beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

config_get, config_set test helpers (#1632)

Browse source
This commit is contained in:
mmetc 2022-07-01 22:45:55 +02:00 committed by GitHub
parent 5f62d738fc
commit e868adee2f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 99 additions and 83 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
tests/bats/01_base.bats
View file

@ -95,7 +95,7 @@ declare stderr
assert_output --partial " on https://api.crowdsec.net/"
assert_output --partial "You can successfully interact with Central API (CAPI)"
ONLINE_API_CREDENTIALS_YAML="$(config_yq '.api.server.online_client.credentials_path')"
ONLINE_API_CREDENTIALS_YAML="$(config_get '.api.server.online_client.credentials_path')"
rm "${ONLINE_API_CREDENTIALS_YAML}"
run -1 --separate-stderr cscli capi status
run -0 echo "${stderr}"
@ -164,7 +164,7 @@ declare stderr
assert_output --partial "Failed to backup configurations"
assert_output --partial "file exists"
SIMULATION_YAML="$(config_yq '.config_paths.simulation_path')"
SIMULATION_YAML="$(config_get '.config_paths.simulation_path')"
# restore
rm "${SIMULATION_YAML}"
@ -193,7 +193,7 @@ declare stderr
}
@test "cscli - missing LAPI credentials file" {
LOCAL_API_CREDENTIALS=$(config_yq '.api.client.credentials_path')
LOCAL_API_CREDENTIALS=$(config_get '.api.client.credentials_path')
rm -f "${LOCAL_API_CREDENTIALS}"
run -1 --separate-stderr cscli lapi status
run -0 echo "${stderr}"
@ -209,7 +209,7 @@ declare stderr
}
@test "cscli - empty LAPI credentials file" {
LOCAL_API_CREDENTIALS=$(config_yq '.api.client.credentials_path')
LOCAL_API_CREDENTIALS=$(config_get '.api.client.credentials_path')
truncate -s 0 "${LOCAL_API_CREDENTIALS}"
run -1 --separate-stderr cscli lapi status
run -0 echo "${stderr}"
@ -225,7 +225,7 @@ declare stderr
}
@test "cscli - missing LAPI client settings" {
yq e 'del(.api.client)' -i "${CONFIG_YAML}"
config_set 'del(.api.client)'
run -1 --separate-stderr cscli lapi status
run -0 echo "${stderr}"
assert_output --partial "loading api client: no API client section in configuration"
@ -240,8 +240,8 @@ declare stderr
}
@test "cscli - malformed LAPI url" {
LOCAL_API_CREDENTIALS=$(config_yq '.api.client.credentials_path')
yq e '.url="https://127.0.0.1:-80"' -i "${LOCAL_API_CREDENTIALS}"
LOCAL_API_CREDENTIALS=$(config_get '.api.client.credentials_path')
config_set "${LOCAL_API_CREDENTIALS}" '.url="https://127.0.0.1:-80"'
run -1 --separate-stderr cscli lapi status
run -0 echo "${stderr}"

2
tests/bats/01_crowdsec.bats
View file

@ -57,7 +57,7 @@ declare stderr
@test "crowdsec - print error on exit" {
# errors that cause program termination are printed to stderr, not only logs
yq e '.db_config.type="meh"' -i "${CONFIG_YAML}"
config_set '.db_config.type="meh"'
run -1 --separate-stderr "${BIN_DIR}/crowdsec"
refute_output
run -0 echo "${stderr}"

