beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

updated bats to 1.7.0; shellcheck fixes and moved cfssl dir under testdata/ (#1584)

Browse source
This commit is contained in:
mmetc 2022-06-13 21:54:47 +02:00 committed by GitHub
parent 9c1b78395a
commit 67841d54ee
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
44 changed files with 211 additions and 201 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitmodules vendored
View file

@ -1,6 +1,7 @@
[submodule "tests/lib/bats-core"]
path = tests/lib/bats-core
url = https://github.com/crowdsecurity/bats-core.git
branch = v1.7.0
[submodule "tests/lib/bats-file"]
path = tests/lib/bats-file
url = https://github.com/crowdsecurity/bats-file.git

3
tests/README.md
View file

@ -71,7 +71,8 @@ To repeat test runs without rebuilding crowdsec, use `make bats-test`.
See `./tests/run-tests --help` to run/debug specific tests.
Example: `./tests/run-tests tests/bats/02_nolapi.bats -f "cscli config backup"` (the string is a regexp)
Example: `./tests/run-tests tests/bats/02_nolapi.bats -f "cscli config backup"` (the string is a regexp).
You need to provide a path for a test file or directory (even if it's the full 'tests/bats') to use the `-f` option.
# How does it work?

8
tests/assert-crowdsec-not-running
View file

@ -13,14 +13,14 @@ is_crowdsec_running || exit 0
sleep 2
is_crowdsec_running || exit 0
PIDS=$(echo "$PIDS" | sed ':a;N;$!ba;s/\n/ /g')
msg="CrowdSec is already running (PID $PIDS). Please terminate it and run the tests again."
PIDS=$(echo "${PIDS}" | sed ':a;N;$!ba;s/\n/ /g')
msg="CrowdSec is already running (PID ${PIDS}). Please terminate it and run the tests again."
# Are we inside a setup() or @test? Is file descriptor 3 open?
if { true >&3; } 2>/dev/null; then
echo "$msg" >&3
echo "${msg}" >&3
else
echo "$msg" >&2
echo "${msg}" >&2
fi
# cause the calling setup() or @test to fail

1
tests/bats/01_crowdsec.bats
View file

@ -54,4 +54,3 @@ declare stderr
run -0 echo "${stderr}"
assert_line --partial "You must run at least the API Server or crowdsec"
}

2
tests/bats/02_nolapi.bats
View file

@ -77,7 +77,7 @@ declare stderr
@test "$FILE lapi status shouldn't be ok without api.server" {
yq e 'del(.api.server)' -i "${CONFIG_YAML}"
./instance-crowdsec start || true
./instance-crowdsec start || true
run -1 --separate-stderr cscli machines list
run -0 echo "$stderr"
assert_output --partial "Local API is disabled, please run this command on the local API machine"

26
tests/bats/05_config_yaml_local.bats
View file

@ -26,7 +26,6 @@ teardown() {
./instance-crowdsec stop
}
#----------
@test "${FILE} config.yaml.local - cscli (log_level)" {
@ -34,7 +33,7 @@ teardown() {
run -0 cscli config show --key Config.Common.LogLevel
assert_output "warning"
echo "{'common':{'log_level':'debug'}}" > "${CONFIG_YAML}.local"
echo "{'common':{'log_level':'debug'}}" >"${CONFIG_YAML}.local"
run -0 cscli config show --key Config.Common.LogLevel
assert_output "debug"
}
@ -45,7 +44,7 @@ teardown() {
assert_output "warning"
export CROWDSEC_LOG_LEVEL=debug
echo "{'common':{'log_level':'${CROWDSEC_LOG_LEVEL}'}}" > "${CONFIG_YAML}.local"
echo "{'common':{'log_level':'${CROWDSEC_LOG_LEVEL}'}}" >"${CONFIG_YAML}.local"
run -0 cscli config show --key Config.Common.LogLevel
assert_output "debug"
}
@ -55,7 +54,7 @@ teardown() {
run -0 ./lib/util/wait-for-port -q 8080
run -0 ./instance-crowdsec stop
echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" > "${CONFIG_YAML}.local"
echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local"
run -0 ./instance-crowdsec start
run -0 ./lib/util/wait-for-port -q 8083
run -1 ./lib/util/wait-for-port -q 8080
@ -68,32 +67,32 @@ teardown() {
}
@test "${FILE} local_api_credentials.yaml.local" {
echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" > "${CONFIG_YAML}.local"
echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local"
run -0 ./instance-crowdsec start
run -0 ./lib/util/wait-for-port -q 8083
run -0 yq e '.api.client.credentials_path' < "${CONFIG_YAML}"
run -0 yq e '.api.client.credentials_path' <"${CONFIG_YAML}"
LOCAL_API_CREDENTIALS="${output}"
run -1 cscli decisions list
echo "{'url':'http://127.0.0.1:8083'}" > "${LOCAL_API_CREDENTIALS}.local"
echo "{'url':'http://127.0.0.1:8083'}" >"${LOCAL_API_CREDENTIALS}.local"
run -0 cscli decisions list
}
@test "${FILE} simulation.yaml.local" {
run -0 yq e '.config_paths.simulation_path' < "${CONFIG_YAML}"
run -0 yq e '.config_paths.simulation_path' <"${CONFIG_YAML}"
refute_output null
SIMULATION="${output}"
echo "simulation: off" > "${SIMULATION}"
echo "simulation: off" >"${SIMULATION}"
run -0 cscli simulation status -o human
assert_output --partial "global simulation: disabled"
echo "simulation: on" > "${SIMULATION}"
echo "simulation: on" >"${SIMULATION}"
run -0 cscli simulation status -o human
assert_output --partial "global simulation: enabled"
echo "simulation: off" > "${SIMULATION}.local"
echo "simulation: off" >"${SIMULATION}.local"
run -0 cscli simulation status -o human
assert_output --partial "global simulation: disabled"
@ -102,13 +101,12 @@ teardown() {
assert_output --partial "global simulation: enabled"
}
@test "${FILE} profiles.yaml.local" {
run -0 yq e '.api.server.profiles_path' < "${CONFIG_YAML}"
run -0 yq e '.api.server.profiles_path' <"${CONFIG_YAML}"
refute_output null
PROFILES="${output}"
cat <<-EOT > "${PROFILES}.local"
cat <<-EOT >"${PROFILES}.local"
name: default_ip_remediation
filters:
- Alert.Remediation == true && Alert.GetScope() == "Ip"

