config_get, config_set test helpers (#1632)
This commit is contained in:
parent
5f62d738fc
commit
e868adee2f
|
@ -95,7 +95,7 @@ declare stderr
|
||||||
assert_output --partial " on https://api.crowdsec.net/"
|
assert_output --partial " on https://api.crowdsec.net/"
|
||||||
assert_output --partial "You can successfully interact with Central API (CAPI)"
|
assert_output --partial "You can successfully interact with Central API (CAPI)"
|
||||||
|
|
||||||
ONLINE_API_CREDENTIALS_YAML="$(config_yq '.api.server.online_client.credentials_path')"
|
ONLINE_API_CREDENTIALS_YAML="$(config_get '.api.server.online_client.credentials_path')"
|
||||||
rm "${ONLINE_API_CREDENTIALS_YAML}"
|
rm "${ONLINE_API_CREDENTIALS_YAML}"
|
||||||
run -1 --separate-stderr cscli capi status
|
run -1 --separate-stderr cscli capi status
|
||||||
run -0 echo "${stderr}"
|
run -0 echo "${stderr}"
|
||||||
|
@ -164,7 +164,7 @@ declare stderr
|
||||||
assert_output --partial "Failed to backup configurations"
|
assert_output --partial "Failed to backup configurations"
|
||||||
assert_output --partial "file exists"
|
assert_output --partial "file exists"
|
||||||
|
|
||||||
SIMULATION_YAML="$(config_yq '.config_paths.simulation_path')"
|
SIMULATION_YAML="$(config_get '.config_paths.simulation_path')"
|
||||||
|
|
||||||
# restore
|
# restore
|
||||||
rm "${SIMULATION_YAML}"
|
rm "${SIMULATION_YAML}"
|
||||||
|
@ -193,7 +193,7 @@ declare stderr
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "cscli - missing LAPI credentials file" {
|
@test "cscli - missing LAPI credentials file" {
|
||||||
LOCAL_API_CREDENTIALS=$(config_yq '.api.client.credentials_path')
|
LOCAL_API_CREDENTIALS=$(config_get '.api.client.credentials_path')
|
||||||
rm -f "${LOCAL_API_CREDENTIALS}"
|
rm -f "${LOCAL_API_CREDENTIALS}"
|
||||||
run -1 --separate-stderr cscli lapi status
|
run -1 --separate-stderr cscli lapi status
|
||||||
run -0 echo "${stderr}"
|
run -0 echo "${stderr}"
|
||||||
|
@ -209,7 +209,7 @@ declare stderr
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "cscli - empty LAPI credentials file" {
|
@test "cscli - empty LAPI credentials file" {
|
||||||
LOCAL_API_CREDENTIALS=$(config_yq '.api.client.credentials_path')
|
LOCAL_API_CREDENTIALS=$(config_get '.api.client.credentials_path')
|
||||||
truncate -s 0 "${LOCAL_API_CREDENTIALS}"
|
truncate -s 0 "${LOCAL_API_CREDENTIALS}"
|
||||||
run -1 --separate-stderr cscli lapi status
|
run -1 --separate-stderr cscli lapi status
|
||||||
run -0 echo "${stderr}"
|
run -0 echo "${stderr}"
|
||||||
|
@ -225,7 +225,7 @@ declare stderr
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "cscli - missing LAPI client settings" {
|
@test "cscli - missing LAPI client settings" {
|
||||||
yq e 'del(.api.client)' -i "${CONFIG_YAML}"
|
config_set 'del(.api.client)'
|
||||||
run -1 --separate-stderr cscli lapi status
|
run -1 --separate-stderr cscli lapi status
|
||||||
run -0 echo "${stderr}"
|
run -0 echo "${stderr}"
|
||||||
assert_output --partial "loading api client: no API client section in configuration"
|
assert_output --partial "loading api client: no API client section in configuration"
|
||||||
|
@ -240,8 +240,8 @@ declare stderr
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "cscli - malformed LAPI url" {
|
@test "cscli - malformed LAPI url" {
|
||||||
LOCAL_API_CREDENTIALS=$(config_yq '.api.client.credentials_path')
|
LOCAL_API_CREDENTIALS=$(config_get '.api.client.credentials_path')
|
||||||
yq e '.url="https://127.0.0.1:-80"' -i "${LOCAL_API_CREDENTIALS}"
|
config_set "${LOCAL_API_CREDENTIALS}" '.url="https://127.0.0.1:-80"'
|
||||||
|
|
||||||
run -1 --separate-stderr cscli lapi status
|
run -1 --separate-stderr cscli lapi status
|
||||||
run -0 echo "${stderr}"
|
run -0 echo "${stderr}"
|
||||||
|
|
|
@ -57,7 +57,7 @@ declare stderr
|
||||||
|
|
||||||
@test "crowdsec - print error on exit" {
|
@test "crowdsec - print error on exit" {
|
||||||
# errors that cause program termination are printed to stderr, not only logs
|
# errors that cause program termination are printed to stderr, not only logs
|
||||||