12
tests/bats/02_nolapi.bats
View file

@ -35,7 +35,7 @@ declare stderr
}
@test "crowdsec should not run without LAPI (no api.server in configuration file)" {
yq e 'del(.api.server)' -i "${CONFIG_YAML}"
config_set 'del(.api.server)'
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
run -0 echo "${stderr}"
@ -43,7 +43,7 @@ declare stderr
}
@test "capi status shouldn't be ok without api.server" {
yq e 'del(.api.server)' -i "${CONFIG_YAML}"
config_set 'del(.api.server)'
run -1 --separate-stderr cscli capi status
run -0 echo "${stderr}"
@ -52,7 +52,7 @@ declare stderr
}
@test "cscli config show -o human" {
yq e 'del(.api.server)' -i "${CONFIG_YAML}"
config_set 'del(.api.server)'
run -0 cscli config show -o human
assert_output --partial "Global:"
assert_output --partial "Crowdsec:"
@ -61,7 +61,7 @@ declare stderr
}
@test "cscli config backup" {
yq e 'del(.api.server)' -i "${CONFIG_YAML}"
config_set 'del(.api.server)'
backupdir=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp -u)
run -0 cscli config backup "${backupdir}"
assert_output --partial "Starting configuration backup"
@ -74,7 +74,7 @@ declare stderr
}
@test "lapi status shouldn't be ok without api.server" {
yq e 'del(.api.server)' -i "${CONFIG_YAML}"
config_set 'del(.api.server)'
./instance-crowdsec start || true
run -1 --separate-stderr cscli machines list
run -0 echo "${stderr}"
@ -83,7 +83,7 @@ declare stderr
@test "cscli metrics" {
skip 'need to trigger metrics with a live parse'
yq e 'del(.api.server)' -i "${CONFIG_YAML}"
config_set 'del(.api.server)'
./instance-crowdsec start
run -0 --separate-stderr cscli metrics
assert_output --partial "ROUTE"

2
tests/bats/03_noagent.bats
View file

@ -25,7 +25,7 @@ declare stderr
#----------
config_disable_agent() {
yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
config_set 'del(.crowdsec_service)'
}
@test "with agent: test without -no-cs flag" {

2
tests/bats/04_nocapi.bats
View file

@ -25,7 +25,7 @@ declare stderr
#----------
config_disable_capi() {
yq e 'del(.api.server.online_client)' -i "${CONFIG_YAML}"
config_set 'del(.api.server.online_client)'
}
@test "without capi: crowdsec LAPI should run without capi (-no-capi flag)" {

16
tests/bats/05_config_yaml_local.bats
View file

@ -20,7 +20,7 @@ teardown_file() {
setup() {
load "../lib/setup.sh"
./instance-data load
run -0 yq e '.api.client.credentials_path' "${CONFIG_YAML}"
run -0 config_get '.api.client.credentials_path'
LOCAL_API_CREDENTIALS="${output}"
export LOCAL_API_CREDENTIALS
}
@ -32,7 +32,7 @@ teardown() {
#----------
@test "config.yaml.local - cscli (log_level)" {
yq e '.common.log_level="warning"' -i "${CONFIG_YAML}"
config_set '.common.log_level="warning"'
run -0 cscli config show --key Config.Common.LogLevel
assert_output "warning"
@ -42,7 +42,7 @@ teardown() {
}
@test "config.yaml.local - cscli (log_level - with envvar)" {
yq e '.common.log_level="warning"' -i "${CONFIG_YAML}"
config_set '.common.log_level="warning"'
run -0 cscli config show --key Config.Common.LogLevel
assert_output "warning"
@ -54,7 +54,7 @@ teardown() {
@test "config.yaml.local - crowdsec (listen_url)" {
# disable the agent or we'll need to patch api client credentials too
run -0 yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
run -0 config_set 'del(.crowdsec_service)'
./instance-crowdsec start
run -0 ./lib/util/wait-for-port -q 8080
./instance-crowdsec stop
@ -74,7 +74,7 @@ teardown() {
}
@test "local_api_credentials.yaml.local" {
run -0 yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
run -0 config_set 'del(.crowdsec_service)'
echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local"
./instance-crowdsec start
run -0 ./lib/util/wait-for-port -q 8083
@ -86,7 +86,7 @@ teardown() {
}
@test "simulation.yaml.local" {
run -0 yq e '.config_paths.simulation_path' "${CONFIG_YAML}"
run -0 config_get '.config_paths.simulation_path'
refute_output null
SIMULATION="${output}"
@ -108,7 +108,7 @@ teardown() {
}
@test "profiles.yaml.local" {
run -0 yq e '.api.server.profiles_path' "${CONFIG_YAML}"
run -0 config_get '.api.server.profiles_path'
refute_output null
PROFILES="${output}"
@ -124,7 +124,7 @@ teardown() {
tmpfile=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp)
touch "${tmpfile}"
ACQUIS_YAML=$(config_yq '.crowdsec_service.acquisition_path')
ACQUIS_YAML=$(config_get '.crowdsec_service.acquisition_path')
echo -e "---\nfilename: ${tmpfile}\nlabels:\n type: syslog\n" >>"${ACQUIS_YAML}"
./instance-crowdsec start

