1 рік тому · 48f1a1a03a
--- a/cmd/crowdsec/crowdsec.go
+++ b/cmd/crowdsec/crowdsec.go
@@ -23,35 +23,36 @@ import (
 
				 	"github.com/crowdsecurity/crowdsec/pkg/types"
			
 
				 )
			
 
				 
			
 
				-func initCrowdsec(cConfig *csconfig.Config, hub *cwhub.Hub) (*parser.Parsers, error) {
			
 
				+func initCrowdsec(cConfig *csconfig.Config, hub *cwhub.Hub) (*parser.Parsers, []acquisition.DataSource, error) {
			
 
				 	var err error
			
 
				 
			
 
				 	if err = alertcontext.LoadConsoleContext(cConfig, hub); err != nil {
			
 
				-		return nil, fmt.Errorf("while loading context: %w", err)
			
 
				+		return nil, nil, fmt.Errorf("while loading context: %w", err)
			
 
				 	}
			
 
				 
			
 
				 	// Start loading configs
			
 
				 	csParsers := parser.NewParsers(hub)
			
 
				 	if csParsers, err = parser.LoadParsers(cConfig, csParsers); err != nil {
			
 
				-		return nil, fmt.Errorf("while loading parsers: %w", err)
			
 
				+		return nil, nil, fmt.Errorf("while loading parsers: %w", err)
			
 
				 	}
			
 
				 
			
 
				 	if err := LoadBuckets(cConfig, hub); err != nil {
			
 
				-		return nil, fmt.Errorf("while loading scenarios: %w", err)
			
 
				+		return nil, nil, fmt.Errorf("while loading scenarios: %w", err)
			
 
				 	}
			
 
				 
			
 
				 	if err := appsec.LoadAppsecRules(hub); err != nil {
			
 
				-		return nil, fmt.Errorf("while loading appsec rules: %w", err)
			
 
				+		return nil, nil, fmt.Errorf("while loading appsec rules: %w", err)
			
 
				 	}
			
 
				 
			
 
				-	if err := LoadAcquisition(cConfig); err != nil {
			
 
				-		return nil, fmt.Errorf("while loading acquisition config: %w", err)
			
 
				+	datasources, err := LoadAcquisition(cConfig)
			
 
				+	if err != nil {
			
 
				+		return nil, nil, fmt.Errorf("while loading acquisition config: %w", err)
			
 
				 	}
			
 
				 
			
 
				-	return csParsers, nil
			
 
				+	return csParsers, datasources, nil
			
 
				 }
			
 
				 
			
 
				-func runCrowdsec(cConfig *csconfig.Config, parsers *parser.Parsers, hub *cwhub.Hub) error {
			
 
				+func runCrowdsec(cConfig *csconfig.Config, parsers *parser.Parsers, hub *cwhub.Hub, datasources []acquisition.DataSource) error {
			
 
				 	inputEventChan = make(chan types.Event)
			
 
				 	inputLineChan = make(chan types.Event)
			
 
				 
			
@@ -141,6 +142,12 @@ func runCrowdsec(cConfig *csconfig.Config, parsers *parser.Parsers, hub *cwhub.H
 
				 	})
			
 
				 	outputWg.Wait()
			
 
				 
			
 
				+	lpMetricsTomb.Go(func() error {
			
 
				+		// in case of reload, we send a new startup time
			
 
				+		// (use crowdsecT0 as a reference for the first startup time)
			
 
				+		return lpMetrics(apiClient, cConfig.API.Server.ConsoleConfig, datasources)
			
 
				+	})
			
 
				+
			
 
				 	if cConfig.Prometheus != nil && cConfig.Prometheus.Enabled {
			
 
				 		aggregated := false
			
 
				 		if cConfig.Prometheus.Level == "aggregated" {
			
@@ -161,7 +168,7 @@ func runCrowdsec(cConfig *csconfig.Config, parsers *parser.Parsers, hub *cwhub.H
 
				 	return nil
			
 
				 }
			
 
				 
