Update test env (#987)

* update test_env

config/dev.yaml

@@ -6,13 +6,18 @@ common:
   working_dir: .
 config_paths:
   config_dir: ./config
-  data_dir: ./data/
+  data_dir: ./data/   
+  notification_dir: ./config/notifications/
+  plugin_dir: ./plugins/
   #simulation_path: /etc/crowdsec/config/simulation.yaml
   #hub_dir: /etc/crowdsec/hub/
   #index_path: ./config/hub/.index.json
 crowdsec_service:
   acquisition_path: ./config/acquis.yaml
   parser_routines: 1
+plugin_config:
+  user: $USER # plugin process would be ran on behalf of this user
+  group: $USER # plugin process would be ran on behalf of this group
 cscli:
   output: human
 db_config:

pkg/csplugin/broker.go

@@ -240,7 +240,8 @@ func (pb *PluginBroker) loadNotificationPlugin(name string, binaryPath string) (
 		return nil, err
 	}
 	cmd := exec.Command(binaryPath)
-	cmd.SysProcAttr, err = getProccessAtr(pb.pluginProcConfig.User, pb.pluginProcConfig.Group)
+	cmd.SysProcAttr, err = getProcessAtr(pb.pluginProcConfig.User, pb.pluginProcConfig.Group)
+	cmd.SysProcAttr.Credential.NoSetGroups = true
 	if err != nil {
 		return nil, errors.Wrap(err, "while getting process attributes")
 	}
@@ -350,10 +351,18 @@ func pluginIsValid(path string) error {
 		return errors.Wrap(err, fmt.Sprintf("plugin at %s does not exist", path))
 	}
 
-	// check if it is owned by root
+	// check if it is owned by current user
+	currentUser, err := user.Current()
+	if err != nil {
+		return errors.Wrap(err, "while getting current user")
+	}
+	procAttr, err := getProcessAtr(currentUser.Username, currentUser.Username)
+	if err != nil {
+		return errors.Wrap(err, "while getting process attributes")
+	}
 	stat := details.Sys().(*syscall.Stat_t)
-	if stat.Uid != 0 || stat.Gid != 0 {
-		return fmt.Errorf("plugin at %s is not owned by root user and group", path)
+	if stat.Uid != procAttr.Credential.Uid || stat.Gid != procAttr.Credential.Gid {
+		return fmt.Errorf("plugin at %s is not owned by %s user and group", path, currentUser.Username)
 	}
 
 	if (int(details.Mode()) & 2) != 0 {
@@ -387,7 +396,7 @@ func getPluginTypeAndSubtypeFromPath(path string) (string, string, error) {
 	return strings.Join(parts[:len(parts)-1], "-"), parts[len(parts)-1], nil
 }
 
-func getProccessAtr(username string, groupname string) (*syscall.SysProcAttr, error) {
+func getProcessAtr(username string, groupname string) (*syscall.SysProcAttr, error) {
 	u, err := user.Lookup(username)
 	if err != nil {
 		return nil, err

scripts/test_env.sh

@@ -39,6 +39,9 @@ PARSER_S02="$PARSER_DIR/s02-enrich"
 SCENARIOS_DIR="$CONFIG_DIR/scenarios"
 POSTOVERFLOWS_DIR="$CONFIG_DIR/postoverflows"
 HUB_DIR="$CONFIG_DIR/hub"
+PLUGINS="http slack splunk"
+PLUGINS_DIR="plugins"
+NOTIF_DIR="notifications"
 
 log_info() {
 	msg=$1
@@ -59,11 +62,12 @@ create_arbo() {
 	mkdir -p "$POSTOVERFLOWS_DIR"
 	mkdir -p "$CSCLI_DIR"
 	mkdir -p "$HUB_DIR"
+	mkdir -p $CONFIG_DIR/$NOTIF_DIR/$plugin
+	mkdir -p $BASE/$PLUGINS_DIR
 }
 
 copy_files() {
 	cp "./config/profiles.yaml" "$CONFIG_DIR"
-	cp "./config/dev.yaml" "$BASE"
 	cp  "./config/simulation.yaml" "$CONFIG_DIR"
 	cp "./cmd/crowdsec/crowdsec" "$BASE"
 	cp "./cmd/crowdsec-cli/cscli" "$BASE"
@@ -71,6 +75,12 @@ copy_files() {
 	cp "./config/acquis.yaml" "$CONFIG_DIR"
 	touch "$CONFIG_DIR"/local_api_credentials.yaml
 	touch "$CONFIG_DIR"/online_api_credentials.yaml
+	envsubst < "./config/dev.yaml" > $BASE/dev.yaml
+	for plugin in $PLUGINS
+	do
+		cp $PLUGINS_DIR/$NOTIF_DIR/$plugin/notification-$plugin $BASE/$PLUGINS_DIR/notification-$plugin
+		cp $PLUGINS_DIR/$NOTIF_DIR/$plugin/$plugin.yaml $CONFIG_DIR/$NOTIF_DIR/$plugin.yaml
+	done
 }