yq e '.db_config.type="meh"' -i "${CONFIG_YAML}"
|
config_set '.db_config.type="meh"'
|
||||||
run -1 --separate-stderr "${BIN_DIR}/crowdsec"
|
run -1 --separate-stderr "${BIN_DIR}/crowdsec"
|
||||||
refute_output
|
refute_output
|
||||||
run -0 echo "${stderr}"
|
run -0 echo "${stderr}"
|
||||||
|
|
|
@ -35,7 +35,7 @@ declare stderr
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "crowdsec should not run without LAPI (no api.server in configuration file)" {
|
@test "crowdsec should not run without LAPI (no api.server in configuration file)" {
|
||||||
yq e 'del(.api.server)' -i "${CONFIG_YAML}"
|
config_set 'del(.api.server)'
|
||||||
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
||||||
|
|
||||||
run -0 echo "${stderr}"
|
run -0 echo "${stderr}"
|
||||||
|
@ -43,7 +43,7 @@ declare stderr
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "capi status shouldn't be ok without api.server" {
|
@test "capi status shouldn't be ok without api.server" {
|
||||||
yq e 'del(.api.server)' -i "${CONFIG_YAML}"
|
config_set 'del(.api.server)'
|
||||||
run -1 --separate-stderr cscli capi status
|
run -1 --separate-stderr cscli capi status
|
||||||
|
|
||||||
run -0 echo "${stderr}"
|
run -0 echo "${stderr}"
|
||||||
|
@ -52,7 +52,7 @@ declare stderr
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "cscli config show -o human" {
|
@test "cscli config show -o human" {
|
||||||
yq e 'del(.api.server)' -i "${CONFIG_YAML}"
|
config_set 'del(.api.server)'
|
||||||
run -0 cscli config show -o human
|
run -0 cscli config show -o human
|
||||||
assert_output --partial "Global:"
|
assert_output --partial "Global:"
|
||||||
assert_output --partial "Crowdsec:"
|
assert_output --partial "Crowdsec:"
|
||||||
|
@ -61,7 +61,7 @@ declare stderr
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "cscli config backup" {
|
@test "cscli config backup" {
|
||||||
yq e 'del(.api.server)' -i "${CONFIG_YAML}"
|
config_set 'del(.api.server)'
|
||||||
backupdir=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp -u)
|
backupdir=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp -u)
|
||||||
run -0 cscli config backup "${backupdir}"
|
run -0 cscli config backup "${backupdir}"
|
||||||
assert_output --partial "Starting configuration backup"
|
assert_output --partial "Starting configuration backup"
|
||||||
|
@ -74,7 +74,7 @@ declare stderr
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "lapi status shouldn't be ok without api.server" {
|
@test "lapi status shouldn't be ok without api.server" {
|
||||||
yq e 'del(.api.server)' -i "${CONFIG_YAML}"
|
config_set 'del(.api.server)'
|
||||||
./instance-crowdsec start || true
|
./instance-crowdsec start || true
|
||||||
run -1 --separate-stderr cscli machines list
|
run -1 --separate-stderr cscli machines list
|
||||||
run -0 echo "${stderr}"
|
run -0 echo "${stderr}"
|
||||||
|
@ -83,7 +83,7 @@ declare stderr
|
||||||
|
|
||||||
@test "cscli metrics" {
|
@test "cscli metrics" {
|
||||||
skip 'need to trigger metrics with a live parse'
|
skip 'need to trigger metrics with a live parse'
|
||||||
yq e 'del(.api.server)' -i "${CONFIG_YAML}"
|
config_set 'del(.api.server)'
|
||||||
./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
run -0 --separate-stderr cscli metrics
|
run -0 --separate-stderr cscli metrics
|
||||||
assert_output --partial "ROUTE"
|
assert_output --partial "ROUTE"
|
||||||
|
|
|
@ -25,7 +25,7 @@ declare stderr
|
||||||
#----------
|
#----------
|
||||||
|
|
||||||
config_disable_agent() {
|
config_disable_agent() {
|
||||||
yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
|
config_set 'del(.crowdsec_service)'
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "with agent: test without -no-cs flag" {
|
@test "with agent: test without -no-cs flag" {
|
||||||
|
|
|
@ -25,7 +25,7 @@ declare stderr
|
||||||
#----------
|
#----------
|
||||||
|
|
||||||
config_disable_capi() {
|
config_disable_capi() {
|
||||||
yq e 'del(.api.server.online_client)' -i "${CONFIG_YAML}"
|
config_set 'del(.api.server.online_client)'
