beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

disable tls tests in pipeline (#1625)

Browse source 
and removing obsolete $FILE
This commit is contained in:
mmetc 2022-07-01 11:03:40 +02:00 committed by GitHub
parent 69dd8d2892
commit 14dd6b9026
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
23 changed files with 219 additions and 213 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
tests/bats/02_nolapi.bats
View file

@ -38,7 +38,7 @@ declare stderr
yq e 'del(.api.server)' -i "${CONFIG_YAML}"
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
run -0 echo "$stderr"
run -0 echo "${stderr}"
assert_output --partial "crowdsec local API is disabled"
}
@ -46,7 +46,7 @@ declare stderr
yq e 'del(.api.server)' -i "${CONFIG_YAML}"
run -1 --separate-stderr cscli capi status
run -0 echo "$stderr"
run -0 echo "${stderr}"
assert_output --partial "crowdsec local API is disabled"
assert_output --partial "There is no configuration on 'api.server:'"
}
@ -68,7 +68,7 @@ declare stderr
run -1 --separate-stderr cscli config backup "${backupdir}"
rm -rf -- "${backupdir:?}"
run -0 echo "$stderr"
run -0 echo "${stderr}"
assert_output --partial "Failed to backup configurations"
assert_output --partial "file exists"
}
@ -77,7 +77,7 @@ declare stderr
yq e 'del(.api.server)' -i "${CONFIG_YAML}"
./instance-crowdsec start || true
run -1 --separate-stderr cscli machines list
run -0 echo "$stderr"
run -0 echo "${stderr}"
assert_output --partial "Local API is disabled, please run this command on the local API machine"
}
@ -89,7 +89,7 @@ declare stderr
assert_output --partial "ROUTE"
assert_output --partial "/v1/watchers/login"
run -0 echo "$stderr"
run -0 echo "${stderr}"
assert_output --partial "crowdsec local API is disabled"
assert_output --partial "Local API is disabled, please run this command on the local API machine"
}

24
tests/bats/03_noagent.bats
View file

@ -28,33 +28,33 @@ config_disable_agent() {
yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
}
@test "$FILE with agent: test without -no-cs flag" {
@test "with agent: test without -no-cs flag" {
run -124 timeout 2s "${CROWDSEC}"
# from `man timeout`: If the command times out, and --preserve-status is not set, then exit with status 124.
}
@test "$FILE no agent: crowdsec LAPI should run (-no-cs flag)" {
@test "no agent: crowdsec LAPI should run (-no-cs flag)" {
run -124 timeout 2s "${CROWDSEC}" -no-cs
}
@test "$FILE no agent: crowdsec LAPI should run (no crowdsec_service in configuration file)" {
@test "no agent: crowdsec LAPI should run (no crowdsec_service in configuration file)" {
config_disable_agent
run -124 --separate-stderr timeout 2s "${CROWDSEC}"
run -0 echo "$stderr"
run -0 echo "${stderr}"
assert_output --partial "crowdsec agent is disabled"
}
@test "$FILE no agent: capi status should be ok" {
@test "no agent: capi status should be ok" {
config_disable_agent
./instance-crowdsec start
run -0 --separate-stderr cscli capi status
run -0 echo "$stderr"
run -0 echo "${stderr}"
assert_output --partial "You can successfully interact with Central API (CAPI)"
}
@test "$FILE no agent: cscli config show" {
@test "no agent: cscli config show" {
config_disable_agent
run -0 --separate-stderr cscli config show -o human
assert_output --partial "Global:"
@ -64,29 +64,29 @@ config_disable_agent() {
refute_output --partial "Crowdsec:"
}
@test "$FILE no agent: cscli config backup" {
@test "no agent: cscli config backup" {
config_disable_agent
backupdir=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp -u)
run -0 cscli config backup "${backupdir}"
assert_output --partial "Starting configuration backup"
run -1 --separate-stderr cscli config backup "${backupdir}"
run -0 echo "$stderr"
run -0 echo "${stderr}"
assert_output --partial "Failed to backup configurations"
assert_output --partial "file exists"
rm -rf -- "${backupdir:?}"
}
@test "$FILE no agent: lapi status should be ok" {
@test "no agent: lapi status should be ok" {
config_disable_agent
./instance-crowdsec start
run -0 --separate-stderr cscli lapi status
run -0 echo "$stderr"
run -0 echo "${stderr}"
assert_output --partial "You can successfully interact with Local API (LAPI)"
}
@test "$FILE cscli metrics" {
@test "cscli metrics" {
config_disable_agent
./instance-crowdsec start
run -0 cscli lapi status

22
tests/bats/04_nocapi.bats
View file

@ -28,25 +28,25 @@ config_disable_capi() {
yq e 'del(.api.server.online_client)' -i "${CONFIG_YAML}"
}
@test "$FILE without capi: crowdsec LAPI should still work" {
@test "without capi: crowdsec LAPI should still work" {
config_disable_capi
run -124 --separate-stderr timeout 1s "${CROWDSEC}"
# from `man timeout`: If the command times out, and --preserve-status is not set, then exit with status 124.
run -0 echo "$stderr"
run -0 echo "${stderr}"
assert_output --partial "push and pull to Central API disabled"
}
@test "$FILE without capi: cscli capi status -> fail" {
@test "without capi: cscli capi status -> fail" {
config_disable_capi
./instance-crowdsec start
run -1 --separate-stderr cscli capi status
run -0 echo "$stderr"
run -0 echo "${stderr}"
assert_output --partial "no configuration for Central API in "
}
@test "$FILE no capi: cscli config show" {
@test "no capi: cscli config show" {
config_disable_capi
run -0 --separate-stderr cscli config show -o human
assert_output --partial "Global:"
@ -55,29 +55,29 @@ config_disable_capi() {
assert_output --partial "Local API Server:"
}
@test "$FILE no agent: cscli config backup" {
@test "no agent: cscli config backup" {
config_disable_capi
backupdir=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp -u)
run -0 cscli config backup "${backupdir}"
assert_output --partial "Starting configuration backup"
run -1 --separate-stderr cscli config backup "${backupdir}"
run -0 echo "$stderr"
run -0 echo "${stderr}"
assert_output --partial "Failed to backup configurations"
assert_output --partial "file exists"
rm -rf -- "${backupdir:?}"
}
@test "$FILE without capi: cscli lapi status -> success" {
@test "without capi: cscli lapi status -> success" {
config_disable_capi
./instance-crowdsec start
run -0 --separate-stderr cscli lapi status
run -0 echo "$stderr"
run -0 echo "${stderr}"
assert_output --partial "You can successfully interact with Local API (LAPI)"
}
@test "$FILE cscli metrics" {
@test "cscli metrics" {
config_disable_capi
./instance-crowdsec start
run -0 cscli lapi status
@ -85,6 +85,6 @@ config_disable_capi() {
assert_output --partial "ROUTE"
assert_output --partial '/v1/watchers/login'
run -0 echo "$stderr"
run -0 echo "${stderr}"
assert_output --partial "Local Api Metrics:"
}

12
tests/bats/05_config_yaml_local.bats
View file

@ -31,7 +31,7 @@ teardown() {
#----------
@test "${FILE} config.yaml.local - cscli (log_level)" {
@test "config.yaml.local - cscli (log_level)" {
yq e '.common.log_level="warning"' -i "${CONFIG_YAML}"
run -0 cscli config show --key Config.Common.LogLevel
assert_output "warning"
@ -41,7 +41,7 @@ teardown() {
assert_output "debug"
}
@test "${FILE} config.yaml.local - cscli (log_level - with envvar)" {
@test "config.yaml.local - cscli (log_level - with envvar)" {
yq e '.common.log_level="warning"' -i "${CONFIG_YAML}"
run -0 cscli config show --key Config.Common.LogLevel
assert_output "warning"
@ -52,7 +52,7 @@ teardown() {
assert_output "debug"
}
@test "${FILE} config.yaml.local - crowdsec (listen_url)" {
@test "config.yaml.local - crowdsec (listen_url)" {
# disable the agent or we'll need to patch api client credentials too
run -0 yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
./instance-crowdsec start
@ -73,7 +73,7 @@ teardown() {
run -0 ./lib/util/wait-for-port -q 8080
}
@test "${FILE} local_api_credentials.yaml.local" {
@test "local_api_credentials.yaml.local" {
run -0 yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local"
./instance-crowdsec start
@ -85,7 +85,7 @@ teardown() {
run -0 cscli decisions list
}
@test "${FILE} simulation.yaml.local" {
@test "simulation.yaml.local" {
run -0 yq e '.config_paths.simulation_path' "${CONFIG_YAML}"
refute_output null
SIMULATION="${output}"
@ -107,7 +107,7 @@ teardown() {
assert_output --partial "global simulation: enabled"
}
@test "${FILE} profiles.yaml.local" {
@test "profiles.yaml.local" {
run -0 yq e '.api.server.profiles_path' "${CONFIG_YAML}"
refute_output null
PROFILES="${output}"

