beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Fixed bats tests for freebsd (#1600)

Browse source
This commit is contained in:
mmetc 2022-06-22 10:00:51 +02:00 committed by GitHub
parent d71279f023
commit b91fcb8e9b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 64 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
tests/README.md
View file

@ -67,7 +67,7 @@ Run `make clean bats-all` to perform a test build + run.
To repeat test runs without rebuilding crowdsec, use `make bats-test`. To repeat test runs without rebuilding crowdsec, use `make bats-test`.
## Troubleshooting tests ## Debugging tests
See `./tests/run-tests --help` to run/debug specific tests. See `./tests/run-tests --help` to run/debug specific tests.
@ -386,9 +386,28 @@ $ sudo docker run --cap-add=sys_nice --detach --name=mariadb -p 3306:3306 --env
A mysql-client package is required as well. A mysql-client package is required as well.
## troubleshooting
- My tests are hanging forever, why?
See if you have a jq/yq or similar process waiting for standard input. Hint:
you can pass a file from the result of the previous `run` command with
`<(output)`. This substitutes the expression with a file name, but if you
really want it in standard input, you have to use `< <(output)`. Bash is
awesome but the syntax is often weird.
- I can't do X with jq.
If you prefer you can use yq. It can parse and generate json, and it has a
different syntax.
- I get "while parsing /tmp/....: yaml: line 5: mapping values are not allowed in this context"
Check the heredocs (the <<EOT blocks). Each line must start with a hard TAB
followed by spaces. You are probably missing some tabs.
## gotchas ## gotchas
- Testing with Postgres or MySQL/MariaDB leads to (unpredictably) failing - Testing with Postgres or MySQL/MariaDB leads to (unpredictably) failing
tests in the GitHub workflows, so we had to disable them by default. We do tests in the GitHub workflows, so we had to disable them by default. We do
run these in a separate environment before doing releases. run these in a separate environment before doing releases. They should always
pass if you run them in a development machine.

2
tests/assert-crowdsec-not-running
View file

@ -13,7 +13,7 @@ is_crowdsec_running || exit 0
sleep 2 sleep 2
is_crowdsec_running || exit 0 is_crowdsec_running || exit 0
PIDS=$(echo "${PIDS}" | sed ':a;N;$!ba;s/\n/ /g') PIDS=$(echo "${PIDS}" | tr '\n' ' ')
msg="CrowdSec is already running (PID ${PIDS}). Please terminate it and run the tests again." msg="CrowdSec is already running (PID ${PIDS}). Please terminate it and run the tests again."
# Are we inside a setup() or @test? Is file descriptor 3 open? # Are we inside a setup() or @test? Is file descriptor 3 open?

