fixed package tests w/wal, gitignore/typos (#1849)
This commit is contained in:
parent
df88f4e1e9
commit
344b1dc559
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -34,6 +34,9 @@ plugins/notifications/dummy/notification-dummy
|
||||||
#test binaries
|
#test binaries
|
||||||
pkg/csplugin/tests/cs_plugin_test*
|
pkg/csplugin/tests/cs_plugin_test*
|
||||||
|
|
||||||
|
#test cache (downloaded files)
|
||||||
|
.cache
|
||||||
|
|
||||||
#release stuff
|
#release stuff
|
||||||
crowdsec-v*
|
crowdsec-v*
|
||||||
pkg/cwhub/hubdir/.index.json
|
pkg/cwhub/hubdir/.index.json
|
||||||
|
|
|
@ -22,6 +22,7 @@ crowdsec_service:
|
||||||
parser_routines: 1
|
parser_routines: 1
|
||||||
cscli:
|
cscli:
|
||||||
output: human
|
output: human
|
||||||
|
color: auto
|
||||||
db_config:
|
db_config:
|
||||||
log_level: info
|
log_level: info
|
||||||
type: sqlite
|
type: sqlite
|
||||||
|
|
|
@ -119,7 +119,7 @@ loop:
|
||||||
}()
|
}()
|
||||||
|
|
||||||
case <-pluginTomb.Dying():
|
case <-pluginTomb.Dying():
|
||||||
log.Infof("plugingTomb dying")
|
log.Infof("pluginTomb dying")
|
||||||
pb.watcher.tomb.Kill(errors.New("Terminating"))
|
pb.watcher.tomb.Kill(errors.New("Terminating"))
|
||||||
for {
|
for {
|
||||||
select {
|
select {
|
||||||
|
|
|
@ -21,7 +21,8 @@
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/postgres.yml
|
- vars/postgres.yml
|
||||||
tasks:
|
tasks:
|
||||||
- ansible.builtin.include_role:
|
- name: role "geerlingguy.postgresql"
|
||||||
|
ansible.builtin.include_role:
|
||||||
name: geerlingguy.postgresql
|
name: geerlingguy.postgresql
|
||||||
## enable this for debugging
|
## enable this for debugging
|
||||||
# vars:
|
# vars:
|
||||||
|
@ -35,7 +36,8 @@
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/mysql.yml
|
- vars/mysql.yml
|
||||||
tasks:
|
tasks:
|
||||||
- ansible.builtin.include_role:
|
- name: role "geerlingguy.mysql"
|
||||||
|
ansible.builtin.include_role:
|
||||||
name: geerlingguy.mysql
|
name: geerlingguy.mysql
|
||||||
when:
|
when:
|
||||||
- lookup('ansible.builtin.env', 'DB_BACKEND') == 'mysql'
|
- lookup('ansible.builtin.env', 'DB_BACKEND') == 'mysql'
|
||||||
|
|
|
@ -82,12 +82,16 @@ teardown() {
|
||||||
# this won't work as crowdsec-wrapper does not relay the signal
|
# this won't work as crowdsec-wrapper does not relay the signal
|
||||||
# run -0 kill -HUP "$PID"
|
# run -0 kill -HUP "$PID"
|
||||||
|
|
||||||
run killall -HUP "$BIN_DIR/crowdsec.cover"
|
# During functional tests, crowdsec is often run from a wrapper script,
|
||||||
run killall -HUP "$BIN_DIR/crowdsec"
|
# which captures its output (for coverage reports) and cannot relay signals
|
||||||
|
# at the same time. So instead of sending a SIGHUP to the wrapper, we send
|
||||||
|
# it to the crowdsec process by name - with or without coverage.
|
||||||
|
run pkill -HUP -f "$BIN_DIR/crowdsec.cover"
|
||||||
|
run pkill -HUP -f "$BIN_DIR/crowdsec"
|
||||||
|
|
||||||
for ((i=0; i<20; i++)); do
|
for ((i=0; i<10; i++)); do
|
||||||
sleep 1
|
sleep 1
|
||||||
grep -q "killing all plugins" <"$log_old" && break
|
grep -q "serve: shutting down api server" <"$log_old" && break
|
||||||
done
|
done
|
||||||
|
|
||||||
echo "waited $i seconds"
|
echo "waited $i seconds"
|
||||||
|
@ -103,14 +107,12 @@ teardown() {
|
||||||
assert_file_contains "$log_old" "Killing parser routines"
|
assert_file_contains "$log_old" "Killing parser routines"
|
||||||
assert_file_contains "$log_old" "Bucket routine exiting"
|
assert_file_contains "$log_old" "Bucket routine exiting"
|
||||||
assert_file_contains "$log_old" "serve: shutting down api server"
|
assert_file_contains "$log_old" "serve: shutting down api server"
|
||||||
assert_file_contains "$log_old" "plugingTomb dying"
|
|
||||||
assert_file_contains "$log_old" "killing all plugins"
|
|
||||||
|
|
||||||
sleep 5
|
sleep 5
|
||||||
|
|
||||||
assert_file_exist "$log_new"
|
assert_file_exist "$log_new"
|
||||||
|
|
||||||
for ((i=0; i<20; i++)); do
|
for ((i=0; i<10; i++)); do
|
||||||
sleep 1
|
sleep 1
|
||||||
grep -q "Reload is finished" <"$log_old" && break
|
grep -q "Reload is finished" <"$log_old" && break
|
||||||
done
|
done
|
||||||
|
|
|
@ -39,14 +39,14 @@ setup() {
|
||||||
|
|
||||||
run cscli alerts list -a -o json
|
run cscli alerts list -a -o json
|
||||||
if [[ "${status}" -ne 0 ]]; then
|
if [[ "${status}" -ne 0 ]]; then
|
||||||
run cscli alerts list -o json
|
run --separate-stderr cscli alerts list -o json
|
||||||
fi
|
fi
|
||||||
run -0 jq -r '. | length' <(output)
|
run -0 jq -r '. | length' <(output)
|
||||||
refute_output 0
|
refute_output 0
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "we have exactly one machine, localhost" {
|
@test "we have exactly one machine, localhost" {
|
||||||
run -0 cscli machines list -o json
|
run -0 --separate-stderr cscli machines list -o json
|
||||||
run -0 jq -c '[. | length, .[0].machineId[0:32], .[0].isValidated, .[0].ipAddress]' <(output)
|
run -0 jq -c '[. | length, .[0].machineId[0:32], .[0].isValidated, .[0].ipAddress]' <(output)
|
||||||
assert_output '[1,"githubciXXXXXXXXXXXXXXXXXXXXXXXX",true,"127.0.0.1"]'
|
assert_output '[1,"githubciXXXXXXXXXXXXXXXXXXXXXXXX",true,"127.0.0.1"]'
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,7 +24,7 @@ teardown() {
|
||||||
#----------
|
#----------
|
||||||
|
|
||||||
@test "there are 0 bouncers" {
|
@test "there are 0 bouncers" {
|
||||||
run -0 cscli bouncers list -o json
|
run -0 --separate-stderr cscli bouncers list -o json
|
||||||
assert_output "[]"
|
assert_output "[]"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -32,7 +32,7 @@ teardown() {
|
||||||
run -0 cscli bouncers add ciTestBouncer
|
run -0 cscli bouncers add ciTestBouncer
|
||||||
assert_output --partial "Api key for 'ciTestBouncer':"
|
assert_output --partial "Api key for 'ciTestBouncer':"
|
||||||
run -0 cscli bouncers delete ciTestBouncer
|
run -0 cscli bouncers delete ciTestBouncer