6
tests/bats/11_bouncers_tls.bats
View file

@ -4,7 +4,7 @@
set -u
config_disable_agent() {
yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
config_set 'del(.crowdsec_service)'
}
setup_file() {
@ -37,13 +37,13 @@ setup_file() {
echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt"
cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem"
yq e '
config_set '
.api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" |
.api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" |
.api.server.tls.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
.api.server.tls.crl_path=strenv(tmpdir) + "/crl.pem" |
.api.server.tls.bouncers_allowed_ou=["bouncer-ou"]
' -i "${CONFIG_YAML}"
'
config_disable_agent
}

33
tests/bats/30_machines_tls.bats
View file

@ -4,7 +4,7 @@
set -u
config_disable_agent() {
yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
config_set 'del(.crowdsec_service)'
}
setup_file() {
@ -40,13 +40,13 @@ setup_file() {
echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt"
cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem"
yq e '
config_set '
.api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" |
.api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" |
.api.server.tls.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
.api.server.tls.crl_path=strenv(tmpdir) + "/crl.pem" |
.api.server.tls.agents_allowed_ou=["agent-ou"]
' -i "${CONFIG_YAML}"
'
run -0 cscli machines delete githubciXXXXXXXXXXXXXXXXXXXXXXXX
config_disable_agent
@ -68,28 +68,28 @@ teardown() {
#----------
@test "invalid OU for agent" {
yq e '
config_set "${CONFIG_DIR}/local_api_credentials.yaml" '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
.key_path=strenv(tmpdir) + "/agent_bad_ou-key.pem" |
.cert_path=strenv(tmpdir) + "/agent_bad_ou.pem" |
.url="https://127.0.0.1:8080"
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
'
yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
config_set "${CONFIG_DIR}/local_api_credentials.yaml" 'del(.login,.password)'
./instance-crowdsec start
run -0 cscli machines list -o json
assert_output '[]'
}
@test "we have exactly one machine registered with TLS" {
yq e '
config_set "${CONFIG_DIR}/local_api_credentials.yaml" '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
.key_path=strenv(tmpdir) + "/agent-key.pem" |
.cert_path=strenv(tmpdir) + "/agent.pem" |
.url="https://127.0.0.1:8080"
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
'
yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
config_set "${CONFIG_DIR}/local_api_credentials.yaml" 'del(.login,.password)'
./instance-crowdsec start
run -0 cscli lapi status
run -0 cscli machines list -o json
@ -100,28 +100,27 @@ teardown() {
}
@test "invalid cert for agent" {
yq e '
config_set "${CONFIG_DIR}/local_api_credentials.yaml" '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
.key_path=strenv(tmpdir) + "/agent_invalid-key.pem" |
.cert_path=strenv(tmpdir) + "/agent_invalid.pem" |
.url="https://127.0.0.1:8080"
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
'
config_set "${CONFIG_DIR}/local_api_credentials.yaml" 'del(.login,.password)'
./instance-crowdsec start
run -0 cscli machines list -o json
assert_output '[]'
}
@test "revoked cert for agent" {
yq e '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
config_set "${CONFIG_DIR}/local_api_credentials.yaml" '
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
.key_path=strenv(tmpdir) + "/agent_revoked-key.pem" |
.cert_path=strenv(tmpdir) + "/agent_revoked.pem" |
.url="https://127.0.0.1:8080"
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
'
yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
config_set "${CONFIG_DIR}/local_api_credentials.yaml" 'del(.login,.password)'
./instance-crowdsec start
run -0 cscli machines list -o json
assert_output '[]'

2
tests/bats/40_live-ban.bats
View file

@ -32,7 +32,7 @@ teardown() {
@test "1.1.1.172 has been banned" {
tmpfile=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp)
touch "${tmpfile}"
ACQUIS_YAML=$(config_yq '.crowdsec_service.acquisition_path')
ACQUIS_YAML=$(config_get '.crowdsec_service.acquisition_path')
echo -e "---\nfilename: ${tmpfile}\nlabels:\n type: syslog\n" >>"${ACQUIS_YAML}"
./instance-crowdsec start

14
tests/bats/70_http_plugin.bats
View file

@ -13,27 +13,27 @@ setup_file() {
MOCK_PORT="9999"
MOCK_URL="http://localhost:${MOCK_PORT}"
export MOCK_URL
PLUGIN_DIR=$(config_yq '.config_paths.plugin_dir')
PLUGIN_DIR=$(config_get '.config_paths.plugin_dir')
# could have a trailing slash
PLUGIN_DIR=$(realpath -s "${PLUGIN_DIR}")
export PLUGIN_DIR
# https://mikefarah.gitbook.io/yq/operators/env-variable-operators
yq e '
config_set "$(config_get '.config_paths.notification_dir')/http.yaml" '
.url=strenv(MOCK_URL) |
.group_wait="5s" |
.group_threshold=2
' -i "$(config_yq '.config_paths.notification_dir')/http.yaml"
'
yq e '
config_set "$(config_get '.api.server.profiles_path')" '
.notifications=["http_default"] |
.filters=["Alert.GetScope() == \"Ip\""]
' -i "$(config_yq '.api.server.profiles_path')"
'
yq e '
config_set '
.plugin_config.user="" |
.plugin_config.group=""
' -i "${CONFIG_YAML}"
'
rm -f -- "${MOCK_OUT}"

14
tests/bats/71_dummy_plugin.bats
View file

@ -15,14 +15,14 @@ setup_file() {
tempfile2=$(TMPDIR="${BATS_FILE_TMPDIR}" mktemp)
export tempfile2
DUMMY_YAML="$(config_yq '.config_paths.notification_dir')/dummy.yaml"
DUMMY_YAML="$(config_get '.config_paths.notification_dir')/dummy.yaml"
yq e '
config_set "${DUMMY_YAML}" '
.group_wait="5s" |
.group_threshold=2 |
.output_file=strenv(tempfile) |
.format="{{.|toJson}}"
' -i "${DUMMY_YAML}"
'
cat <<-EOT >>"${DUMMY_YAML}"
---
@ -33,15 +33,15 @@ setup_file() {
output_file: ${tempfile2}
EOT
yq e '
config_set "$(config_get '.api.server.profiles_path')" '
.notifications=["dummy_default","dummy_2"] |
.filters=["Alert.GetScope() == \"Ip\""]
' -i "$(config_yq '.api.server.profiles_path')"
'
yq e '
config_set '
.plugin_config.user="" |
.plugin_config.group=""
' -i "${CONFIG_YAML}"
'
./instance-crowdsec start
}