			
 
				-func serveCrowdsec(parsers *parser.Parsers, cConfig *csconfig.Config, hub *cwhub.Hub, agentReady chan bool) {
			
 
				+func serveCrowdsec(parsers *parser.Parsers, cConfig *csconfig.Config, hub *cwhub.Hub, datasources []acquisition.DataSource, agentReady chan bool) {
			
 
				 	crowdsecTomb.Go(func() error {
			
 
				 		defer trace.CatchPanic("crowdsec/serveCrowdsec")
			
 
				 
			
@@ -171,7 +178,7 @@ func serveCrowdsec(parsers *parser.Parsers, cConfig *csconfig.Config, hub *cwhub
 
				 			log.Debugf("running agent after %s ms", time.Since(crowdsecT0))
			
 
				 			agentReady <- true
			
 
				 
			
 
				-			if err := runCrowdsec(cConfig, parsers, hub); err != nil {
			
 
				+			if err := runCrowdsec(cConfig, parsers, hub, datasources); err != nil {
			
 
				 				log.Fatalf("unable to start crowdsec routines: %s", err)
			
 
				 			}
			
 
				 		}()
			
--- a/cmd/crowdsec/lpmetrics.go
+++ b/cmd/crowdsec/lpmetrics.go
@@ -0,0 +1,113 @@
 
				+package main
			
 
				+
			
 
				+import (
			
 
				+	"context"
			
 
				+	"net/http"
			
 
				+        log "github.com/sirupsen/logrus"
			
 
				+        "github.com/blackfireio/osinfo"
			
 
				+	"time"
			
 
				+
			
 
				+        "github.com/crowdsecurity/go-cs-lib/ptr"
			
 
				+        "github.com/crowdsecurity/go-cs-lib/trace"
			
 
				+
			
 
				+        "github.com/crowdsecurity/crowdsec/pkg/acquisition"
			
 
				+        "github.com/crowdsecurity/crowdsec/pkg/apiclient"
			
 
				+        "github.com/crowdsecurity/crowdsec/pkg/csconfig"
			
 
				+        "github.com/crowdsecurity/crowdsec/pkg/cwversion"
			
 
				+        "github.com/crowdsecurity/crowdsec/pkg/fflag"
			
 
				+        "github.com/crowdsecurity/crowdsec/pkg/models"
			
 
				+)
			
 
				+
			
 
				+func detectOs() (string, string) {
			
 
				+	if cwversion.System == "docker" {
			
 
				+		return "docker", ""
			
 
				+	}
			
 
				+
			
 
				+	osInfo, err := osinfo.GetOSInfo()
			
 
				+	if err != nil {
			
 
				+		return cwversion.System, "???"
			
 
				+	}
			
 
				+
			
 
				+	return osInfo.Name, osInfo.Version
			
 
				+}
			
 
				+
			
 
				+func lpMetricsPayload(consoleCfg *csconfig.ConsoleConfig, datasources []acquisition.DataSource, windowSize int, utcStartupTimestamp int64) models.AllMetrics {
			
 
				+	meta := &models.MetricsMeta{
			
 
				+		UtcStartupTimestamp: float64(utcStartupTimestamp),
			
 
				+		WindowSizeSeconds: int64(windowSize),
			
 
				+	}
			
 
				+
			
 
				+	osName, osVersion := detectOs()
			
 
				+
			
 
				+	os := &models.OSversion{
			
 
				+		Name: osName,
			
 
				+		Version: osVersion,
			
 
				+	}
			
 
				+
			
 
				+	features := fflag.Crowdsec.GetEnabledFeatures()
			