0
tests/bats/06_crowdsec.bats Executable file → Normal file
View file

58
tests/bats/11_bouncers_tls.bats
View file

@ -12,25 +12,28 @@ setup_file() {
./instance-data load
tmpdir=$(mktemp -d)
export tmpdir
#gen the CA
cfssl gencert --initca ./cfssl/ca.json 2>/dev/null | cfssljson --bare "${tmpdir}/ca"
#gen an intermediate
cfssl gencert --initca ./cfssl/intermediate.json 2>/dev/null | cfssljson --bare "${tmpdir}/inter"
cfssl sign -ca "${tmpdir}/ca.pem" -ca-key "${tmpdir}/ca-key.pem" -config ./cfssl/profiles.json -profile intermediate_ca "${tmpdir}/inter.csr" 2>/dev/null | cfssljson --bare "${tmpdir}/inter"
#gen server cert for crowdsec with the intermediate
cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config ./cfssl/profiles.json -profile=server ./cfssl/server.json 2>/dev/null | cfssljson --bare "${tmpdir}/server"
#gen client cert for the bouncer
cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config ./cfssl/profiles.json -profile=client ./cfssl/bouncer.json 2>/dev/null | cfssljson --bare "${tmpdir}/bouncer"
#gen client cert for the bouncer with an invalid OU
cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config ./cfssl/profiles.json -profile=client ./cfssl/bouncer_invalid.json 2>/dev/null | cfssljson --bare "${tmpdir}/bouncer_bad_ou"
#gen client cert for the bouncer directly signed by the CA, it should be refused by crowdsec as uses the intermediate
cfssl gencert -ca "${tmpdir}/ca.pem" -ca-key "${tmpdir}/ca-key.pem" -config ./cfssl/profiles.json -profile=client ./cfssl/bouncer.json 2>/dev/null | cfssljson --bare "${tmpdir}/bouncer_invalid"
cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config ./cfssl/profiles.json -profile=client ./cfssl/bouncer.json 2>/dev/null | cfssljson --bare "${tmpdir}/bouncer_revoked"
serial="$(openssl x509 -noout -serial -in ${tmpdir}/bouncer_revoked.pem | cut -d '=' -f2)"
echo "ibase=16; $serial" | bc > "${tmpdir}/serials.txt"
cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem"
CFDIR="${BATS_TEST_DIRNAME}/testdata/cfssl"
export CFDIR
#gen the CA
cfssl gencert --initca "${CFDIR}/ca.json" 2>/dev/null | cfssljson --bare "${tmpdir}/ca"
#gen an intermediate
cfssl gencert --initca "${CFDIR}/intermediate.json" 2>/dev/null | cfssljson --bare "${tmpdir}/inter"
cfssl sign -ca "${tmpdir}/ca.pem" -ca-key "${tmpdir}/ca-key.pem" -config "${CFDIR}/profiles.json" -profile intermediate_ca "${tmpdir}/inter.csr" 2>/dev/null | cfssljson --bare "${tmpdir}/inter"
#gen server cert for crowdsec with the intermediate
cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config "${CFDIR}/profiles.json" -profile=server "${CFDIR}/server.json" 2>/dev/null | cfssljson --bare "${tmpdir}/server"
#gen client cert for the bouncer
cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config "${CFDIR}/profiles.json" -profile=client "${CFDIR}/bouncer.json" 2>/dev/null | cfssljson --bare "${tmpdir}/bouncer"
#gen client cert for the bouncer with an invalid OU
cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config "${CFDIR}/profiles.json" -profile=client "${CFDIR}/bouncer_invalid.json" 2>/dev/null | cfssljson --bare "${tmpdir}/bouncer_bad_ou"
#gen client cert for the bouncer directly signed by the CA, it should be refused by crowdsec as uses the intermediate
cfssl gencert -ca "${tmpdir}/ca.pem" -ca-key "${tmpdir}/ca-key.pem" -config "${CFDIR}/profiles.json" -profile=client "${CFDIR}/bouncer.json" 2>/dev/null | cfssljson --bare "${tmpdir}/bouncer_invalid"
cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config "${CFDIR}/profiles.json" -profile=client "${CFDIR}/bouncer.json" 2>/dev/null | cfssljson --bare "${tmpdir}/bouncer_revoked"
serial="$(openssl x509 -noout -serial -in "${tmpdir}/bouncer_revoked.pem" | cut -d '=' -f2)"
echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt"
cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem"
yq '
.api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" |
@ -39,14 +42,13 @@ setup_file() {
.api.server.tls.crl_path=strenv(tmpdir) + "/crl.pem" |
.api.server.tls.bouncers_allowed_ou=["bouncer-ou"]
' -i "${CONFIG_YAML}"
config_disable_agent
}
teardown_file() {
load "../lib/teardown_file.sh"
rm -rf $tmpdir
rm -rf "${tmpdir}"
}
setup() {
@ -60,14 +62,14 @@ teardown() {
#----------
@test "$FILE there are 0 bouncers" {
@test "${FILE} there are 0 bouncers" {
run -0 cscli bouncers list -o json
assert_output "[]"
}
@test "$FILE simulate one bouncer request with a valid cert" {
@test "${FILE} simulate one bouncer request with a valid cert" {
run -0 curl -s --cert "${tmpdir}/bouncer.pem" --key "${tmpdir}/bouncer-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
assert_output "null"
assert_output "null"
run -0 cscli bouncers list -o json
run -0 jq '. | length' <(output)
assert_output '1'
@ -77,21 +79,21 @@ teardown() {
run cscli bouncers delete localhost@127.0.0.1
}
@test "$FILE simulate one bouncer request with an invalid cert" {
@test "${FILE} simulate one bouncer request with an invalid cert" {
run curl -s --cert "${tmpdir}/bouncer_invalid.pem" --key "${tmpdir}/bouncer_invalid-key.pem" --cacert "${tmpdir}/ca-key.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
run -0 cscli bouncers list -o json
assert_output "[]"
}
@test "$FILE simulate one bouncer request with an invalid OU" {
@test "${FILE} simulate one bouncer request with an invalid OU" {
run curl -s --cert "${tmpdir}/bouncer_bad_ou.pem" --key "${tmpdir}/bouncer_bad_ou-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
run -0 cscli bouncers list -o json
assert_output "[]"
}
@test "$FILE simulate one bouncer request with a revoked certificate" {
@test "${FILE} simulate one bouncer request with a revoked certificate" {
run -0 curl -i -s --cert "${tmpdir}/bouncer_revoked.pem" --key "${tmpdir}/bouncer_revoked-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
assert_output --partial "access forbidden"
run -0 cscli bouncers list -o json
assert_output "[]"
}
}