8
tests/bats/10_bouncers.bats
View file

@ -23,12 +23,12 @@ teardown() {
#----------
@test "$FILE there are 0 bouncers" {
@test "there are 0 bouncers" {
run -0 cscli bouncers list -o json
assert_output "[]"
}
@test "$FILE we can add one bouncer, and delete it" {
@test "we can add one bouncer, and delete it" {
run -0 cscli bouncers add ciTestBouncer
assert_output --partial "Api key for 'ciTestBouncer':"
run -0 cscli bouncers delete ciTestBouncer
@ -36,7 +36,7 @@ teardown() {
assert_output '[]'
}
@test "$FILE we can't add the same bouncer twice" {
@test "we can't add the same bouncer twice" {
run -0 cscli bouncers add ciTestBouncer
run -1 --separate-stderr cscli bouncers add ciTestBouncer -o json
@ -50,7 +50,7 @@ teardown() {
assert_output 1
}
@test "$FILE delete the bouncer multiple times, even if it does not exist" {
@test "delete the bouncer multiple times, even if it does not exist" {
run -0 cscli bouncers add ciTestBouncer
run -0 cscli bouncers delete ciTestBouncer
run -0 cscli bouncers delete ciTestBouncer

2
tests/bats/11_bouncers_tls.bats
View file

@ -9,6 +9,7 @@ config_disable_agent() {
setup_file() {
load "../lib/setup_file.sh"
[[ "${PACKAGE_TESTING}" == "true" ]] && return
./instance-data load
tmpdir="${BATS_FILE_TMPDIR}"
@ -52,6 +53,7 @@ teardown_file() {
}
setup() {
[[ "${PACKAGE_TESTING}" == "true" ]] && skip
load "../lib/setup.sh"
./instance-crowdsec start
}

8
tests/bats/20_collections.bats
View file

@ -23,17 +23,17 @@ teardown() {
#----------
@test "$FILE we can list collections" {
@test "we can list collections" {
run -0 cscli collections list
}
@test "$FILE there are 2 collections (linux and sshd)" {
@test "there are 2 collections (linux and sshd)" {
run -0 cscli collections list -o json
run -0 jq '.collections | length' <(output)
assert_output 2
}
@test "$FILE can install a collection (as a regular user) and remove it" {
@test "can install a collection (as a regular user) and remove it" {
run -0 cscli collections install crowdsecurity/mysql -o human
assert_output --partial "Enabled crowdsecurity/mysql"
run -0 cscli collections list -o json
@ -43,7 +43,7 @@ teardown() {
assert_output --partial "Removed symlink [crowdsecurity/mysql]"
}
@test "$FILE cannot remove a collection twice" {
@test "cannot remove a collection twice" {
run -0 cscli collections install crowdsecurity/mysql -o human
run -0 --separate-stderr cscli collections remove crowdsecurity/mysql
run -1 --separate-stderr cscli collections remove crowdsecurity/mysql -o json

8
tests/bats/30_machines.bats
View file

@ -23,11 +23,11 @@ teardown() {
#----------
@test "$FILE can list machines as regular user" {
@test "can list machines as regular user" {
run -0 cscli machines list
}
@test "$FILE we have exactly one machine, localhost" {
@test "we have exactly one machine, localhost" {
run -0 cscli machines list -o json
run -0 jq -c '[. | length, .[0].machineId[0:32], .[0].isValidated, .[0].ipAddress]' <(output)
assert_output '[1,"githubciXXXXXXXXXXXXXXXXXXXXXXXX",true,"127.0.0.1"]'
@ -39,7 +39,7 @@ teardown() {
#assert_output '127.0.0.1'
}
@test "$FILE add a new machine and delete it" {
@test "add a new machine and delete it" {
run -0 cscli machines add -a -f /dev/null CiTestMachine -o human
assert_output --partial "Machine 'CiTestMachine' successfully added to the local API"
assert_output --partial "API credentials dumped to '/dev/null'"
@ -59,7 +59,7 @@ teardown() {
assert_output 1
}
@test "$FILE register, validate and then remove a machine" {
@test "register, validate and then remove a machine" {
run -0 cscli lapi register --machine CiTestMachineRegister -f /dev/null -o human
assert_output --partial "Successfully registered to Local API (LAPI)"
assert_output --partial "Local API credentials dumped to '/dev/null'"

2
tests/bats/30_machines_tls.bats
View file

@ -9,6 +9,7 @@ config_disable_agent() {
setup_file() {
load "../lib/setup_file.sh"
[[ "${PACKAGE_TESTING}" == "true" ]] && return
./instance-data load
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
@ -56,6 +57,7 @@ teardown_file() {
}
setup() {
[[ "${PACKAGE_TESTING}" == "true" ]] && skip
load "../lib/setup.sh"
}

12
tests/bats/40_cold-logs.bats
View file

@ -28,36 +28,36 @@ setup() {
#----------
@test "$FILE we have one decision" {
@test "we have one decision" {
run -0 cscli decisions list -o json
run -0 jq '. | length' <(output)
assert_output 1
}
@test "$FILE 1.1.1.172 has been banned" {
@test "1.1.1.172 has been banned" {
run -0 cscli decisions list -o json
run -0 jq -r '.[].decisions[0].value' <(output)
assert_output '1.1.1.172'
}
@test "$FILE 1.1.1.172 has been banned (range/contained: -r 1.1.1.0/24 --contained)" {
@test "1.1.1.172 has been banned (range/contained: -r 1.1.1.0/24 --contained)" {
run -0 cscli decisions list -r 1.1.1.0/24 --contained -o json
run -0 jq -r '.[].decisions[0].value' <(output)
assert_output '1.1.1.172'
}
@test "$FILE 1.1.1.172 has not been banned (range/NOT-contained: -r 1.1.2.0/24)" {
@test "1.1.1.172 has not been banned (range/NOT-contained: -r 1.1.2.0/24)" {
run -0 cscli decisions list -r 1.1.2.0/24 -o json
assert_output 'null'
}
@test "$FILE 1.1.1.172 has been banned (exact: -i 1.1.1.172)" {
@test "1.1.1.172 has been banned (exact: -i 1.1.1.172)" {
run -0 cscli decisions list -i 1.1.1.172 -o json
run -0 jq -r '.[].decisions[0].value' <(output)
assert_output '1.1.1.172'
}
@test "$FILE 1.1.1.173 has not been banned (exact: -i 1.1.1.173)" {
@test "1.1.1.173 has not been banned (exact: -i 1.1.1.173)" {
run -0 cscli decisions list -i 1.1.1.173 -o json
assert_output 'null'
}

4
tests/bats/40_live-ban.bats
View file

@ -29,11 +29,11 @@ teardown() {
#----------
@test "$FILE 1.1.1.172 has been banned" {
@test "1.1.1.172 has been banned" {
tmpfile=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp)
touch "${tmpfile}"
ACQUIS_YAML=$(config_yq '.crowdsec_service.acquisition_path')
echo -e "---\nfilename: $tmpfile\nlabels:\n type: syslog\n" >>"${ACQUIS_YAML}"
echo -e "---\nfilename: ${tmpfile}\nlabels:\n type: syslog\n" >>"${ACQUIS_YAML}"
./instance-crowdsec start
fake_log >>"${tmpfile}"

