Fixed bats tests for freebsd (#1600)
This commit is contained in:
parent
d71279f023
commit
b91fcb8e9b
|
@ -67,7 +67,7 @@ Run `make clean bats-all` to perform a test build + run.
|
||||||
To repeat test runs without rebuilding crowdsec, use `make bats-test`.
|
To repeat test runs without rebuilding crowdsec, use `make bats-test`.
|
||||||
|
|
||||||
|
|
||||||
## Troubleshooting tests
|
## Debugging tests
|
||||||
|
|
||||||
See `./tests/run-tests --help` to run/debug specific tests.
|
See `./tests/run-tests --help` to run/debug specific tests.
|
||||||
|
|
||||||
|
@ -386,9 +386,28 @@ $ sudo docker run --cap-add=sys_nice --detach --name=mariadb -p 3306:3306 --env
|
||||||
|
|
||||||
A mysql-client package is required as well.
|
A mysql-client package is required as well.
|
||||||
|
|
||||||
|
## troubleshooting
|
||||||
|
|
||||||
|
|
||||||
|
- My tests are hanging forever, why?
|
||||||
|
See if you have a jq/yq or similar process waiting for standard input. Hint:
|
||||||
|
you can pass a file from the result of the previous `run` command with
|
||||||
|
`<(output)`. This substitutes the expression with a file name, but if you
|
||||||
|
really want it in standard input, you have to use `< <(output)`. Bash is
|
||||||
|
awesome but the syntax is often weird.
|
||||||
|
|
||||||
|
- I can't do X with jq.
|
||||||
|
If you prefer you can use yq. It can parse and generate json, and it has a
|
||||||
|
different syntax.
|
||||||
|
|
||||||
|
- I get "while parsing /tmp/....: yaml: line 5: mapping values are not allowed in this context"
|
||||||
|
Check the heredocs (the <<EOT blocks). Each line must start with a hard TAB
|
||||||
|
followed by spaces. You are probably missing some tabs.
|
||||||
|
|
||||||
## gotchas
|
## gotchas
|
||||||
|
|
||||||
- Testing with Postgres or MySQL/MariaDB leads to (unpredictably) failing
|
- Testing with Postgres or MySQL/MariaDB leads to (unpredictably) failing
|
||||||
tests in the GitHub workflows, so we had to disable them by default. We do
|
tests in the GitHub workflows, so we had to disable them by default. We do
|
||||||
run these in a separate environment before doing releases.
|
run these in a separate environment before doing releases. They should always
|
||||||
|
pass if you run them in a development machine.
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ is_crowdsec_running || exit 0
|
||||||
sleep 2
|
sleep 2
|
||||||
is_crowdsec_running || exit 0
|
is_crowdsec_running || exit 0
|
||||||
|
|
||||||
PIDS=$(echo "${PIDS}" | sed ':a;N;$!ba;s/\n/ /g')
|
PIDS=$(echo "${PIDS}" | tr '\n' ' ')
|
||||||
msg="CrowdSec is already running (PID ${PIDS}). Please terminate it and run the tests again."
|
msg="CrowdSec is already running (PID ${PIDS}). Please terminate it and run the tests again."