61
tests/bats/30_machines_tls.bats
View file

@ -4,29 +4,33 @@
set -u
setup_file() {
load "../lib/setup_file.sh"
load "../lib/setup_file.sh"
./instance-data load
tmpdir=$(mktemp -d)
export tmpdir
#gen the CA
cfssl gencert --initca ./cfssl/ca.json 2>/dev/null | cfssljson --bare "${tmpdir}/ca"
#gen an intermediate
cfssl gencert --initca ./cfssl/intermediate.json 2>/dev/null | cfssljson --bare "${tmpdir}/inter"
cfssl sign -ca "${tmpdir}/ca.pem" -ca-key "${tmpdir}/ca-key.pem" -config ./cfssl/profiles.json -profile intermediate_ca "${tmpdir}/inter.csr" 2>/dev/null | cfssljson --bare "${tmpdir}/inter"
#gen server cert for crowdsec with the intermediate
cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config ./cfssl/profiles.json -profile=server ./cfssl/server.json 2>/dev/null | cfssljson --bare "${tmpdir}/server"
#gen client cert for the agent
cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config ./cfssl/profiles.json -profile=client ./cfssl/agent.json 2>/dev/null | cfssljson --bare "${tmpdir}/agent"
#gen client cert for the agent with an invalid OU
cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config ./cfssl/profiles.json -profile=client ./cfssl/agent_invalid.json 2>/dev/null | cfssljson --bare "${tmpdir}/agent_bad_ou"
#gen client cert for the agent directly signed by the CA, it should be refused by crowdsec as uses the intermediate
cfssl gencert -ca "${tmpdir}/ca.pem" -ca-key "${tmpdir}/ca-key.pem" -config ./cfssl/profiles.json -profile=client ./cfssl/agent.json 2>/dev/null | cfssljson --bare "${tmpdir}/agent_invalid"
cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config ./cfssl/profiles.json -profile=client ./cfssl/agent.json 2>/dev/null | cfssljson --bare "${tmpdir}/agent_revoked"
serial="$(openssl x509 -noout -serial -in ${tmpdir}/agent_revoked.pem | cut -d '=' -f2)"
echo "ibase=16; $serial" | bc > "${tmpdir}/serials.txt"
cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem"
CFDIR="${BATS_TEST_DIRNAME}/testdata/cfssl"
export CFDIR
#gen the CA
cfssl gencert --initca "${CFDIR}/ca.json" 2>/dev/null | cfssljson --bare "${tmpdir}/ca"
#gen an intermediate
cfssl gencert --initca "${CFDIR}/intermediate.json" 2>/dev/null | cfssljson --bare "${tmpdir}/inter"
cfssl sign -ca "${tmpdir}/ca.pem" -ca-key "${tmpdir}/ca-key.pem" -config "${CFDIR}/profiles.json" -profile intermediate_ca "${tmpdir}/inter.csr" 2>/dev/null | cfssljson --bare "${tmpdir}/inter"
#gen server cert for crowdsec with the intermediate
cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config "${CFDIR}/profiles.json" -profile=server "${CFDIR}/server.json" 2>/dev/null | cfssljson --bare "${tmpdir}/server"
#gen client cert for the agent
cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config "${CFDIR}/profiles.json" -profile=client "${CFDIR}/agent.json" 2>/dev/null | cfssljson --bare "${tmpdir}/agent"
#gen client cert for the agent with an invalid OU
cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config "${CFDIR}/profiles.json" -profile=client "${CFDIR}/agent_invalid.json" 2>/dev/null | cfssljson --bare "${tmpdir}/agent_bad_ou"
#gen client cert for the agent directly signed by the CA, it should be refused by crowdsec as uses the intermediate
cfssl gencert -ca "${tmpdir}/ca.pem" -ca-key "${tmpdir}/ca-key.pem" -config "${CFDIR}/profiles.json" -profile=client "${CFDIR}/agent.json" 2>/dev/null | cfssljson --bare "${tmpdir}/agent_invalid"
cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config "${CFDIR}/profiles.json" -profile=client "${CFDIR}/agent.json" 2>/dev/null | cfssljson --bare "${tmpdir}/agent_revoked"
serial="$(openssl x509 -noout -serial -in "${tmpdir}/agent_revoked.pem" | cut -d '=' -f2)"
echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt"
cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem"
yq '
.api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" |
@ -53,8 +57,8 @@ teardown() {
#----------
@test "$FILE invalid OU for agent" {
CONFIG_DIR=$(dirname ${CONFIG_YAML})
@test "${FILE} invalid OU for agent" {
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
yq '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
@ -72,8 +76,8 @@ teardown() {
assert_output '[]'
}
@test "$FILE we have exactly one machine registered with TLS" {
CONFIG_DIR=$(dirname ${CONFIG_YAML})
@test "${FILE} we have exactly one machine registered with TLS" {
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
yq '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
@ -96,9 +100,8 @@ teardown() {
./instance-crowdsec stop
}
@test "$FILE invalid cert for agent" {
CONFIG_DIR=$(dirname ${CONFIG_YAML})
@test "${FILE} invalid cert for agent" {
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
yq '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
@ -116,8 +119,8 @@ teardown() {
assert_output '[]'
}
@test "$FILE revoked cert for agent" {
CONFIG_DIR=$(dirname ${CONFIG_YAML})
@test "${FILE} revoked cert for agent" {
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
yq '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
@ -133,4 +136,4 @@ teardown() {
sleep 2
run -0 cscli machines list -o json
assert_output '[]'
}
}

1
tests/bats/70_http_plugin.bats
View file

@ -84,4 +84,3 @@ setup() {
run -0 jq -r '.request_body[1].decisions[0].value' <"${MOCK_OUT}"
assert_output 1.2.3.5
}

2
tests/bats/71_dummy_plugin.bats
View file

@ -24,7 +24,7 @@ setup_file() {
.format="{{.|toJson}}"
' -i "${DUMMY_YAML}"
cat <<- EOT >> "${DUMMY_YAML}"
cat <<-EOT >>"${DUMMY_YAML}"
---
type: dummy
name: dummy_2

