From 4be884824f1a0339a9a07258d0f816450d949339 Mon Sep 17 00:00:00 2001
From: Marco Mariani <marco@crowdsec.net>
Date: Fri, 24 Jun 2022 13:57:44 +0200
Subject: [PATCH] Revert "fixed tls tests"

This reverts commit 520e40db3775c573cbecb63e678eb4418b65b476.
---
 tests/bats/11_bouncers_tls.bats | 14 ++++-----
 tests/bats/30_machines_tls.bats | 51 +++++++++++++++++++++------------
 2 files changed, 39 insertions(+), 26 deletions(-)

diff --git a/tests/bats/11_bouncers_tls.bats b/tests/bats/11_bouncers_tls.bats
index 39fa8027f..80c08d112 100644
--- a/tests/bats/11_bouncers_tls.bats
+++ b/tests/bats/11_bouncers_tls.bats
@@ -10,8 +10,7 @@ config_disable_agent() {
 setup_file() {
     load "../lib/setup_file.sh"
     ./instance-data load
-
-    tmpdir="${BATS_FILE_TMPDIR}"
+    tmpdir=$(mktemp -d)
     export tmpdir
 
     CFDIR="${BATS_TEST_DIRNAME}/testdata/cfssl"
@@ -49,6 +48,7 @@ setup_file() {
 
 teardown_file() {
     load "../lib/teardown_file.sh"
+    rm -rf "${tmpdir}"
 }
 
 setup() {
@@ -62,12 +62,12 @@ teardown() {
 
 #----------
 
-@test "there are 0 bouncers" {
+@test "${FILE} there are 0 bouncers" {
     run -0 cscli bouncers list -o json
     assert_output "[]"
 }
 
-@test "simulate one bouncer request with a valid cert" {
+@test "${FILE} simulate one bouncer request with a valid cert" {
     run -0 curl -s --cert "${tmpdir}/bouncer.pem" --key "${tmpdir}/bouncer-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
     assert_output "null"
     run -0 cscli bouncers list -o json
@@ -79,19 +79,19 @@ teardown() {
     run cscli bouncers delete localhost@127.0.0.1
 }
 
-@test "simulate one bouncer request with an invalid cert" {
+@test "${FILE} simulate one bouncer request with an invalid cert" {
     run curl -s --cert "${tmpdir}/bouncer_invalid.pem" --key "${tmpdir}/bouncer_invalid-key.pem" --cacert "${tmpdir}/ca-key.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
     run -0 cscli bouncers list -o json
     assert_output "[]"
 }
 
-@test "simulate one bouncer request with an invalid OU" {
+@test "${FILE} simulate one bouncer request with an invalid OU" {
     run curl -s --cert "${tmpdir}/bouncer_bad_ou.pem" --key "${tmpdir}/bouncer_bad_ou-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
     run -0 cscli bouncers list -o json
     assert_output "[]"
 }
 
-@test "simulate one bouncer request with a revoked certificate" {
+@test "${FILE} simulate one bouncer request with a revoked certificate" {
     run -0 curl -i -s --cert "${tmpdir}/bouncer_revoked.pem" --key "${tmpdir}/bouncer_revoked-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
     assert_output --partial "access forbidden"
     run -0 cscli bouncers list -o json
diff --git a/tests/bats/30_machines_tls.bats b/tests/bats/30_machines_tls.bats
index 2b5d0f63b..574506d43 100644
--- a/tests/bats/30_machines_tls.bats
+++ b/tests/bats/30_machines_tls.bats
@@ -3,18 +3,11 @@
 
 set -u
 
-config_disable_agent() {
-    yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
-}
-
 setup_file() {
     load "../lib/setup_file.sh"
     ./instance-data load
 
-    CONFIG_DIR=$(dirname "${CONFIG_YAML}")
-    export CONFIG_DIR
-
-    tmpdir="${BATS_FILE_TMPDIR}"
+    tmpdir=$(mktemp -d)
     export tmpdir
 