 
				+
			
 
				+	datasourceMap := map[string]int64{}
			
 
				+
			
 
				+	for _, ds := range datasources {
			
 
				+		datasourceMap[ds.GetName()] += 1
			
 
				+	}
			
 
				+
			
 
				+	return models.AllMetrics{
			
 
				+                LogProcessors: []models.LogProcessorsMetrics{
			
 
				+                                {
			
 
				+                                &models.LogProcessorsMetricsItems0{
			
 
				+                                        BaseMetrics: models.BaseMetrics{
			
 
				+						Meta: meta,
			
 
				+                                                Os: os,
			
 
				+                                                Version: ptr.Of(cwversion.VersionStr()),
			
 
				+						FeatureFlags: features,
			
 
				+                                        },
			
 
				+					ConsoleOptions: consoleCfg.EnabledOptions(),
			
 
				+					Datasources: datasourceMap,
			
 
				+                                },
			
 
				+                        },
			
 
				+                },
			
 
				+	}
			
 
				+}
			
 
				+
			
 
				+// lpMetrics collects metrics from the LP and sends them to the LAPI
			
 
				+func lpMetrics(client *apiclient.ApiClient, consoleCfg *csconfig.ConsoleConfig, datasources []acquisition.DataSource) error {
			
 
				+        defer trace.CatchPanic("crowdsec/runLpMetrics")
			
 
				+        log.Trace("Starting lpMetrics goroutine")
			
 
				+
			
 
				+	windowSize := 6
			
 
				+	utcStartupEpoch := time.Now().Unix()
			
 
				+	
			
 
				+	met := lpMetricsPayload(consoleCfg, datasources, windowSize, utcStartupEpoch)
			
 
				+
			
 
				+	ticker := time.NewTicker(time.Duration(windowSize) * time.Second)
			
 
				+
			
 
				+        log.Tracef("Sending lp metrics every %d seconds", windowSize)
			
 
				+
			
 
				+LOOP:
			
 
				+	for {
			
 
				+		select {
			
 
				+		case <-ticker.C:
			
 
				+			met.LogProcessors[0][0].Meta.UtcNowTimestamp = float64(time.Now().Unix())
			
 
				+
			
 
				+			_, resp, err := client.UsageMetrics.Add(context.Background(), &met)
			
 
				+			if err != nil {
			
 
				+				log.Errorf("failed to send lp metrics: %s", err)
			
 
				+				continue
			
 
				+			}
			
 
				+
			
 
				+			if resp.Response.StatusCode != http.StatusCreated {
			
 
				+				log.Errorf("failed to send lp metrics: %s", resp.Response.Status)
			
 
				+				continue
			
 
				+			}
			
 
				+
			
 
				+			log.Tracef("lp usage metrics sent")
			
 
				+		case <-lpMetricsTomb.Dying():
			
 
				+			break LOOP
			
 
				+		}
			
 
				+	}
			
 
				+
			
 
				+	ticker.Stop()
			
 
				+	
			
 
				+        return nil
			
 
				+}
			
--- a/cmd/crowdsec/main.go
+++ b/cmd/crowdsec/main.go
@@ -27,13 +27,14 @@ import (
 
				 
			
 
				 var (
			
 
				 	/*tombs for the parser, buckets and outputs.*/
			
 
				-	acquisTomb   tomb.Tomb
			
 
				-	parsersTomb  tomb.Tomb
			
 
				-	bucketsTomb  tomb.Tomb
			
 
				-	outputsTomb  tomb.Tomb
			
 
				-	apiTomb      tomb.Tomb
			
 
				-	crowdsecTomb tomb.Tomb
			
 
				-	pluginTomb   tomb.Tomb
			
 
				+	acquisTomb    tomb.Tomb
			
 
				+	parsersTomb   tomb.Tomb
			
 
				+	bucketsTomb   tomb.Tomb
			
 
				+	outputsTomb   tomb.Tomb
			
 
				+	apiTomb       tomb.Tomb
			
 
				+	crowdsecTomb  tomb.Tomb
			
 
				+	pluginTomb    tomb.Tomb
			
 
				+	lpMetricsTomb tomb.Tomb
			
 
				 