1
tests/bats/72_plugin_badconfig.bats
View file

@ -117,4 +117,3 @@ teardown() {
run -0 echo "${stderr}"
assert_output --partial "api server init: unable to run local API: while loading plugin config: open /this/path/does/not/exist: no such file or directory"
}

4
tests/bats/80_alerts.bats
View file

@ -105,9 +105,9 @@ declare stderr
run -0 cscli alerts inspect "$ALERT_ID" -o json
alert=$output
run jq -c '.decisions[] | [.origin,.scenario,.scope,.simulated,.type,.value]' <<< "$alert"
run jq -c '.decisions[] | [.origin,.scenario,.scope,.simulated,.type,.value]' <<<"$alert"
assert_output --regexp "\[\"cscli\",\"manual 'ban' from 'githubciXXXXXXXXXXXXXXXXXXXXXXXX.*'\",\"Ip\",false,\"ban\",\"10.20.30.40\"\]"
run jq -c '.source' <<< "$alert"
run jq -c '.source' <<<"$alert"
assert_output '{"ip":"10.20.30.40","scope":"Ip","value":"10.20.30.40"}'
}

7
tests/bats/reformat
View file

@ -1,3 +1,4 @@
#!/usr/bin/env bash
# from https://github.com/bats-core/bats-core/issues/192#issuecomment-528315083
# thanks Sean Leather
@ -7,10 +8,10 @@ perl -pi -e 's/^(\@test.*) \{$/$1\n{/' ./*.bats
tmpfile=$(mktemp)
for file in *bats; do
shfmt -i 4 -ln bash -s $file >$tmpfile
mv $tmpfile $file
shfmt -i 4 -ln bash -s "${file}" > "${tmpfile}"
mv "${tmpfile}" "${file}"
done
rm -f $tmpfile
rm -f "${tmpfile}"
# Undo the changes to the Bats scripts in-place so that they work with Bats
perl -pi -e 's/^\{\R//; s/(\@test.*$)/$1 {/' ./*.bats

0
tests/cfssl/agent.json → tests/bats/testdata/cfssl/agent.json vendored
View file

0
tests/cfssl/agent_invalid.json → tests/bats/testdata/cfssl/agent_invalid.json vendored
View file

0
tests/cfssl/bouncer.json → tests/bats/testdata/cfssl/bouncer.json vendored
View file

0
tests/cfssl/bouncer_invalid.json → tests/bats/testdata/cfssl/bouncer_invalid.json vendored
View file

0
tests/cfssl/ca.json → tests/bats/testdata/cfssl/ca.json vendored
View file

0
tests/cfssl/intermediate.json → tests/bats/testdata/cfssl/intermediate.json vendored
View file

0
tests/cfssl/profiles.json → tests/bats/testdata/cfssl/profiles.json vendored
View file

0
tests/cfssl/server.json → tests/bats/testdata/cfssl/server.json vendored
View file

12
tests/check-requirements
View file

@ -42,10 +42,10 @@ check_yq() {
# shellcheck disable=SC2016
howto_install='You can install it with your favorite package manager (including snap) or with "GO111MODULE=on go get github.com/mikefarah/yq/v4" and add ~/go/bin to $PATH.'
if ! command -v yq >/dev/null; then
die "Missing required program 'yq'. $howto_install"
die "Missing required program 'yq'. ${howto_install}"
fi
if ! (yq --version | grep mikefarah >/dev/null); then
die "yq exists but it's not the one we need (mikefarah/yq). $howto_install"
die "yq exists but it's not the one we need (mikefarah/yq). ${howto_install}"
fi
}
@ -63,7 +63,7 @@ check_daemonizer() {
fi
;;
*)
die "unsupported system: $SYSTEM"
die "unsupported system: ${SYSTEM}"
;;
esac
}
@ -72,7 +72,7 @@ check_cfssl() {
# shellcheck disable=SC2016
howto_install='You can install it with "go get -u github.com/cloudflare/cfssl/cmd/cfssl" and add ~/go/bin to $PATH.'
if ! command -v cfssl >/dev/null; then
die "Missing required program 'cfssl'. $howto_install"
die "Missing required program 'cfssl'. ${howto_install}"
fi
}
@ -80,7 +80,7 @@ check_cfssljson() {
# shellcheck disable=SC2016
howto_install='You can install it with "go get -u github.com/cloudflare/cfssl/cmd/cfssljson" and add ~/go/bin to $PATH.'
if ! command -v cfssljson >/dev/null; then
die "Missing required program 'cfssljson'. $howto_install"
die "Missing required program 'cfssljson'. ${howto_install}"
fi
}
@ -98,7 +98,7 @@ check_jq
check_nc
check_python3
check_yq
if [ -n "${TEST_COVERAGE}" ]; then
if [[ -n "${TEST_COVERAGE}" ]]; then
check_gocovmerge
fi

4
tests/collect-hub-coverage
View file

@ -18,7 +18,9 @@ coverage() {
"${CSCLI}" --crowdsec "${CROWDSEC}" --cscli "${CSCLI}" hubtest coverage --"$1" --percent
}
cd "$hubdir" || die "Could not find hub test results"
cd "${hubdir}" || die "Could not find hub test results"
shopt -s inherit_errexit
echo "PARSERS_COV=$(coverage parsers | cut -d = -f2)"
echo "SCENARIOS_COV=$(coverage scenarios | cut -d = -f2)"

2
tests/crowdsec-wrapper
View file

@ -26,7 +26,7 @@ set +e
output=$("${BIN_DIR}/crowdsec.cover" \
-test.run="^TestBincoverRunMain$" \
-test.coverprofile="${LOCAL_DIR}/var/lib/coverage/crowdsec-$(date +'%s')-$$-${RANDOM}.out" \
-args-file=<(for i; do echo "$i"; done))
-args-file=<(for i; do echo "${i}"; done))
rc=$?
# If there is bincover metadata, we take the status code from there. Otherwise,

2
tests/generate-hub-tests
View file

@ -40,7 +40,7 @@ echo "Generating hub tests..."
for testname in $("${CSCLI}" --crowdsec "${CROWDSEC}" --cscli "${CSCLI}" hubtest --hub "${hubdir}" list -o json | grep -v NAME | grep -v -- '-------' | awk '{print $1}'); do
cat << EOT >> "${HUBTESTS_BATS}"
@test "\$FILE $testname" {
@test "\$FILE ${testname}" {
run "\${CSCLI}" --crowdsec "\${CROWDSEC}" --cscli "\${CSCLI}" --hub "${hubdir}" hubtest run "${testname}" --clean
# in case of error, need to see what went wrong
echo "\$output"