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "without capi: crowdsec LAPI should run without capi (-no-capi flag)" {
|
@test "without capi: crowdsec LAPI should run without capi (-no-capi flag)" {
|
||||||
|
|
|
@ -20,7 +20,7 @@ teardown_file() {
|
||||||
setup() {
|
setup() {
|
||||||
load "../lib/setup.sh"
|
load "../lib/setup.sh"
|
||||||
./instance-data load
|
./instance-data load
|
||||||
run -0 yq e '.api.client.credentials_path' "${CONFIG_YAML}"
|
run -0 config_get '.api.client.credentials_path'
|
||||||
LOCAL_API_CREDENTIALS="${output}"
|
LOCAL_API_CREDENTIALS="${output}"
|
||||||
export LOCAL_API_CREDENTIALS
|
export LOCAL_API_CREDENTIALS
|
||||||
}
|
}
|
||||||
|
@ -32,7 +32,7 @@ teardown() {
|
||||||
#----------
|
#----------
|
||||||
|
|
||||||
@test "config.yaml.local - cscli (log_level)" {
|
@test "config.yaml.local - cscli (log_level)" {
|
||||||
yq e '.common.log_level="warning"' -i "${CONFIG_YAML}"
|
config_set '.common.log_level="warning"'
|
||||||
run -0 cscli config show --key Config.Common.LogLevel
|
run -0 cscli config show --key Config.Common.LogLevel
|
||||||
assert_output "warning"
|
assert_output "warning"
|
||||||
|
|
||||||
|
@ -42,7 +42,7 @@ teardown() {
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "config.yaml.local - cscli (log_level - with envvar)" {
|
@test "config.yaml.local - cscli (log_level - with envvar)" {
|
||||||
yq e '.common.log_level="warning"' -i "${CONFIG_YAML}"
|
config_set '.common.log_level="warning"'
|
||||||
run -0 cscli config show --key Config.Common.LogLevel
|
run -0 cscli config show --key Config.Common.LogLevel
|
||||||
assert_output "warning"
|
assert_output "warning"
|
||||||
|
|
||||||
|
@ -54,7 +54,7 @@ teardown() {
|
||||||
|
|
||||||
@test "config.yaml.local - crowdsec (listen_url)" {
|
@test "config.yaml.local - crowdsec (listen_url)" {
|
||||||
# disable the agent or we'll need to patch api client credentials too
|
# disable the agent or we'll need to patch api client credentials too
|
||||||
run -0 yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
|
run -0 config_set 'del(.crowdsec_service)'
|
||||||
./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
run -0 ./lib/util/wait-for-port -q 8080
|
run -0 ./lib/util/wait-for-port -q 8080
|
||||||
./instance-crowdsec stop
|
./instance-crowdsec stop
|
||||||
|
@ -74,7 +74,7 @@ teardown() {
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "local_api_credentials.yaml.local" {
|
@test "local_api_credentials.yaml.local" {
|
||||||
run -0 yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
|
run -0 config_set 'del(.crowdsec_service)'
|
||||||
echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local"
|
echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local"
|
||||||
./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
run -0 ./lib/util/wait-for-port -q 8083
|
run -0 ./lib/util/wait-for-port -q 8083
|
||||||
|
@ -86,7 +86,7 @@ teardown() {
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "simulation.yaml.local" {
|
@test "simulation.yaml.local" {
|
||||||
run -0 yq e '.config_paths.simulation_path' "${CONFIG_YAML}"
|
run -0 config_get '.config_paths.simulation_path'
|
||||||
refute_output null
|
refute_output null
|
||||||
SIMULATION="${output}"
|
SIMULATION="${output}"
|
||||||
|
|
||||||
|
@ -108,7 +108,7 @@ teardown() {
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "profiles.yaml.local" {
|
@test "profiles.yaml.local" {
|
||||||
run -0 yq e '.api.server.profiles_path' "${CONFIG_YAML}"
|
run -0 config_get '.api.server.profiles_path'
|
||||||
refute_output null
|
refute_output null
|
||||||
PROFILES="${output}"
|
PROFILES="${output}"
|
||||||
|
|
||||||
|
@ -124,7 +124,7 @@ teardown() {
|
||||||
|
|
||||||
tmpfile=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp)
|
tmpfile=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp)
|
||||||
touch "${tmpfile}"
|
touch "${tmpfile}"
|
||||||
ACQUIS_YAML=$(config_yq '.crowdsec_service.acquisition_path')
|
ACQUIS_YAML=$(config_get '.crowdsec_service.acquisition_path')
|
||||||
echo -e "---\nfilename: ${tmpfile}\nlabels:\n type: syslog\n" >>"${ACQUIS_YAML}"
|