|
||||||
|
|
||||||
# Are we inside a setup() or @test? Is file descriptor 3 open?
|
# Are we inside a setup() or @test? Is file descriptor 3 open?
|
||||||
|
|
|
@ -50,28 +50,28 @@ teardown() {
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "${FILE} config.yaml.local - crowdsec (listen_url)" {
|
@test "${FILE} config.yaml.local - crowdsec (listen_url)" {
|
||||||
run -0 ./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
run -0 ./lib/util/wait-for-port -q 8080
|
run -0 ./lib/util/wait-for-port -q 8080
|
||||||
run -0 ./instance-crowdsec stop
|
./instance-crowdsec stop
|
||||||
|
|
||||||
echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local"
|
echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local"
|
||||||
run -0 ./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
run -0 ./lib/util/wait-for-port -q 8083
|
run -0 ./lib/util/wait-for-port -q 8083
|
||||||
run -1 ./lib/util/wait-for-port -q 8080
|
run -1 ./lib/util/wait-for-port -q 8080
|
||||||
run -0 ./instance-crowdsec stop
|
./instance-crowdsec stop
|
||||||
|
|
||||||
rm -f "${CONFIG_YAML}.local"
|
rm -f "${CONFIG_YAML}.local"
|
||||||
run -0 ./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
run -1 ./lib/util/wait-for-port -q 8083
|
run -1 ./lib/util/wait-for-port -q 8083
|
||||||
run -0 ./lib/util/wait-for-port -q 8080
|
run -0 ./lib/util/wait-for-port -q 8080
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "${FILE} local_api_credentials.yaml.local" {
|
@test "${FILE} local_api_credentials.yaml.local" {
|
||||||
echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local"
|
echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local"
|
||||||
run -0 ./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
run -0 ./lib/util/wait-for-port -q 8083
|
run -0 ./lib/util/wait-for-port -q 8083
|
||||||
|
|
||||||
run -0 yq e '.api.client.credentials_path' <"${CONFIG_YAML}"
|
run -0 yq e '.api.client.credentials_path' "${CONFIG_YAML}"
|
||||||
LOCAL_API_CREDENTIALS="${output}"
|
LOCAL_API_CREDENTIALS="${output}"
|
||||||
|
|
||||||
run -1 cscli decisions list
|
run -1 cscli decisions list
|
||||||
|
@ -80,7 +80,7 @@ teardown() {
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "${FILE} simulation.yaml.local" {
|
@test "${FILE} simulation.yaml.local" {
|
||||||
run -0 yq e '.config_paths.simulation_path' <"${CONFIG_YAML}"
|
run -0 yq e '.config_paths.simulation_path' "${CONFIG_YAML}"
|
||||||
refute_output null
|
refute_output null
|
||||||
SIMULATION="${output}"
|
SIMULATION="${output}"
|
||||||
|
|
||||||
|
@ -102,7 +102,7 @@ teardown() {
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "${FILE} profiles.yaml.local" {
|
@test "${FILE} profiles.yaml.local" {
|
||||||
run -0 yq e '.api.server.profiles_path' <"${CONFIG_YAML}"
|
run -0 yq e '.api.server.profiles_path' "${CONFIG_YAML}"
|
||||||
refute_output null
|
refute_output null
|
||||||
PROFILES="${output}"
|
PROFILES="${output}"
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
set -u
|
set -u
|
||||||
|
|
||||||
config_disable_agent() {
|
config_disable_agent() {
|
||||||
yq 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
|
yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
|
||||||
}
|
}
|
||||||
|
|
||||||
setup_file() {
|
setup_file() {
|
||||||
|
@ -35,7 +35,7 @@ setup_file() {
|
||||||
echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt"
|
echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt"
|
||||||
cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem"
|
cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem"
|
||||||
|
|
||||||
yq '
|
yq e '
|
||||||
.api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" |
|
.api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" |
|
||||||
.api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" |
|
.api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" |
|
||||||
.api.server.tls.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
.api.server.tls.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
||||||
|
|
|
@ -32,7 +32,7 @@ setup_file() {
|
||||||
echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt"
|
echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt"
|
||||||
cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem"
|
cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem"
|
||||||
|
|
||||||
yq '
|
yq e '
|
||||||
.api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" |
|
.api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" |
|
||||||
.api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" |
|
.api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" |
|
||||||
.api.server.tls.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
.api.server.tls.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
||||||
|
@ -60,15 +60,15 @@ teardown() {
|
||||||
@test "${FILE} invalid OU for agent" {
|
@test "${FILE} invalid OU for agent" {
|
||||||
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
|
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
|
||||||
|
|
||||||
yq '
|
yq e '
|
||||||
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
||||||
.key_path=strenv(tmpdir) + "/agent_bad_ou-key.pem" |
|
.key_path=strenv(tmpdir) + "/agent_bad_ou-key.pem" |
|
||||||
.cert_path=strenv(tmpdir) + "/agent_bad_ou.pem" |
|
.cert_path=strenv(tmpdir) + "/agent_bad_ou.pem" |
|
||||||
.url="https://127.0.0.1:8080"