8
tests/instance-crowdsec
View file

@ -2,15 +2,15 @@
#shellcheck disable=SC1007
THIS_DIR=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)
cd "${THIS_DIR}"
cd "${THIS_DIR}" || exit 1
#shellcheck disable=SC1090
. ./.environment.sh
backend_script="./lib/init/crowdsec-${INIT_BACKEND}"
if [ ! -x "$backend_script" ]; then
echo "unknown init system '$INIT_BACKEND'" >&2
if [[ ! -x "${backend_script}" ]]; then
echo "unknown init system '${INIT_BACKEND}'" >&2
exit 1
fi
exec "$backend_script" "$@"
exec "${backend_script}" "$@"

8
tests/instance-data
View file

@ -2,15 +2,15 @@
#shellcheck disable=SC1007
THIS_DIR=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)
cd "${THIS_DIR}"
cd "${THIS_DIR}" || exit 1
#shellcheck disable=SC1090
. ./.environment.sh
backend_script="./lib/config/config-${CONFIG_BACKEND}"
if [ ! -x "$backend_script" ]; then
echo "unknown config backend '$CONFIG_BACKEND'" >&2
if [[ ! -x "${backend_script}" ]]; then
echo "unknown config backend '${CONFIG_BACKEND}'" >&2
exit 1
fi
exec "$backend_script" "$@"
exec "${backend_script}" "$@"

8
tests/instance-db
View file

@ -2,7 +2,7 @@
#shellcheck disable=SC1007
THIS_DIR=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)
cd "${THIS_DIR}"
cd "${THIS_DIR}" || exit 1
#shellcheck disable=SC1090
. ./.environment.sh
@ -10,9 +10,9 @@ cd "${THIS_DIR}"
backend_script="./lib/db/instance-${DB_BACKEND}"
if [ ! -x "$backend_script" ]; then
echo "unknown database '$DB_BACKEND'" >&2
if [[ ! -x "${backend_script}" ]]; then
echo "unknown database '${DB_BACKEND}'" >&2
exit 1
fi
exec "$backend_script" "$@"
exec "${backend_script}" "$@"

2
tests/lib/bats-assert

@ -1 +1 @@
Subproject commit 4bdd58d3fbcdce3209033d44d884e87add1d8405
Subproject commit 397c735212bf1a06cfdd0cb7806c5a6ea79582bf

2
tests/lib/bats-core

@ -1 +1 @@
Subproject commit 210acf3a8ed318ddedad3137c15451739beba7d4
Subproject commit 410dd229a5ed005c68167cc90ed0712ad2a1c909

38
tests/lib/config/config-global
View file

@ -9,7 +9,7 @@ die() {
}
about() {
die "usage: $script_name [make | load | clean]"
die "usage: ${script_name} [make | load | clean]"
}
#shellcheck disable=SC1007
@ -20,14 +20,14 @@ cd "${THIS_DIR}"/../../
# you have not removed set -u above, have you?
[ -z "${TEST_DIR-}" ] && die "\$TEST_DIR must be defined."
[ -z "${LOCAL_DIR-}" ] && die "\$LOCAL_DIR must be defined."
[ -z "${CSCLI-}" ] && die "\$CSCLI must be defined."
[ -z "${LOCAL_INIT_DIR-}" ] && die "\$LOCAL_INIT_DIR must be defined."
[ -z "${PLUGIN_DIR-}" ] && die "\$PLUGIN_DIR must be defined."
[ -z "${DB_BACKEND-}" ] && die "\$DB_BACKEND must be defined."
[[ -z "${TEST_DIR-}" ]] && die "\$TEST_DIR must be defined."
[[ -z "${LOCAL_DIR-}" ]] && die "\$LOCAL_DIR must be defined."
[[ -z "${CSCLI-}" ]] && die "\$CSCLI must be defined."
[[ -z "${LOCAL_INIT_DIR-}" ]] && die "\$LOCAL_INIT_DIR must be defined."
[[ -z "${PLUGIN_DIR-}" ]] && die "\$PLUGIN_DIR must be defined."
[[ -z "${DB_BACKEND-}" ]] && die "\$DB_BACKEND must be defined."
if [ ! -f "${CSCLI}" ]; then
if [[ ! -f "${CSCLI}" ]]; then
die "${CSCLI} is missing. Please build (with 'make bats-build') or install it."
fi
@ -53,14 +53,13 @@ make_init_data() {
# when installed packages are always using sqlite, so no need to regenerate
# local credz for sqlite
[ "${DB_BACKEND}" == "sqlite" ] || ${CSCLI} machines add --auto
[[ "${DB_BACKEND}" == "sqlite" ]] || ${CSCLI} machines add --auto
"${TEST_DIR}/instance-crowdsec" start
"${CSCLI}" lapi status
[ -z "{PACKAGE_TESTING}" ] && "${CSCLI}" decisions delete --all
[[ -z "${PACKAGE_TESTING}" ]] && "${CSCLI}" decisions delete --all
"${TEST_DIR}/instance-crowdsec" stop
mkdir -p "${LOCAL_INIT_DIR}"
@ -68,22 +67,21 @@ make_init_data() {
echo "${DB_BACKEND}" > "${LOCAL_INIT_DIR}/.backend"
tar -C "${LOCAL_DIR}" --create \
--exclude "$REL_DATA_DIR"/crowdsec.db \
--file "${LOCAL_INIT_DIR}/init-config-data.tar" "$REL_CONFIG_DIR" "$REL_DATA_DIR"
--exclude "${REL_DATA_DIR}"/crowdsec.db \
--file "${LOCAL_INIT_DIR}/init-config-data.tar" "${REL_CONFIG_DIR}" "${REL_DATA_DIR}"
./instance-db setup
remove_init_data
}
load_init_data() {
if [ ! -f "${LOCAL_INIT_DIR}/init-config-data.tar" ]; then
die "Initial data not found; did you run '$script_name make' ?"
if [[ ! -f "${LOCAL_INIT_DIR}/init-config-data.tar" ]]; then
die "Initial data not found; did you run '${script_name} make' ?"
fi
dump_backend="$(cat "${LOCAL_INIT_DIR}/.backend")"
if [ "$DB_BACKEND" != "$dump_backend" ]; then
die "Can't run with backend '$DB_BACKEND' because the test data was build with '$dump_backend'"
if [[ "${DB_BACKEND}" != "${dump_backend}" ]]; then
die "Can't run with backend '${DB_BACKEND}' because the test data was build with '${dump_backend}'"
fi
remove_init_data
@ -97,7 +95,7 @@ load_init_data() {
# ---------------------------
[ $# -lt 1 ] && about
[[ $# -lt 1 ]] && about
case "$1" in