			
 
				 	flags *Flags
			
 
				 
			
@@ -107,7 +108,7 @@ func LoadBuckets(cConfig *csconfig.Config, hub *cwhub.Hub) error {
 
				 	return nil
			
 
				 }
			
 
				 
			
 
				-func LoadAcquisition(cConfig *csconfig.Config) error {
			
 
				+func LoadAcquisition(cConfig *csconfig.Config) ([]acquisition.DataSource, error) {
			
 
				 	var err error
			
 
				 
			
 
				 	if flags.SingleFileType != "" && flags.OneShotDSN != "" {
			
@@ -116,20 +117,20 @@ func LoadAcquisition(cConfig *csconfig.Config) error {
 
				 
			
 
				 		dataSources, err = acquisition.LoadAcquisitionFromDSN(flags.OneShotDSN, flags.Labels, flags.Transform)
			
 
				 		if err != nil {
			
 
				-			return errors.Wrapf(err, "failed to configure datasource for %s", flags.OneShotDSN)
			
 
				+			return nil, errors.Wrapf(err, "failed to configure datasource for %s", flags.OneShotDSN)
			
 
				 		}
			
 
				 	} else {
			
 
				 		dataSources, err = acquisition.LoadAcquisitionFromFile(cConfig.Crowdsec)
			
 
				 		if err != nil {
			
 
				-			return err
			
 
				+			return nil, err
			
 
				 		}
			
 
				 	}
			
 
				 
			
 
				 	if len(dataSources) == 0 {
			
 
				-		return fmt.Errorf("no datasource enabled")
			
 
				+		return nil, fmt.Errorf("no datasource enabled")
			
 
				 	}
			
 
				 
			
 
				-	return nil
			
 
				+	return dataSources, nil
			
 
				 }
			
 
				 
			
 
				 var (
			
--- a/cmd/crowdsec/serve.go
+++ b/cmd/crowdsec/serve.go
@@ -86,7 +86,7 @@ func reloadHandler(sig os.Signal) (*csconfig.Config, error) {
 
				 			return nil, fmt.Errorf("while loading hub index: %w", err)
			
 
				 		}
			
 
				 
			
 
				-		csParsers, err := initCrowdsec(cConfig, hub)
			
 
				+		csParsers, datasources, err := initCrowdsec(cConfig, hub)
			
 
				 		if err != nil {
			
 
				 			return nil, fmt.Errorf("unable to init crowdsec: %w", err)
			
 
				 		}
			
@@ -103,7 +103,7 @@ func reloadHandler(sig os.Signal) (*csconfig.Config, error) {
 
				 		}
			
 
				 
			
 
				 		agentReady := make(chan bool, 1)
			
 
				-		serveCrowdsec(csParsers, cConfig, hub, agentReady)
			
 
				+		serveCrowdsec(csParsers, cConfig, hub, datasources, agentReady)
			
 
				 	}
			
 
				 
			
 
				 	log.Printf("Reload is finished")
			
@@ -369,14 +369,14 @@ func Serve(cConfig *csconfig.Config, agentReady chan bool) error {
 
				 			return fmt.Errorf("while loading hub index: %w", err)
			
 
				 		}
			
 
				 
			
 
				-		csParsers, err := initCrowdsec(cConfig, hub)
			
 
				+		csParsers, datasources, err := initCrowdsec(cConfig, hub)
			
 
				 		if err != nil {
			
 
				 			return fmt.Errorf("crowdsec init: %w", err)
			
 
				 		}
			
 
				 
			
 
				 		// if it's just linting, we're done
			
 
				 		if !flags.TestMode {
			
 
				-			serveCrowdsec(csParsers, cConfig, hub, agentReady)
			
 
				+			serveCrowdsec(csParsers, cConfig, hub, datasources, agentReady)
			
