From 67841d54ee673fb126971dc286947da5cd7c57e4 Mon Sep 17 00:00:00 2001 From: mmetc <92726601+mmetc@users.noreply.github.com> Date: Mon, 13 Jun 2022 21:54:47 +0200 Subject: [PATCH] updated bats to 1.7.0; shellcheck fixes and moved cfssl dir under testdata/ (#1584) --- .gitmodules | 1 + tests/README.md | 3 +- tests/assert-crowdsec-not-running | 8 +-- tests/bats/01_crowdsec.bats | 1 - tests/bats/02_nolapi.bats | 2 +- tests/bats/05_config_yaml_local.bats | 26 ++++---- tests/bats/06_crowdsec.bats | 0 tests/bats/11_bouncers_tls.bats | 58 +++++++++--------- tests/bats/30_machines_tls.bats | 61 ++++++++++--------- tests/bats/70_http_plugin.bats | 1 - tests/bats/71_dummy_plugin.bats | 2 +- tests/bats/72_plugin_badconfig.bats | 1 - tests/bats/80_alerts.bats | 4 +- tests/bats/reformat | 7 ++- tests/{ => bats/testdata}/cfssl/agent.json | 0 .../testdata}/cfssl/agent_invalid.json | 0 tests/{ => bats/testdata}/cfssl/bouncer.json | 0 .../testdata}/cfssl/bouncer_invalid.json | 0 tests/{ => bats/testdata}/cfssl/ca.json | 0 .../testdata}/cfssl/intermediate.json | 0 tests/{ => bats/testdata}/cfssl/profiles.json | 0 tests/{ => bats/testdata}/cfssl/server.json | 0 tests/check-requirements | 12 ++-- tests/collect-hub-coverage | 4 +- tests/crowdsec-wrapper | 2 +- tests/generate-hub-tests | 2 +- tests/instance-crowdsec | 8 +-- tests/instance-data | 8 +-- tests/instance-db | 8 +-- tests/lib/bats-assert | 2 +- tests/lib/bats-core | 2 +- tests/lib/config/config-global | 38 ++++++------ tests/lib/config/config-local | 32 +++++----- tests/lib/db/instance-mysql | 18 +++--- tests/lib/db/instance-postgres | 14 ++--- tests/lib/db/instance-sqlite | 22 +++---- tests/lib/init/crowdsec-daemon | 16 ++--- tests/lib/init/crowdsec-systemd | 14 ++--- tests/lib/setup.sh | 1 + tests/lib/setup_file.sh | 11 ++-- tests/lib/teardown_file.sh | 1 + tests/lib/util/wait-for-port | 4 +- tests/run-as-daemon | 5 +- tests/run-tests | 13 ++-- 44 files changed, 211 insertions(+), 201 deletions(-) mode change 100755 => 100644 tests/bats/06_crowdsec.bats rename tests/{ => bats/testdata}/cfssl/agent.json (100%) rename tests/{ => bats/testdata}/cfssl/agent_invalid.json (100%) rename tests/{ => bats/testdata}/cfssl/bouncer.json (100%) rename tests/{ => bats/testdata}/cfssl/bouncer_invalid.json (100%) rename tests/{ => bats/testdata}/cfssl/ca.json (100%) rename tests/{ => bats/testdata}/cfssl/intermediate.json (100%) rename tests/{ => bats/testdata}/cfssl/profiles.json (100%) rename tests/{ => bats/testdata}/cfssl/server.json (100%) mode change 100644 => 100755 tests/lib/setup.sh mode change 100644 => 100755 tests/lib/setup_file.sh mode change 100644 => 100755 tests/lib/teardown_file.sh diff --git a/.gitmodules b/.gitmodules index 8ea50071e..0bf1bf5ef 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,6 +1,7 @@ [submodule "tests/lib/bats-core"] path = tests/lib/bats-core url = https://github.com/crowdsecurity/bats-core.git + branch = v1.7.0 [submodule "tests/lib/bats-file"] path = tests/lib/bats-file url = https://github.com/crowdsecurity/bats-file.git diff --git a/tests/README.md b/tests/README.md index 6309dd6f1..b3124802e 100644 --- a/tests/README.md +++ b/tests/README.md @@ -71,7 +71,8 @@ To repeat test runs without rebuilding crowdsec, use `make bats-test`. See `./tests/run-tests --help` to run/debug specific tests. -Example: `./tests/run-tests tests/bats/02_nolapi.bats -f "cscli config backup"` (the string is a regexp) +Example: `./tests/run-tests tests/bats/02_nolapi.bats -f "cscli config backup"` (the string is a regexp). +You need to provide a path for a test file or directory (even if it's the full 'tests/bats') to use the `-f` option. # How does it work? diff --git a/tests/assert-crowdsec-not-running b/tests/assert-crowdsec-not-running index 45372ad51..1de5a03a4 100755 --- a/tests/assert-crowdsec-not-running +++ b/tests/assert-crowdsec-not-running @@ -13,14 +13,14 @@ is_crowdsec_running || exit 0 sleep 2 is_crowdsec_running || exit 0 -PIDS=$(echo "$PIDS" | sed ':a;N;$!ba;s/\n/ /g') -msg="CrowdSec is already running (PID $PIDS). Please terminate it and run the tests again." +PIDS=$(echo "${PIDS}" | sed ':a;N;$!ba;s/\n/ /g') +msg="CrowdSec is already running (PID ${PIDS}). Please terminate it and run the tests again." # Are we inside a setup() or @test? Is file descriptor 3 open? if { true >&3; } 2>/dev/null; then - echo "$msg" >&3 + echo "${msg}" >&3 else - echo "$msg" >&2 + echo "${msg}" >&2 fi # cause the calling setup() or @test to fail diff --git a/tests/bats/01_crowdsec.bats b/tests/bats/01_crowdsec.bats index 6c482cbdd..e92c442eb 100644 --- a/tests/bats/01_crowdsec.bats +++ b/tests/bats/01_crowdsec.bats @@ -54,4 +54,3 @@ declare stderr run -0 echo "${stderr}" assert_line --partial "You must run at least the API Server or crowdsec" } - diff --git a/tests/bats/02_nolapi.bats b/tests/bats/02_nolapi.bats index 5250e72fa..1af46597d 100644 --- a/tests/bats/02_nolapi.bats +++ b/tests/bats/02_nolapi.bats @@ -77,7 +77,7 @@ declare stderr @test "$FILE lapi status shouldn't be ok without api.server" { yq e 'del(.api.server)' -i "${CONFIG_YAML}" - ./instance-crowdsec start || true + ./instance-crowdsec start || true run -1 --separate-stderr cscli machines list run -0 echo "$stderr" assert_output --partial "Local API is disabled, please run this command on the local API machine" diff --git a/tests/bats/05_config_yaml_local.bats b/tests/bats/05_config_yaml_local.bats index 379a4d8f3..0cea5d735 100644 --- a/tests/bats/05_config_yaml_local.bats +++ b/tests/bats/05_config_yaml_local.bats @@ -26,7 +26,6 @@ teardown() { ./instance-crowdsec stop } - #---------- @test "${FILE} config.yaml.local - cscli (log_level)" { @@ -34,7 +33,7 @@ teardown() { run -0 cscli config show --key Config.Common.LogLevel assert_output "warning" - echo "{'common':{'log_level':'debug'}}" > "${CONFIG_YAML}.local" + echo "{'common':{'log_level':'debug'}}" >"${CONFIG_YAML}.local" run -0 cscli config show --key Config.Common.LogLevel assert_output "debug" } @@ -45,7 +44,7 @@ teardown() { assert_output "warning" export CROWDSEC_LOG_LEVEL=debug - echo "{'common':{'log_level':'${CROWDSEC_LOG_LEVEL}'}}" > "${CONFIG_YAML}.local" + echo "{'common':{'log_level':'${CROWDSEC_LOG_LEVEL}'}}" >"${CONFIG_YAML}.local" run -0 cscli config show --key Config.Common.LogLevel assert_output "debug" } @@ -55,7 +54,7 @@ teardown() { run -0 ./lib/util/wait-for-port -q 8080 run -0 ./instance-crowdsec stop - echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" > "${CONFIG_YAML}.local" + echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local" run -0 ./instance-crowdsec start run -0 ./lib/util/wait-for-port -q 8083 run -1 ./lib/util/wait-for-port -q 8080 @@ -68,32 +67,32 @@ teardown() { } @test "${FILE} local_api_credentials.yaml.local" { - echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" > "${CONFIG_YAML}.local" + echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local" run -0 ./instance-crowdsec start run -0 ./lib/util/wait-for-port -q 8083 - run -0 yq e '.api.client.credentials_path' < "${CONFIG_YAML}" + run -0 yq e '.api.client.credentials_path' <"${CONFIG_YAML}" LOCAL_API_CREDENTIALS="${output}" run -1 cscli decisions list - echo "{'url':'http://127.0.0.1:8083'}" > "${LOCAL_API_CREDENTIALS}.local" + echo "{'url':'http://127.0.0.1:8083'}" >"${LOCAL_API_CREDENTIALS}.local" run -0 cscli decisions list } @test "${FILE} simulation.yaml.local" { - run -0 yq e '.config_paths.simulation_path' < "${CONFIG_YAML}" + run -0 yq e '.config_paths.simulation_path' <"${CONFIG_YAML}" refute_output null SIMULATION="${output}" - echo "simulation: off" > "${SIMULATION}" + echo "simulation: off" >"${SIMULATION}" run -0 cscli simulation status -o human assert_output --partial "global simulation: disabled" - echo "simulation: on" > "${SIMULATION}" + echo "simulation: on" >"${SIMULATION}" run -0 cscli simulation status -o human assert_output --partial "global simulation: enabled" - echo "simulation: off" > "${SIMULATION}.local" + echo "simulation: off" >"${SIMULATION}.local" run -0 cscli simulation status -o human assert_output --partial "global simulation: disabled" @@ -102,13 +101,12 @@ teardown() { assert_output --partial "global simulation: enabled" } - @test "${FILE} profiles.yaml.local" { - run -0 yq e '.api.server.profiles_path' < "${CONFIG_YAML}" + run -0 yq e '.api.server.profiles_path' <"${CONFIG_YAML}" refute_output null PROFILES="${output}" - cat <<-EOT > "${PROFILES}.local" + cat <<-EOT >"${PROFILES}.local" name: default_ip_remediation filters: - Alert.Remediation == true && Alert.GetScope() == "Ip" diff --git a/tests/bats/06_crowdsec.bats b/tests/bats/06_crowdsec.bats old mode 100755 new mode 100644 diff --git a/tests/bats/11_bouncers_tls.bats b/tests/bats/11_bouncers_tls.bats index 8969e53c7..5359e07fc 100644 --- a/tests/bats/11_bouncers_tls.bats +++ b/tests/bats/11_bouncers_tls.bats @@ -12,25 +12,28 @@ setup_file() { ./instance-data load tmpdir=$(mktemp -d) export tmpdir - #gen the CA - cfssl gencert --initca ./cfssl/ca.json 2>/dev/null | cfssljson --bare "${tmpdir}/ca" - #gen an intermediate - cfssl gencert --initca ./cfssl/intermediate.json 2>/dev/null | cfssljson --bare "${tmpdir}/inter" - cfssl