32
tests/lib/config/config-local
View file

@ -9,7 +9,7 @@ die() {
}
about() {
die "usage: $script_name [make | load | clean]"
die "usage: ${script_name} [make | load | clean]"
}
#shellcheck disable=SC1007
@ -20,14 +20,14 @@ cd "${THIS_DIR}"/../../
# you have not removed set -u above, have you?
[ -z "${TEST_DIR-}" ] && die "\$TEST_DIR must be defined."
[ -z "${LOCAL_DIR-}" ] && die "\$LOCAL_DIR must be defined."
[ -z "${CSCLI-}" ] && die "\$CSCLI must be defined."
[ -z "${LOCAL_INIT_DIR-}" ] && die "\$LOCAL_INIT_DIR must be defined."
[ -z "${PLUGIN_DIR-}" ] && die "\$PLUGIN_DIR must be defined."
[ -z "${DB_BACKEND-}" ] && die "\$DB_BACKEND must be defined."
[[ -z "${TEST_DIR-}" ]] && die "\$TEST_DIR must be defined."
[[ -z "${LOCAL_DIR-}" ]] && die "\$LOCAL_DIR must be defined."
[[ -z "${CSCLI-}" ]] && die "\$CSCLI must be defined."
[[ -z "${LOCAL_INIT_DIR-}" ]] && die "\$LOCAL_INIT_DIR must be defined."
[[ -z "${PLUGIN_DIR-}" ]] && die "\$PLUGIN_DIR must be defined."
[[ -z "${DB_BACKEND-}" ]] && die "\$DB_BACKEND must be defined."
if [ ! -f "${CSCLI}" ]; then
if [[ ! -f "${CSCLI}" ]]; then
die "${CSCLI} is missing. Please build (with 'make bats-build') or install it."
fi
@ -96,7 +96,7 @@ make_init_data() {
"${CSCLI}" collections install crowdsecurity/linux
"${TEST_DIR}/instance-crowdsec" start
[[ "$DB_BACKEND" =~ ^postgres|pgx$ ]] && sleep 4
[[ "${DB_BACKEND}" =~ ^postgres|pgx$ ]] && sleep 4
"${CSCLI}" lapi status
# a restart is required to receive community pull
@ -119,20 +119,20 @@ make_init_data() {
echo "${DB_BACKEND}" > "${LOCAL_INIT_DIR}/.backend"
tar -C "${LOCAL_DIR}" --create \
--exclude "$REL_DATA_DIR"/crowdsec.db \
--file "${LOCAL_INIT_DIR}/init-config-data.tar" "$REL_CONFIG_DIR" "$REL_DATA_DIR"
--exclude "${REL_DATA_DIR}"/crowdsec.db \
--file "${LOCAL_INIT_DIR}/init-config-data.tar" "${REL_CONFIG_DIR}" "${REL_DATA_DIR}"
remove_init_data
}
load_init_data() {
if [ ! -f "${LOCAL_INIT_DIR}/init-config-data.tar" ]; then
die "Initial data not found; did you run '$script_name make' ?"
if [[ ! -f "${LOCAL_INIT_DIR}/init-config-data.tar" ]]; then
die "Initial data not found; did you run '${script_name} make' ?"
fi
dump_backend="$(cat "${LOCAL_INIT_DIR}/.backend")"
if [ "$DB_BACKEND" != "$dump_backend" ]; then
die "Can't run with backend '$DB_BACKEND' because the test data was build with '$dump_backend'"
if [[ "${DB_BACKEND}" != "${dump_backend}" ]]; then
die "Can't run with backend '${DB_BACKEND}' because the test data was build with '${dump_backend}'"
fi
remove_init_data
@ -144,7 +144,7 @@ load_init_data() {
# ---------------------------
[ $# -lt 1 ] && about
[[ $# -lt 1 ]] && about
case "$1" in

18
tests/lib/db/instance-mysql
View file

@ -2,7 +2,7 @@
set -eu
script_name=$0
DB_BACKEND=$(echo $script_name | cut -d- -f2)
DB_BACKEND=$(echo "${script_name}" | cut -d- -f2)
export DB_BACKEND
die() {
@ -16,7 +16,7 @@ MYSQL_PASSWORD=${MYSQL_PASSWORD:-password}
MYSQL_USER=${MYSQL_USER:-root}
about() {
die "usage: $script_name [ config_yaml | setup | dump <backup_file> | restore <backup_file> ]"
die "usage: ${script_name} [ config_yaml | setup | dump <backup_file> | restore <backup_file> ]"
}
check_requirements() {
@ -27,7 +27,7 @@ check_requirements() {
silence_password_warning() {
( ( ( "$@" >&9 ) 2>&1 \
| fgrep -v "[Warning] Using a password on the command line interface can be insecure." ) >&2 ) 9>&1 || [[ $? == 1 ]]
| grep -F -v "[Warning] Using a password on the command line interface can be insecure." ) >&2 ) 9>&1 || [[ $? == 1 ]]
}
exec_sql() {
@ -38,7 +38,7 @@ exec_sql() {
"--host=${MYSQL_HOST}" \
"--user=${MYSQL_USER}" \
"--port=${MYSQL_PORT}" \
"--password=${MYSQL_PASSWORD}" <<< "$cmd"
"--password=${MYSQL_PASSWORD}" <<< "${cmd}"
}
setup() {
@ -58,24 +58,24 @@ dump() {
silence_password_warning \
mysqldump \
$COLUMN_STATISTICS \
"${COLUMN_STATISTICS}" \
"--host=${MYSQL_HOST}" \
"--port=${MYSQL_PORT}" \
"--user=${MYSQL_USER}" \
"--password=${MYSQL_PASSWORD}" \
--databases crowdsec_test > "$backup_file"
--databases crowdsec_test > "${backup_file}"
}
restore() {
backup_file="${1?missing file to restore database from}"
[ -f "$backup_file" ] || die "Backup file $backup_file doesn't exist"
[[ -f "${backup_file}" ]] || die "Backup file ${backup_file} doesn't exist"
silence_password_warning \
mysql \
"--host=${MYSQL_HOST}" \
"--user=${MYSQL_USER}" \
"--port=${MYSQL_PORT}" \
"--password=${MYSQL_PASSWORD}" < "$backup_file"
"--password=${MYSQL_PASSWORD}" < "${backup_file}"
exec_sql "DROP USER IF EXISTS 'crowdsec_test';"
exec_sql "CREATE USER 'crowdsec_test' IDENTIFIED BY 'crowdsec_test';"
@ -94,7 +94,7 @@ config_yaml() {
' -i "${CONFIG_YAML}"
}
[ $# -lt 1 ] && about
[[ $# -lt 1 ]] && about
check_requirements