|
.url="https://127.0.0.1:8080"
|
||||||
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
||||||
|
|
||||||
yq 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
||||||
yq 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
||||||
./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
#let the agent start
|
#let the agent start
|
||||||
sleep 2
|
sleep 2
|
||||||
|
@ -79,15 +79,15 @@ teardown() {
|
||||||
@test "${FILE} we have exactly one machine registered with TLS" {
|
@test "${FILE} we have exactly one machine registered with TLS" {
|
||||||
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
|
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
|
||||||
|
|
||||||
yq '
|
yq e '
|
||||||
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
||||||
.key_path=strenv(tmpdir) + "/agent-key.pem" |
|
.key_path=strenv(tmpdir) + "/agent-key.pem" |
|
||||||
.cert_path=strenv(tmpdir) + "/agent.pem" |
|
.cert_path=strenv(tmpdir) + "/agent.pem" |
|
||||||
.url="https://127.0.0.1:8080"
|
.url="https://127.0.0.1:8080"
|
||||||
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
||||||
|
|
||||||
yq 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
||||||
yq 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
||||||
./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
#let the agent start
|
#let the agent start
|
||||||
sleep 2
|
sleep 2
|
||||||
|
@ -103,15 +103,15 @@ teardown() {
|
||||||
@test "${FILE} invalid cert for agent" {
|
@test "${FILE} invalid cert for agent" {
|
||||||
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
|
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
|
||||||
|
|
||||||
yq '
|
yq e '
|
||||||
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
||||||
.key_path=strenv(tmpdir) + "/agent_invalid-key.pem" |
|
.key_path=strenv(tmpdir) + "/agent_invalid-key.pem" |
|
||||||
.cert_path=strenv(tmpdir) + "/agent_invalid.pem" |
|
.cert_path=strenv(tmpdir) + "/agent_invalid.pem" |
|
||||||
.url="https://127.0.0.1:8080"
|
.url="https://127.0.0.1:8080"
|
||||||
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
||||||
|
|
||||||
yq 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
||||||
yq 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
||||||
./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
#let the agent start
|
#let the agent start
|
||||||
sleep 2
|
sleep 2
|
||||||
|
@ -122,15 +122,15 @@ teardown() {
|
||||||
@test "${FILE} revoked cert for agent" {
|
@test "${FILE} revoked cert for agent" {
|
||||||
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
|
CONFIG_DIR=$(dirname "${CONFIG_YAML}")
|
||||||
|
|
||||||
yq '
|
yq e '
|
||||||
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
||||||
.key_path=strenv(tmpdir) + "/agent_revoked-key.pem" |
|
.key_path=strenv(tmpdir) + "/agent_revoked-key.pem" |
|
||||||
.cert_path=strenv(tmpdir) + "/agent_revoked.pem" |
|
.cert_path=strenv(tmpdir) + "/agent_revoked.pem" |
|
||||||
.url="https://127.0.0.1:8080"
|
.url="https://127.0.0.1:8080"
|
||||||
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
||||||
|
|
||||||
yq 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
||||||
yq 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
||||||
./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
#let the agent start
|
#let the agent start
|
||||||
sleep 2
|
sleep 2
|
||||||
|
|
|
@ -38,9 +38,15 @@ check_nc() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
check_base64() {
|
||||||
|
if ! command -v base64 >/dev/null; then
|
||||||
|
die "missing required program 'base64'"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
check_yq() {
|
check_yq() {
|
||||||
# shellcheck disable=SC2016
|
# shellcheck disable=SC2016
|
||||||
howto_install='You can install it with your favorite package manager (including snap) or with "GO111MODULE=on go get github.com/mikefarah/yq/v4" and add ~/go/bin to $PATH.'
|
howto_install='You can install it with your favorite package manager (including snap) or with "go install github.com/mikefarah/yq/v4@latest" and add ~/go/bin to $PATH.'
|
||||||
if ! command -v yq >/dev/null; then
|
if ! command -v yq >/dev/null; then
|
||||||
die "Missing required program 'yq'. ${howto_install}"
|
die "Missing required program 'yq'. ${howto_install}"
|
||||||
fi
|
fi
|
||||||
|
@ -70,7 +76,7 @@ check_daemonizer() {
|
||||||
|
|
||||||
check_cfssl() {
|
check_cfssl() {
|
||||||
# shellcheck disable=SC2016
|
# shellcheck disable=SC2016
|
||||||
howto_install='You can install it with "go get -u github.com/cloudflare/cfssl/cmd/cfssl" and add ~/go/bin to $PATH.'
|
howto_install='You can install it with "go install github.com/cloudflare/cfssl/cmd/cfssl@latest" and add ~/go/bin to $PATH.'
|
||||||
if ! command -v cfssl >/dev/null; then
|
if ! command -v cfssl >/dev/null; then
|
||||||
die "Missing required program 'cfssl'. ${howto_install}"
|
die "Missing required program 'cfssl'. ${howto_install}"
|
||||||
fi
|
fi
|
||||||
|
@ -78,7 +84,7 @@ check_cfssl() {
|
||||||
|
|
||||||
check_cfssljson() {
|
check_cfssljson() {
|
||||||
# shellcheck disable=SC2016
|
# shellcheck disable=SC2016
|
||||||
howto_install='You can install it with "go get -u github.com/cloudflare/cfssl/cmd/cfssljson" and add ~/go/bin to $PATH.'
|
howto_install='You can install it with "go install github.com/cloudflare/cfssl/cmd/cfssljson@latest" and add ~/go/bin to $PATH.'