|
||||||
run -0 cscli bouncers list -o json
|
run -0 --separate-stderr cscli bouncers list -o json
|
||||||
assert_output '[]'
|
assert_output '[]'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -61,17 +61,17 @@ teardown() {
|
||||||
#----------
|
#----------
|
||||||
|
|
||||||
@test "there are 0 bouncers" {
|
@test "there are 0 bouncers" {
|
||||||
run -0 cscli bouncers list -o json
|
run -0 --separate-stderr cscli bouncers list -o json
|
||||||
assert_output "[]"
|
assert_output "[]"
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "simulate one bouncer request with a valid cert" {
|
@test "simulate one bouncer request with a valid cert" {
|
||||||
run -0 curl -s --cert "${tmpdir}/bouncer.pem" --key "${tmpdir}/bouncer-key.pem" --cacert "${tmpdir}/bundle.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
|
run -0 curl -s --cert "${tmpdir}/bouncer.pem" --key "${tmpdir}/bouncer-key.pem" --cacert "${tmpdir}/bundle.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
|
||||||
assert_output "null"
|
assert_output "null"
|
||||||
run -0 cscli bouncers list -o json
|
run -0 --separate-stderr cscli bouncers list -o json
|
||||||
run -0 jq '. | length' <(output)
|
run -0 jq '. | length' <(output)
|
||||||
assert_output '1'
|
assert_output '1'
|
||||||
run -0 cscli bouncers list -o json
|
run -0 --separate-stderr cscli bouncers list -o json
|
||||||
run -0 jq -r '.[] | .name' <(output)
|
run -0 jq -r '.[] | .name' <(output)
|
||||||
assert_output "localhost@127.0.0.1"
|
assert_output "localhost@127.0.0.1"
|
||||||
run cscli bouncers delete localhost@127.0.0.1
|
run cscli bouncers delete localhost@127.0.0.1
|
||||||
|
@ -79,19 +79,19 @@ teardown() {
|
||||||
|
|
||||||
@test "simulate one bouncer request with an invalid cert" {
|
@test "simulate one bouncer request with an invalid cert" {
|
||||||
run curl -s --cert "${tmpdir}/bouncer_invalid.pem" --key "${tmpdir}/bouncer_invalid-key.pem" --cacert "${tmpdir}/ca-key.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
|
run curl -s --cert "${tmpdir}/bouncer_invalid.pem" --key "${tmpdir}/bouncer_invalid-key.pem" --cacert "${tmpdir}/ca-key.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
|
||||||
run -0 cscli bouncers list -o json
|
run -0 --separate-stderr cscli bouncers list -o json
|
||||||
assert_output "[]"
|
assert_output "[]"
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "simulate one bouncer request with an invalid OU" {
|
@test "simulate one bouncer request with an invalid OU" {
|
||||||
run curl -s --cert "${tmpdir}/bouncer_bad_ou.pem" --key "${tmpdir}/bouncer_bad_ou-key.pem" --cacert "${tmpdir}/bundle.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
|
run curl -s --cert "${tmpdir}/bouncer_bad_ou.pem" --key "${tmpdir}/bouncer_bad_ou-key.pem" --cacert "${tmpdir}/bundle.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
|
||||||
run -0 cscli bouncers list -o json
|
run -0 --separate-stderr cscli bouncers list -o json
|
||||||
assert_output "[]"
|
assert_output "[]"
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "simulate one bouncer request with a revoked certificate" {
|
@test "simulate one bouncer request with a revoked certificate" {
|
||||||
run -0 curl -i -s --cert "${tmpdir}/bouncer_revoked.pem" --key "${tmpdir}/bouncer_revoked-key.pem" --cacert "${tmpdir}/bundle.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