14
tests/lib/db/instance-postgres
View file

@ -2,7 +2,7 @@
set -eu
script_name=$0
DB_BACKEND=$(echo $script_name | cut -d- -f2)
DB_BACKEND=$(echo "${script_name}" | cut -d- -f2)
export DB_BACKEND
die() {
@ -20,7 +20,7 @@ export PGPASSWORD
export PGUSER
about() {
die "usage: $script_name [ config_yaml | setup | dump <backup_file> | restore <backup_file> ]"
die "usage: ${script_name} [ config_yaml | setup | dump <backup_file> | restore <backup_file> ]"
}
check_requirements() {
@ -37,7 +37,7 @@ check_requirements() {
exec_sql() {
cmd="${1?Missing required sql command}"
psql <<< "$cmd"
psql <<< "${cmd}"
}
setup() {
@ -50,13 +50,13 @@ setup() {
dump() {
backup_file="${1?Missing file to backup database to}"
pg_dump -Ft --dbname crowdsec_test --clean --create --file "$backup_file"
pg_dump -Ft --dbname crowdsec_test --clean --create --file "${backup_file}"
}
restore() {
backup_file="${1?missing file to restore database from}"
[ -f "$backup_file" ] || die "Backup file $backup_file doesn't exist"
pg_restore --dbname crowdsec_test --clean "$backup_file"
[[ -f "${backup_file}" ]] || die "Backup file ${backup_file} doesn't exist"
pg_restore --dbname crowdsec_test --clean "${backup_file}"
}
config_yaml() {
@ -72,7 +72,7 @@ config_yaml() {
' -i "${CONFIG_YAML}"
}
[ $# -lt 1 ] && about
[[ $# -lt 1 ]] && about
check_requirements

22
tests/lib/db/instance-sqlite
View file

@ -2,7 +2,7 @@
set -eu
script_name=$0
DB_BACKEND=$(echo $script_name | cut -d- -f2)
DB_BACKEND=$(echo "${script_name}" | cut -d- -f2)
export DB_BACKEND
die() {
@ -11,7 +11,7 @@ die() {
}
about() {
die "usage: $script_name [ config-yaml | setup | dump <backup_file> | restore <backup_file> ]"
die "usage: ${script_name} [ config-yaml | setup | dump <backup_file> | restore <backup_file> ]"
}
#shellcheck disable=SC1007
@ -21,7 +21,6 @@ cd "${THIS_DIR}"/../../
. ./.environment.sh
exec_sql() {
cmd="${1?Missing required sql command}"
sqlite3 "${DB_FILE}" "$@"
}
@ -32,35 +31,36 @@ setup() {
dump() {
backup_file="${1?Missing file to backup database to}"
# dirty fast cp. nothing should be accessing it right now, anyway.
[ -f "${DB_FILE}" ] || die "missing file ${DB_FILE}"
cp "${DB_FILE}" "$backup_file"
[[ -f "${DB_FILE}" ]] || die "missing file ${DB_FILE}"
cp "${DB_FILE}" "${backup_file}"
}
restore() {
backup_file="${1?missing file to restore database from}"
[ -f "$backup_file" ] || die "Backup file $backup_file doesn't exist"
cp "$backup_file" "${DB_FILE}"
[[ -f "${backup_file}" ]] || die "Backup file ${backup_file} doesn't exist"
cp "${backup_file}" "${DB_FILE}"
}
# you have not removed set -u above, have you?
[ -z "${CONFIG_YAML-}" ] && die "\$CONFIG_YAML must be defined."
[[ -z "${CONFIG_YAML-}" ]] && die "\$CONFIG_YAML must be defined."
# ---------------------------
# In most cases this is called with setup argument, and it shouldn't fail for missing config file.
if [ -f "${CONFIG_YAML}" ] ; then
if [[ -f "${CONFIG_YAML}" ]]; then
DATA_DIR=$(yq e '.config_paths.data_dir' - <"${CONFIG_YAML}")
DB_FILE="${DATA_DIR}/crowdsec.db"
export DB_FILE
fi
config_yaml() {
yq e '
.db_config.type=strenv(DB_BACKEND) |
.db_config.db_path="${DB_FILE}"
.db_config.db_path=strenv(DB_FILE)
' -i "${CONFIG_YAML}"
}
[ $# -lt 1 ] && about
[[ $# -lt 1 ]] && about
case "$1" in
config-yaml)

16
tests/lib/init/crowdsec-daemon
View file

@ -9,7 +9,7 @@ die() {
}
about() {
die "usage: $script_name [ start | stop ]"
die "usage: ${script_name} [ start | stop ]"
}
#shellcheck disable=SC1007
@ -20,11 +20,11 @@ cd "${THIS_DIR}"/../../
# you have not removed set -u above, have you?
[ -z "${CROWDSEC-}" ] && die "\$CROWDSEC must be defined."
[ -z "${LOG_DIR-}" ] && die "\$LOG_DIR must be defined."
[ -z "${PID_DIR-}" ] && die "\$PID_DIR must be defined."
[[ -z "${CROWDSEC-}" ]] && die "\$CROWDSEC must be defined."
[[ -z "${LOG_DIR-}" ]] && die "\$LOG_DIR must be defined."
[[ -z "${PID_DIR-}" ]] && die "\$PID_DIR must be defined."
if [ ! -f "${CROWDSEC}" ]; then
if [[ ! -f "${CROWDSEC}" ]]; then
die "${CROWDSEC} is missing. Please build (with 'make bats-build') or install it."
fi
@ -38,12 +38,12 @@ start() {
}
stop() {
if [ -f "${DAEMON_PID}" ]; then
if [[ -f "${DAEMON_PID}" ]]; then
# terminate quickly with extreme prejudice, all the application data will be
# thrown away anyway. also terminate the child processes (notification plugin).
PGID="$(ps -o pgid= -p "$(cat "${DAEMON_PID}")" | tr -d ' ')"
# ps above should work on linux, freebsd, busybox..
if [ -n "${PGID}" ]; then
if [[ -n "${PGID}" ]]; then
kill -- "-${PGID}"
fi
rm -f -- "${DAEMON_PID}"
@ -53,7 +53,7 @@ stop() {
# ---------------------------
[ $# -lt 1 ] && about
[[ $# -lt 1 ]] && about
case "$1" in
start)