 
				 		} else {
			
 
				 			agentReady <- true
			
 
				 		}
			
--- a/pkg/apiclient/client.go
+++ b/pkg/apiclient/client.go
@@ -39,6 +39,7 @@ type ApiClient struct {
 
				 	Metrics        *MetricsService
			
 
				 	Signal         *SignalService
			
 
				 	HeartBeat      *HeartBeatService
			
 
				+	UsageMetrics   *UsageMetricsService
			
 
				 }
			
 
				 
			
 
				 func (a *ApiClient) GetClient() *http.Client {
			
@@ -95,6 +96,7 @@ func NewClient(config *Config) (*ApiClient, error) {
 
				 	c.Signal = (*SignalService)(&c.common)
			
 
				 	c.DecisionDelete = (*DecisionDeleteService)(&c.common)
			
 
				 	c.HeartBeat = (*HeartBeatService)(&c.common)
			
 
				+	c.UsageMetrics = (*UsageMetricsService)(&c.common)
			
 
				 
			
 
				 	return c, nil
			
 
				 }
			
--- a/pkg/apiclient/usagemetrics.go
+++ b/pkg/apiclient/usagemetrics.go
@@ -0,0 +1,32 @@
 
				+package apiclient
			
 
				+
			
 
				+import (
			
 
				+	"context"
			
 
				+	"fmt"
			
 
				+	"net/http"
			
 
				+
			
 
				+	log "github.com/sirupsen/logrus"
			
 
				+
			
 
				+	"github.com/crowdsecurity/crowdsec/pkg/models"
			
 
				+)
			
 
				+
			
 
				+type UsageMetricsService service
			
 
				+
			
 
				+func (s *UsageMetricsService) Add(ctx context.Context, metrics *models.AllMetrics) (interface{}, *Response, error) {
			
 
				+	log.Warnf("prefix: %s", s.client.URLPrefix)
			
 
				+	u := fmt.Sprintf("%s/usage-metrics/", s.client.URLPrefix)
			
 
				+
			
 
				+	req, err := s.client.NewRequest(http.MethodPost, u, &metrics)
			
 
				+	if err != nil {
			
 
				+		return nil, nil, err
			
 
				+	}
			
 
				+
			
 
				+	var response interface{}
			
 
				+
			
 
				+	resp, err := s.client.Do(ctx, req, &response)
			
 
				+	if err != nil {
			
 
				+		return nil, resp, err
			
 
				+	}
			
 
				+
			
 
				+	return &response, resp, nil
			
 
				+}
			
--- a/pkg/apiserver/controllers/controller.go
+++ b/pkg/apiserver/controllers/controller.go
@@ -106,6 +106,7 @@ func (c *Controller) NewV1() error {
 
				 		jwtAuth.DELETE("/decisions", c.HandlerV1.DeleteDecisions)
			
 
				 		jwtAuth.DELETE("/decisions/:decision_id", c.HandlerV1.DeleteDecisionById)
			
 
				 		jwtAuth.GET("/heartbeat", c.HandlerV1.HeartBeat)
			
 
				+		jwtAuth.POST("/usage-metrics", c.HandlerV1.UsageMetrics)
			
 
				 	}
			
 
				 
			
 
				 	apiKeyAuth := groupV1.Group("")
			
@@ -115,6 +116,7 @@ func (c *Controller) NewV1() error {
 
				 		apiKeyAuth.HEAD("/decisions", c.HandlerV1.GetDecision)
			
 
				 		apiKeyAuth.GET("/decisions/stream", c.HandlerV1.StreamDecision)
			
 
				 		apiKeyAuth.HEAD("/decisions/stream", c.HandlerV1.StreamDecision)
			
 
				+//		apiKeyAuth.POST("/usage-metrics", c.HandlerV1.UsageMetrics)
			
 
				 	}
			
 
				 