18
tests/bats/05_config_yaml_local.bats
View file

@ -50,28 +50,28 @@ teardown() {
} }
@test "${FILE} config.yaml.local - crowdsec (listen_url)" { @test "${FILE} config.yaml.local - crowdsec (listen_url)" {
run -0 ./instance-crowdsec start ./instance-crowdsec start
run -0 ./lib/util/wait-for-port -q 8080 run -0 ./lib/util/wait-for-port -q 8080
run -0 ./instance-crowdsec stop ./instance-crowdsec stop
echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local" echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local"
run -0 ./instance-crowdsec start ./instance-crowdsec start
run -0 ./lib/util/wait-for-port -q 8083 run -0 ./lib/util/wait-for-port -q 8083
run -1 ./lib/util/wait-for-port -q 8080 run -1 ./lib/util/wait-for-port -q 8080
run -0 ./instance-crowdsec stop ./instance-crowdsec stop
rm -f "${CONFIG_YAML}.local" rm -f "${CONFIG_YAML}.local"
run -0 ./instance-crowdsec start ./instance-crowdsec start
run -1 ./lib/util/wait-for-port -q 8083 run -1 ./lib/util/wait-for-port -q 8083
run -0 ./lib/util/wait-for-port -q 8080 run -0 ./lib/util/wait-for-port -q 8080
} }
@test "${FILE} local_api_credentials.yaml.local" { @test "${FILE} local_api_credentials.yaml.local" {
echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local" echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local"
run -0 ./instance-crowdsec start ./instance-crowdsec start
run -0 ./lib/util/wait-for-port -q 8083 run -0 ./lib/util/wait-for-port -q 8083
run -0 yq e '.api.client.credentials_path' <"${CONFIG_YAML}" run -0 yq e '.api.client.credentials_path' "${CONFIG_YAML}"
LOCAL_API_CREDENTIALS="${output}" LOCAL_API_CREDENTIALS="${output}"
run -1 cscli decisions list run -1 cscli decisions list
@ -80,7 +80,7 @@ teardown() {
} }
@test "${FILE} simulation.yaml.local" { @test "${FILE} simulation.yaml.local" {
run -0 yq e '.config_paths.simulation_path' <"${CONFIG_YAML}" run -0 yq e '.config_paths.simulation_path' "${CONFIG_YAML}"
refute_output null refute_output null
SIMULATION="${output}" SIMULATION="${output}"
@ -102,7 +102,7 @@ teardown() {
} }
@test "${FILE} profiles.yaml.local" { @test "${FILE} profiles.yaml.local" {
run -0 yq e '.api.server.profiles_path' <"${CONFIG_YAML}" run -0 yq e '.api.server.profiles_path' "${CONFIG_YAML}"
refute_output null refute_output null
PROFILES="${output}" PROFILES="${output}"

4
tests/bats/11_bouncers_tls.bats
View file

@ -4,7 +4,7 @@
set -u set -u
config_disable_agent() { config_disable_agent() {
yq 'del(.crowdsec_service)' -i "${CONFIG_YAML}" yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
} }
setup_file() { setup_file() {
@ -35,7 +35,7 @@ setup_file() {
echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt" echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt"
cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem" cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem"
yq ' yq e '
.api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" | .api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" |
.api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" | .api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" |
.api.server.tls.ca_cert_path=strenv(tmpdir) + "/inter.pem" | .api.server.tls.ca_cert_path=strenv(tmpdir) + "/inter.pem" |

