From b91fcb8e9bd381932f070d99fd4a43a75f36fe50 Mon Sep 17 00:00:00 2001 From: mmetc <92726601+mmetc@users.noreply.github.com> Date: Wed, 22 Jun 2022 10:00:51 +0200 Subject: [PATCH] Fixed bats tests for freebsd (#1600) --- tests/README.md | 23 +++++++++++++++++++++-- tests/assert-crowdsec-not-running | 2 +- tests/bats/05_config_yaml_local.bats | 18 +++++++++--------- tests/bats/11_bouncers_tls.bats | 4 ++-- tests/bats/30_machines_tls.bats | 26 +++++++++++++------------- tests/check-requirements | 13 ++++++++++--- tests/lib/config/config-local | 9 ++++++--- tests/lib/db/instance-sqlite | 2 +- tests/lib/setup_file.sh | 2 +- 9 files changed, 64 insertions(+), 35 deletions(-) diff --git a/tests/README.md b/tests/README.md index b3124802e..3b7e3a1e8 100644 --- a/tests/README.md +++ b/tests/README.md @@ -67,7 +67,7 @@ Run `make clean bats-all` to perform a test build + run. To repeat test runs without rebuilding crowdsec, use `make bats-test`. -## Troubleshooting tests +## Debugging tests See `./tests/run-tests --help` to run/debug specific tests. @@ -386,9 +386,28 @@ $ sudo docker run --cap-add=sys_nice --detach --name=mariadb -p 3306:3306 --env A mysql-client package is required as well. +## troubleshooting + + + - My tests are hanging forever, why? +See if you have a jq/yq or similar process waiting for standard input. Hint: +you can pass a file from the result of the previous `run` command with +`<(output)`. This substitutes the expression with a file name, but if you +really want it in standard input, you have to use `< <(output)`. Bash is +awesome but the syntax is often weird. + + - I can't do X with jq. +If you prefer you can use yq. It can parse and generate json, and it has a +different syntax. + + - I get "while parsing /tmp/....: yaml: line 5: mapping values are not allowed in this context" +Check the heredocs (the <"${CONFIG_YAML}.local" - run -0 ./instance-crowdsec start + ./instance-crowdsec start run -0 ./lib/util/wait-for-port -q 8083 run -1 ./lib/util/wait-for-port -q 8080 - run -0 ./instance-crowdsec stop + ./instance-crowdsec stop rm -f "${CONFIG_YAML}.local" - run -0 ./instance-crowdsec start + ./instance-crowdsec start run -1 ./lib/util/wait-for-port -q 8083 run -0 ./lib/util/wait-for-port -q 8080 } @test "${FILE} local_api_credentials.yaml.local" { echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local" - run -0 ./instance-crowdsec start + ./instance-crowdsec start run -0 ./lib/util/wait-for-port -q 8083 - run -0 yq e '.api.client.credentials_path' <"${CONFIG_YAML}" + run -0 yq e '.api.client.credentials_path' "${CONFIG_YAML}" LOCAL_API_CREDENTIALS="${output}" run -1 cscli decisions list @@ -80,7 +80,7 @@ teardown() { } @test "${FILE} simulation.yaml.local" { - run -0 yq e '.config_paths.simulation_path' <"${CONFIG_YAML}" + run -0 yq e '.config_paths.simulation_path' "${CONFIG_YAML}" refute_output null SIMULATION="${output}" @@ -102,7 +102,7 @@ teardown() { } @test "${FILE} profiles.yaml.local" { - run -0 yq e '.api.server.profiles_path' <"${CONFIG_YAML}" + run -0 yq e '.api.server.profiles_path' "${CONFIG_YAML}" refute_output null PROFILES="${output}" diff --git a/tests/bats/11_bouncers_tls.bats b/tests/bats/11_bouncers_tls.bats index 5359e07fc..80c08d112 100644 --- a/tests/bats/11_bouncers_tls.bats +++ b/tests/bats/11_bouncers_tls.bats @@ -4,7 +4,7 @@ set -u config_disable_agent() { - yq 'del(.crowdsec_service)' -i "${CONFIG_YAML}" + yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}" } setup_file() { @@ -35,7 +35,7 @@ setup_file() { echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt" cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem" - yq ' + yq e ' .api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" | .api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" | .api.server.tls.ca_cert_path=strenv(tmpdir) + "/inter.pem" | diff --git a/tests/bats/30_machines_tls.bats b/tests/bats/30_machines_tls.bats index a93d4434f..574506d43 100644 --- a/tests/bats/30_machines_tls.bats +++ b/tests/bats/30_machines_tls.bats @@ -32,7 +32,7 @@ setup_file() { echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt" cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem" - yq ' + yq e ' .api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" | .api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" | .api.server.tls.ca_cert_path=strenv(tmpdir) + "/inter.pem" | @@ -60,15 +60,15 @@ teardown() { @test "${FILE} invalid OU for agent" { CONFIG_DIR=$(dirname "${CONFIG_YAML}") - yq ' + yq e ' .ca_cert_path=strenv(tmpdir) + "/inter.pem" | .key_path=strenv(tmpdir) + "/agent_bad_ou-key.pem" | .cert_path=strenv(tmpdir) + "/agent_bad_ou.pem" | .url="https://127.0.0.1:8080" ' -i "${CONFIG_DIR}/local_api_credentials.yaml" - yq 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml" - yq 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml" + yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml" + yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml" ./instance-crowdsec start #let the agent start sleep 2 @@ -79,15 +79,15 @@ teardown() { @test "${FILE} we have exactly one machine registered with TLS" { CONFIG_DIR=$(dirname "${CONFIG_YAML}") - yq ' + yq e ' .ca_cert_path=strenv(tmpdir) + "/inter.pem" | .key_path=strenv(tmpdir) + "/agent-key.pem" | .cert_path=strenv(tmpdir) + "/agent.pem" | .url="https://127.0.0.1:8080" ' -i "${CONFIG_DIR}/local_api_credentials.yaml" - yq 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml" - yq 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml" + yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml" + yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml" ./instance-crowdsec start #let the agent start sleep 2 @@ -103,15 +103,15 @@ teardown() { @test "${FILE} invalid cert for agent" { CONFIG_DIR=$(dirname "${CONFIG_YAML}") - yq ' + yq e ' .ca_cert_path=strenv(tmpdir) + "/inter.pem" | .key_path=strenv(tmpdir) + "/agent_invalid-key.pem" | .cert_path=strenv(tmpdir) + "/agent_invalid.pem" | .url="https://127.0.0.1:8080" ' -i "${CONFIG_DIR}/local_api_credentials.yaml" - yq 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml" - yq 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml" + yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml" + yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml" ./instance-crowdsec start #let the agent start sleep 2 @@ -122,15 +122,15 @@ teardown() { @test "${FILE} revoked cert for agent" { CONFIG_DIR=$(dirname "${CONFIG_YAML}") - yq ' + yq e ' .ca_cert_path=strenv(tmpdir) + "/inter.pem" | .key_path=strenv(tmpdir) + "/agent_revoked-key.pem" | .cert_path=strenv(tmpdir) + "/agent_revoked.pem" | .url="https://127.0.0.1:8080" ' -i "${CONFIG_DIR}/local_api_credentials.yaml" - yq 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml" - yq 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml" + yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml" + yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml" ./instance-crowdsec start #let the agent start sleep 2 diff --git a/tests/check-requirements b/tests/check-requirements index 0717b6312..a46cffab7 100755 --- a/tests/check-requirements +++ b/tests/check-requirements @@ -38,9 +38,15 @@ check_nc() { fi } +check_base64() { + if ! command -v base64 >/dev/null; then + die "missing required program 'base64'" + fi +} + check_yq() { # shellcheck disable=SC2016 - howto_install='You can install it with your favorite package manager (including snap) or with "GO111MODULE=on go get github.com/mikefarah/yq/v4" and add ~/go/bin to $PATH.' + howto_install='You can install it with your favorite package manager (including snap) or with "go install github.com/mikefarah/yq/v4@latest" and add ~/go/bin to $PATH.' if ! command -v yq >/dev/null; then die "Missing required program 'yq'. ${howto_install}" fi @@ -70,7 +76,7 @@ check_daemonizer() { check_cfssl() { # shellcheck disable=SC2016 - howto_install='You can install it with "go get -u github.com/cloudflare/cfssl/cmd/cfssl" and add ~/go/bin to $PATH.' + howto_install='You can install it with "go install github.com/cloudflare/cfssl/cmd/cfssl@latest" and add ~/go/bin to $PATH.' if ! command -v cfssl >/dev/null; then die "Missing required program 'cfssl'. ${howto_install}" fi @@ -78,7 +84,7 @@ check_cfssl() { check_cfssljson() { # shellcheck disable=SC2016 - howto_install='You can install it with "go get -u github.com/cloudflare/cfssl/cmd/cfssljson" and add ~/go/bin to $PATH.' + howto_install='You can install it with "go install github.com/cloudflare/cfssl/cmd/cfssljson@latest" and add ~/go/bin to $PATH.' if ! command -v cfssljson >/dev/null; then die "Missing required program 'cfssljson'. ${howto_install}" fi @@ -96,6 +102,7 @@ check_cfssl check_cfssljson check_jq check_nc +check_base64 check_python3 check_yq if [[ -n "${TEST_COVERAGE}" ]]; then diff --git a/tests/lib/config/config-local b/tests/lib/config/config-local index 82dbf5c0d..d67a4fb66 100755 --- a/tests/lib/config/config-local +++ b/tests/lib/config/config-local @@ -46,13 +46,16 @@ remove_init_data() { config_generate() { mkdir -p "${CONFIG_DIR}" - cp ../config/acquis.yaml \ - ../config/profiles.yaml \ + cp ../config/profiles.yaml \ ../config/simulation.yaml \ ../config/local_api_credentials.yaml \ ../config/online_api_credentials.yaml \ "${CONFIG_DIR}/" + # the default acquis file contains files that are not readable by everyone + # We use a noop configuration that forces nevertheless crowdsec to keep watching + echo '{"filenames":["/tmp/should-not-exist.log"],"labels":{"type":"syslog"},"force_inotify":true}' > "${CONFIG_DIR}/acquis.yaml" + cp ../plugins/notifications/*/{http,email,slack,splunk,dummy}.yaml \ "${CONFIG_DIR}/notifications/" @@ -75,7 +78,7 @@ config_generate() { .api.server.profiles_path=strenv(CONFIG_DIR)+"/profiles.yaml" | .api.server.console_path=strenv(CONFIG_DIR)+"/console.yaml" | .api.server.online_client.credentials_path=strenv(CONFIG_DIR)+"/online_api_credentials.yaml" - ' - <../config/config.yaml >"${CONFIG_DIR}/config.yaml" + ' ../config/config.yaml >"${CONFIG_DIR}/config.yaml" } make_init_data() { diff --git a/tests/lib/db/instance-sqlite b/tests/lib/db/instance-sqlite index a3044d784..ec1340701 100755 --- a/tests/lib/db/instance-sqlite +++ b/tests/lib/db/instance-sqlite @@ -48,7 +48,7 @@ restore() { # --------------------------- # In most cases this is called with setup argument, and it shouldn't fail for missing config file. if [[ -f "${CONFIG_YAML}" ]]; then - DATA_DIR=$(yq e '.config_paths.data_dir' - <"${CONFIG_YAML}") + DATA_DIR=$(yq e '.config_paths.data_dir' "${CONFIG_YAML}") DB_FILE="${DATA_DIR}/crowdsec.db" export DB_FILE fi diff --git a/tests/lib/setup_file.sh b/tests/lib/setup_file.sh index 6197d7744..be1106a54 100755 --- a/tests/lib/setup_file.sh +++ b/tests/lib/setup_file.sh @@ -45,7 +45,7 @@ cscli() { export -f cscli config_yq() { - yq e "$@" - <"${CONFIG_YAML}" + yq e "$@" "${CONFIG_YAML}" } export -f config_yq