|
run -0 curl -i -s --cert "${tmpdir}/bouncer_revoked.pem" --key "${tmpdir}/bouncer_revoked-key.pem" --cacert "${tmpdir}/bundle.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
|
||||||
assert_output --partial "access forbidden"
|
assert_output --partial "access forbidden"
|
||||||
run -0 cscli bouncers list -o json
|
run -0 --separate-stderr cscli bouncers list -o json
|
||||||
assert_output "[]"
|
assert_output "[]"
|
||||||
}
|
}
|
||||||
|
|
|
@ -100,6 +100,8 @@ teardown() {
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "can remove all collections" {
|
@test "can remove all collections" {
|
||||||
|
# we may have this too, from package installs
|
||||||
|
run cscli parsers delete crowdsecurity/whitelists
|
||||||
run -0 cscli collections remove --all
|
run -0 cscli collections remove --all
|
||||||
assert_output --partial "Removed symlink [crowdsecurity/sshd]"
|
assert_output --partial "Removed symlink [crowdsecurity/sshd]"
|
||||||
assert_output --partial "Removed symlink [crowdsecurity/linux]"
|
assert_output --partial "Removed symlink [crowdsecurity/linux]"
|
||||||
|
|
|
@ -28,7 +28,7 @@ teardown() {
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "we have exactly one machine" {
|
@test "we have exactly one machine" {
|
||||||
run -0 cscli machines list -o json
|
run -0 --separate-stderr cscli machines list -o json
|
||||||
run -0 jq -c '[. | length, .[0].machineId[0:32], .[0].isValidated]' <(output)
|
run -0 jq -c '[. | length, .[0].machineId[0:32], .[0].isValidated]' <(output)
|
||||||
assert_output '[1,"githubciXXXXXXXXXXXXXXXXXXXXXXXX",true]'
|
assert_output '[1,"githubciXXXXXXXXXXXXXXXXXXXXXXXX",true]'
|
||||||
}
|
}
|
||||||
|
@ -39,7 +39,7 @@ teardown() {
|
||||||
assert_output --partial "API credentials dumped to '/dev/null'"
|
assert_output --partial "API credentials dumped to '/dev/null'"
|
||||||
|
|
||||||
# we now have two machines
|
# we now have two machines
|
||||||
run -0 cscli machines list -o json
|
run -0 --separate-stderr cscli machines list -o json
|
||||||
run -0 jq -c '[. | length, .[-1].machineId, .[0].isValidated]' <(output)
|
run -0 jq -c '[. | length, .[-1].machineId, .[0].isValidated]' <(output)
|
||||||
assert_output '[2,"CiTestMachine",true]'
|
assert_output '[2,"CiTestMachine",true]'
|
||||||
|
|
||||||
|
@ -48,7 +48,7 @@ teardown() {
|
||||||
assert_output --partial "machine 'CiTestMachine' deleted successfully"
|
assert_output --partial "machine 'CiTestMachine' deleted successfully"
|
||||||
|
|
||||||
# we now have one machine again
|
# we now have one machine again
|
||||||
run -0 cscli machines list -o json
|
run -0 --separate-stderr cscli machines list -o json
|
||||||
run -0 jq '. | length' <(output)
|
run -0 jq '. | length' <(output)
|
||||||
assert_output 1
|
assert_output 1
|
||||||
}
|
}
|
||||||
|
@ -58,17 +58,17 @@ teardown() {
|
||||||
assert_output --partial "Successfully registered to Local API (LAPI)"
|
assert_output --partial "Successfully registered to Local API (LAPI)"
|
||||||
assert_output --partial "Local API credentials dumped to '/dev/null'"
|
assert_output --partial "Local API credentials dumped to '/dev/null'"
|
||||||
|
|
||||||
# "the machine is not validated yet" {
|
# the machine is not validated yet
|
||||||
run -0 cscli machines list -o json
|
run -0 --separate-stderr cscli machines list -o json