|
||||||
if ! command -v cfssljson >/dev/null; then
|
if ! command -v cfssljson >/dev/null; then
|
||||||
die "Missing required program 'cfssljson'. ${howto_install}"
|
die "Missing required program 'cfssljson'. ${howto_install}"
|
||||||
fi
|
fi
|
||||||
|
@ -96,6 +102,7 @@ check_cfssl
|
||||||
check_cfssljson
|
check_cfssljson
|
||||||
check_jq
|
check_jq
|
||||||
check_nc
|
check_nc
|
||||||
|
check_base64
|
||||||
check_python3
|
check_python3
|
||||||
check_yq
|
check_yq
|
||||||
if [[ -n "${TEST_COVERAGE}" ]]; then
|
if [[ -n "${TEST_COVERAGE}" ]]; then
|
||||||
|
|
|
@ -46,13 +46,16 @@ remove_init_data() {
|
||||||
config_generate() {
|
config_generate() {
|
||||||
mkdir -p "${CONFIG_DIR}"
|
mkdir -p "${CONFIG_DIR}"
|
||||||
|
|
||||||
cp ../config/acquis.yaml \
|
cp ../config/profiles.yaml \
|
||||||
../config/profiles.yaml \
|
|
||||||
../config/simulation.yaml \
|
../config/simulation.yaml \
|
||||||
../config/local_api_credentials.yaml \
|
../config/local_api_credentials.yaml \
|
||||||
../config/online_api_credentials.yaml \
|
../config/online_api_credentials.yaml \
|
||||||
"${CONFIG_DIR}/"
|
"${CONFIG_DIR}/"
|
||||||
|
|
||||||
|
# the default acquis file contains files that are not readable by everyone
|
||||||
|
# We use a noop configuration that forces nevertheless crowdsec to keep watching
|
||||||
|
echo '{"filenames":["/tmp/should-not-exist.log"],"labels":{"type":"syslog"},"force_inotify":true}' > "${CONFIG_DIR}/acquis.yaml"
|
||||||
|
|
||||||
cp ../plugins/notifications/*/{http,email,slack,splunk,dummy}.yaml \
|
cp ../plugins/notifications/*/{http,email,slack,splunk,dummy}.yaml \
|
||||||
"${CONFIG_DIR}/notifications/"
|
"${CONFIG_DIR}/notifications/"
|
||||||
|
|
||||||
|
@ -75,7 +78,7 @@ config_generate() {
|
||||||
.api.server.profiles_path=strenv(CONFIG_DIR)+"/profiles.yaml" |
|
.api.server.profiles_path=strenv(CONFIG_DIR)+"/profiles.yaml" |
|
||||||
.api.server.console_path=strenv(CONFIG_DIR)+"/console.yaml" |
|
.api.server.console_path=strenv(CONFIG_DIR)+"/console.yaml" |
|
||||||
.api.server.online_client.credentials_path=strenv(CONFIG_DIR)+"/online_api_credentials.yaml"
|
.api.server.online_client.credentials_path=strenv(CONFIG_DIR)+"/online_api_credentials.yaml"
|
||||||
' - <../config/config.yaml >"${CONFIG_DIR}/config.yaml"
|
' ../config/config.yaml >"${CONFIG_DIR}/config.yaml"
|
||||||
}
|
}
|
||||||
|
|
||||||
make_init_data() {
|
make_init_data() {
|
||||||
|
|
|
@ -48,7 +48,7 @@ restore() {
|
||||||
# ---------------------------
|
# ---------------------------
|
||||||
# In most cases this is called with setup argument, and it shouldn't fail for missing config file.
|
# In most cases this is called with setup argument, and it shouldn't fail for missing config file.
|
||||||
if [[ -f "${CONFIG_YAML}" ]]; then
|
if [[ -f "${CONFIG_YAML}" ]]; then
|
||||||
DATA_DIR=$(yq e '.config_paths.data_dir' - <"${CONFIG_YAML}")
|
DATA_DIR=$(yq e '.config_paths.data_dir' "${CONFIG_YAML}")
|
||||||
DB_FILE="${DATA_DIR}/crowdsec.db"
|
DB_FILE="${DATA_DIR}/crowdsec.db"
|
||||||
export DB_FILE
|
export DB_FILE
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -45,7 +45,7 @@ cscli() {
|
||||||
export -f cscli
|
export -f cscli
|
||||||
|
|
||||||
config_yq() {
|
config_yq() {
|
||||||
yq e "$@" - <"${CONFIG_YAML}"
|
yq e "$@" "${CONFIG_YAML}"
|
||||||
}
|
}
|
||||||
export -f config_yq
|
export -f config_yq
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue