beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

fixed tls tests

Browse source
This commit is contained in:
Marco Mariani 2022-06-24 13:55:58 +02:00
parent 46f20193f9
commit 520e40db37
2 changed files with 26 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
tests/bats/11_bouncers_tls.bats
View file

@ -10,7 +10,8 @@ config_disable_agent() {
setup_file() {
load "../lib/setup_file.sh"
./instance-data load
tmpdir=$(mktemp -d)
tmpdir="${BATS_FILE_TMPDIR}"
export tmpdir
CFDIR="${BATS_TEST_DIRNAME}/testdata/cfssl"
@ -48,7 +49,6 @@ setup_file() {
teardown_file() {
load "../lib/teardown_file.sh"
rm -rf "${tmpdir}"
}
setup() {
@ -62,12 +62,12 @@ teardown() {
#----------
@test "${FILE} there are 0 bouncers" {
@test "there are 0 bouncers" {
run -0 cscli bouncers list -o json
assert_output "[]"
}
@test "${FILE} simulate one bouncer request with a valid cert" {
@test "simulate one bouncer request with a valid cert" {
run -0 curl -s --cert "${tmpdir}/bouncer.pem" --key "${tmpdir}/bouncer-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
assert_output "null"
run -0 cscli bouncers list -o json
@ -79,19 +79,19 @@ teardown() {
run cscli bouncers delete localhost@127.0.0.1
}
@test "${FILE} simulate one bouncer request with an invalid cert" {
@test "simulate one bouncer request with an invalid cert" {
run curl -s --cert "${tmpdir}/bouncer_invalid.pem" --key "${tmpdir}/bouncer_invalid-key.pem" --cacert "${tmpdir}/ca-key.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
run -0 cscli bouncers list -o json
assert_output "[]"
}
@test "${FILE} simulate one bouncer request with an invalid OU" {
@test "simulate one bouncer request with an invalid OU" {
run curl -s --cert "${tmpdir}/bouncer_bad_ou.pem" --key "${tmpdir}/bouncer_bad_ou-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
run -0 cscli bouncers list -o json
assert_output "[]"
}
@test "${FILE} simulate one bouncer request with a revoked certificate" {
@test "simulate one bouncer request with a revoked certificate" {
run -0 curl -i -s --cert "${tmpdir}/bouncer_revoked.pem" --key "${tmpdir}/bouncer_revoked-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
assert_output --partial "access forbidden"
run -0 cscli bouncers list -o json

51
tests/bats/30_machines_tls.bats
View file

@ -3,11 +3,18 @@
set -u
config_disable_agent() {
yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
}
setup_file() {
load "../lib/setup_file.sh"
./instance-data load
tmpdir=$(mktemp -d)
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
export CONFIG_DIR
tmpdir="${BATS_FILE_TMPDIR}"
export tmpdir
CFDIR="${BATS_TEST_DIRNAME}/testdata/cfssl"
@ -40,6 +47,8 @@ setup_file() {
.api.server.tls.agents_allowed_ou=["agent-ou"]
' -i "${CONFIG_YAML}"
run -0 cscli machines delete githubciXXXXXXXXXXXXXXXXXXXXXXXX
config_disable_agent
}
teardown_file() {
@ -48,7 +57,6 @@ teardown_file() {
setup() {
load "../lib/setup.sh"
cscli machines delete githubciXXXXXXXXXXXXXXXXXXXXXXXX
}
teardown() {
@ -57,9 +65,7 @@ teardown() {
#----------
@test "${FILE} invalid OU for agent" {
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
@test "invalid OU for agent" {
yq e '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
.key_path=strenv(tmpdir) + "/agent_bad_ou-key.pem" |
@ -67,18 +73,13 @@ teardown() {
.url="https://127.0.0.1:8080"
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
./instance-crowdsec start
#let the agent start
sleep 2
run -0 cscli machines list -o json
assert_output '[]'
}
@test "${FILE} we have exactly one machine registered with TLS" {
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
@test "we have exactly one machine registered with TLS" {
yq e '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
.key_path=strenv(tmpdir) + "/agent-key.pem" |
@ -86,23 +87,17 @@ teardown() {
.url="https://127.0.0.1:8080"
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
./instance-crowdsec start
#let the agent start
sleep 2
run -0 cscli lapi status
run -0 cscli machines list -o json
run -0 jq -c '[. | length, .[0].machineId[0:32], .[0].isValidated, .[0].ipAddress, .[0].auth_type]' <(output)
assert_output '[1,"localhost@127.0.0.1",true,"127.0.0.1","tls"]'
cscli machines delete localhost@127.0.0.1
./instance-crowdsec stop
}
@test "${FILE} invalid cert for agent" {
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
@test "invalid cert for agent" {
yq e '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
.key_path=strenv(tmpdir) + "/agent_invalid-key.pem" |
@ -110,18 +105,13 @@ teardown() {
.url="https://127.0.0.1:8080"
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
./instance-crowdsec start
#let the agent start
sleep 2
run -0 cscli machines list -o json
assert_output '[]'
}
@test "${FILE} revoked cert for agent" {
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
@test "revoked cert for agent" {
yq e '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
.key_path=strenv(tmpdir) + "/agent_revoked-key.pem" |
@ -129,11 +119,8 @@ teardown() {
.url="https://127.0.0.1:8080"
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
./instance-crowdsec start
#let the agent start
sleep 2
run -0 cscli machines list -o json
assert_output '[]'
}