10
tests/bats/50_simulation.bats
View file

@ -26,7 +26,7 @@ setup() {
#----------
@test "$FILE we have one decision" {
@test "we have one decision" {
run -0 cscli simulation disable --global
fake_log | "${CROWDSEC}" -dsn file:///dev/fd/0 -type syslog -no-api
run -0 cscli decisions list -o json
@ -34,7 +34,7 @@ setup() {
assert_output 1
}
@test "$FILE 1.1.1.174 has been banned (exact)" {
@test "1.1.1.174 has been banned (exact)" {
run -0 cscli simulation disable --global
fake_log | "${CROWDSEC}" -dsn file:///dev/fd/0 -type syslog -no-api
run -0 cscli decisions list -o json
@ -42,7 +42,7 @@ setup() {
assert_output '1.1.1.174'
}
@test "$FILE decision has simulated == false (exact)" {
@test "decision has simulated == false (exact)" {
run -0 cscli simulation disable --global
fake_log | "${CROWDSEC}" -dsn file:///dev/fd/0 -type syslog -no-api
run -0 cscli decisions list -o json
@ -50,14 +50,14 @@ setup() {
assert_output 'false'
}
@test "$FILE simulated scenario, listing non-simulated: expect no decision" {
@test "simulated scenario, listing non-simulated: expect no decision" {
run -0 cscli simulation enable crowdsecurity/ssh-bf
fake_log | "${CROWDSEC}" -dsn file:///dev/fd/0 -type syslog -no-api
run -0 cscli decisions list --no-simu -o json
assert_output 'null'
}
@test "$FILE global simulation, listing non-simulated: expect no decision" {
@test "global simulation, listing non-simulated: expect no decision" {
run -0 cscli simulation disable crowdsecurity/ssh-bf
run -0 cscli simulation enable --global
fake_log | "${CROWDSEC}" -dsn file:///dev/fd/0 -type syslog -no-api

10
tests/bats/70_http_plugin.bats
View file

@ -53,7 +53,7 @@ setup() {
#----------
@test "${FILE} add two bans" {
@test "add two bans" {
run -0 cscli decisions add --ip 1.2.3.4 --duration 30s
assert_output --partial 'Decision successfully added'
@ -62,25 +62,25 @@ setup() {
sleep 5
}
@test "${FILE} expected 1 log line from http server" {
@test "expected 1 log line from http server" {
run -0 wc -l <"${MOCK_OUT}"
# wc can pad with spaces on some platforms
run -0 tr -d ' ' < <(output)
assert_output 1
}
@test "${FILE} expected to receive 2 alerts in the request body from plugin" {
@test "expected to receive 2 alerts in the request body from plugin" {
run -0 jq -r '.request_body' <"${MOCK_OUT}"
run -0 jq -r 'length' <(output)
assert_output 2
}
@test "${FILE} expected to receive IP 1.2.3.4 as value of first decision" {
@test "expected to receive IP 1.2.3.4 as value of first decision" {
run -0 jq -r '.request_body[0].decisions[0].value' <"${MOCK_OUT}"
assert_output 1.2.3.4
}
@test "${FILE} expected to receive IP 1.2.3.5 as value of second decision" {
@test "expected to receive IP 1.2.3.5 as value of second decision" {
run -0 jq -r '.request_body[1].decisions[0].value' <"${MOCK_OUT}"
assert_output 1.2.3.5
}

24
tests/bats/72_plugin_badconfig.bats
View file

@ -30,9 +30,11 @@ teardown() {
chmod go-w "${PLUGIN_DIR}"/notification-http
}
declare stderr
#----------
@test "${FILE} misconfigured plugin, only user is empty" {
@test "misconfigured plugin, only user is empty" {
yq e '.plugin_config.user="" | .plugin_config.group="nogroup"' -i "${CONFIG_YAML}"
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
@ -40,7 +42,7 @@ teardown() {
assert_output --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: both plugin user and group must be set"
}
@test "${FILE} misconfigured plugin, only group is empty" {
@test "misconfigured plugin, only group is empty" {
yq e '(.plugin_config.user="nobody") | (.plugin_config.group="")' -i "${CONFIG_YAML}"
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
@ -48,7 +50,7 @@ teardown() {
assert_output --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: both plugin user and group must be set"
}
@test "${FILE} misconfigured plugin, user does not exist" {
@test "misconfigured plugin, user does not exist" {
yq e '(.plugin_config.user="userdoesnotexist") | (.plugin_config.group="groupdoesnotexist")' -i "${CONFIG_YAML}"
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
@ -56,7 +58,7 @@ teardown() {
assert_output --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: user: unknown user userdoesnotexist"
}
@test "${FILE} misconfigured plugin, group does not exist" {
@test "misconfigured plugin, group does not exist" {
yq e '(.plugin_config.user=strenv(USER)) | (.plugin_config.group="groupdoesnotexist")' -i "${CONFIG_YAML}"
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
@ -64,7 +66,7 @@ teardown() {
assert_output --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: group: unknown group groupdoesnotexist"
}
@test "${FILE} bad plugin name" {
@test "bad plugin name" {
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
cp "${PLUGIN_DIR}"/notification-http "${PLUGIN_DIR}"/badname
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
@ -72,7 +74,7 @@ teardown() {
assert_output --partial "api server init: unable to run local API: while loading plugin: plugin name ${PLUGIN_DIR}/badname is invalid. Name should be like {type-name}"
}
@test "${FILE} bad plugin permission (group writable)" {
@test "bad plugin permission (group writable)" {
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
chmod g+w "${PLUGIN_DIR}"/notification-http
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
@ -80,7 +82,7 @@ teardown() {
assert_output --partial "api server init: unable to run local API: while loading plugin: plugin at ${PLUGIN_DIR}/notification-http is group writable, group writable plugins are invalid"
}
@test "${FILE} bad plugin permission (world writable)" {
@test "bad plugin permission (world writable)" {
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
chmod o+w "${PLUGIN_DIR}"/notification-http
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
@ -88,7 +90,7 @@ teardown() {
assert_output --partial "api server init: unable to run local API: while loading plugin: plugin at ${PLUGIN_DIR}/notification-http is world writable, world writable plugins are invalid"
}
@test "${FILE} config.yaml: missing .plugin_config section" {
@test "config.yaml: missing .plugin_config section" {
yq e 'del(.plugin_config)' -i "${CONFIG_YAML}"
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
@ -96,7 +98,7 @@ teardown() {
assert_output --partial "api server init: plugins are enabled, but the plugin_config section is missing in the configuration"
}
@test "${FILE} config.yaml: missing config_paths.notification_dir" {
@test "config.yaml: missing config_paths.notification_dir" {
yq e 'del(.config_paths.notification_dir)' -i "${CONFIG_YAML}"
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
@ -104,7 +106,7 @@ teardown() {
assert_output --partial "api server init: plugins are enabled, but config_paths.notification_dir is not defined"
}
@test "${FILE} config.yaml: missing config_paths.plugin_dir" {
@test "config.yaml: missing config_paths.plugin_dir" {
yq e 'del(.config_paths.plugin_dir)' -i "${CONFIG_YAML}"
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
@ -112,7 +114,7 @@ teardown() {
assert_output --partial "api server init: plugins are enabled, but config_paths.plugin_dir is not defined"
}
@test "${FILE} unable to run local API: while reading plugin config" {
@test "unable to run local API: while reading plugin config" {
yq e '.config_paths.notification_dir="/this/path/does/not/exist"' -i "${CONFIG_YAML}"
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
run -1 --separate-stderr timeout 2s "${CROWDSEC}"