echo -e "---\nfilename: ${tmpfile}\nlabels:\n type: syslog\n" >>"${ACQUIS_YAML}"
|
||||||
|
|
||||||
./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
set -u
|
set -u
|
||||||
|
|
||||||
config_disable_agent() {
|
config_disable_agent() {
|
||||||
yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
|
config_set 'del(.crowdsec_service)'
|
||||||
}
|
}
|
||||||
|
|
||||||
setup_file() {
|
setup_file() {
|
||||||
|
@ -37,13 +37,13 @@ setup_file() {
|
||||||
echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt"
|
echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt"
|
||||||
cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem"
|
cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem"
|
||||||
|
|
||||||
yq e '
|
config_set '
|
||||||
.api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" |
|
.api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" |
|
||||||
.api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" |
|
.api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" |
|
||||||
.api.server.tls.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
.api.server.tls.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
||||||
.api.server.tls.crl_path=strenv(tmpdir) + "/crl.pem" |
|
.api.server.tls.crl_path=strenv(tmpdir) + "/crl.pem" |
|
||||||
.api.server.tls.bouncers_allowed_ou=["bouncer-ou"]
|
.api.server.tls.bouncers_allowed_ou=["bouncer-ou"]
|
||||||
' -i "${CONFIG_YAML}"
|
'
|
||||||
|
|
||||||
config_disable_agent
|
config_disable_agent
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
set -u
|
set -u
|
||||||
|
|
||||||
config_disable_agent() {
|
config_disable_agent() {
|
||||||
yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}"
|
config_set 'del(.crowdsec_service)'
|
||||||
}
|
}
|
||||||
|
|
||||||
setup_file() {
|
setup_file() {
|
||||||
|
@ -40,13 +40,13 @@ setup_file() {
|
||||||
echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt"
|
echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt"
|
||||||
cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem"
|
cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem"
|
||||||
|
|
||||||
yq e '
|
config_set '
|
||||||
.api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" |
|
.api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" |
|
||||||
.api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" |
|
.api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" |
|
||||||
.api.server.tls.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
.api.server.tls.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
||||||
.api.server.tls.crl_path=strenv(tmpdir) + "/crl.pem" |
|
.api.server.tls.crl_path=strenv(tmpdir) + "/crl.pem" |
|
||||||
.api.server.tls.agents_allowed_ou=["agent-ou"]
|
.api.server.tls.agents_allowed_ou=["agent-ou"]
|
||||||
' -i "${CONFIG_YAML}"
|
'
|
||||||
|
|
||||||
run -0 cscli machines delete githubciXXXXXXXXXXXXXXXXXXXXXXXX
|
run -0 cscli machines delete githubciXXXXXXXXXXXXXXXXXXXXXXXX
|
||||||
config_disable_agent
|
config_disable_agent
|
||||||
|
@ -68,28 +68,28 @@ teardown() {
|
||||||
#----------
|
#----------
|
||||||
|
|
||||||
@test "invalid OU for agent" {
|
@test "invalid OU for agent" {
|
||||||
yq e '
|
config_set "${CONFIG_DIR}/local_api_credentials.yaml" '
|
||||||
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
||||||
.key_path=strenv(tmpdir) + "/agent_bad_ou-key.pem" |
|
.key_path=strenv(tmpdir) + "/agent_bad_ou-key.pem" |
|
||||||
.cert_path=strenv(tmpdir) + "/agent_bad_ou.pem" |
|
.cert_path=strenv(tmpdir) + "/agent_bad_ou.pem" |
|
||||||
.url="https://127.0.0.1:8080"
|
.url="https://127.0.0.1:8080"
|
||||||
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
'
|
||||||
|
|
||||||
yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
config_set "${CONFIG_DIR}/local_api_credentials.yaml" 'del(.login,.password)'
|
||||||
./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
run -0 cscli machines list -o json
|
run -0 cscli machines list -o json
|
||||||
assert_output '[]'
|
assert_output '[]'
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "we have exactly one machine registered with TLS" {