     CFDIR="${BATS_TEST_DIRNAME}/testdata/cfssl"
@@ -47,8 +40,6 @@ setup_file() {
         .api.server.tls.agents_allowed_ou=["agent-ou"]
     ' -i "${CONFIG_YAML}"
 
-    run -0 cscli machines delete githubciXXXXXXXXXXXXXXXXXXXXXXXX
-    config_disable_agent
 }
 
 teardown_file() {
@@ -57,6 +48,7 @@ teardown_file() {
 
 setup() {
     load "../lib/setup.sh"
+    cscli machines delete githubciXXXXXXXXXXXXXXXXXXXXXXXX
 }
 
 teardown() {
@@ -65,7 +57,9 @@ teardown() {
 
 #----------
 
-@test "invalid OU for agent" {
+@test "${FILE} invalid OU for agent" {
+    CONFIG_DIR=$(dirname "${CONFIG_YAML}")
+
     yq e '
         .ca_cert_path=strenv(tmpdir) + "/inter.pem" |
         .key_path=strenv(tmpdir) + "/agent_bad_ou-key.pem" |
@@ -73,13 +67,18 @@ teardown() {
         .url="https://127.0.0.1:8080"
     ' -i "${CONFIG_DIR}/local_api_credentials.yaml"
 
-    yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
+    yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
+    yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
     ./instance-crowdsec start
+    #let the agent start
+    sleep 2
     run -0 cscli machines list -o json
     assert_output '[]'
 }
 
-@test "we have exactly one machine registered with TLS" {
+@test "${FILE} we have exactly one machine registered with TLS" {
+    CONFIG_DIR=$(dirname "${CONFIG_YAML}")
+
     yq e '
         .ca_cert_path=strenv(tmpdir) + "/inter.pem" |
         .key_path=strenv(tmpdir) + "/agent-key.pem" |
@@ -87,17 +86,23 @@ teardown() {
         .url="https://127.0.0.1:8080"
     ' -i "${CONFIG_DIR}/local_api_credentials.yaml"
 
-    yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
+    yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
+    yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
     ./instance-crowdsec start
-    run -0 cscli lapi status
+    #let the agent start
+    sleep 2
     run -0 cscli machines list -o json
     run -0 jq -c '[. | length, .[0].machineId[0:32], .[0].isValidated, .[0].ipAddress, .[0].auth_type]' <(output)
 
     assert_output '[1,"localhost@127.0.0.1",true,"127.0.0.1","tls"]'
     cscli machines delete localhost@127.0.0.1
+
+    ./instance-crowdsec stop
 }
 
-@test "invalid cert for agent" {
+@test "${FILE} invalid cert for agent" {
+    CONFIG_DIR=$(dirname "${CONFIG_YAML}")
+
     yq e '
         .ca_cert_path=strenv(tmpdir) + "/inter.pem" |
         .key_path=strenv(tmpdir) + "/agent_invalid-key.pem" |
@@ -105,13 +110,18 @@ teardown() {
         .url="https://127.0.0.1:8080"
     ' -i "${CONFIG_DIR}/local_api_credentials.yaml"
 
-    yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
+    yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
+    yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
     ./instance-crowdsec start
+    #let the agent start
+    sleep 2
     run -0 cscli machines list -o json
     assert_output '[]'
 }
 
-@test "revoked cert for agent" {
+@test "${FILE} revoked cert for agent" {
+    CONFIG_DIR=$(dirname "${CONFIG_YAML}")
+
     yq e '
         .ca_cert_path=strenv(tmpdir) + "/inter.pem" |
         .key_path=strenv(tmpdir) + "/agent_revoked-key.pem" |
@@ -119,8 +129,11 @@ teardown() {
         .url="https://127.0.0.1:8080"
     ' -i "${CONFIG_DIR}/local_api_credentials.yaml"
 
-    yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
+    yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
+    yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
     ./instance-crowdsec start
+    #let the agent start
+    sleep 2
     run -0 cscli machines list -o json
     assert_output '[]'
 }