38
tests/bats/80_alerts.bats
View file

@ -25,7 +25,7 @@ declare stderr
#----------
@test "$FILE cscli alerts list, with and without --machine" {
@test "cscli alerts list, with and without --machine" {
is_db_postgres && skip
run -0 cscli decisions add -i 10.20.30.40 -t ban
@ -46,7 +46,7 @@ declare stderr
assert_output --regexp "\| githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})? \|"
}
@test "$FILE cscli alerts list, human/json/raw" {
@test "cscli alerts list, human/json/raw" {
run -0 cscli decisions add -i 10.20.30.40 -t ban
run -0 cscli alerts list -o human
@ -66,16 +66,16 @@ declare stderr
assert_line --regexp "^[0-9]+,Ip,10.20.30.40,manual 'ban' from 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?',,\" \",ban:1,.*,githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?$"
}
@test "$FILE cscli alerts inspect" {
@test "cscli alerts inspect" {
run -0 cscli decisions add -i 10.20.30.40 -t ban
run -0 cscli alerts list -o raw <(output)
run -0 grep 10.20.30.40 <(output)
run -0 cut -d, -f1 <(output)
ALERT_ID="$output"
ALERT_ID="${output}"
run -0 cscli alerts inspect "$ALERT_ID" -o human
run -0 cscli alerts inspect "${ALERT_ID}" -o human
assert_line --regexp '^#+$'
assert_line --regexp "^ - ID *: $ALERT_ID$"
assert_line --regexp "^ - ID *: ${ALERT_ID}$"
assert_line --regexp "^ - Date *: .*$"
assert_line --regexp "^ - Machine *: githubciXXXXXXXXXXXXXXXXXXXXXXXX.*"
assert_line --regexp "^ - Simulation *: false$"
@ -90,12 +90,12 @@ declare stderr
assert_line --regexp "^.* ID .* SCOPE:VALUE .* ACTION .* EXPIRATION .* CREATED AT .*$"
assert_line --regexp "^.* Ip:10.20.30.40 .* ban .*$"
run -0 cscli alerts inspect "$ALERT_ID" -o human --details
run -0 cscli alerts inspect "${ALERT_ID}" -o human --details
# XXX can we have something here?
run -0 cscli alerts inspect "$ALERT_ID" -o raw
run -0 cscli alerts inspect "${ALERT_ID}" -o raw
assert_line --regexp "^ *capacity: 0$"
assert_line --regexp "^ *id: $ALERT_ID$"
assert_line --regexp "^ *id: ${ALERT_ID}$"
assert_line --regexp "^ *origin: cscli$"
assert_line --regexp "^ *scenario: manual 'ban' from 'githubciXXXXXXXXXXXXXXXXXXXXXXXX.*'$"
assert_line --regexp "^ *scope: Ip$"
@ -103,15 +103,15 @@ declare stderr
assert_line --regexp "^ *type: ban$"
assert_line --regexp "^ *value: 10.20.30.40$"
run -0 cscli alerts inspect "$ALERT_ID" -o json
alert=$output
run jq -c '.decisions[] | [.origin,.scenario,.scope,.simulated,.type,.value]' <<<"$alert"
run -0 cscli alerts inspect "${ALERT_ID}" -o json
alert=${output}
run jq -c '.decisions[] | [.origin,.scenario,.scope,.simulated,.type,.value]' <<<"${alert}"
assert_output --regexp "\[\"cscli\",\"manual 'ban' from 'githubciXXXXXXXXXXXXXXXXXXXXXXXX.*'\",\"Ip\",false,\"ban\",\"10.20.30.40\"\]"
run jq -c '.source' <<<"$alert"
run jq -c '.source' <<<"${alert}"
assert_output '{"ip":"10.20.30.40","scope":"Ip","value":"10.20.30.40"}'
}
@test "$FILE no active alerts" {
@test "no active alerts" {
run -0 cscli alerts list --until 200d -o human
assert_output "No active alerts"
run -0 cscli alerts list --until 200d -o json
@ -122,22 +122,22 @@ declare stderr
assert_output "id,scope,value,reason,country,as,decisions,created_at,machine"
}
@test "$FILE cscli alerts delete" {
@test "cscli alerts delete" {
run -0 --separate-stderr cscli alerts delete --all
run echo "$stderr"
run echo "${stderr}"
assert_output --partial 'alert(s) deleted'
# XXX TODO: delete by scope, id, value, scenario, range..
}
@test "$FILE bad duration" {
@test "bad duration" {
skip 'TODO'
run -0 cscli decisions add -i 10.20.30.40 -t ban
run -9 cscli decisions list --ip 10.20.30.40 -o json
run -9 jq -r '.[].decisions[].id' <(output)
DECISION_ID="$output"
DECISION_ID="${output}"
./instance-crowdsec stop
run -0 ./instance-db exec_sql "UPDATE decisions SET ... WHERE id=$DECISION_ID"
run -0 ./instance-db exec_sql "UPDATE decisions SET ... WHERE id=${DECISION_ID}"
./instance-crowdsec start
}

14
tests/bats/90_decisions.bats
View file

@ -25,19 +25,19 @@ declare stderr
#----------
@test "$FILE 'decisions add' requires parameters" {
@test "'decisions add' requires parameters" {
run -1 --separate-stderr cscli decisions add
assert_line "Usage:"
run echo "$stderr"
run echo "${stderr}"
assert_output --partial "Missing arguments, a value is required (--ip, --range or --scope and --value)"
run -1 --separate-stderr cscli decisions add -o json
run echo "$stderr"
run echo "${stderr}"
run -0 jq -c '[ .level, .msg]' <(output)
assert_output '["fatal","Missing arguments, a value is required (--ip, --range or --scope and --value)"]'
}
@test "$FILE cscli decisions list, with and without --machine" {
@test "cscli decisions list, with and without --machine" {
is_db_postgres && skip
run -0 cscli decisions add -i 10.20.30.40 -t ban
@ -58,12 +58,12 @@ declare stderr
assert_output --regexp "\| githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})? \|"
}
@test "$FILE cscli decisions list, incorrect parameters" {
@test "cscli decisions list, incorrect parameters" {
run -1 --separate-stderr cscli decisions list --until toto
run echo "$stderr"
run echo "${stderr}"
assert_output --partial 'Unable to list decisions : performing request: API error: while parsing duration: time: invalid duration \"toto\"'
run -1 --separate-stderr cscli decisions list --until toto -o json
run echo "$stderr"
run echo "${stderr}"
run -0 jq -c '[.level, .msg]' <(output)
assert_output '["fatal","Unable to list decisions : performing request: API error: while parsing duration: time: invalid duration \"toto\""]'
}

26
tests/bats/97_ipv4_single.bats
View file

@ -29,30 +29,30 @@ api() {
#----------
@test "$FILE cli - first decisions list: must be empty" {
@test "cli - first decisions list: must be empty" {
# delete community pull
run -0 cscli decisions delete --all
run -0 cscli decisions list -o json
assert_output 'null'
}
@test "$FILE API - first decisions list: must be empty" {
@test "API - first decisions list: must be empty" {
run -0 api '/v1/decisions'
assert_output 'null'
}
@test "$FILE adding decision for 1.2.3.4" {
@test "adding decision for 1.2.3.4" {
run -0 cscli decisions add -i '1.2.3.4'
assert_output --partial 'Decision successfully added'
}
@test "$FILE CLI - all decisions" {
@test "CLI - all decisions" {
run -0 cscli decisions list -o json
run -0 jq -r '.[0].decisions[0].value' <(output)
assert_output '1.2.3.4'
}
@test "$FILE API - all decisions" {
@test "API - all decisions" {
run -0 api '/v1/decisions'
run -0 jq -c '[ . | length, .[0].value ]' <(output)
assert_output '[1,"1.2.3.4"]'
@ -60,47 +60,47 @@ api() {
# check ip match
@test "$FILE CLI - decision for 1.2.3.4" {
@test "CLI - decision for 1.2.3.4" {
run -0 cscli decisions list -i '1.2.3.4' -o json
run -0 jq -r '.[0].decisions[0].value' <(output)
assert_output '1.2.3.4'
}
@test "$FILE API - decision for 1.2.3.4" {
@test "API - decision for 1.2.3.4" {
run -0 api '/v1/decisions?ip=1.2.3.4'
run -0 jq -r '.[0].value' <(output)
assert_output '1.2.3.4'
}
@test "$FILE CLI - decision for 1.2.3.5" {
@test "CLI - decision for 1.2.3.5" {
run -0 cscli decisions list -i '1.2.3.5' -o json
assert_output 'null'
}
@test "$FILE API - decision for 1.2.3.5" {
@test "API - decision for 1.2.3.5" {
run -0 api '/v1/decisions?ip=1.2.3.5'
assert_output 'null'
}
## check outer range match
@test "$FILE CLI - decision for 1.2.3.0/24" {
@test "CLI - decision for 1.2.3.0/24" {
run -0 cscli decisions list -r '1.2.3.0/24' -o json
assert_output 'null'
}
@test "$FILE API - decision for 1.2.3.0/24" {
@test "API - decision for 1.2.3.0/24" {
run -0 api '/v1/decisions?range=1.2.3.0/24'
assert_output 'null'
}
@test "$FILE CLI - decisions where IP in 1.2.3.0/24" {
@test "CLI - decisions where IP in 1.2.3.0/24" {
run -0 cscli decisions list -r '1.2.3.0/24' --contained -o json
run -0 jq -r '.[0].decisions[0].value' <(output)
assert_output '1.2.3.4'
}
@test "$FILE API - decisions where IP in 1.2.3.0/24" {
@test "API - decisions where IP in 1.2.3.0/24" {
run -0 api '/v1/decisions?range=1.2.3.0/24&contains=false'
run -0 jq -r '.[0].value' <(output)
assert_output '1.2.3.4'