|
@test "we have exactly one machine registered with TLS" {
|
||||||
yq e '
|
config_set "${CONFIG_DIR}/local_api_credentials.yaml" '
|
||||||
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
||||||
.key_path=strenv(tmpdir) + "/agent-key.pem" |
|
.key_path=strenv(tmpdir) + "/agent-key.pem" |
|
||||||
.cert_path=strenv(tmpdir) + "/agent.pem" |
|
.cert_path=strenv(tmpdir) + "/agent.pem" |
|
||||||
.url="https://127.0.0.1:8080"
|
.url="https://127.0.0.1:8080"
|
||||||
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
'
|
||||||
|
|
||||||
yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
config_set "${CONFIG_DIR}/local_api_credentials.yaml" 'del(.login,.password)'
|
||||||
./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
run -0 cscli lapi status
|
run -0 cscli lapi status
|
||||||
run -0 cscli machines list -o json
|
run -0 cscli machines list -o json
|
||||||
|
@ -100,28 +100,27 @@ teardown() {
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "invalid cert for agent" {
|
@test "invalid cert for agent" {
|
||||||
yq e '
|
config_set "${CONFIG_DIR}/local_api_credentials.yaml" '
|
||||||
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
||||||
.key_path=strenv(tmpdir) + "/agent_invalid-key.pem" |
|
.key_path=strenv(tmpdir) + "/agent_invalid-key.pem" |
|
||||||
.cert_path=strenv(tmpdir) + "/agent_invalid.pem" |
|
.cert_path=strenv(tmpdir) + "/agent_invalid.pem" |
|
||||||
.url="https://127.0.0.1:8080"
|
.url="https://127.0.0.1:8080"
|
||||||
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
'
|
||||||
|
config_set "${CONFIG_DIR}/local_api_credentials.yaml" 'del(.login,.password)'
|
||||||
yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
|
||||||
./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
run -0 cscli machines list -o json
|
run -0 cscli machines list -o json
|
||||||
assert_output '[]'
|
assert_output '[]'
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "revoked cert for agent" {
|
@test "revoked cert for agent" {
|
||||||
yq e '
|
config_set "${CONFIG_DIR}/local_api_credentials.yaml" '
|
||||||
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
|
||||||
.key_path=strenv(tmpdir) + "/agent_revoked-key.pem" |
|
.key_path=strenv(tmpdir) + "/agent_revoked-key.pem" |
|
||||||
.cert_path=strenv(tmpdir) + "/agent_revoked.pem" |
|
.cert_path=strenv(tmpdir) + "/agent_revoked.pem" |
|
||||||
.url="https://127.0.0.1:8080"
|
.url="https://127.0.0.1:8080"
|
||||||
' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
'
|
||||||
|
|
||||||
yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml"
|
config_set "${CONFIG_DIR}/local_api_credentials.yaml" 'del(.login,.password)'
|
||||||
./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
run -0 cscli machines list -o json
|
run -0 cscli machines list -o json
|
||||||
assert_output '[]'
|
assert_output '[]'
|
||||||
|
|
|
@ -32,7 +32,7 @@ teardown() {
|
||||||
@test "1.1.1.172 has been banned" {
|
@test "1.1.1.172 has been banned" {
|
||||||
tmpfile=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp)
|
tmpfile=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp)
|
||||||
touch "${tmpfile}"
|
touch "${tmpfile}"
|
||||||
ACQUIS_YAML=$(config_yq '.crowdsec_service.acquisition_path')
|
ACQUIS_YAML=$(config_get '.crowdsec_service.acquisition_path')
|
||||||
echo -e "---\nfilename: ${tmpfile}\nlabels:\n type: syslog\n" >>"${ACQUIS_YAML}"
|
echo -e "---\nfilename: ${tmpfile}\nlabels:\n type: syslog\n" >>"${ACQUIS_YAML}"
|
||||||
|
|
||||||
./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
|
|
|
@ -13,27 +13,27 @@ setup_file() {
|
||||||
MOCK_PORT="9999"
|
MOCK_PORT="9999"
|
||||||
MOCK_URL="http://localhost:${MOCK_PORT}"
|
MOCK_URL="http://localhost:${MOCK_PORT}"
|
||||||
export MOCK_URL
|
export MOCK_URL
|
||||||
PLUGIN_DIR=$(config_yq '.config_paths.plugin_dir')
|
PLUGIN_DIR=$(config_get '.config_paths.plugin_dir')
|
||||||
# could have a trailing slash
|
# could have a trailing slash
|
||||||
PLUGIN_DIR=$(realpath -s "${PLUGIN_DIR}")
|
PLUGIN_DIR=$(realpath -s "${PLUGIN_DIR}")
|
||||||