|
||||||
run -0 jq '.[-1].isValidated' <(output)
|
run -0 jq '.[-1].isValidated' <(output)
|
||||||
assert_output 'null'
|
assert_output 'null'
|
||||||
|
|
||||||
# "validate the machine" {
|
# validate the machine
|
||||||
run -0 cscli machines validate CiTestMachineRegister -o human
|
run -0 cscli machines validate CiTestMachineRegister -o human
|
||||||
assert_output --partial "machine 'CiTestMachineRegister' validated successfully"
|
assert_output --partial "machine 'CiTestMachineRegister' validated successfully"
|
||||||
|
|
||||||
# the machine is now validated
|
# the machine is now validated
|
||||||
run -0 cscli machines list -o json
|
run -0 --separate-stderr cscli machines list -o json
|
||||||
run -0 jq '.[-1].isValidated' <(output)
|
run -0 jq '.[-1].isValidated' <(output)
|
||||||
assert_output 'true'
|
assert_output 'true'
|
||||||
|
|
||||||
|
@ -77,7 +77,7 @@ teardown() {
|
||||||
assert_output --partial "machine 'CiTestMachineRegister' deleted successfully"
|
assert_output --partial "machine 'CiTestMachineRegister' deleted successfully"
|
||||||
|
|
||||||
# we now have one machine, again
|
# we now have one machine, again
|
||||||
run -0 cscli machines list -o json
|
run -0 --separate-stderr cscli machines list -o json
|
||||||
run -0 jq '. | length' <(output)
|
run -0 jq '. | length' <(output)
|
||||||
assert_output 1
|
assert_output 1
|
||||||
}
|
}
|
||||||
|
|
|
@ -123,12 +123,25 @@ teardown() {
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "cscli alerts delete (by id)" {
|
@test "cscli alerts delete (by id)" {
|
||||||
|
run -0 cscli alerts delete --help
|
||||||
|
if [[ ! "$output" =~ "--id string" ]]; then
|
||||||
|
skip "cscli alerts delete --id not supported"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# make sure there is at least one alert
|
||||||
run -0 cscli decisions add -i 127.0.0.1 -d 1h -R crowdsecurity/test
|
run -0 cscli decisions add -i 127.0.0.1 -d 1h -R crowdsecurity/test
|
||||||
run -0 --separate-stderr cscli alerts delete --id 1
|
# when testing with global config, alert id is not guaranteed to be 1.
|
||||||
|
# we'll just remove the first alert we find
|
||||||
|
run -0 --separate-stderr cscli alerts list -o json
|
||||||
|
run -0 jq -c '.[0].id' <(output)
|
||||||
|
ALERT_ID="$output"
|
||||||
|
|
||||||
|
run -0 --separate-stderr cscli alerts delete --id "$ALERT_ID"
|
||||||
refute_output
|
refute_output
|
||||||
assert_stderr --partial "1 alert(s) deleted"
|
assert_stderr --partial "1 alert(s) deleted"
|
||||||
|
|
||||||
run -1 --separate-stderr cscli alerts delete --id 1
|
# can't delete twice
|
||||||
|
run -1 --separate-stderr cscli alerts delete --id "$ALERT_ID"
|
||||||
refute_output
|
refute_output
|
||||||
assert_stderr --partial "Unable to delete alert"
|
assert_stderr --partial "Unable to delete alert"
|
||||||
assert_stderr --partial "API error: ent: alert not found"
|
assert_stderr --partial "API error: ent: alert not found"
|
||||||
|
@ -149,13 +162,13 @@ teardown() {
|
||||||
|
|
||||||
@test "cscli alerts delete (with cascade to decisions)" {
|
@test "cscli alerts delete (with cascade to decisions)" {
|
||||||
run -0 cscli decisions add -i 1.2.3.4
|
run -0 cscli decisions add -i 1.2.3.4
|
||||||
run -0 cscli decisions list -o json
|
run -0 --separate-stderr cscli decisions list -o json
|
||||||
