fix(cscli): correct and test the behavior of "cscli collections delete" (#1824)
This commit is contained in:
parent
7b4f300eb2
commit
e545933923
|
@ -133,6 +133,9 @@ func RemoveMany(csConfig *csconfig.Config, itemType string, name string, all boo
|
||||||
|
|
||||||
// remove all
|
// remove all
|
||||||
for _, v := range GetItemMap(itemType) {
|
for _, v := range GetItemMap(itemType) {
|
||||||
|
if !v.Installed {
|
||||||
|
continue
|
||||||
|
}
|
||||||
v, err = DisableItem(csConfig.Hub, v, purge, forceAction)
|
v, err = DisableItem(csConfig.Hub, v, purge, forceAction)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("unable to disable %s : %v", v.Name, err)
|
log.Fatalf("unable to disable %s : %v", v.Name, err)
|
||||||
|
|
|
@ -5,15 +5,42 @@ import (
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
|
||||||
"github.com/crowdsecurity/crowdsec/pkg/csconfig"
|
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
|
"github.com/crowdsecurity/crowdsec/pkg/csconfig"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func purgeItem(hub *csconfig.Hub, target Item) (Item, error) {
|
||||||
|
var hdir = hub.HubDir
|
||||||
|
hubpath := hdir + "/" + target.RemotePath
|
||||||
|
|
||||||
|
// disable hub file
|
||||||
|
if err := os.Remove(hubpath); err != nil {
|
||||||
|
return target, errors.Wrap(err, "while removing file")
|
||||||
|
}
|
||||||
|
|
||||||
|
target.Downloaded = false
|
||||||
|
log.Infof("Removed source file [%s] : %s", target.Name, hubpath)
|
||||||
|
hubIdx[target.Type][target.Name] = target
|
||||||
|
return target, nil
|
||||||
|
}
|
||||||
|
|
||||||
//DisableItem to disable an item managed by the hub, removes the symlink if purge is true
|
//DisableItem to disable an item managed by the hub, removes the symlink if purge is true
|
||||||
func DisableItem(hub *csconfig.Hub, target Item, purge bool, force bool) (Item, error) {
|
func DisableItem(hub *csconfig.Hub, target Item, purge bool, force bool) (Item, error) {
|
||||||
var tdir = hub.ConfigDir
|
var tdir = hub.ConfigDir
|
||||||
var hdir = hub.HubDir
|
var hdir = hub.HubDir
|
||||||
|
var err error
|
||||||
|
|
||||||
|
if !target.Installed {
|
||||||
|
if purge {
|
||||||
|
target, err = purgeItem(hub, target)
|
||||||
|
if err != nil {
|
||||||
|
return target, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return target, nil
|
||||||
|
}
|
||||||
|
|
||||||
syml, err := filepath.Abs(tdir + "/" + target.Type + "/" + target.Stage + "/" + target.FileName)
|
syml, err := filepath.Abs(tdir + "/" + target.Type + "/" + target.Stage + "/" + target.FileName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -91,13 +118,10 @@ func DisableItem(hub *csconfig.Hub, target Item, purge bool, force bool) (Item,
|
||||||
target.Installed = false
|
target.Installed = false
|
||||||
|
|
||||||
if purge {
|
if purge {
|
||||||
hubpath := hdir + "/" + target.RemotePath
|
target, err = purgeItem(hub, target)
|
||||||
//if purge, disable hub file
|
if err != nil {
|
||||||
if err = os.Remove(hubpath); err != nil {
|
return target, err
|
||||||
return target, errors.Wrap(err, "while removing file")
|
|
||||||
}
|
}
|
||||||
target.Downloaded = false
|
|
||||||
log.Infof("Removed source file [%s] : %s", target.Name, hubpath)
|
|
||||||
}
|
}
|
||||||
hubIdx[target.Type][target.Name] = target
|
hubIdx[target.Type][target.Name] = target
|
||||||
return target, nil
|
return target, nil
|
||||||
|
|
|
@ -58,15 +58,55 @@ teardown() {
|
||||||
refute_line "crowdsecurity/mysql"
|
refute_line "crowdsecurity/mysql"
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "cannot remove a collection twice" {
|
@test "must use --force to remove a collection that belongs to another, which becomes tainted" {
|
||||||
run -0 cscli collections install crowdsecurity/mysql -o human
|
# we expect no error since we may have multiple collections, some removed and some not
|
||||||
run -0 --separate-stderr cscli collections remove crowdsecurity/mysql
|
run -0 --separate-stderr cscli collections remove crowdsecurity/sshd
|
||||||
run -1 --separate-stderr cscli collections remove crowdsecurity/mysql -o json
|
assert_stderr --partial "crowdsecurity/sshd belongs to other collections"
|
||||||
run -0 jq -r '.level' <(stderr)
|
assert_stderr --partial "[crowdsecurity/linux]"
|
||||||
assert_output 'fatal'
|
|
||||||
run -0 jq -r '.msg' <(stderr)
|
run -0 --separate-stderr cscli collections remove crowdsecurity/sshd --force
|
||||||
assert_output --partial "unable to disable crowdsecurity/mysql"
|
assert_stderr --partial "Removed symlink [crowdsecurity/sshd]"
|
||||||
assert_output --partial "doesn't exist"
|
run -0 cscli collections inspect crowdsecurity/linux -o json
|
||||||
|
run -0 jq -r '.tainted' <(output)
|
||||||
|
assert_output "true"
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "can remove a collection" {
|
||||||
|
run -0 cscli collections remove crowdsecurity/linux
|
||||||
|
assert_output --partial "Removed"
|
||||||
|
assert_output --regexp ".*for the new configuration to be effective."
|
||||||
|
run -0 cscli collections inspect crowdsecurity/linux -o human
|
||||||
|
assert_line 'installed: false'
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "collections delete is an alias for collections remove" {
|
||||||
|
run -0 cscli collections delete crowdsecurity/linux
|
||||||
|
assert_output --partial "Removed"
|
||||||
|
assert_output --regexp ".*for the new configuration to be effective."
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "removing a collection that does not exist is noop" {
|
||||||
|
run -0 cscli collections remove crowdsecurity/apache2
|
||||||
|
refute_output --partial "Removed"
|
||||||
|
assert_output --regexp ".*for the new configuration to be effective."
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "can remove a removed collection" {
|
||||||
|
run -0 cscli collections install crowdsecurity/mysql
|
||||||
|
run -0 cscli collections remove crowdsecurity/mysql
|
||||||
|
assert_output --partial "Removed"
|
||||||
|
run -0 cscli collections remove crowdsecurity/mysql
|
||||||
|
refute_output --partial "Removed"
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "can remove all collections" {
|
||||||
|
run -0 cscli collections remove --all
|
||||||
|
assert_output --partial "Removed symlink [crowdsecurity/sshd]"
|
||||||
|
assert_output --partial "Removed symlink [crowdsecurity/linux]"
|
||||||
|
run -0 cscli hub list -o json
|
||||||
|
assert_json '{collections:[],parsers:[],postoverflows:[],scenarios:[]}'
|
||||||
|
run -0 cscli collections remove --all
|
||||||
|
assert_output --partial 'Disabled 0 items'
|
||||||
}
|
}
|
||||||
|
|
||||||
# TODO test download-only
|
# TODO test download-only
|
||||||
|
|
Loading…
Reference in a new issue