export PLUGIN_DIR
|
export PLUGIN_DIR
|
||||||
|
|
||||||
# https://mikefarah.gitbook.io/yq/operators/env-variable-operators
|
# https://mikefarah.gitbook.io/yq/operators/env-variable-operators
|
||||||
yq e '
|
config_set "$(config_get '.config_paths.notification_dir')/http.yaml" '
|
||||||
.url=strenv(MOCK_URL) |
|
.url=strenv(MOCK_URL) |
|
||||||
.group_wait="5s" |
|
.group_wait="5s" |
|
||||||
.group_threshold=2
|
.group_threshold=2
|
||||||
' -i "$(config_yq '.config_paths.notification_dir')/http.yaml"
|
'
|
||||||
|
|
||||||
yq e '
|
config_set "$(config_get '.api.server.profiles_path')" '
|
||||||
.notifications=["http_default"] |
|
.notifications=["http_default"] |
|
||||||
.filters=["Alert.GetScope() == \"Ip\""]
|
.filters=["Alert.GetScope() == \"Ip\""]
|
||||||
' -i "$(config_yq '.api.server.profiles_path')"
|
'
|
||||||
|
|
||||||
yq e '
|
config_set '
|
||||||
.plugin_config.user="" |
|
.plugin_config.user="" |
|
||||||
.plugin_config.group=""
|
.plugin_config.group=""
|
||||||
' -i "${CONFIG_YAML}"
|
'
|
||||||
|
|
||||||
rm -f -- "${MOCK_OUT}"
|
rm -f -- "${MOCK_OUT}"
|
||||||
|
|
||||||
|
|
|
@ -15,14 +15,14 @@ setup_file() {
|
||||||
tempfile2=$(TMPDIR="${BATS_FILE_TMPDIR}" mktemp)
|
tempfile2=$(TMPDIR="${BATS_FILE_TMPDIR}" mktemp)
|
||||||
export tempfile2
|
export tempfile2
|
||||||
|
|
||||||
DUMMY_YAML="$(config_yq '.config_paths.notification_dir')/dummy.yaml"
|
DUMMY_YAML="$(config_get '.config_paths.notification_dir')/dummy.yaml"
|
||||||
|
|
||||||
yq e '
|
config_set "${DUMMY_YAML}" '
|
||||||
.group_wait="5s" |
|
.group_wait="5s" |
|
||||||
.group_threshold=2 |
|
.group_threshold=2 |
|
||||||
.output_file=strenv(tempfile) |
|
.output_file=strenv(tempfile) |
|
||||||
.format="{{.|toJson}}"
|
.format="{{.|toJson}}"
|
||||||
' -i "${DUMMY_YAML}"
|
'
|
||||||
|
|
||||||
cat <<-EOT >>"${DUMMY_YAML}"
|
cat <<-EOT >>"${DUMMY_YAML}"
|
||||||
---
|
---
|
||||||
|
@ -33,15 +33,15 @@ setup_file() {
|
||||||
output_file: ${tempfile2}
|
output_file: ${tempfile2}
|
||||||
EOT
|
EOT
|
||||||
|
|
||||||
yq e '
|
config_set "$(config_get '.api.server.profiles_path')" '
|
||||||
.notifications=["dummy_default","dummy_2"] |
|
.notifications=["dummy_default","dummy_2"] |
|
||||||
.filters=["Alert.GetScope() == \"Ip\""]
|
.filters=["Alert.GetScope() == \"Ip\""]
|
||||||
' -i "$(config_yq '.api.server.profiles_path')"
|
'
|
||||||
|
|
||||||
yq e '
|
config_set '
|
||||||
.plugin_config.user="" |
|
.plugin_config.user="" |
|
||||||
.plugin_config.group=""
|
.plugin_config.group=""
|
||||||
' -i "${CONFIG_YAML}"
|
'
|
||||||
|
|
||||||
./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,12 +6,12 @@ set -u
|
||||||
setup_file() {
|
setup_file() {
|
||||||
load "../lib/setup_file.sh"
|
load "../lib/setup_file.sh"
|
||||||
|
|
||||||
PLUGIN_DIR=$(config_yq '.config_paths.plugin_dir')
|
PLUGIN_DIR=$(config_get '.config_paths.plugin_dir')
|
||||||
# could have a trailing slash
|
# could have a trailing slash
|
||||||
PLUGIN_DIR=$(realpath -s "${PLUGIN_DIR}")
|
PLUGIN_DIR=$(realpath -s "${PLUGIN_DIR}")
|
||||||
export PLUGIN_DIR
|
export PLUGIN_DIR
|
||||||
|
|
||||||
PROFILES_PATH=$(config_yq '.api.server.profiles_path')
|
PROFILES_PATH=$(config_get '.api.server.profiles_path')
|
||||||
export PROFILES_PATH
|
export PROFILES_PATH
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -35,39 +35,39 @@ declare stderr
|
||||||
#----------
|
#----------
|
||||||
|
|
||||||
@test "misconfigured plugin, only user is empty" {
|
@test "misconfigured plugin, only user is empty" {
|
||||||
yq e '.plugin_config.user="" | .plugin_config.group="nogroup"' -i "${CONFIG_YAML}"
|
config_set '.plugin_config.user="" | .plugin_config.group="nogroup"'
|
||||||
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
|
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
|
||||||
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
||||||
run -0 echo "${stderr}"
|
run -0 echo "${stderr}"
|
||||||
assert_output --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: both plugin user and group must be set"
|
