beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Revert "fixed tls tests"

Browse source 
This reverts commit 520e40db37.
This commit is contained in:
Marco Mariani 2022-06-24 13:57:44 +02:00
parent 520e40db37
commit 4be884824f
2 changed files with 39 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
tests/bats/11_bouncers_tls.bats
View file

@ -10,8 +10,7 @@ config_disable_agent() {
setup_file() {
load "../lib/setup_file.sh"
./instance-data load
tmpdir="${BATS_FILE_TMPDIR}"
tmpdir=$(mktemp -d)
export tmpdir
CFDIR="${BATS_TEST_DIRNAME}/testdata/cfssl"
@ -49,6 +48,7 @@ setup_file() {
teardown_file() {
load "../lib/teardown_file.sh"
rm -rf "${tmpdir}"
}
setup() {
@ -62,12 +62,12 @@ teardown() {
#----------
@test "there are 0 bouncers" {
@test "${FILE} there are 0 bouncers" {
run -0 cscli bouncers list -o json
assert_output "[]"
}
@test "simulate one bouncer request with a valid cert" {
@test "${FILE} simulate one bouncer request with a valid cert" {
run -0 curl -s --cert "${tmpdir}/bouncer.pem" --key "${tmpdir}/bouncer-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
assert_output "null"
run -0 cscli bouncers list -o json
@ -79,19 +79,19 @@ teardown() {
run cscli bouncers delete localhost@127.0.0.1
}
@test "simulate one bouncer request with an invalid cert" {
@test "${FILE} simulate one bouncer request with an invalid cert" {
run curl -s --cert "${tmpdir}/bouncer_invalid.pem" --key "${tmpdir}/bouncer_invalid-key.pem" --cacert "${tmpdir}/ca-key.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
run -0 cscli bouncers list -o json
assert_output "[]"
}
@test "simulate one bouncer request with an invalid OU" {
@test "${FILE} simulate one bouncer request with an invalid OU" {
run curl -s --cert "${tmpdir}/bouncer_bad_ou.pem" --key "${tmpdir}/bouncer_bad_ou-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
run -0 cscli bouncers list -o json
assert_output "[]"
}
@test "simulate one bouncer request with a revoked certificate" {
@test "${FILE} simulate one bouncer request with a revoked certificate" {
run -0 curl -i -s --cert "${tmpdir}/bouncer_revoked.pem" --key "${tmpdir}/bouncer_revoked-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
assert_output --partial "access forbidden"
run -0 cscli bouncers list -o json

51
tests/bats/30_machines_tls.bats
View file

@ -3,18 +3,11 @@
set -u
config_disable_agent() {
yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
}
setup_file() {
load "../lib/setup_file.sh"
./instance-data load
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
export CONFIG_DIR
tmpdir="${BATS_FILE_TMPDIR}"
tmpdir=$(mktemp -d)
export tmpdir
CFDIR="${BATS_TEST_DIRNAME}/testdata/cfssl"
@ -47,8 +40,6 @@ setup_file() {
.api.server.tls.agents_allowed_ou=["agent-ou"]
' -i "${CONFIG_YAML}"
run -0 cscli machines delete githubciXXXXXXXXXXXXXXXXXXXXXXXX
config_disable_agent
}
teardown_file() {
@ -57,6 +48,7 @@ teardown_file() {
setup() {
load "../lib/setup.sh"
cscli machines delete githubciXXXXXXXXXXXXXXXXXXXXXXXX
}
teardown() {
@ -65,7 +57,9 @@ teardown() {
#----------
@test "invalid OU for agent" {
@test "${FILE} invalid OU for agent" {
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
yq e '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
.key_path=strenv(tmpdir) + "/agent_bad_ou-key.pem" |
@ -73,13 +67,18 @@ teardown() {
.url="https://127.0.0.1:8080"
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
./instance-crowdsec start
#let the agent start
sleep 2
run -0 cscli machines list -o json
assert_output '[]'
}
@test "we have exactly one machine registered with TLS" {
@test "${FILE} we have exactly one machine registered with TLS" {
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
yq e '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
.key_path=strenv(tmpdir) + "/agent-key.pem" |
@ -87,17 +86,23 @@ teardown() {
.url="https://127.0.0.1:8080"
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
./instance-crowdsec start
run -0 cscli lapi status
#let the agent start
sleep 2
run -0 cscli machines list -o json
run -0 jq -c '[. | length, .[0].machineId[0:32], .[0].isValidated, .[0].ipAddress, .[0].auth_type]' <(output)
assert_output '[1,"localhost@127.0.0.1",true,"127.0.0.1","tls"]'
cscli machines delete localhost@127.0.0.1
./instance-crowdsec stop
}
@test "invalid cert for agent" {
@test "${FILE} invalid cert for agent" {
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
yq e '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
.key_path=strenv(tmpdir) + "/agent_invalid-key.pem" |
@ -105,13 +110,18 @@ teardown() {
.url="https://127.0.0.1:8080"
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
./instance-crowdsec start
#let the agent start
sleep 2
run -0 cscli machines list -o json
assert_output '[]'
}
@test "revoked cert for agent" {
@test "${FILE} revoked cert for agent" {
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
yq e '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
.key_path=strenv(tmpdir) + "/agent_revoked-key.pem" |
@ -119,8 +129,11 @@ teardown() {
.url="https://127.0.0.1:8080"
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
./instance-crowdsec start
#let the agent start
sleep 2
run -0 cscli machines list -o json
assert_output '[]'
}