Fixed bats tests for freebsd (#1600)

tests/README.md

@@ -67,7 +67,7 @@ Run `make clean bats-all` to perform a test build + run.
 To repeat test runs without rebuilding crowdsec, use `make bats-test`.
 
 
-## Troubleshooting tests
+## Debugging tests
 
 See `./tests/run-tests --help` to run/debug specific tests.
 
@@ -386,9 +386,28 @@ $ sudo docker run --cap-add=sys_nice --detach --name=mariadb -p 3306:3306  --env
 
 A mysql-client package is required as well.
 
+## troubleshooting
+
+
+ - My tests are hanging forever, why?
+See if you have a jq/yq or similar process waiting for standard input. Hint:
+you can pass a file from the result of the previous `run` command with
+`<(output)`. This substitutes the expression with a file name, but if you
+really want it in standard input, you have to use `< <(output)`. Bash is
+awesome but the syntax is often weird.
+
+ - I can't do X with jq.
+If you prefer you can use yq. It can parse and generate json, and it has a
+different syntax.
+
+ - I get "while parsing /tmp/....: yaml: line 5: mapping values are not allowed in this context"
+Check the heredocs (the <<EOT blocks). Each line must start with a hard TAB
+followed by spaces. You are probably missing some tabs.
+
 ## gotchas
 
  - Testing with Postgres or MySQL/MariaDB leads to (unpredictably) failing
    tests in the GitHub workflows, so we had to disable them by default. We do
-   run these in a separate environment before doing releases.
+   run these in a separate environment before doing releases. They should always
+   pass if you run them in a development machine.
 

tests/assert-crowdsec-not-running

@@ -13,7 +13,7 @@ is_crowdsec_running || exit 0
 sleep 2
 is_crowdsec_running || exit 0
 
-PIDS=$(echo "${PIDS}" | sed ':a;N;$!ba;s/\n/ /g')
+PIDS=$(echo "${PIDS}" | tr '\n' ' ')
 msg="CrowdSec is already running (PID ${PIDS}). Please terminate it and run the tests again."
 
 # Are we inside a setup() or @test? Is file descriptor 3 open?

tests/bats/05_config_yaml_local.bats

@@ -50,28 +50,28 @@ teardown() {
 }
 
 @test "${FILE} config.yaml.local - crowdsec (listen_url)" {
-    run -0 ./instance-crowdsec start
+    ./instance-crowdsec start
     run -0 ./lib/util/wait-for-port -q 8080
-    run -0 ./instance-crowdsec stop
+    ./instance-crowdsec stop
 
     echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local"
-    run -0 ./instance-crowdsec start
+    ./instance-crowdsec start
     run -0 ./lib/util/wait-for-port -q 8083
     run -1 ./lib/util/wait-for-port -q 8080
-    run -0 ./instance-crowdsec stop
+    ./instance-crowdsec stop
 
     rm -f "${CONFIG_YAML}.local"
-    run -0 ./instance-crowdsec start
+    ./instance-crowdsec start
     run -1 ./lib/util/wait-for-port -q 8083
     run -0 ./lib/util/wait-for-port -q 8080
 }
 
 @test "${FILE} local_api_credentials.yaml.local" {
     echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local"
-    run -0 ./instance-crowdsec start
+    ./instance-crowdsec start
     run -0 ./lib/util/wait-for-port -q 8083
 
-    run -0 yq e '.api.client.credentials_path' <"${CONFIG_YAML}"
+    run -0 yq e '.api.client.credentials_path' "${CONFIG_YAML}"
     LOCAL_API_CREDENTIALS="${output}"
 
     run -1 cscli decisions list
@@ -80,7 +80,7 @@ teardown() {
 }
 
 @test "${FILE} simulation.yaml.local" {
-    run -0 yq e '.config_paths.simulation_path' <"${CONFIG_YAML}"
+    run -0 yq e '.config_paths.simulation_path' "${CONFIG_YAML}"
     refute_output null
     SIMULATION="${output}"
 