sign -ca "${tmpdir}/ca.pem" -ca-key "${tmpdir}/ca-key.pem" -config ./cfssl/profiles.json -profile intermediate_ca "${tmpdir}/inter.csr" 2>/dev/null | cfssljson --bare "${tmpdir}/inter" - #gen server cert for crowdsec with the intermediate - cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config ./cfssl/profiles.json -profile=server ./cfssl/server.json 2>/dev/null | cfssljson --bare "${tmpdir}/server" - #gen client cert for the bouncer - cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config ./cfssl/profiles.json -profile=client ./cfssl/bouncer.json 2>/dev/null | cfssljson --bare "${tmpdir}/bouncer" - #gen client cert for the bouncer with an invalid OU - cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config ./cfssl/profiles.json -profile=client ./cfssl/bouncer_invalid.json 2>/dev/null | cfssljson --bare "${tmpdir}/bouncer_bad_ou" - #gen client cert for the bouncer directly signed by the CA, it should be refused by crowdsec as uses the intermediate - cfssl gencert -ca "${tmpdir}/ca.pem" -ca-key "${tmpdir}/ca-key.pem" -config ./cfssl/profiles.json -profile=client ./cfssl/bouncer.json 2>/dev/null | cfssljson --bare "${tmpdir}/bouncer_invalid" - - cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config ./cfssl/profiles.json -profile=client ./cfssl/bouncer.json 2>/dev/null | cfssljson --bare "${tmpdir}/bouncer_revoked" - serial="$(openssl x509 -noout -serial -in ${tmpdir}/bouncer_revoked.pem | cut -d '=' -f2)" - echo "ibase=16; $serial" | bc > "${tmpdir}/serials.txt" - cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem" + CFDIR="${BATS_TEST_DIRNAME}/testdata/cfssl" + export CFDIR + + #gen the CA + cfssl gencert --initca "${CFDIR}/ca.json" 2>/dev/null | cfssljson --bare "${tmpdir}/ca" + #gen an intermediate + cfssl gencert --initca "${CFDIR}/intermediate.json" 2>/dev/null | cfssljson --bare "${tmpdir}/inter" + cfssl sign -ca "${tmpdir}/ca.pem" -ca-key "${tmpdir}/ca-key.pem" -config "${CFDIR}/profiles.json" -profile intermediate_ca "${tmpdir}/inter.csr" 2>/dev/null | cfssljson --bare "${tmpdir}/inter" + #gen server cert for crowdsec with the intermediate + cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config "${CFDIR}/profiles.json" -profile=server "${CFDIR}/server.json" 2>/dev/null | cfssljson --bare "${tmpdir}/server" + #gen client cert for the bouncer + cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config "${CFDIR}/profiles.json" -profile=client "${CFDIR}/bouncer.json" 2>/dev/null | cfssljson --bare "${tmpdir}/bouncer" + #gen client cert for the bouncer with an invalid OU + cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config "${CFDIR}/profiles.json" -profile=client "${CFDIR}/bouncer_invalid.json" 2>/dev/null | cfssljson --bare "${tmpdir}/bouncer_bad_ou" + #gen client cert for the bouncer directly signed by the CA, it should be refused by crowdsec as uses the intermediate + cfssl gencert -ca "${tmpdir}/ca.pem" -ca-key "${tmpdir}/ca-key.pem" -config "${CFDIR}/profiles.json" -profile=client "${CFDIR}/bouncer.json" 2>/dev/null | cfssljson --bare "${tmpdir}/bouncer_invalid" + + cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config "${CFDIR}/profiles.json" -profile=client "${CFDIR}/bouncer.json" 2>/dev/null | cfssljson --bare "${tmpdir}/bouncer_revoked" + serial="$(openssl x509 -noout -serial -in "${tmpdir}/bouncer_revoked.pem" | cut -d '=' -f2)" + echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt" + cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem" yq ' .api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" | @@ -39,14 +42,13 @@ setup_file() { .api.server.tls.crl_path=strenv(tmpdir) + "/crl.pem" | .api.server.tls.bouncers_allowed_ou=["bouncer-ou"] ' -i "${CONFIG_YAML}" - + config_disable_agent } - teardown_file() { load "../lib/teardown_file.sh" - rm -rf $tmpdir + rm -rf "${tmpdir}" } setup() { @@ -60,14 +62,14 @@ teardown() { #---------- -@test "$FILE there are 0 bouncers" { +@test "${FILE} there are 0 bouncers" { run -0 cscli bouncers list -o json assert_output "[]" } -@test "$FILE simulate one bouncer request with a valid cert" { +@test "${FILE} simulate one bouncer request with a valid cert" { run -0 curl -s --cert "${tmpdir}/bouncer.pem" --key "${tmpdir}/bouncer-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42 - assert_output "null" + assert_output "null" run -0 cscli bouncers list -o json run -0 jq '. | length' <(output) assert_output '1' @@ -77,21 +79,21 @@ teardown() { run cscli bouncers delete localhost@127.0.0.1 } -@test "$FILE simulate one bouncer request with an invalid cert" { +@test "${FILE} simulate one bouncer request with an invalid cert" { run curl -s --cert "${tmpdir}/bouncer_invalid.pem" --key "${tmpdir}/bouncer_invalid-key.pem" --cacert "${tmpdir}/ca-key.