46
tests/bats/97_ipv6_single.bats
View file

@ -29,127 +29,127 @@ api() {
#----------
@test "$FILE cli - first decisions list: must be empty" {
@test "cli - first decisions list: must be empty" {
# delete community pull
run -0 cscli decisions delete --all
run -0 cscli decisions list -o json
assert_output 'null'
}
@test "$FILE adding decision for ip 1111:2222:3333:4444:5555:6666:7777:8888" {
@test "adding decision for ip 1111:2222:3333:4444:5555:6666:7777:8888" {
run -0 cscli decisions add -i '1111:2222:3333:4444:5555:6666:7777:8888'
assert_output --partial 'Decision successfully added'
}
@test "$FILE CLI - all decisions" {
@test "CLI - all decisions" {
run -0 cscli decisions list -o json
run -0 jq -r '.[].decisions[0].value' <(output)
assert_output '1111:2222:3333:4444:5555:6666:7777:8888'
}
@test "$FILE API - all decisions" {
@test "API - all decisions" {
run -0 api "/v1/decisions"
run -0 jq -r '.[].value' <(output)
assert_output '1111:2222:3333:4444:5555:6666:7777:8888'
}
@test "$FILE CLI - decisions for ip 1111:2222:3333:4444:5555:6666:7777:8888" {
@test "CLI - decisions for ip 1111:2222:3333:4444:5555:6666:7777:8888" {
run -0 cscli decisions list -i '1111:2222:3333:4444:5555:6666:7777:8888' -o json
run -0 jq -r '.[].decisions[0].value' <(output)
assert_output '1111:2222:3333:4444:5555:6666:7777:8888'
}
@test "$FILE API - decisions for ip 1111:2222:3333:4444:5555:6666:7777:888" {
@test "API - decisions for ip 1111:2222:3333:4444:5555:6666:7777:888" {
run -0 api '/v1/decisions?ip=1111:2222:3333:4444:5555:6666:7777:8888'
run -0 jq -r '.[].value' <(output)
assert_output '1111:2222:3333:4444:5555:6666:7777:8888'
}
@test "$FILE CLI - decisions for ip 1211:2222:3333:4444:5555:6666:7777:8888" {
@test "CLI - decisions for ip 1211:2222:3333:4444:5555:6666:7777:8888" {
run -0 cscli decisions list -i '1211:2222:3333:4444:5555:6666:7777:8888' -o json
assert_output 'null'
}
@test "$FILE API - decisions for ip 1211:2222:3333:4444:5555:6666:7777:888" {
@test "API - decisions for ip 1211:2222:3333:4444:5555:6666:7777:888" {
run -0 api '/v1/decisions?ip=1211:2222:3333:4444:5555:6666:7777:8888'
assert_output 'null'
}
@test "$FILE CLI - decisions for ip 1111:2222:3333:4444:5555:6666:7777:8887" {
@test "CLI - decisions for ip 1111:2222:3333:4444:5555:6666:7777:8887" {
run -0 cscli decisions list -i '1111:2222:3333:4444:5555:6666:7777:8887' -o json
assert_output 'null'
}
@test "$FILE API - decisions for ip 1111:2222:3333:4444:5555:6666:7777:8887" {
@test "API - decisions for ip 1111:2222:3333:4444:5555:6666:7777:8887" {
run -0 api '/v1/decisions?ip=1111:2222:3333:4444:5555:6666:7777:8887'
assert_output 'null'
}
@test "$FILE CLI - decisions for range 1111:2222:3333:4444:5555:6666:7777:8888/48" {
@test "CLI - decisions for range 1111:2222:3333:4444:5555:6666:7777:8888/48" {
run -0 cscli decisions list -r '1111:2222:3333:4444:5555:6666:7777:8888/48' -o json
assert_output 'null'
}
@test "$FILE API - decisions for range 1111:2222:3333:4444:5555:6666:7777:8888/48" {
@test "API - decisions for range 1111:2222:3333:4444:5555:6666:7777:8888/48" {
run -0 api '/v1/decisions?range=1111:2222:3333:4444:5555:6666:7777:8888/48'
assert_output 'null'
}
@test "$FILE CLI - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/48" {
@test "CLI - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/48" {
run -0 cscli decisions list -r '1111:2222:3333:4444:5555:6666:7777:8888/48' --contained -o json
run -0 jq -r '.[].decisions[0].value' <(output)
assert_output '1111:2222:3333:4444:5555:6666:7777:8888'
}
@test "$FILE API - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/48" {
@test "API - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/48" {
run -0 api '/v1/decisions?range=1111:2222:3333:4444:5555:6666:7777:8888/48&&contains=false'
run -0 jq -r '.[].value' <(output)
assert_output '1111:2222:3333:4444:5555:6666:7777:8888'
}
@test "$FILE CLI - decisions for range 1111:2222:3333:4444:5555:6666:7777:8888/64" {
@test "CLI - decisions for range 1111:2222:3333:4444:5555:6666:7777:8888/64" {
run -0 cscli decisions list -r '1111:2222:3333:4444:5555:6666:7777:8888/64' -o json
assert_output 'null'
}
@test "$FILE API - decisions for range 1111:2222:3333:4444:5555:6666:7777:8888/64" {
@test "API - decisions for range 1111:2222:3333:4444:5555:6666:7777:8888/64" {
run -0 api '/v1/decisions?range=1111:2222:3333:4444:5555:6666:7777:8888/64'
assert_output 'null'
}
@test "$FILE CLI - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/64" {
@test "CLI - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/64" {
run -0 cscli decisions list -r '1111:2222:3333:4444:5555:6666:7777:8888/64' -o json --contained
run -0 jq -r '.[].decisions[0].value' <(output)
assert_output '1111:2222:3333:4444:5555:6666:7777:8888'
}
@test "$FILE API - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/64" {
@test "API - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/64" {
run -0 api '/v1/decisions?range=1111:2222:3333:4444:5555:6666:7777:8888/64&&contains=false'
run -0 jq -r '.[].value' <(output)
assert_output '1111:2222:3333:4444:5555:6666:7777:8888'
}
@test "$FILE adding decision for ip 1111:2222:3333:4444:5555:6666:7777:8889" {
@test "adding decision for ip 1111:2222:3333:4444:5555:6666:7777:8889" {
run -0 cscli decisions add -i '1111:2222:3333:4444:5555:6666:7777:8889'
assert_output --partial 'Decision successfully added'
}
@test "$FILE deleting decision for ip 1111:2222:3333:4444:5555:6666:7777:8889" {
@test "deleting decision for ip 1111:2222:3333:4444:5555:6666:7777:8889" {
run -0 cscli decisions delete -i '1111:2222:3333:4444:5555:6666:7777:8889'
assert_output --partial '1 decision(s) deleted'
}
@test "$FILE CLI - decisions for ip 1111:2222:3333:4444:5555:6666:7777:8889 after delete" {
@test "CLI - decisions for ip 1111:2222:3333:4444:5555:6666:7777:8889 after delete" {
run -0 cscli decisions list -i '1111:2222:3333:4444:5555:6666:7777:8889' -o json
assert_output 'null'
}
@test "$FILE deleting decision for range 1111:2222:3333:4444:5555:6666:7777:8888/64" {
@test "deleting decision for range 1111:2222:3333:4444:5555:6666:7777:8888/64" {
run -0 cscli decisions delete -r '1111:2222:3333:4444:5555:6666:7777:8888/64' --contained
assert_output --partial '1 decision(s) deleted'
}
@test "$FILE CLI - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/64 after delete" {
@test "CLI - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/64 after delete" {
run -0 cscli decisions list -r '1111:2222:3333:4444:5555:6666:7777:8888/64' -o json --contained
assert_output 'null'
}