@@ -102,7 +102,7 @@ teardown() {
 }
 
 @test "${FILE} profiles.yaml.local" {
-    run -0 yq e '.api.server.profiles_path' <"${CONFIG_YAML}"
+    run -0 yq e '.api.server.profiles_path' "${CONFIG_YAML}"
     refute_output null
     PROFILES="${output}"
 

tests/bats/11_bouncers_tls.bats

@@ -4,7 +4,7 @@
 set -u
 
 config_disable_agent() {
-    yq 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
+    yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
 }
 
 setup_file() {
@@ -35,7 +35,7 @@ setup_file() {
     echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt"
     cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem"
 
-    yq '
+    yq e '
         .api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" |
         .api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" |
         .api.server.tls.ca_cert_path=strenv(tmpdir) + "/inter.pem" |

tests/bats/30_machines_tls.bats

@@ -32,7 +32,7 @@ setup_file() {
     echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt"
     cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem"
 
-    yq '
+    yq e '
         .api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" |
         .api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" |
         .api.server.tls.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
@@ -60,15 +60,15 @@ teardown() {
 @test "${FILE} invalid OU for agent" {
     CONFIG_DIR=$(dirname "${CONFIG_YAML}")
 
-    yq '
+    yq e '
         .ca_cert_path=strenv(tmpdir) + "/inter.pem" |
         .key_path=strenv(tmpdir) + "/agent_bad_ou-key.pem" |
         .cert_path=strenv(tmpdir) + "/agent_bad_ou.pem" |
         .url="https://127.0.0.1:8080"
     ' -i "${CONFIG_DIR}/local_api_credentials.yaml"
 
-    yq 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
-    yq 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
+    yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
+    yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
     ./instance-crowdsec start
     #let the agent start
     sleep 2
@@ -79,15 +79,15 @@ teardown() {
 @test "${FILE} we have exactly one machine registered with TLS" {
     CONFIG_DIR=$(dirname "${CONFIG_YAML}")
 
-    yq '
+    yq e '
         .ca_cert_path=strenv(tmpdir) + "/inter.pem" |
         .key_path=strenv(tmpdir) + "/agent-key.pem" |
         .cert_path=strenv(tmpdir) + "/agent.pem" |
         .url="https://127.0.0.1:8080"
     ' -i "${CONFIG_DIR}/local_api_credentials.yaml"
 
-    yq 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
-    yq 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
+    yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
+    yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
     ./instance-crowdsec start
     #let the agent start
     sleep 2
@@ -103,15 +103,15 @@ teardown() {
 @test "${FILE} invalid cert for agent" {
     CONFIG_DIR=$(dirname "${CONFIG_YAML}")
 
-    yq '
+    yq e '
         .ca_cert_path=strenv(tmpdir) + "/inter.pem" |
         .key_path=strenv(tmpdir) + "/agent_invalid-key.pem" |
         .cert_path=strenv(tmpdir) + "/agent_invalid.pem" |
         .url="https://127.0.0.1:8080"
     ' -i "${CONFIG_DIR}/local_api_credentials.yaml"
 
-    yq 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
-    yq 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
+    yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
+    yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
     ./instance-crowdsec start
     #let the agent start
     sleep 2
@@ -122,15 +122,15 @@ teardown() {
 @test "${FILE} revoked cert for agent" {
     CONFIG_DIR=$(dirname "${CONFIG_YAML}")
 
-    yq '
+    yq e '
         .ca_cert_path=strenv(tmpdir) + "/inter.pem" |
         .key_path=strenv(tmpdir) + "/agent_revoked-key.pem" |
         .cert_path=strenv(tmpdir) + "/agent_revoked.pem" |
         .url="https://127.0.0.1:8080"
     ' -i "${CONFIG_DIR}/local_api_credentials.yaml"
 
-    yq 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
-    yq 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
+    yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
+    yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
     ./instance-crowdsec start
     #let the agent start
     sleep 2

tests/check-requirements

@@ -38,9 +38,15 @@ check_nc() {
     fi
 }
 
+check_base64() {
+    if ! command -v base64 >/dev/null; then
+        die "missing required program 'base64'"
+    fi
+}
+
 check_yq() {
     # shellcheck disable=SC2016
-    howto_install='You can install it with your favorite package manager (including snap) or with "GO111MODULE=on go get github.com/mikefarah/yq/v4" and add ~/go/bin to $PATH.'
+    howto_install='You can install it with your favorite package manager (including snap) or with "go install github.com/mikefarah/yq/v4@latest" and add ~/go/bin to $PATH.'
     if ! command -v yq >/dev/null; then
         die "Missing required program 'yq'. ${howto_install}"
     fi
@@ -70,7 +76,7 @@ check_daemonizer() {
 
 check_cfssl() {
     # shellcheck disable=SC2016
-    howto_install='You can install it with "go get -u github.com/cloudflare/cfssl/cmd/cfssl" and add ~/go/bin to $PATH.'
+    howto_install='You can install it with "go install github.com/cloudflare/cfssl/cmd/cfssl@latest" and add ~/go/bin to $PATH.'
     if ! command -v cfssl >/dev/null; then
         die "Missing required program 'cfssl'. ${howto_install}"
     fi
@@ -78,7 +84,7 @@ check_cfssl() {
 
 check_cfssljson() {
     # shellcheck disable=SC2016
-    howto_install='You can install it with "go get -u github.com/cloudflare/cfssl/cmd/cfssljson" and add ~/go/bin to $PATH.'
+    howto_install='You can install it with "go install github.com/cloudflare/cfssl/cmd/cfssljson@latest" and add ~/go/bin to $PATH.'
     if ! command -v cfssljson >/dev/null; then
         die "Missing required program 'cfssljson'. ${howto_install}"
     fi
@@ -96,6 +102,7 @@ check_cfssl
 check_cfssljson
 check_jq
 check_nc
+check_base64
 check_python3
 check_yq
 if [[ -n "${TEST_COVERAGE}" ]]; then

tests/lib/config/config-local

@@ -46,13 +46,16 @@ remove_init_data() {
 config_generate() {
     mkdir -p "${CONFIG_DIR}"
 
-    cp ../config/acquis.yaml \
-       ../config/profiles.yaml \
+    cp ../config/profiles.yaml \
        ../config/simulation.yaml \
        ../config/local_api_credentials.yaml \
        ../config/online_api_credentials.yaml \
        "${CONFIG_DIR}/"
 
+    # the default acquis file contains files that are not readable by everyone
+    # We use a noop configuration that forces nevertheless crowdsec to keep watching
+    echo '{"filenames":["/tmp/should-not-exist.log"],"labels":{"type":"syslog"},"force_inotify":true}' > "${CONFIG_DIR}/acquis.yaml"
+
     cp ../plugins/notifications/*/{http,email,slack,splunk,dummy}.yaml \
        "${CONFIG_DIR}/notifications/"
 
@@ -75,7 +78,7 @@ config_generate() {
     .api.server.profiles_path=strenv(CONFIG_DIR)+"/profiles.yaml" |
     .api.server.console_path=strenv(CONFIG_DIR)+"/console.yaml" |
     .api.server.online_client.credentials_path=strenv(CONFIG_DIR)+"/online_api_credentials.yaml"
-    ' - <../config/config.yaml >"${CONFIG_DIR}/config.yaml"
+    ' ../config/config.yaml >"${CONFIG_DIR}/config.yaml"
 }
 
 make_init_data() {

tests/lib/db/instance-sqlite

@@ -48,7 +48,7 @@ restore() {
 # ---------------------------
 # In most cases this is called with setup argument, and it shouldn't fail for missing config file.
 if [[ -f "${CONFIG_YAML}" ]]; then
-    DATA_DIR=$(yq e '.config_paths.data_dir' - <"${CONFIG_YAML}")
+    DATA_DIR=$(yq e '.config_paths.data_dir' "${CONFIG_YAML}")
     DB_FILE="${DATA_DIR}/crowdsec.db"
     export DB_FILE
 fi

tests/lib/setup_file.sh

@@ -45,7 +45,7 @@ cscli() {
 export -f cscli
 
 config_yq() {
-    yq e "$@" - <"${CONFIG_YAML}"
+    yq e "$@" "${CONFIG_YAML}"
 }
 export -f config_yq