			
 
				 	return nil
			
--- a/pkg/apiserver/controllers/v1/usagemetrics.go
+++ b/pkg/apiserver/controllers/v1/usagemetrics.go
@@ -0,0 +1,42 @@
 
				+package v1
			
 
				+
			
 
				+import (
			
 
				+        "net/http"
			
 
				+
			
 
				+        jwt "github.com/appleboy/gin-jwt/v2"
			
 
				+        "github.com/gin-gonic/gin"
			
 
				+//	"github.com/sanity-io/litter"
			
 
				+        "github.com/go-openapi/strfmt"
			
 
				+        log "github.com/sirupsen/logrus"
			
 
				+
			
 
				+        "github.com/crowdsecurity/crowdsec/pkg/models"
			
 
				+)
			
 
				+
			
 
				+// UsageMetrics receives metrics from log processors and remediation components
			
 
				+func (c *Controller) UsageMetrics(gctx *gin.Context) {
			
 
				+        var input models.AllMetrics
			
 
				+
			
 
				+        claims := jwt.ExtractClaims(gctx)
			
 
				+        // TBD: use defined rather than hardcoded key to find back owner
			
 
				+        machineID := claims["id"].(string)
			
 
				+
			
 
				+        if err := gctx.ShouldBindJSON(&input); err != nil {
			
 
				+                log.Errorf("Failed to bind json: %s", err)
			
 
				+                gctx.JSON(http.StatusBadRequest, gin.H{"message": err.Error()})
			
 
				+                return
			
 
				+        }
			
 
				+
			
 
				+        if err := input.Validate(strfmt.Default); err != nil {
			
 
				+                log.Errorf("Failed to validate input: %s", err)
			
 
				+                c.HandleDBErrors(gctx, err)
			
 
				+                return
			
 
				+        }
			
 
				+
			
 
				+        log.Infof("Received all metrics from %s", machineID)
			
 
				+
			
 
				+	// inputStr := litter.Sdump(input)
			
 
				+	// log.Trace(inputStr)
			
 
				+
			
 
				+	// empty body
			
 
				+	gctx.Status(http.StatusCreated)
			
 
				+}
			
--- a/pkg/csconfig/console.go
+++ b/pkg/csconfig/console.go
@@ -37,6 +37,29 @@ type ConsoleConfig struct {
 
				 	ShareContext          *bool `yaml:"share_context"`
			
 
				 }
			
 
				 
			
 
				+func (c *ConsoleConfig) EnabledOptions() []string {
			
 
				+	ret := []string{}
			
 
				+	if c == nil {
			
 
				+		return ret
			
 
				+	}
			
 
				+	if c.ShareCustomScenarios != nil && *c.ShareCustomScenarios {
			
 
				+		ret = append(ret, SEND_CUSTOM_SCENARIOS)
			
 
				+	}
			
 
				+	if c.ShareTaintedScenarios != nil && *c.ShareTaintedScenarios {
			
 
				+		ret = append(ret, SEND_TAINTED_SCENARIOS)
			
 
				+	}
			
 
				+	if c.ShareManualDecisions != nil && *c.ShareManualDecisions {
			
 
				+		ret = append(ret, SEND_MANUAL_SCENARIOS)
			
 
				+	}
			
 
				+	if c.ConsoleManagement != nil && *c.ConsoleManagement {
			
 
				+		ret = append(ret, CONSOLE_MANAGEMENT)
			
 
				+	}
			
 
				+	if c.ShareContext != nil && *c.ShareContext {
			
 
				+		ret = append(ret, SEND_CONTEXT)
			
 
				+	}
			
 
				+	return ret
			
 
				+}
			
 
				+
			
 
				 func (c *ConsoleConfig) IsPAPIEnabled() bool {
			
 
				 	if c == nil || c.ConsoleManagement == nil {
			
 
				 		return false
			
--- a/test/bats/11_bouncers_tls.bats
+++ b/test/bats/11_bouncers_tls.bats
@@ -66,7 +66,7 @@ teardown() {
 