assert_output --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: both plugin user and group must be set"
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "misconfigured plugin, only group is empty" {
|
@test "misconfigured plugin, only group is empty" {
|
||||||
yq e '(.plugin_config.user="nobody") | (.plugin_config.group="")' -i "${CONFIG_YAML}"
|
config_set '(.plugin_config.user="nobody") | (.plugin_config.group="")'
|
||||||
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
|
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
|
||||||
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
||||||
run -0 echo "${stderr}"
|
run -0 echo "${stderr}"
|
||||||
assert_output --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: both plugin user and group must be set"
|
assert_output --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: both plugin user and group must be set"
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "misconfigured plugin, user does not exist" {
|
@test "misconfigured plugin, user does not exist" {
|
||||||
yq e '(.plugin_config.user="userdoesnotexist") | (.plugin_config.group="groupdoesnotexist")' -i "${CONFIG_YAML}"
|
config_set '(.plugin_config.user="userdoesnotexist") | (.plugin_config.group="groupdoesnotexist")'
|
||||||
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
|
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
|
||||||
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
||||||
run -0 echo "${stderr}"
|
run -0 echo "${stderr}"
|
||||||
assert_output --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: user: unknown user userdoesnotexist"
|
assert_output --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: user: unknown user userdoesnotexist"
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "misconfigured plugin, group does not exist" {
|
@test "misconfigured plugin, group does not exist" {
|
||||||
yq e '(.plugin_config.user=strenv(USER)) | (.plugin_config.group="groupdoesnotexist")' -i "${CONFIG_YAML}"
|
config_set '(.plugin_config.user=strenv(USER)) | (.plugin_config.group="groupdoesnotexist")'
|
||||||
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
|
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
|
||||||
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
||||||
run -0 echo "${stderr}"
|
run -0 echo "${stderr}"
|
||||||
assert_output --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: group: unknown group groupdoesnotexist"
|
assert_output --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: group: unknown group groupdoesnotexist"
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "bad plugin name" {
|
@test "bad plugin name" {
|
||||||
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
|
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
|
||||||
cp "${PLUGIN_DIR}"/notification-http "${PLUGIN_DIR}"/badname
|
cp "${PLUGIN_DIR}"/notification-http "${PLUGIN_DIR}"/badname
|
||||||
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
||||||
run -0 echo "${stderr}"
|
run -0 echo "${stderr}"
|
||||||
|
@ -75,7 +75,7 @@ declare stderr
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "bad plugin permission (group writable)" {
|
@test "bad plugin permission (group writable)" {
|
||||||
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
|
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
|
||||||
chmod g+w "${PLUGIN_DIR}"/notification-http
|
chmod g+w "${PLUGIN_DIR}"/notification-http
|
||||||
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
||||||
run -0 echo "${stderr}"
|
run -0 echo "${stderr}"
|
||||||
|
@ -83,7 +83,7 @@ declare stderr
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "bad plugin permission (world writable)" {
|
@test "bad plugin permission (world writable)" {
|
||||||
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
|
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
|
||||||
chmod o+w "${PLUGIN_DIR}"/notification-http
|
chmod o+w "${PLUGIN_DIR}"/notification-http
|
||||||
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
||||||
run -0 echo "${stderr}"
|
run -0 echo "${stderr}"
|
||||||
|