36
tests/bats/98_ipv4_range.bats
View file

@ -29,25 +29,25 @@ api() {
#----------
@test "$FILE cli - first decisions list: must be empty" {
@test "cli - first decisions list: must be empty" {
# delete community pull
run -0 cscli decisions delete --all
run -0 cscli decisions list -o json
assert_output 'null'
}
@test "$FILE adding decision for range 4.4.4.0/24" {
@test "adding decision for range 4.4.4.0/24" {
run -0 cscli decisions add -r '4.4.4.0/24'
assert_output --partial 'Decision successfully added'
}
@test "$FILE CLI - all decisions" {
@test "CLI - all decisions" {
run -0 cscli decisions list -o json
run -0 jq -r '.[0].decisions[0].value' <(output)
assert_output '4.4.4.0/24'
}
@test "$FILE API - all decisions" {
@test "API - all decisions" {
run -0 api '/v1/decisions'
run -0 jq -r '.[0].value' <(output)
assert_output '4.4.4.0/24'
@ -55,55 +55,55 @@ api() {
# check ip within/outside of range
@test "$FILE CLI - decisions for ip 4.4.4." {
@test "CLI - decisions for ip 4.4.4." {
run -0 cscli decisions list -i '4.4.4.3' -o json
run -0 jq -r '.[0].decisions[0].value' <(output)
assert_output '4.4.4.0/24'
}
@test "$FILE API - decisions for ip 4.4.4." {
@test "API - decisions for ip 4.4.4." {
run -0 api '/v1/decisions?ip=4.4.4.3'
run -0 jq -r '.[0].value' <(output)
assert_output '4.4.4.0/24'
}
@test "$FILE CLI - decisions for ip contained in 4.4.4." {
@test "CLI - decisions for ip contained in 4.4.4." {
run -0 cscli decisions list -i '4.4.4.4' -o json --contained
assert_output 'null'
}
@test "$FILE API - decisions for ip contained in 4.4.4." {
@test "API - decisions for ip contained in 4.4.4." {
run -0 api '/v1/decisions?ip=4.4.4.4&contains=false'
assert_output 'null'
}
@test "$FILE CLI - decisions for ip 5.4.4." {
@test "CLI - decisions for ip 5.4.4." {
run -0 cscli decisions list -i '5.4.4.3' -o json
assert_output 'null'
}
@test "$FILE API - decisions for ip 5.4.4." {
@test "API - decisions for ip 5.4.4." {
run -0 api '/v1/decisions?ip=5.4.4.3'
assert_output 'null'
}
@test "$FILE CLI - decisions for range 4.4.0.0/1" {
@test "CLI - decisions for range 4.4.0.0/1" {
run -0 cscli decisions list -r '4.4.0.0/16' -o json
assert_output 'null'
}
@test "$FILE API - decisions for range 4.4.0.0/1" {
@test "API - decisions for range 4.4.0.0/1" {
run -0 api '/v1/decisions?range=4.4.0.0/16'
assert_output 'null'
}
@test "$FILE CLI - decisions for ip/range in 4.4.0.0/1" {
@test "CLI - decisions for ip/range in 4.4.0.0/1" {
run -0 cscli decisions list -r '4.4.0.0/16' -o json --contained
run -0 jq -r '.[0].decisions[0].value' <(output)
assert_output '4.4.4.0/24'
}
@test "$FILE API - decisions for ip/range in 4.4.0.0/1" {
@test "API - decisions for ip/range in 4.4.0.0/1" {
run -0 api '/v1/decisions?range=4.4.0.0/16&contains=false'
run -0 jq -r '.[0].value' <(output)
assert_output '4.4.4.0/24'
@ -111,24 +111,24 @@ api() {
# check subrange
@test "$FILE CLI - decisions for range 4.4.4.2/2" {
@test "CLI - decisions for range 4.4.4.2/2" {
run -0 cscli decisions list -r '4.4.4.2/28' -o json
run -0 jq -r '.[].decisions[0].value' <(output)
assert_output '4.4.4.0/24'
}
@test "$FILE API - decisions for range 4.4.4.2/2" {
@test "API - decisions for range 4.4.4.2/2" {
run -0 api '/v1/decisions?range=4.4.4.2/28'
run -0 jq -r '.[].value' <(output)
assert_output '4.4.4.0/24'
}
@test "$FILE CLI - decisions for range 4.4.3.2/2" {
@test "CLI - decisions for range 4.4.3.2/2" {
run -0 cscli decisions list -r '4.4.3.2/28' -o json
assert_output 'null'
}
@test "$FILE API - decisions for range 4.4.3.2/2" {
@test "API - decisions for range 4.4.3.2/2" {
run -0 api '/v1/decisions?range=4.4.3.2/28'
assert_output 'null'
}