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42 run -0 cscli bouncers list -o json assert_output "[]" } -@test "$FILE simulate one bouncer request with an invalid OU" { +@test "${FILE} simulate one bouncer request with an invalid OU" { run curl -s --cert "${tmpdir}/bouncer_bad_ou.pem" --key "${tmpdir}/bouncer_bad_ou-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42 run -0 cscli bouncers list -o json assert_output "[]" } -@test "$FILE simulate one bouncer request with a revoked certificate" { +@test "${FILE} simulate one bouncer request with a revoked certificate" { run -0 curl -i -s --cert "${tmpdir}/bouncer_revoked.pem" --key "${tmpdir}/bouncer_revoked-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42 assert_output --partial "access forbidden" run -0 cscli bouncers list -o json assert_output "[]" -} \ No newline at end of file +} diff --git a/tests/bats/30_machines_tls.bats b/tests/bats/30_machines_tls.bats index 7ff4ec140..a93d4434f 100644 --- a/tests/bats/30_machines_tls.bats +++ b/tests/bats/30_machines_tls.bats @@ -4,29 +4,33 @@ set -u setup_file() { - load "../lib/setup_file.sh" + load "../lib/setup_file.sh" ./instance-data load + tmpdir=$(mktemp -d) export tmpdir - #gen the CA - cfssl gencert --initca ./cfssl/ca.json 2>/dev/null | cfssljson --bare "${tmpdir}/ca" - #gen an intermediate - cfssl gencert --initca ./cfssl/intermediate.json 2>/dev/null | cfssljson --bare "${tmpdir}/inter" - cfssl sign -ca "${tmpdir}/ca.pem" -ca-key "${tmpdir}/ca-key.pem" -config ./cfssl/profiles.json -profile intermediate_ca "${tmpdir}/inter.csr" 2>/dev/null | cfssljson --bare "${tmpdir}/inter" - #gen server cert for crowdsec with the intermediate - cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config ./cfssl/profiles.json -profile=server ./cfssl/server.json 2>/dev/null | cfssljson --bare "${tmpdir}/server" - #gen client cert for the agent - cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config ./cfssl/profiles.json -profile=client ./cfssl/agent.json 2>/dev/null | cfssljson --bare "${tmpdir}/agent" - #gen client cert for the agent with an invalid OU - cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config ./cfssl/profiles.json -profile=client ./cfssl/agent_invalid.json 2>/dev/null | cfssljson --bare "${tmpdir}/agent_bad_ou" - #gen client cert for the agent directly signed by the CA, it should be refused by crowdsec as uses the intermediate - cfssl gencert -ca "${tmpdir}/ca.pem" -ca-key "${tmpdir}/ca-key.pem" -config ./cfssl/profiles.json -profile=client ./cfssl/agent.json 2>/dev/null | cfssljson --bare "${tmpdir}/agent_invalid" - - cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config ./cfssl/profiles.json -profile=client ./cfssl/agent.json 2>/dev/null | cfssljson --bare "${tmpdir}/agent_revoked" - serial="$(openssl x509 -noout -serial -in ${tmpdir}/agent_revoked.pem | cut -d '=' -f2)" - echo "ibase=16; $serial" | bc > "${tmpdir}/serials.txt" - cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem" + CFDIR="${BATS_TEST_DIRNAME}/testdata/cfssl" + export CFDIR + + #gen the CA + cfssl gencert --initca "${CFDIR}/ca.json" 2>/dev/null | cfssljson --bare "${tmpdir}/ca" + #gen an intermediate + cfssl gencert --initca "${CFDIR}/intermediate.json" 2>/dev/null | cfssljson --bare "${tmpdir}/inter" + cfssl sign -ca "${tmpdir}/ca.pem" -ca-key "${tmpdir}/ca-key.pem" -config "${CFDIR}/profiles.json" -profile intermediate_ca "${tmpdir}/inter.csr" 2>/dev/null | cfssljson --bare "${tmpdir}/inter" + #gen server cert for crowdsec with the intermediate + cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config "${CFDIR}/profiles.json" -profile=server "${CFDIR}/server.json" 2>/dev/null | cfssljson --bare "${tmpdir}/server" + #gen client cert for the agent + cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config "${CFDIR}/profiles.json" -profile=client "${CFDIR}/agent.json" 2>/dev/null | cfssljson --bare "${tmpdir}/agent" + #gen client cert for the agent with an invalid OU + cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config "${CFDIR}/profiles.json" -profile=client "${CFDIR}/agent_invalid.json" 2>/dev/null | cfssljson --bare "${tmpdir}/agent_bad_ou" + #gen client cert for the agent directly signed by the CA, it should be refused by crowdsec as uses the intermediate + cfssl gencert -ca "${tmpdir}/ca.pem" -ca-key "${tmpdir}/ca-key.pem" -config "${CFDIR}/profiles.json" -profile=client "${CFDIR}/agent.json" 