14
tests/lib/init/crowdsec-systemd
View file

@ -9,7 +9,7 @@ die() {
}
about() {
die "usage: $script_name [ start | stop ]"
die "usage: ${script_name} [ start | stop ]"
}
#shellcheck disable=SC1007
@ -20,13 +20,13 @@ cd "${THIS_DIR}"/../../
# you have not removed set -u above, have you?
[ -z "${CROWDSEC-}" ] && die "\$CROWDSEC must be defined."
[ -z "${CSCLI-}" ] && die "\$CSCLI must be defined."
[ -z "${LOG_DIR-}" ] && die "\$LOG_DIR must be defined."
[ -z "${PID_DIR-}" ] && die "\$PID_DIR must be defined."
[[ -z "${CROWDSEC-}" ]] && die "\$CROWDSEC must be defined."
[[ -z "${CSCLI-}" ]] && die "\$CSCLI must be defined."
[[ -z "${LOG_DIR-}" ]] && die "\$LOG_DIR must be defined."
[[ -z "${PID_DIR-}" ]] && die "\$PID_DIR must be defined."
if [ ! -f "${CROWDSEC}" ]; then
if [[ ! -f "${CROWDSEC}" ]]; then
die "${CROWDSEC} is missing. Please build (with 'make bats-build') or install it."
fi
@ -45,7 +45,7 @@ stop() {
# ---------------------------
[ $# -lt 1 ] && about
[[ $# -lt 1 ]] && about
case "$1" in
start)

1
tests/lib/setup.sh Normal file → Executable file
View file

@ -1,3 +1,4 @@
#!/usr/bin/env bash
# these plugins are always available

11
tests/lib/setup_file.sh Normal file → Executable file
View file

@ -1,3 +1,4 @@
#!/usr/bin/env bash
debug() {
echo 'exec 1<&-; exec 2<&-; exec 1>&3; exec 2>&1'
@ -48,28 +49,28 @@ export -f config_yq
# shellcheck disable=SC2154
stderr() {
printf '%s' "$stderr"
printf '%s' "${stderr}"
}
export -f stderr
# shellcheck disable=SC2154
output() {
printf '%s' "$output"
printf '%s' "${output}"
}
export -f output
is_db_postgres() {
[[ "$DB_BACKEND" =~ ^postgres|pgx$ ]]
[[ "${DB_BACKEND}" =~ ^postgres|pgx$ ]]
}
export -f is_db_postgres
is_db_mysql() {
[[ "$DB_BACKEND" == "mysql" ]]
[[ "${DB_BACKEND}" == "mysql" ]]
}
export -f is_db_mysql
is_db_sqlite() {
[[ "$DB_BACKEND" == "sqlite" ]]
[[ "${DB_BACKEND}" == "sqlite" ]]
}
export -f is_db_sqlite

1
tests/lib/teardown_file.sh Normal file → Executable file
View file

@ -1,3 +1,4 @@
#!/usr/bin/env bash
# any stdout, stderr from now on will go to &3
eval "$(debug)"

4
tests/lib/util/wait-for-port
View file

@ -13,7 +13,7 @@ about() {
die "usage: ${script_name} [-q] <port_number>"
}
[ $# -lt 1 ] && about
[[ $# -lt 1 ]] && about
QUIET=
if [[ "$1" == "-q" ]]; then
@ -21,7 +21,7 @@ if [[ "$1" == "-q" ]]; then
shift
fi
[ $# -lt 1 ] && about
[[ $# -lt 1 ]] && about
port_number=$1

5
tests/run-as-daemon
View file

@ -7,6 +7,9 @@ die() {
exit 1
}
[[ -n "${DAEMON_PID}" ]] || die "\$DAEMON_PID is required and must be the path of the pid file"
[[ -n "${OUT_FILE}" ]] || die "\$OUT_FILE is required and must be the path of the resulting stdout"
# Simplified dudeist daemonizer. Don't care about lock files, separate
# stdout/stderr and fancy stuff. #YOLO
@ -18,7 +21,7 @@ case "${SYSTEM,,}" in
daemon -p "${DAEMON_PID}" -o "${OUT_FILE}" "$@"
;;
*)
die "unsupported system: $SYSTEM"
die "unsupported system: ${SYSTEM}"
;;
esac

13
tests/run-tests
View file

@ -15,8 +15,8 @@ TEST_DIR=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)
"${TEST_DIR}/check-requirements"
echo "Running tests..."
echo "DB_BACKEND: $DB_BACKEND"
if [ -z "$TEST_COVERAGE" ]; then
echo "DB_BACKEND: ${DB_BACKEND}"
if [[ -z "${TEST_COVERAGE}" ]]; then
echo "Coverage report: no"
else
echo "Coverage report: yes"
@ -26,15 +26,16 @@ fi
dump_backend="$(cat "${LOCAL_INIT_DIR}/.backend")"
if [ "$DB_BACKEND" != "$dump_backend" ]; then
die "Can't run with backend '$DB_BACKEND' because the test data was build with '$dump_backend'"
if [[ "${DB_BACKEND}" != "${dump_backend}" ]]; then
die "Can't run with backend '${DB_BACKEND}' because the test data was build with '${dump_backend}'"
fi
if [ $# -ge 1 ]; then
if [[ $# -ge 1 ]]; then
echo "test files: $*"
"${TEST_DIR}/lib/bats-core/bin/bats" \
--jobs 1 \
--print-output-on-failure \
--timing \
"$@"
else
echo "test files: ${TEST_DIR}/bats ${TEST_DIR}/dyn-bats"
@ -44,7 +45,7 @@ else
-T "${TEST_DIR}/bats" "${TEST_DIR}/dyn-bats"
fi
if [ -n "$TEST_COVERAGE" ]; then
if [[ -n "${TEST_COVERAGE}" ]]; then
# empty files just to avoid merge errors
touch "${LOCAL_DIR}"/var/lib/coverage/crowdsec-
touch "${LOCAL_DIR}"/var/lib/coverage/cscli-