66
tests/bats/98_ipv6_range.bats
View file

@ -29,25 +29,25 @@ api() {
#----------
@test "$FILE cli - first decisions list: must be empty" {
@test "cli - first decisions list: must be empty" {
# delete community pull
run -0 cscli decisions delete --all
run -0 cscli decisions list -o json
assert_output 'null'
}
@test "$FILE adding decision for range aaaa:2222:3333:4444::/64" {
@test "adding decision for range aaaa:2222:3333:4444::/64" {
run -0 cscli decisions add -r 'aaaa:2222:3333:4444::/64'
assert_output --partial 'Decision successfully added'
}
@test "$FILE CLI - all decisions (2)" {
@test "CLI - all decisions (2)" {
run -0 cscli decisions list -o json
run -0 jq -r '.[].decisions[0].value' <(output)
assert_output 'aaaa:2222:3333:4444::/64'
}
@test "$FILE API - all decisions (2)" {
@test "API - all decisions (2)" {
run -0 api '/v1/decisions'
run -0 jq -r '.[].value' <(output)
assert_output 'aaaa:2222:3333:4444::/64'
@ -55,162 +55,162 @@ api() {
# check ip within/out of range
@test "$FILE CLI - decisions for ip aaaa:2222:3333:4444:5555:6666:7777:8888" {
@test "CLI - decisions for ip aaaa:2222:3333:4444:5555:6666:7777:8888" {
run -0 cscli decisions list -i 'aaaa:2222:3333:4444:5555:6666:7777:8888' -o json
run -0 jq -r '.[].decisions[0].value' <(output)
assert_output 'aaaa:2222:3333:4444::/64'
}
@test "$FILE API - decisions for ip aaaa:2222:3333:4444:5555:6666:7777:8888" {
@test "API - decisions for ip aaaa:2222:3333:4444:5555:6666:7777:8888" {
run -0 api '/v1/decisions?ip=aaaa:2222:3333:4444:5555:6666:7777:8888'
run -0 jq -r '.[].value' <(output)
assert_output 'aaaa:2222:3333:4444::/64'
}
@test "$FILE CLI - decisions for ip aaaa:2222:3333:4445:5555:6666:7777:8888" {
@test "CLI - decisions for ip aaaa:2222:3333:4445:5555:6666:7777:8888" {
run -0 cscli decisions list -i 'aaaa:2222:3333:4445:5555:6666:7777:8888' -o json
assert_output 'null'
}
@test "$FILE API - decisions for ip aaaa:2222:3333:4445:5555:6666:7777:8888" {
@test "API - decisions for ip aaaa:2222:3333:4445:5555:6666:7777:8888" {
run -0 api '/v1/decisions?ip=aaaa:2222:3333:4445:5555:6666:7777:8888'
assert_output 'null'
}
@test "$FILE CLI - decisions for ip aaa1:2222:3333:4444:5555:6666:7777:8887" {
@test "CLI - decisions for ip aaa1:2222:3333:4444:5555:6666:7777:8887" {
run -0 cscli decisions list -i 'aaa1:2222:3333:4444:5555:6666:7777:8887' -o json
assert_output 'null'
}
@test "$FILE API - decisions for ip aaa1:2222:3333:4444:5555:6666:7777:8887" {
@test "API - decisions for ip aaa1:2222:3333:4444:5555:6666:7777:8887" {
run -0 api '/v1/decisions?ip=aaa1:2222:3333:4444:5555:6666:7777:8887'
assert_output 'null'
}
# check subrange within/out of range
@test "$FILE CLI - decisions for range aaaa:2222:3333:4444:5555::/80" {
@test "CLI - decisions for range aaaa:2222:3333:4444:5555::/80" {
run -0 cscli decisions list -r 'aaaa:2222:3333:4444:5555::/80' -o json
run -0 jq -r '.[].decisions[0].value' <(output)
assert_output 'aaaa:2222:3333:4444::/64'
}
@test "$FILE API - decisions for range aaaa:2222:3333:4444:5555::/80" {
@test "API - decisions for range aaaa:2222:3333:4444:5555::/80" {
run -0 api '/v1/decisions?range=aaaa:2222:3333:4444:5555::/80'
run -0 jq -r '.[].value' <(output)
assert_output 'aaaa:2222:3333:4444::/64'
}
@test "$FILE CLI - decisions for range aaaa:2222:3333:4441:5555::/80" {
@test "CLI - decisions for range aaaa:2222:3333:4441:5555::/80" {
run -0 cscli decisions list -r 'aaaa:2222:3333:4441:5555::/80' -o json
assert_output 'null'
}
@test "$FILE API - decisions for range aaaa:2222:3333:4441:5555::/80" {
@test "API - decisions for range aaaa:2222:3333:4441:5555::/80" {
run -0 api '/v1/decisions?range=aaaa:2222:3333:4441:5555::/80'
assert_output 'null'
}
@test "$FILE CLI - decisions for range aaa1:2222:3333:4444:5555::/80" {
@test "CLI - decisions for range aaa1:2222:3333:4444:5555::/80" {
run -0 cscli decisions list -r 'aaa1:2222:3333:4444:5555::/80' -o json
assert_output 'null'
}
@test "$FILE API - decisions for range aaa1:2222:3333:4444:5555::/80" {
@test "API - decisions for range aaa1:2222:3333:4444:5555::/80" {
run -0 api '/v1/decisions?range=aaa1:2222:3333:4444:5555::/80'
assert_output 'null'
}
# check outer range
@test "$FILE CLI - decisions for range aaaa:2222:3333:4444:5555:6666:7777:8888/48" {
@test "CLI - decisions for range aaaa:2222:3333:4444:5555:6666:7777:8888/48" {
run -0 cscli decisions list -r 'aaaa:2222:3333:4444:5555:6666:7777:8888/48' -o json
assert_output 'null'
}
@test "$FILE API - decisions for range aaaa:2222:3333:4444:5555:6666:7777:8888/48" {
@test "API - decisions for range aaaa:2222:3333:4444:5555:6666:7777:8888/48" {
run -0 api '/v1/decisions?range=aaaa:2222:3333:4444:5555:6666:7777:8888/48'
assert_output 'null'
}
@test "$FILE CLI - decisions for ip/range in aaaa:2222:3333:4444:5555:6666:7777:8888/48" {
@test "CLI - decisions for ip/range in aaaa:2222:3333:4444:5555:6666:7777:8888/48" {
run -0 cscli decisions list -r 'aaaa:2222:3333:4444:5555:6666:7777:8888/48' -o json --contained
run -0 jq -r '.[].decisions[0].value' <(output)
assert_output 'aaaa:2222:3333:4444::/64'
}
@test "$FILE API - decisions for ip/range in aaaa:2222:3333:4444:5555:6666:7777:8888/48" {
@test "API - decisions for ip/range in aaaa:2222:3333:4444:5555:6666:7777:8888/48" {
run -0 api '/v1/decisions?range=aaaa:2222:3333:4444:5555:6666:7777:8888/48&contains=false'
run -0 jq -r '.[].value' <(output)
assert_output 'aaaa:2222:3333:4444::/64'
}
@test "$FILE CLI - decisions for ip/range in aaaa:2222:3333:4445:5555:6666:7777:8888/48" {
@test "CLI - decisions for ip/range in aaaa:2222:3333:4445:5555:6666:7777:8888/48" {
run -0 cscli decisions list -r 'aaaa:2222:3333:4445:5555:6666:7777:8888/48' -o json
assert_output 'null'
}
@test "$FILE API - decisions for ip/range in aaaa:2222:3333:4445:5555:6666:7777:8888/48" {
@test "API - decisions for ip/range in aaaa:2222:3333:4445:5555:6666:7777:8888/48" {
run -0 api '/v1/decisions?range=aaaa:2222:3333:4445:5555:6666:7777:8888/48'
assert_output 'null'
}
# bbbb:db8:: -> bbbb:db8:0000:0000:0000:7fff:ffff:ffff
@test "$FILE adding decision for range bbbb:db8::/81" {
@test "adding decision for range bbbb:db8::/81" {
run -0 cscli decisions add -r 'bbbb:db8::/81'
assert_output --partial 'Decision successfully added'
}
@test "$FILE CLI - decisions for ip bbbb:db8:0000:0000:0000:6fff:ffff:ffff" {
@test "CLI - decisions for ip bbbb:db8:0000:0000:0000:6fff:ffff:ffff" {
run -0 cscli decisions list -o json -i 'bbbb:db8:0000:0000:0000:6fff:ffff:ffff'
run -0 jq -r '.[].decisions[0].value' <(output)
assert_output 'bbbb:db8::/81'
}
@test "$FILE API - decisions for ip in bbbb:db8:0000:0000:0000:6fff:ffff:ffff" {
@test "API - decisions for ip in bbbb:db8:0000:0000:0000:6fff:ffff:ffff" {
run -0 api '/v1/decisions?ip=bbbb:db8:0000:0000:0000:6fff:ffff:ffff'
run -0 jq -r '.[].value' <(output)
assert_output 'bbbb:db8::/81'
}
@test "$FILE CLI - decisions for ip bbbb:db8:0000:0000:0000:8fff:ffff:ffff" {
@test "CLI - decisions for ip bbbb:db8:0000:0000:0000:8fff:ffff:ffff" {
run -0 cscli decisions list -o json -i 'bbbb:db8:0000:0000:0000:8fff:ffff:ffff'
assert_output 'null'
}
@test "$FILE API - decisions for ip in bbbb:db8:0000:0000:0000:8fff:ffff:ffff" {
@test "API - decisions for ip in bbbb:db8:0000:0000:0000:8fff:ffff:ffff" {
run -0 api '/v1/decisions?ip=bbbb:db8:0000:0000:0000:8fff:ffff:ffff'
assert_output 'null'
}
@test "$FILE deleting decision for range aaaa:2222:3333:4444:5555:6666:7777:8888/48" {
@test "deleting decision for range aaaa:2222:3333:4444:5555:6666:7777:8888/48" {
run -0 cscli decisions delete -r 'aaaa:2222:3333:4444:5555:6666:7777:8888/48' --contained
assert_output --partial '1 decision(s) deleted'
}
@test "$FILE CLI - decisions for range aaaa:2222:3333:4444::/64 after delete" {
@test "CLI - decisions for range aaaa:2222:3333:4444::/64 after delete" {
run -0 cscli decisions list -o json -r 'aaaa:2222:3333:4444::/64'
assert_output 'null'
}
@test "$FILE adding decision for ip bbbb:db8:0000:0000:0000:8fff:ffff:ffff" {
@test "adding decision for ip bbbb:db8:0000:0000:0000:8fff:ffff:ffff" {
run -0 cscli decisions add -i 'bbbb:db8:0000:0000:0000:8fff:ffff:ffff'
assert_output --partial 'Decision successfully added'
}
@test "$FILE adding decision for ip bbbb:db8:0000:0000:0000:6fff:ffff:ffff" {
@test "adding decision for ip bbbb:db8:0000:0000:0000:6fff:ffff:ffff" {
run -0 cscli decisions add -i 'bbbb:db8:0000:0000:0000:6fff:ffff:ffff'
assert_output --partial 'Decision successfully added'
}
@test "$FILE deleting decisions for range bbbb:db8::/81" {
@test "deleting decisions for range bbbb:db8::/81" {
run -0 cscli decisions delete -r 'bbbb:db8::/81' --contained
assert_output --partial '2 decision(s) deleted'
}
@test "$FILE CLI - all decisions (3)" {
@test "CLI - all decisions (3)" {
run -0 cscli decisions list -o json
run -0 jq -r '.[].decisions[0].value' <(output)
assert_output 'bbbb:db8:0000:0000:0000:8fff:ffff:ffff'