				 }
			
 
				 
			
 
				 @test "simulate one bouncer request with a valid cert" {
			
 
				-    rune -0 curl -s --cert "${tmpdir}/bouncer.pem" --key "${tmpdir}/bouncer-key.pem" --cacert "${tmpdir}/bundle.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
			
 
				+    rune -0 curl -f -s --cert "${tmpdir}/bouncer.pem" --key "${tmpdir}/bouncer-key.pem" --cacert "${tmpdir}/bundle.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
			
 
				     assert_output "null"
			
 
				     rune -0 cscli bouncers list -o json
			
 
				     rune -0 jq '. | length' <(output)
			
--- a/test/bats/30_machines.bats
+++ b/test/bats/30_machines.bats
@@ -90,3 +90,40 @@ teardown() {
 
				     rune -0 jq '. | length' <(output)
			
 
				     assert_output 1
			
 
				 }
			
 
				+
			
 
				+@test "usage metrics" {
			
 
				+    # a registered log processor can send metrics for the console
			
 
				+    token=$(lp_login)
			
 
				+    usage_metrics="http://localhost:8080/v1/usage-metrics"
			
 
				+
			
 
				+    payload=$(cat <<-EOT
			
 
				+	remediation_components: []
			
 
				+	log_processors:
			
 
				+	  -
			
 
				+	    - version: "v1.0"
			
 
				+	      feature_flags:
			
 
				+	          - marshmallows
			
 
				+	      meta:
			
 
				+	        window_size_seconds: 600
			
 
				+	        utc_startup_timestamp: 1707399316
			
 
				+	        utc_now_timestamp: 1707485349
			
 
				+	      os:
			
 
				+	        name: CentOS
			
 
				+	        version: "8"
			
 
				+	      metrics:
			
 
				+	        - name: logs_parsed
			
 
				+	          value: 5000
			
 
				+	          unit: count
			
 
				+	          labels: {}
			
 
				+	      console_options:
			
 
				+	        - share_context
			
 
				+	      datasources:
			
 
				+	        syslog: 1
			
 
				+	        file: 4
			
 
				+	EOT
			
 
				+    )
			
 
				+
			
 
				+    echo -e "$payload" >/tmp/bbb
			
 
				+    rune -0 curl -f -sS -H "Authorization: Bearer ${token}" -X POST "$usage_metrics" --data "$(echo "$payload" | yq -o j)"
			
 
				+    refute_output
			
 
				+}
			
--- a/test/bats/97_ipv4_single.bats
+++ b/test/bats/97_ipv4_single.bats
@@ -24,7 +24,7 @@ setup() {
 
				 
			
 
				 api() {
			
 
				     URI="$1"
			
 
				-    curl -s -H "X-Api-Key: ${API_KEY}" "${CROWDSEC_API_URL}${URI}"
			
 
				+    curl -f -s -H "X-Api-Key: ${API_KEY}" "${CROWDSEC_API_URL}${URI}"
			
 
				 }
			
 
				 
			
 
				 #----------
			
--- a/test/bats/97_ipv6_single.bats
+++ b/test/bats/97_ipv6_single.bats
@@ -24,7 +24,7 @@ setup() {
 
				 
			
 
				 api() {
			
 
				     URI="$1"
			
 
				-    curl -s -H "X-Api-Key: ${API_KEY}" "${CROWDSEC_API_URL}${URI}"
			
 
				+    curl -f -s -H "X-Api-Key: ${API_KEY}" "${CROWDSEC_API_URL}${URI}"
			
 
				 }
			
 
				 
			
 
				 #----------
			
--- a/test/bats/98_ipv4_range.bats
+++ b/test/bats/98_ipv4_range.bats
@@ -24,7 +24,7 @@ setup() {
 