2>/dev/null | cfssljson --bare "${tmpdir}/agent_invalid" + + cfssl gencert -ca "${tmpdir}/inter.pem" -ca-key "${tmpdir}/inter-key.pem" -config "${CFDIR}/profiles.json" -profile=client "${CFDIR}/agent.json" 2>/dev/null | cfssljson --bare "${tmpdir}/agent_revoked" + serial="$(openssl x509 -noout -serial -in "${tmpdir}/agent_revoked.pem" | cut -d '=' -f2)" + echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt" + cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem" yq ' .api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" | @@ -53,8 +57,8 @@ teardown() { #---------- -@test "$FILE invalid OU for agent" { - CONFIG_DIR=$(dirname ${CONFIG_YAML}) +@test "${FILE} invalid OU for agent" { + CONFIG_DIR=$(dirname "${CONFIG_YAML}") yq ' .ca_cert_path=strenv(tmpdir) + "/inter.pem" | @@ -72,8 +76,8 @@ teardown() { assert_output '[]' } -@test "$FILE we have exactly one machine registered with TLS" { - CONFIG_DIR=$(dirname ${CONFIG_YAML}) +@test "${FILE} we have exactly one machine registered with TLS" { + CONFIG_DIR=$(dirname "${CONFIG_YAML}") yq ' .ca_cert_path=strenv(tmpdir) + "/inter.pem" | @@ -96,9 +100,8 @@ teardown() { ./instance-crowdsec stop } - -@test "$FILE invalid cert for agent" { - CONFIG_DIR=$(dirname ${CONFIG_YAML}) +@test "${FILE} invalid cert for agent" { + CONFIG_DIR=$(dirname "${CONFIG_YAML}") yq ' .ca_cert_path=strenv(tmpdir) + "/inter.pem" | @@ -116,8 +119,8 @@ teardown() { assert_output '[]' } -@test "$FILE revoked cert for agent" { - CONFIG_DIR=$(dirname ${CONFIG_YAML}) +@test "${FILE} revoked cert for agent" { + CONFIG_DIR=$(dirname "${CONFIG_YAML}") yq ' .ca_cert_path=strenv(tmpdir) + "/inter.pem" | @@ -133,4 +136,4 @@ teardown() { sleep 2 run -0 cscli machines list -o json assert_output '[]' -} \ No newline at end of file +} diff --git a/tests/bats/70_http_plugin.bats b/tests/bats/70_http_plugin.bats index c272e8fae..45f156ad4 100644 --- a/tests/bats/70_http_plugin.bats +++ b/tests/bats/70_http_plugin.bats @@ -84,4 +84,3 @@ setup() { run -0 jq -r '.request_body[1].decisions[0].value' <"${MOCK_OUT}" assert_output 1.2.3.5 } - diff --git a/tests/bats/71_dummy_plugin.bats b/tests/bats/71_dummy_plugin.bats index 112fbeaa1..4702dc438 100644 --- a/tests/bats/71_dummy_plugin.bats +++ b/tests/bats/71_dummy_plugin.bats @@ -24,7 +24,7 @@ setup_file() { .format="{{.|toJson}}" ' -i "${DUMMY_YAML}" - cat <<- EOT >> "${DUMMY_YAML}" + cat <<-EOT >>"${DUMMY_YAML}" --- type: dummy name: dummy_2 diff --git a/tests/bats/72_plugin_badconfig.bats b/tests/bats/72_plugin_badconfig.bats index db3eae271..eaccc79e9 100644 --- a/tests/bats/72_plugin_badconfig.bats +++ b/tests/bats/72_plugin_badconfig.bats @@ -117,4 +117,3 @@ teardown() { run -0 echo "${stderr}" assert_output --partial "api server init: unable to run local API: while loading plugin config: open /this/path/does/not/exist: no such file or directory" } - diff --git a/tests/bats/80_alerts.bats b/tests/bats/80_alerts.bats index c848a4693..c0aa9ddc0 100644 --- a/tests/bats/80_alerts.bats +++ b/tests/bats/80_alerts.bats @@ -105,9 +105,9 @@ declare stderr run -0 cscli alerts inspect "$ALERT_ID" -o json alert=$output - run jq -c '.decisions[] | [.origin,.scenario,.scope,.simulated,.type,.value]' <<< "$alert" + run jq -c '.decisions[] | [.origin,.scenario,.scope,.simulated,.type,.value]' <<<"$alert" assert_output --regexp "\[\"cscli\",\"manual 'ban' from 'githubciXXXXXXXXXXXXXXXXXXXXXXXX.*'\",\"Ip\",false,\"ban\",\"10.20.30.40\"\]" - run jq -c '.source' <<< "$alert" + run jq -c '.source' <<<"$alert" assert_output '{"ip":"10.20.30.40","scope":"Ip","value":"10.20.30.40"}' } diff --git a/tests/bats/reformat b/tests/bats/reformat index 46ced82d3..fe31fe939 100755 --- a/tests/bats/reformat +++ b/tests/bats/reformat @@ -1,3 +1,4 @@ +#!/usr/bin/env bash # from https://github.com/bats-core/bats-core/issues/192#issuecomment-528315083 # thanks Sean Leather @@ -7,10 +8,10 @@ perl -pi -e 's/^(\@test.*) \{$/$1\n{/' ./*.bats tmpfile=$(mktemp) for file in *bats; do - shfmt -i 4 -ln bash -s $file >$tmpfile - mv $tmpfile $file + shfmt -i 4 -ln bash -s "${file}" > "${tmpfile}" + mv "${tmpfile}" "${file}" done -rm -f $tmpfile +rm -f "${tmpfile}" # Undo the changes to the Bats scripts in-place so that they work with Bats perl -pi -e 's/^\{\R//; s/(\@test.