26
tests/bats/99_lapi-stream-mode-scenario.bats
View file

@ -34,7 +34,7 @@ output_new_decisions() {
}
@test "${FILE} adding decisions with different duration, scenario, origin" {
@test "adding decisions with different duration, scenario, origin" {
# origin: test
run -0 cscli decisions add -i 127.0.0.1 -d 1h -R crowdsecurity/test
./instance-crowdsec stop
@ -61,7 +61,7 @@ output_new_decisions() {
./instance-crowdsec start
}
@test "${FILE} test startup" {
@test "test startup" {
run -0 api "/v1/decisions/stream?startup=true"
run -0 output_new_decisions
assert_output - <<-EOT
@ -70,7 +70,7 @@ output_new_decisions() {
EOT
}
@test "${FILE} test startup with scenarios containing" {
@test "test startup with scenarios containing" {
run -0 api "/v1/decisions/stream?startup=true&scenarios_containing=ssh_bf"
run -0 output_new_decisions
assert_output - <<-EOT
@ -79,7 +79,7 @@ output_new_decisions() {
EOT
}
@test "${FILE} test startup with multiple scenarios containing" {
@test "test startup with multiple scenarios containing" {
run -0 api "/v1/decisions/stream?startup=true&scenarios_containing=ssh_bf,test"
run -0 output_new_decisions
assert_output - <<-EOT
@ -88,12 +88,12 @@ output_new_decisions() {
EOT
}
@test "${FILE} test startup with unknown scenarios containing" {
@test "test startup with unknown scenarios containing" {
run -0 api "/v1/decisions/stream?startup=true&scenarios_containing=unknown"
assert_output '{"deleted":null,"new":null}'
}
@test "${FILE} test startup with scenarios containing and not containing" {
@test "test startup with scenarios containing and not containing" {
run -0 api "/v1/decisions/stream?startup=true&scenarios_containing=test&scenarios_not_containing=ssh_bf"
run -0 output_new_decisions
assert_output - <<-EOT
@ -102,7 +102,7 @@ output_new_decisions() {
EOT
}
@test "${FILE} test startup with scenarios containing and not containing 2" {
@test "test startup with scenarios containing and not containing 2" {
run -0 api "/v1/decisions/stream?startup=true&scenarios_containing=longest&scenarios_not_containing=ssh_bf,test"
run -0 output_new_decisions
assert_output - <<-EOT
@ -110,7 +110,7 @@ output_new_decisions() {
EOT
}
@test "${FILE} test startup with scenarios not containing" {
@test "test startup with scenarios not containing" {
run -0 api "/v1/decisions/stream?startup=true&scenarios_not_containing=ssh_bf"
run -0 output_new_decisions
assert_output - <<-EOT
@ -119,7 +119,7 @@ output_new_decisions() {
EOT
}
@test "${FILE} test startup with multiple scenarios not containing" {
@test "test startup with multiple scenarios not containing" {
run -0 api "/v1/decisions/stream?startup=true&scenarios_not_containing=ssh_bf,test"
run -0 output_new_decisions
assert_output - <<-EOT
@ -127,7 +127,7 @@ output_new_decisions() {
EOT
}
@test "${FILE} test startup with origins parameter" {
@test "test startup with origins parameter" {
run -0 api "/v1/decisions/stream?startup=true&origins=another_origin"
run -0 output_new_decisions
assert_output - <<-EOT
@ -136,7 +136,7 @@ output_new_decisions() {
EOT
}
@test "${FILE} test startup with multiple origins parameter" {
@test "test startup with multiple origins parameter" {
run -0 api "/v1/decisions/stream?startup=true&origins=another_origin,test"
run -0 output_new_decisions
assert_output - <<-EOT
@ -145,12 +145,12 @@ output_new_decisions() {
EOT
}
@test "${FILE} test startup with unknown origins" {
@test "test startup with unknown origins" {
run -0 api "/v1/decisions/stream?startup=true&origins=unknown"
assert_output '{"deleted":null,"new":null}'
}
#@test "${FILE} delete decision 3 (127.0.0.1)" {
#@test "delete decision 3 (127.0.0.1)" {
#
# {
# TestName: "delete decisions 3 (127.0.0.1)",

10
tests/bats/99_lapi-stream-mode-scopes.bats
View file

@ -28,35 +28,35 @@ api() {
curl -s -H "X-Api-Key: ${API_KEY}" "${CROWDSEC_API_URL}${URI}"
}
@test "$FILE adding decisions for multiple scopes" {
@test "adding decisions for multiple scopes" {
run -0 cscli decisions add -i '1.2.3.6'
assert_output --partial 'Decision successfully added'
run -0 cscli decisions add --scope user --value toto
assert_output --partial 'Decision successfully added'
}
@test "$FILE stream start (implicit ip scope)" {
@test "stream start (implicit ip scope)" {
run -0 api "/v1/decisions/stream?startup=true"
run -0 jq -r '.new' <(output)
assert_output --partial '1.2.3.6'
refute_output --partial 'toto'
}
@test "$FILE stream start (explicit ip scope)" {
@test "stream start (explicit ip scope)" {
run -0 api "/v1/decisions/stream?startup=true&scopes=ip"
run -0 jq -r '.new' <(output)
assert_output --partial '1.2.3.6'
refute_output --partial 'toto'
}
@test "$FILE stream start (user scope)" {
@test "stream start (user scope)" {
run -0 api "/v1/decisions/stream?startup=true&scopes=user"
run -0 jq -r '.new' <(output)
refute_output --partial '1.2.3.6'
assert_output --partial 'toto'
}
@test "$FILE stream start (user+ip scope)" {
@test "stream start (user+ip scope)" {
run -0 api "/v1/decisions/stream?startup=true&scopes=user,ip"
run -0 jq -r '.new' <(output)
assert_output --partial '1.2.3.6'

14
tests/bats/99_lapi-stream-mode.bats
View file

@ -28,14 +28,14 @@ api() {
curl -s -H "X-Api-Key: ${API_KEY}" "${CROWDSEC_API_URL}${URI}"
}
@test "$FILE adding decisions for multiple ips" {
@test "adding decisions for multiple ips" {
run -0 cscli decisions add -i '1111:2222:3333:4444:5555:6666:7777:8888'
run -0 cscli decisions add -i '1.2.3.4'
run -0 cscli decisions add -r '1.2.4.0/24'
assert_output --partial 'Decision successfully added'
}
@test "$FILE stream start" {
@test "stream start" {
run -0 api "/v1/decisions/stream?startup=true"
if is_db_mysql; then sleep 3; fi
run -0 jq -r '.new' <(output)
@ -44,7 +44,7 @@ api() {
assert_output --partial '1.2.4.0/24'
}
@test "$FILE stream cont (add)" {
@test "stream cont (add)" {
run -0 cscli decisions add -i '1.2.3.5'
if is_db_mysql; then sleep 3; fi
run -0 api "/v1/decisions/stream"
@ -52,7 +52,7 @@ api() {
assert_output --partial '1.2.3.5'
}
@test "$FILE stream cont (del)" {
@test "stream cont (del)" {
run -0 cscli decisions delete -i '1.2.3.4'
if is_db_mysql; then sleep 3; fi
run -0 api "/v1/decisions/stream"
@ -60,12 +60,12 @@ api() {
assert_output --partial '1.2.3.4'
}
@test "$FILE stream restart" {
@test "stream restart" {
run -0 api "/v1/decisions/stream?startup=true"
api_out=$output
api_out=${output}
run -0 jq -r '.deleted' <(output)
assert_output --partial '1.2.3.4'
output=$api_out
output=${api_out}
run -0 jq -r '.new' <(output)
assert_output --partial '1111:2222:3333:4444:5555:6666:7777:8888'
assert_output --partial '1.2.3.5'