				 
			
 
				 api() {
			
 
				     URI="$1"
			
 
				-    curl -s -H "X-Api-Key: ${API_KEY}" "${CROWDSEC_API_URL}${URI}"
			
 
				+    curl -f -s -H "X-Api-Key: ${API_KEY}" "${CROWDSEC_API_URL}${URI}"
			
 
				 }
			
 
				 
			
 
				 #----------
			
--- a/test/bats/98_ipv6_range.bats
+++ b/test/bats/98_ipv6_range.bats
@@ -24,7 +24,7 @@ setup() {
 
				 
			
 
				 api() {
			
 
				     URI="$1"
			
 
				-    curl -s -H "X-Api-Key: ${API_KEY}" "${CROWDSEC_API_URL}${URI}"
			
 
				+    curl -f -s -H "X-Api-Key: ${API_KEY}" "${CROWDSEC_API_URL}${URI}"
			
 
				 }
			
 
				 
			
 
				 #----------
			
--- a/test/bats/99_lapi-stream-mode-scenario.bats
+++ b/test/bats/99_lapi-stream-mode-scenario.bats
@@ -26,7 +26,7 @@ setup() {
 
				 
			
 
				 api() {
			
 
				     URI="$1"
			
 
				-    curl -s -H "X-Api-Key:${API_KEY}" "${CROWDSEC_API_URL}${URI}"
			
 
				+    curl -f -s -H "X-Api-Key:${API_KEY}" "${CROWDSEC_API_URL}${URI}"
			
 
				 }
			
 
				 
			
 
				 output_new_decisions() {
			
--- a/test/bats/99_lapi-stream-mode-scopes.bats
+++ b/test/bats/99_lapi-stream-mode-scopes.bats
@@ -25,7 +25,7 @@ setup() {
 
				 
			
 
				 api() {
			
 
				     URI="$1"
			
 
				-    curl -s -H "X-Api-Key: ${API_KEY}" "${CROWDSEC_API_URL}${URI}"
			
 
				+    curl -f -s -H "X-Api-Key: ${API_KEY}" "${CROWDSEC_API_URL}${URI}"
			
 
				 }
			
 
				 
			
 
				 @test "adding decisions for multiple scopes" {
			
--- a/test/bats/99_lapi-stream-mode.bats
+++ b/test/bats/99_lapi-stream-mode.bats
@@ -25,7 +25,7 @@ setup() {
 
				 
			
 
				 api() {
			
 
				     URI="$1"
			
 
				-    curl -s -H "X-Api-Key: ${API_KEY}" "${CROWDSEC_API_URL}${URI}"
			
 
				+    curl -f -s -H "X-Api-Key: ${API_KEY}" "${CROWDSEC_API_URL}${URI}"
			
 
				 }
			
 
				 
			
 
				 @test "adding decisions for multiple ips" {
			
--- a/test/lib/setup_file.sh
+++ b/test/lib/setup_file.sh
@@ -276,3 +276,19 @@ rune() {
 
				     run --separate-stderr "$@"
			
 
				 }
			
 
				 export -f rune
			
 
				+
			
 
				+# as a log processor, connect to lapi and get a token
			
 
				+lp_login() {
			
 
				+    local cred
			
 
				+    cred=$(config_get .api.client.credentials_path)
			
 
				+    local url
			
 
				+    url="$(yq '.url' < "$cred")/v1/watchers/login"
			
 
				+    local resp
			
 
				+    resp=$(yq -oj -I0 '{"machine_id":.login,"password":.password}' < "$cred" | curl -s -X POST "$url" --data-binary @-)
			
 
				+    if [[ "$(yq -e '.code' <<<"$resp")" != 200 ]]; then
			
 
				+        echo "login_lp: failed to login" >&3
			
 
				+        return 1
			
 
				+    fi
			
 
				+    echo "$resp" | yq -r '.token'
			
 
				+}
			
 
				+export -f lp_login