@ -91,32 +91,32 @@ declare stderr
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "config.yaml: missing .plugin_config section" {
|
@test "config.yaml: missing .plugin_config section" {
|
||||||
yq e 'del(.plugin_config)' -i "${CONFIG_YAML}"
|
config_set 'del(.plugin_config)'
|
||||||
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
|
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
|
||||||
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
||||||
run -0 echo "${stderr}"
|
run -0 echo "${stderr}"
|
||||||
assert_output --partial "api server init: plugins are enabled, but the plugin_config section is missing in the configuration"
|
assert_output --partial "api server init: plugins are enabled, but the plugin_config section is missing in the configuration"
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "config.yaml: missing config_paths.notification_dir" {
|
@test "config.yaml: missing config_paths.notification_dir" {
|
||||||
yq e 'del(.config_paths.notification_dir)' -i "${CONFIG_YAML}"
|
config_set 'del(.config_paths.notification_dir)'
|
||||||
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
|
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
|
||||||
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
||||||
run -0 echo "${stderr}"
|
run -0 echo "${stderr}"
|
||||||
assert_output --partial "api server init: plugins are enabled, but config_paths.notification_dir is not defined"
|
assert_output --partial "api server init: plugins are enabled, but config_paths.notification_dir is not defined"
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "config.yaml: missing config_paths.plugin_dir" {
|
@test "config.yaml: missing config_paths.plugin_dir" {
|
||||||
yq e 'del(.config_paths.plugin_dir)' -i "${CONFIG_YAML}"
|
config_set 'del(.config_paths.plugin_dir)'
|
||||||
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
|
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
|
||||||
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
||||||
run -0 echo "${stderr}"
|
run -0 echo "${stderr}"
|
||||||
assert_output --partial "api server init: plugins are enabled, but config_paths.plugin_dir is not defined"
|
assert_output --partial "api server init: plugins are enabled, but config_paths.plugin_dir is not defined"
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "unable to run local API: while reading plugin config" {
|
@test "unable to run local API: while reading plugin config" {
|
||||||
yq e '.config_paths.notification_dir="/this/path/does/not/exist"' -i "${CONFIG_YAML}"
|
config_set '.config_paths.notification_dir="/this/path/does/not/exist"'
|
||||||
yq e '.notifications=["http_default"]' -i "${PROFILES_PATH}"
|
config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
|
||||||
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
run -1 --separate-stderr timeout 2s "${CROWDSEC}"
|
||||||
run -0 echo "${stderr}"
|
run -0 echo "${stderr}"
|
||||||
assert_output --partial "api server init: unable to run local API: while loading plugin config: open /this/path/does/not/exist: no such file or directory"
|
assert_output --partial "api server init: unable to run local API: while loading plugin config: open /this/path/does/not/exist: no such file or directory"
|
||||||
|
|
|
@ -48,10 +48,27 @@ cscli() {
|
||||||
}
|
}
|
||||||
export -f cscli
|
export -f cscli
|
||||||
|
|
||||||
config_yq() {
|
config_get() {
|
||||||
yq e "$@" "${CONFIG_YAML}"
|
cfg="${CONFIG_YAML}"
|
||||||
|
if [[ $# -ge 2 ]]; then
|
||||||
|
cfg="$1"
|
||||||
|
shift
|
||||||
|
fi
|
||||||
|
|
||||||
|
yq e "$1" "${cfg}"
|
||||||
}
|
}
|
||||||
export -f config_yq
|
export -f config_get
|
||||||
|
|
||||||
|
config_set() {
|
||||||
|
cfg="${CONFIG_YAML}"
|
||||||
|
if [[ $# -ge 2 ]]; then
|
||||||
|
cfg="$1"
|
||||||
|
shift
|
||||||
|
fi
|
||||||
|
|
||||||
|
yq e "$1" -i "${cfg}"
|
||||||
|
}
|
||||||
|
export -f config_set
|
||||||
|
|
||||||
# We use these functions like this:
|
# We use these functions like this:
|
||||||
# somecommand <(stderr)
|
# somecommand <(stderr)
|
||||||
|
|
Loading…
Reference in a new issue