run -0 jq '. | length' <(output)
|
run -0 jq '. | length' <(output)
|
||||||
assert_output 1
|
assert_output 1
|
||||||
|
|
||||||
run -0 --separate-stderr cscli alerts delete -i 1.2.3.4
|
run -0 --separate-stderr cscli alerts delete -i 1.2.3.4
|
||||||
assert_stderr --partial 'alert(s) deleted'
|
assert_stderr --partial 'alert(s) deleted'
|
||||||
run -0 cscli decisions list -o json
|
run -0 --separate-stderr cscli decisions list -o json
|
||||||
assert_output null
|
assert_output null
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -170,7 +183,7 @@ teardown() {
|
||||||
@test "bad duration" {
|
@test "bad duration" {
|
||||||
skip 'TODO'
|
skip 'TODO'
|
||||||
run -0 cscli decisions add -i 10.20.30.40 -t ban
|
run -0 cscli decisions add -i 10.20.30.40 -t ban
|
||||||
run -9 cscli decisions list --ip 10.20.30.40 -o json
|
run -9 --separate-stderr cscli decisions list --ip 10.20.30.40 -o json
|
||||||
run -9 jq -r '.[].decisions[].id' <(output)
|
run -9 jq -r '.[].decisions[].id' <(output)
|
||||||
DECISION_ID="${output}"
|
DECISION_ID="${output}"
|
||||||
|
|
||||||
|
|
|
@ -48,6 +48,12 @@ check_base64() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
check_pkill() {
|
||||||
|
if ! command -v pkill >/dev/null; then
|
||||||
|
die "missing required program 'pkill'"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
check_yq() {
|
check_yq() {
|
||||||
# shellcheck disable=SC2016
|
# shellcheck disable=SC2016
|
||||||
howto_install='You can install it with your favorite package manager (including snap) or with "go install github.com/mikefarah/yq/v4@latest" and add ~/go/bin to $PATH.'
|
howto_install='You can install it with your favorite package manager (including snap) or with "go install github.com/mikefarah/yq/v4@latest" and add ~/go/bin to $PATH.'
|
||||||
|
@ -97,6 +103,7 @@ check_nc
|
||||||
check_base64
|
check_base64
|
||||||
check_python3
|
check_python3
|
||||||
check_yq
|
check_yq
|
||||||
|
check_pkill
|
||||||
if [[ -n "${TEST_COVERAGE}" ]]; then
|
if [[ -n "${TEST_COVERAGE}" ]]; then
|
||||||
check_gocovmerge
|
check_gocovmerge
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -17,8 +17,8 @@ mkdir -p "${LOCAL_DIR}/var/lib/coverage"
|
||||||
|
|
||||||
# this would be nice but doesn't work, since the binary is not running in background
|
# this would be nice but doesn't work, since the binary is not running in background
|
||||||
#_hup() {
|
#_hup() {
|
||||||
# echo "killall -1 crowdsec.cover"
|
# echo "pkill -1 crowdsec.cover"
|
||||||
# killall -HUP crowdsec.cover
|
# pkill -HUP crowdsec.cover
|
||||||
#}
|
#}
|
||||||
#
|
#
|
||||||
## relay the "configuration reload" signal
|
## relay the "configuration reload" signal
|
||||||
|
|
|
@ -56,7 +56,8 @@ fi
|
||||||
config_yaml() {
|
config_yaml() {
|
||||||
yq e '
|
yq e '
|
||||||
.db_config.type=strenv(DB_BACKEND) |
|
.db_config.type=strenv(DB_BACKEND) |
|
||||||
.db_config.db_path=strenv(DB_FILE)
|
.db_config.db_path=strenv(DB_FILE) |
|
||||||
|
.db_config.use_wal=true
|
||||||
' -i "${CONFIG_YAML}"
|
' -i "${CONFIG_YAML}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -64,6 +65,7 @@ config_yaml() {
|
||||||
|
|
||||||
case "$1" in
|
case "$1" in
|
||||||
config-yaml)
|
config-yaml)
|
||||||
|
config_yaml
|
||||||
;;
|
;;
|
||||||
setup)
|
setup)
|
||||||
;;
|
;;
|
||||||
|
|
Loading…
Reference in a new issue