26
tests/bats/30_machines_tls.bats
View file

@ -32,7 +32,7 @@ setup_file() {
echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt" echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt"
cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem" cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem"
yq ' yq e '
.api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" | .api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" |
.api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" | .api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" |
.api.server.tls.ca_cert_path=strenv(tmpdir) + "/inter.pem" | .api.server.tls.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
@ -60,15 +60,15 @@ teardown() {
@test "${FILE} invalid OU for agent" { @test "${FILE} invalid OU for agent" {
CONFIG_DIR=$(dirname "${CONFIG_YAML}") CONFIG_DIR=$(dirname "${CONFIG_YAML}")
yq ' yq e '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" | .ca_cert_path=strenv(tmpdir) + "/inter.pem" |
.key_path=strenv(tmpdir) + "/agent_bad_ou-key.pem" | .key_path=strenv(tmpdir) + "/agent_bad_ou-key.pem" |
.cert_path=strenv(tmpdir) + "/agent_bad_ou.pem" | .cert_path=strenv(tmpdir) + "/agent_bad_ou.pem" |
.url="https://127.0.0.1:8080" .url="https://127.0.0.1:8080"
' -i "${CONFIG_DIR}/local_api_credentials.yaml" ' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml" yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml" yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
./instance-crowdsec start ./instance-crowdsec start
#let the agent start #let the agent start
sleep 2 sleep 2
@ -79,15 +79,15 @@ teardown() {
@test "${FILE} we have exactly one machine registered with TLS" { @test "${FILE} we have exactly one machine registered with TLS" {
CONFIG_DIR=$(dirname "${CONFIG_YAML}") CONFIG_DIR=$(dirname "${CONFIG_YAML}")
yq ' yq e '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" | .ca_cert_path=strenv(tmpdir) + "/inter.pem" |
.key_path=strenv(tmpdir) + "/agent-key.pem" | .key_path=strenv(tmpdir) + "/agent-key.pem" |
.cert_path=strenv(tmpdir) + "/agent.pem" | .cert_path=strenv(tmpdir) + "/agent.pem" |
.url="https://127.0.0.1:8080" .url="https://127.0.0.1:8080"
' -i "${CONFIG_DIR}/local_api_credentials.yaml" ' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml" yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml" yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
./instance-crowdsec start ./instance-crowdsec start
#let the agent start #let the agent start
sleep 2 sleep 2
@ -103,15 +103,15 @@ teardown() {
@test "${FILE} invalid cert for agent" { @test "${FILE} invalid cert for agent" {
CONFIG_DIR=$(dirname "${CONFIG_YAML}") CONFIG_DIR=$(dirname "${CONFIG_YAML}")
yq ' yq e '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" | .ca_cert_path=strenv(tmpdir) + "/inter.pem" |
.key_path=strenv(tmpdir) + "/agent_invalid-key.pem" | .key_path=strenv(tmpdir) + "/agent_invalid-key.pem" |
.cert_path=strenv(tmpdir) + "/agent_invalid.pem" | .cert_path=strenv(tmpdir) + "/agent_invalid.pem" |
.url="https://127.0.0.1:8080" .url="https://127.0.0.1:8080"
' -i "${CONFIG_DIR}/local_api_credentials.yaml" ' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml" yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml" yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
./instance-crowdsec start ./instance-crowdsec start
#let the agent start #let the agent start
sleep 2 sleep 2
@ -122,15 +122,15 @@ teardown() {
@test "${FILE} revoked cert for agent" { @test "${FILE} revoked cert for agent" {
CONFIG_DIR=$(dirname "${CONFIG_YAML}") CONFIG_DIR=$(dirname "${CONFIG_YAML}")
yq ' yq e '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" | .ca_cert_path=strenv(tmpdir) + "/inter.pem" |
.key_path=strenv(tmpdir) + "/agent_revoked-key.pem" | .key_path=strenv(tmpdir) + "/agent_revoked-key.pem" |
.cert_path=strenv(tmpdir) + "/agent_revoked.pem" | .cert_path=strenv(tmpdir) + "/agent_revoked.pem" |
.url="https://127.0.0.1:8080" .url="https://127.0.0.1:8080"
' -i "${CONFIG_DIR}/local_api_credentials.yaml" ' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml" yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml" yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
./instance-crowdsec start ./instance-crowdsec start
#let the agent start #let the agent start
sleep 2 sleep 2

13
tests/check-requirements
View file

@ -38,9 +38,15 @@ check_nc() {
fi fi
} }
check_base64() {
if ! command -v base64 >/dev/null; then
die "missing required program 'base64'"
fi
}
check_yq() { check_yq() {
# shellcheck disable=SC2016 # shellcheck disable=SC2016
howto_install='You can install it with your favorite package manager (including snap) or with "GO111MODULE=on go get github.com/mikefarah/yq/v4" and add ~/go/bin to $PATH.' howto_install='You can install it with your favorite package manager (including snap) or with "go install github.com/mikefarah/yq/v4@latest" and add ~/go/bin to $PATH.'
if ! command -v yq >/dev/null; then if ! command -v yq >/dev/null; then
die "Missing required program 'yq'. ${howto_install}" die "Missing required program 'yq'. ${howto_install}"
fi fi
@ -70,7 +76,7 @@ check_daemonizer() {
check_cfssl() { check_cfssl() {
# shellcheck disable=SC2016 # shellcheck disable=SC2016
howto_install='You can install it with "go get -u github.com/cloudflare/cfssl/cmd/cfssl" and add ~/go/bin to $PATH.' howto_install='You can install it with "go install github.com/cloudflare/cfssl/cmd/cfssl@latest" and add ~/go/bin to $PATH.'
if ! command -v cfssl >/dev/null; then if ! command -v cfssl >/dev/null; then
die "Missing required program 'cfssl'. ${howto_install}" die "Missing required program 'cfssl'. ${howto_install}"
fi fi
@ -78,7 +84,7 @@ check_cfssl() {
check_cfssljson() { check_cfssljson() {
# shellcheck disable=SC2016 # shellcheck disable=SC2016
howto_install='You can install it with "go get -u github.com/cloudflare/cfssl/cmd/cfssljson" and add ~/go/bin to $PATH.' howto_install='You can install it with "go install github.com/cloudflare/cfssl/cmd/cfssljson@latest" and add ~/go/bin to $PATH.'
if ! command -v cfssljson >/dev/null; then if ! command -v cfssljson >/dev/null; then
die "Missing required program 'cfssljson'. ${howto_install}" die "Missing required program 'cfssljson'. ${howto_install}"
fi fi
@ -96,6 +102,7 @@ check_cfssl
check_cfssljson check_cfssljson
check_jq check_jq
check_nc check_nc
check_base64
check_python3 check_python3
check_yq check_yq
if [[ -n "${TEST_COVERAGE}" ]]; then if [[ -n "${TEST_COVERAGE}" ]]; then

