SIMULATION="${output}"`

updated bats to 1.7.0; shellcheck fixes and moved cfssl dir under testdata/ (#1584) 2022-06-13 19:54:47 +00:00			`echo "simulation: off" >"${SIMULATION}"`
fix #1385: .yaml.local (#1497) Added support for .yaml.local files to override values in .yaml 2022-05-18 08:08:37 +00:00			`run -0 cscli simulation status -o human`
			`assert_output --partial "global simulation: disabled"`

updated bats to 1.7.0; shellcheck fixes and moved cfssl dir under testdata/ (#1584) 2022-06-13 19:54:47 +00:00			`echo "simulation: on" >"${SIMULATION}"`
fix #1385: .yaml.local (#1497) Added support for .yaml.local files to override values in .yaml 2022-05-18 08:08:37 +00:00			`run -0 cscli simulation status -o human`
			`assert_output --partial "global simulation: enabled"`

updated bats to 1.7.0; shellcheck fixes and moved cfssl dir under testdata/ (#1584) 2022-06-13 19:54:47 +00:00			`echo "simulation: off" >"${SIMULATION}.local"`
fix #1385: .yaml.local (#1497) Added support for .yaml.local files to override values in .yaml 2022-05-18 08:08:37 +00:00			`run -0 cscli simulation status -o human`
			`assert_output --partial "global simulation: disabled"`

			`rm -f "${SIMULATION}.local"`
			`run -0 cscli simulation status -o human`
			`assert_output --partial "global simulation: enabled"`
			`}`

			`@test "${FILE} profiles.yaml.local" {`
Fixed bats tests for freebsd (#1600) 2022-06-22 08:00:51 +00:00			`run -0 yq e '.api.server.profiles_path' "${CONFIG_YAML}"`
fix #1385: .yaml.local (#1497) Added support for .yaml.local files to override values in .yaml 2022-05-18 08:08:37 +00:00			`refute_output null`
			`PROFILES="${output}"`

updated bats to 1.7.0; shellcheck fixes and moved cfssl dir under testdata/ (#1584) 2022-06-13 19:54:47 +00:00			`cat <<-EOT >"${PROFILES}.local"`
fix #1385: .yaml.local (#1497) Added support for .yaml.local files to override values in .yaml 2022-05-18 08:08:37 +00:00			`name: default_ip_remediation`
			`filters:`
			`- Alert.Remediation == true && Alert.GetScope() == "Ip"`
			`decisions:`
			`- type: captcha`
			`duration: 2h`
			`on_success: break`
			`EOT`

			`tmpfile=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp)`
			`touch "${tmpfile}"`
			`ACQUIS_YAML=$(config_yq '.crowdsec_service.acquisition_path')`
			`echo -e "---\nfilename: ${tmpfile}\nlabels:\n type: syslog\n" >>"${ACQUIS_YAML}"`

			`./instance-crowdsec start`
			`fake_log >>"${tmpfile}"`
			`sleep 1`
			`rm -f -- "${tmpfile}"`
			`run -0 cscli decisions list -o json`
			`run -0 jq -c '.[].decisions[0] \| [.value,.type]' <(output)`
			`assert_output '["1.1.1.172","captcha"]'`
			`}`