42
tests/bats/72_plugin_badconfig.bats
View file

@ -6,12 +6,12 @@ set -u
setup_file() {
load "../lib/setup_file.sh"
PLUGIN_DIR=$(config_yq '.config_paths.plugin_dir')
PLUGIN_DIR=$(config_get '.config_paths.plugin_dir')
# could have a trailing slash
PLUGIN_DIR=$(realpath -s "${PLUGIN_DIR}")
export PLUGIN_DIR
PROFILES_PATH=$(config_yq '.api.server.profiles_path')
PROFILES_PATH=$(config_get '.api.server.profiles_path')
export PROFILES_PATH
}
@ -35,39 +35,39 @@ declare stderr
#----------
@test "misconfigured plugin, only user is empty" {
yq e '.plugin_config.user="" | .plugin_config.group="nogroup"' -i "${CONFIG_YAML}"
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
config_set '.plugin_config.user="" | .plugin_config.group="nogroup"'
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
run -0 echo "${stderr}"
assert_output --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: both plugin user and group must be set"
}
@test "misconfigured plugin, only group is empty" {
yq e '(.plugin_config.user="nobody") | (.plugin_config.group="")' -i "${CONFIG_YAML}"
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
config_set '(.plugin_config.user="nobody") | (.plugin_config.group="")'
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
run -0 echo "${stderr}"
assert_output --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: both plugin user and group must be set"
}
@test "misconfigured plugin, user does not exist" {
yq e '(.plugin_config.user="userdoesnotexist") | (.plugin_config.group="groupdoesnotexist")' -i "${CONFIG_YAML}"
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
config_set '(.plugin_config.user="userdoesnotexist") | (.plugin_config.group="groupdoesnotexist")'
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
run -0 echo "${stderr}"
assert_output --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: user: unknown user userdoesnotexist"
}
@test "misconfigured plugin, group does not exist" {
yq e '(.plugin_config.user=strenv(USER)) | (.plugin_config.group="groupdoesnotexist")' -i "${CONFIG_YAML}"
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
config_set '(.plugin_config.user=strenv(USER)) | (.plugin_config.group="groupdoesnotexist")'
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
run -0 echo "${stderr}"
assert_output --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: group: unknown group groupdoesnotexist"
}
@test "bad plugin name" {
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
cp "${PLUGIN_DIR}"/notification-http "${PLUGIN_DIR}"/badname
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
run -0 echo "${stderr}"
@ -75,7 +75,7 @@ declare stderr
}
@test "bad plugin permission (group writable)" {
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
chmod g+w "${PLUGIN_DIR}"/notification-http
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
run -0 echo "${stderr}"
@ -83,7 +83,7 @@ declare stderr
}
@test "bad plugin permission (world writable)" {
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
chmod o+w "${PLUGIN_DIR}"/notification-http
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
run -0 echo "${stderr}"
@ -91,32 +91,32 @@ declare stderr
}
@test "config.yaml: missing .plugin_config section" {
yq e 'del(.plugin_config)' -i "${CONFIG_YAML}"
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
config_set 'del(.plugin_config)'
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
run -0 echo "${stderr}"
assert_output --partial "api server init: plugins are enabled, but the plugin_config section is missing in the configuration"
}
@test "config.yaml: missing config_paths.notification_dir" {
yq e 'del(.config_paths.notification_dir)' -i "${CONFIG_YAML}"
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
config_set 'del(.config_paths.notification_dir)'
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
run -0 echo "${stderr}"
assert_output --partial "api server init: plugins are enabled, but config_paths.notification_dir is not defined"
}
@test "config.yaml: missing config_paths.plugin_dir" {
yq e 'del(.config_paths.plugin_dir)' -i "${CONFIG_YAML}"
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
config_set 'del(.config_paths.plugin_dir)'
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
run -0 echo "${stderr}"
assert_output --partial "api server init: plugins are enabled, but config_paths.plugin_dir is not defined"
}
@test "unable to run local API: while reading plugin config" {
yq e '.config_paths.notification_dir="/this/path/does/not/exist"' -i "${CONFIG_YAML}"
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
config_set '.config_paths.notification_dir="/this/path/does/not/exist"'
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
run -0 echo "${stderr}"
assert_output --partial "api server init: unable to run local API: while loading plugin config: open /this/path/does/not/exist: no such file or directory"

23
tests/lib/setup_file.sh
View file

@ -48,10 +48,27 @@ cscli() {
}
export -f cscli
config_yq() {
yq e "$@" "${CONFIG_YAML}"
config_get() {
cfg="${CONFIG_YAML}"
if [[ $# -ge 2 ]]; then
cfg="$1"
shift
fi
yq e "$1" "${cfg}"
}
export -f config_yq
export -f config_get
config_set() {
cfg="${CONFIG_YAML}"
if [[ $# -ge 2 ]]; then
cfg="$1"
shift
fi
yq e "$1" -i "${cfg}"
}
export -f config_set
# We use these functions like this:
# somecommand <(stderr)