9
tests/lib/config/config-local
View file

@ -46,13 +46,16 @@ remove_init_data() {
config_generate() { config_generate() {
mkdir -p "${CONFIG_DIR}" mkdir -p "${CONFIG_DIR}"
cp ../config/acquis.yaml \ cp ../config/profiles.yaml \
../config/profiles.yaml \
../config/simulation.yaml \ ../config/simulation.yaml \
../config/local_api_credentials.yaml \ ../config/local_api_credentials.yaml \
../config/online_api_credentials.yaml \ ../config/online_api_credentials.yaml \
"${CONFIG_DIR}/" "${CONFIG_DIR}/"
# the default acquis file contains files that are not readable by everyone
# We use a noop configuration that forces nevertheless crowdsec to keep watching
echo '{"filenames":["/tmp/should-not-exist.log"],"labels":{"type":"syslog"},"force_inotify":true}' > "${CONFIG_DIR}/acquis.yaml"
cp ../plugins/notifications/*/{http,email,slack,splunk,dummy}.yaml \ cp ../plugins/notifications/*/{http,email,slack,splunk,dummy}.yaml \
"${CONFIG_DIR}/notifications/" "${CONFIG_DIR}/notifications/"
@ -75,7 +78,7 @@ config_generate() {
.api.server.profiles_path=strenv(CONFIG_DIR)+"/profiles.yaml" | .api.server.profiles_path=strenv(CONFIG_DIR)+"/profiles.yaml" |
.api.server.console_path=strenv(CONFIG_DIR)+"/console.yaml" | .api.server.console_path=strenv(CONFIG_DIR)+"/console.yaml" |
.api.server.online_client.credentials_path=strenv(CONFIG_DIR)+"/online_api_credentials.yaml" .api.server.online_client.credentials_path=strenv(CONFIG_DIR)+"/online_api_credentials.yaml"
' - <../config/config.yaml >"${CONFIG_DIR}/config.yaml" ' ../config/config.yaml >"${CONFIG_DIR}/config.yaml"
} }
make_init_data() { make_init_data() {

2
tests/lib/db/instance-sqlite
View file

@ -48,7 +48,7 @@ restore() {
# --------------------------- # ---------------------------
# In most cases this is called with setup argument, and it shouldn't fail for missing config file. # In most cases this is called with setup argument, and it shouldn't fail for missing config file.
if [[ -f "${CONFIG_YAML}" ]]; then if [[ -f "${CONFIG_YAML}" ]]; then
DATA_DIR=$(yq e '.config_paths.data_dir' - <"${CONFIG_YAML}") DATA_DIR=$(yq e '.config_paths.data_dir' "${CONFIG_YAML}")
DB_FILE="${DATA_DIR}/crowdsec.db" DB_FILE="${DATA_DIR}/crowdsec.db"
export DB_FILE export DB_FILE
fi fi

2
tests/lib/setup_file.sh
View file

@ -45,7 +45,7 @@ cscli() {
export -f cscli export -f cscli
config_yq() { config_yq() {
yq e "$@" - <"${CONFIG_YAML}" yq e "$@" "${CONFIG_YAML}"
} }
export -f config_yq export -f config_yq