*$)/$1 {/' ./*.bats diff --git a/tests/cfssl/agent.json b/tests/bats/testdata/cfssl/agent.json similarity index 100% rename from tests/cfssl/agent.json rename to tests/bats/testdata/cfssl/agent.json diff --git a/tests/cfssl/agent_invalid.json b/tests/bats/testdata/cfssl/agent_invalid.json similarity index 100% rename from tests/cfssl/agent_invalid.json rename to tests/bats/testdata/cfssl/agent_invalid.json diff --git a/tests/cfssl/bouncer.json b/tests/bats/testdata/cfssl/bouncer.json similarity index 100% rename from tests/cfssl/bouncer.json rename to tests/bats/testdata/cfssl/bouncer.json diff --git a/tests/cfssl/bouncer_invalid.json b/tests/bats/testdata/cfssl/bouncer_invalid.json similarity index 100% rename from tests/cfssl/bouncer_invalid.json rename to tests/bats/testdata/cfssl/bouncer_invalid.json diff --git a/tests/cfssl/ca.json b/tests/bats/testdata/cfssl/ca.json similarity index 100% rename from tests/cfssl/ca.json rename to tests/bats/testdata/cfssl/ca.json diff --git a/tests/cfssl/intermediate.json b/tests/bats/testdata/cfssl/intermediate.json similarity index 100% rename from tests/cfssl/intermediate.json rename to tests/bats/testdata/cfssl/intermediate.json diff --git a/tests/cfssl/profiles.json b/tests/bats/testdata/cfssl/profiles.json similarity index 100% rename from tests/cfssl/profiles.json rename to tests/bats/testdata/cfssl/profiles.json diff --git a/tests/cfssl/server.json b/tests/bats/testdata/cfssl/server.json similarity index 100% rename from tests/cfssl/server.json rename to tests/bats/testdata/cfssl/server.json diff --git a/tests/check-requirements b/tests/check-requirements index 744bf7532..0717b6312 100755 --- a/tests/check-requirements +++ b/tests/check-requirements @@ -42,10 +42,10 @@ check_yq() { # shellcheck disable=SC2016 howto_install='You can install it with your favorite package manager (including snap) or with "GO111MODULE=on go get github.com/mikefarah/yq/v4" and add ~/go/bin to $PATH.' if ! command -v yq >/dev/null; then - die "Missing required program 'yq'. $howto_install" + die "Missing required program 'yq'. ${howto_install}" fi if ! (yq --version | grep mikefarah >/dev/null); then - die "yq exists but it's not the one we need (mikefarah/yq). $howto_install" + die "yq exists but it's not the one we need (mikefarah/yq). ${howto_install}" fi } @@ -63,7 +63,7 @@ check_daemonizer() { fi ;; *) - die "unsupported system: $SYSTEM" + die "unsupported system: ${SYSTEM}" ;; esac } @@ -72,7 +72,7 @@ check_cfssl() { # shellcheck disable=SC2016 howto_install='You can install it with "go get -u github.com/cloudflare/cfssl/cmd/cfssl" and add ~/go/bin to $PATH.' if ! command -v cfssl >/dev/null; then - die "Missing required program 'cfssl'. $howto_install" + die "Missing required program 'cfssl'. ${howto_install}" fi } @@ -80,7 +80,7 @@ check_cfssljson() { # shellcheck disable=SC2016 howto_install='You can install it with "go get -u github.com/cloudflare/cfssl/cmd/cfssljson" and add ~/go/bin to $PATH.' if ! command -v cfssljson >/dev/null; then - die "Missing required program 'cfssljson'. $howto_install" + die "Missing required program 'cfssljson'. ${howto_install}" fi } @@ -98,7 +98,7 @@ check_jq check_nc check_python3 check_yq -if [ -n "${TEST_COVERAGE}" ]; then +if [[ -n "${TEST_COVERAGE}" ]]; then check_gocovmerge fi diff --git a/tests/collect-hub-coverage b/tests/collect-hub-coverage index 9bf82352c..a054cb524 100755 --- a/tests/collect-hub-coverage +++ b/tests/collect-hub-coverage @@ -18,7 +18,9 @@ coverage() { "${CSCLI}" --crowdsec "${CROWDSEC}" --cscli "${CSCLI}" hubtest coverage --"$1" --percent } -cd "$hubdir" || die "Could not find hub test results" +cd "${hubdir}" || die "Could not find hub test results" + +shopt -s inherit_errexit echo "PARSERS_COV=$(coverage parsers | cut -d = -f2)" echo "SCENARIOS_COV=$(coverage scenarios | cut -d = -f2)" diff --git a/tests/crowdsec-wrapper b/tests/crowdsec-wrapper index 62d7f1188..4e5035ed5 100755 --- a/tests/crowdsec-wrapper +++ b/tests/crowdsec-wrapper @@ -26,7 +26,7 @@ set +e output=$("${BIN_DIR}/crowdsec.cover" \ -test.run="^TestBincoverRunMain$" \ -test.coverprofile="${LOCAL_DIR}/var/lib/coverage/crowdsec-$(date +'%s')-$$-${RANDOM}.out" \ - -args-file=<(for i; do echo "$i"; done)) + -args-file=<(for i; do echo "${i}"; done)) rc=$? # If there is bincover metadata, we take the status code from there. Otherwise, diff --git a/tests/generate-hub-tests b/tests/generate-hub-tests index 99fa9d2fc..002388218 100755 --- a/tests/generate-hub-tests +++ b/tests/generate-hub-tests @@ -40,7 +40,7 @@ echo "Generating hub tests..." for testname in $("${CSCLI}" --crowdsec "${CROWDSEC}" --cscli "${CSCLI}" hubtest --hub "${hubdir}" list -o json | grep -v NAME | grep -v -- '-------' | awk '{print $1}'); do cat << EOT >> "${HUBTESTS_BATS}" -@test "\$FILE $testname" { +@test "\$FILE ${testname}" { run "\${CSCLI}" --crowdsec "\${CROWDSEC}" --cscli "\${CSCLI}" --hub "${hubdir}" hubtest run "${testname}" --clean # in case of error, need to see what went wrong echo "\$output" diff --git a/tests/instance-crowdsec b/tests/instance-crowdsec index 1ec01dacf..b75affb9d 100755 --- a/tests/instance-crowdsec +++ b/tests/instance-crowdsec @@ -2,15 +2,15 @@ #shellcheck disable=SC1007 THIS_DIR=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd) -cd "${THIS_DIR}" +cd "${THIS_DIR}" || exit 1 #shellcheck disable=SC1090 . ./.environment.sh backend_script="./lib/init/crowdsec-${INIT_BACKEND}" -if [ ! -x "$backend_script" ]; then - echo "unknown init system '$INIT_BACKEND'" >&2 +if [[ ! -x "${backend_script}" ]]; then + echo "unknown init system '${INIT_BACKEND}'" >&2 exit 1 fi -exec "$backend_script" "$@" +exec "${backend_script}" "$@" diff --git a/tests/instance-data b/tests/instance-data index ec47261e1..ecd1f4ef9 100755 --- a/tests/instance-data +++ b/tests/instance-data @@ -2,15 +2,15 @@ #shellcheck disable=SC1007 THIS_DIR=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd) -cd "${THIS_DIR}" +cd "${THIS_DIR}" || exit 1 #shellcheck disable=SC1090 . ./.environment.sh backend_script="./lib/config/config-${CONFIG_BACKEND}" -if [ ! -x "$backend_script" ]; then - echo "unknown config backend '$CONFIG_BACKEND'" >&2 +if [[ ! -x "${backend_script}" ]]; then + echo "unknown config backend '${CONFIG_BACKEND}'" >&2 exit 1 fi -exec "$backend_script" "$@" +exec "${backend_script}" "$@" diff --git a/tests/instance-db b/tests/instance-db index 6a0591c04..38a8fe3f5 100755 --- a/tests/instance-db +++ b/tests/instance-db @@ -2,7 +2,7 @@ #shellcheck disable=SC1007 THIS_DIR=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd) -cd "${THIS_DIR}" +cd "${THIS_DIR}" || exit 1 #shellcheck disable=SC1090 . ./.environment.sh @@ -10,9 +10,9 @@ cd "${THIS_DIR}" backend_script="./lib/db/instance-${DB_BACKEND}" -if [ ! -x "$backend_script" ]; then - echo "unknown database '$DB_BACKEND'" >&2 +if [[ ! -x "${backend_script}" ]]; then + echo "unknown database '${DB_BACKEND}'" >&2 exit 1 fi -exec "$backend_script" "$@" +exec "${backend_script}" "$@" diff --git a/tests/lib/bats-assert b/tests/lib/bats-assert index 4bdd58d3f..397c73521 160000 --- a/tests/lib/bats-assert +++ b/tests/lib/bats-assert @@ -1 +1 @@ -Subproject commit 4bdd58d3fbcdce3209033d44d884e87add1d8405 +Subproject commit 397c735212bf1a06cfdd0cb7806c5a6ea79582bf diff --git a/tests/lib/bats-core b/tests/lib/bats-core index 210acf3a8..410dd229a 160000 --- a/tests/lib/bats-core +++ b/tests/lib/bats-core @@ -1 +1 @@ -Subproject commit 210acf3a8ed318ddedad3137c15451739beba7d4 +Subproject commit 410dd229a5ed005c68167cc90ed0712ad2a1c909 diff --git a/tests/lib/config/config-global b/tests/lib/config/config-global index 2ec9028f2..03b1db25b 100755 --- a/tests/lib/config/config-global +++ b/tests/lib/config/config-global @@ -9,7 +9,7 @@ die() { } about() { - die "usage: $script_name [make | load | clean]" + die "usage: ${script_name} [make | load | clean]" } #shellcheck disable=SC1007 @@ -20,14 +20,14 @@ cd "${THIS_DIR}"/../../ # you have not removed set -u above, have you? -[ -z "${TEST_DIR-}" ] && die "\$TEST_DIR must be defined." -[ -z "${LOCAL_DIR-}" ] && die "\$LOCAL_DIR must be defined." -[ -z "${CSCLI-}" ] && die "\$CSCLI must be defined." -[ -z "${LOCAL_INIT_DIR-}" ] && die "\$LOCAL_INIT_DIR must be defined." -[ -z "${PLUGIN_DIR-}" ] && die "\$PLUGIN_DIR must be defined." -[ -z "${DB_BACKEND-}" ] && die "\$DB_BACKEND must be defined." +[[ -z "${TEST_DIR-}" ]] && die "\$TEST_DIR must be defined." +[[ -z "${LOCAL_DIR-}" ]] && die "\$LOCAL_DIR must be defined." +[[ -z "${CSCLI-}" ]] && die "\$CSCLI must be defined." +[[ -z "${LOCAL_INIT_DIR-}" ]] && die "\$LOCAL_INIT_DIR must be defined." +[[ -z "${PLUGIN_DIR-}" ]] && die "\$PLUGIN_DIR must be defined." +[[ -z "${DB_BACKEND-}" ]] && die "\$DB_BACKEND must be defined." -if [ ! -f "${CSCLI}" ]; then +if [[ ! -f "${CSCLI}" ]]; then die "${CSCLI} is missing. Please build (with 'make bats-build') or install it." fi @@ -53,14 +53,13 @@ make_init_data() { # when installed packages are always using sqlite, so no need to regenerate # local credz for sqlite - - [ "${DB_BACKEND}" == "sqlite" ] || ${CSCLI} machines add --auto + + [[ "${DB_BACKEND}" == "sqlite" ]] || ${CSCLI} machines add --auto "${TEST_DIR}/instance-crowdsec" start "${CSCLI}" lapi status - [ -z "{PACKAGE_TESTING}" ] && "${CSCLI}" decisions delete --all + [[ -z "${PACKAGE_TESTING}" ]] && "${CSCLI}" decisions delete --all "${TEST_DIR}/instance-crowdsec" stop - mkdir -p "${LOCAL_INIT_DIR}" @@ -68,22 +67,21 @@ make_init_data() { echo "${DB_BACKEND}" > "${LOCAL_INIT_DIR}/.backend" tar -C "${LOCAL_DIR}" --create \ - --exclude "$REL_DATA_DIR"/crowdsec.db \ - --file "${LOCAL_INIT_DIR}/init-config-data.tar" "$REL_CONFIG_DIR" "$REL_DATA_DIR" + --exclude "${REL_DATA_DIR}"/crowdsec.db \ + --file "${LOCAL_INIT_DIR}/init-config-data.tar" "${REL_CONFIG_DIR}" "${REL_DATA_DIR}" ./instance-db setup remove_init_data } - load_init_data() { - if [ ! -f "${LOCAL_INIT_DIR}/init-config-data.tar" ]; then - die "Initial data not found; did you run '$script_name make' ?" + if [[ ! -f "${LOCAL_INIT_DIR}/init-config-data.tar" ]]; then + die "Initial data not found; did you run '${script_name} make' ?" fi dump_backend="$(cat "${LOCAL_INIT_DIR}/.backend")" - if [ "$DB_BACKEND" != "$dump_backend" ]; then - die "Can't run with backend '$DB_BACKEND' because the test data was build with '$dump_backend'" + if [[ "${DB_BACKEND}" != "${dump_backend}" ]]; then + die "Can't run with backend '${DB_BACKEND}' because the test data was build with '${dump_backend}'" fi remove_init_data @@ -97,7 +95,7 @@ load_init_data() { # --------------------------- -[ $# -lt 1 ] && about +[[ $# -lt 1 ]] && about case "$1" in diff --git a/tests/lib/config/config-local b/tests/lib/config/config-local index 9e8bdd8a0..9aaf34c30 100755 --- a/tests/lib/config/config-local +++ b/tests/lib/config/config-local @@ -9,7 +9,7 @@ die() { } about() { - die "usage: $script_name [make | load | clean]" + die "usage: ${script_name} [make | load | clean]" } #shellcheck disable=SC1007 @@ -20,14 +20,14 @@ cd "${THIS_DIR}"/../../ # you have not removed set -u above, have you? -[ -z "${TEST_DIR-}" ] && die "\$TEST_DIR must be defined." -[ -z "${LOCAL_DIR-}" ] && die "\$LOCAL_DIR must be defined." -[ -z "${CSCLI-}" ] && die "\$CSCLI must be defined." -[ -z "${LOCAL_INIT_DIR-}" ] && die "\$LOCAL_INIT_DIR must be defined." -[ -z "${PLUGIN_DIR-}" ] && die "\$PLUGIN_DIR must be defined." -[ -z "${DB_BACKEND-}" ] && die "\$DB_BACKEND must be defined." +[[ -z "${TEST_DIR-}" ]] && die "\$TEST_DIR must be defined." +[[ -z "${LOCAL_DIR-}" ]] && die "\$LOCAL_DIR must be defined." +[[ -z "${CSCLI-}" ]] && die "\$CSCLI must be defined." +[[ -z "${LOCAL_INIT_DIR-}" ]] && die "\$LOCAL_INIT_DIR must be defined." +[[ -z "${PLUGIN_DIR-}" ]] && die "\$PLUGIN_DIR must be defined." +[[ -z "${DB_BACKEND-}" ]] && die "\$DB_BACKEND must be defined." -if [ ! -f "${CSCLI}" ]; then +if [[ ! -f "${CSCLI}" ]]; then die "${CSCLI} is missing. Please build (with 'make bats-build') or install it." fi @@ -96,7 +96,7 @@ make_init_data() { "${CSCLI}" collections install crowdsecurity/linux "${TEST_DIR}/instance-crowdsec" start - [[ "$DB_BACKEND" =~ ^postgres|pgx$ ]] && sleep 4 + [[ "${DB_BACKEND}" =~ ^postgres|pgx$ ]] && sleep 4 "${CSCLI}" lapi status # a restart is required to receive community pull @@ -119,20 +119,20 @@ make_init_data() { echo "${DB_BACKEND}" > "${LOCAL_INIT_DIR}/.backend" tar -C "${LOCAL_DIR}" --create \ - --exclude "$REL_DATA_DIR"/crowdsec.db \ - --file "${LOCAL_INIT_DIR}/init-config-data.tar" "$REL_CONFIG_DIR" "$REL_DATA_DIR" + --exclude "${REL_DATA_DIR}"/crowdsec.db \ + --file "${LOCAL_INIT_DIR}/init-config-data.tar" "${REL_CONFIG_DIR}" "${REL_DATA_DIR}" remove_init_data } load_init_data() { - if [ ! -f "${LOCAL_INIT_DIR}/init-config-data.tar" ]; then - die "Initial data not found; did you run '$script_name make' ?" + if [[ ! -f "${LOCAL_INIT_DIR}/init-config-data.tar" ]]; then + die "Initial data not found; did you run '${script_name} make' ?" fi dump_backend="$(cat "${LOCAL_INIT_DIR}/.backend")" - if [ "$DB_BACKEND" != "$dump_backend" ]; then - die "Can't run with backend '$DB_BACKEND' because the test data was build with '$dump_backend'" + if [[ "${DB_BACKEND}" != "${dump_backend}" ]]; then + die "Can't run with backend '${DB_BACKEND}' because the test data was build with '${dump_backend}'" fi remove_init_data @@ -144,7 +144,7 @@ load_init_data() { # --------------------------- -[ $# -lt 1 ] && about +[[ $# -lt 1 ]] && about case "$1" in diff --git a/tests/lib/db/instance-mysql b/tests/lib/db/instance-mysql index 591b14409..bbf7b5e1b 100755 --- a/tests/lib/db/instance-mysql +++ b/tests/lib/db/instance-mysql @@ -2,7 +2,7 @@ set -eu script_name=$0 -DB_BACKEND=$(echo $script_name | cut -d- -f2) +DB_BACKEND=$(echo "${script_name}" | cut -d- -f2) export DB_BACKEND die() { @@ -16,7 +16,7 @@ MYSQL_PASSWORD=${MYSQL_PASSWORD:-password} MYSQL_USER=${MYSQL_USER:-root} about() { - die "usage: $script_name [ config_yaml | setup | dump | restore ]" + die "usage: ${script_name} [ config_yaml | setup | dump | restore ]" } check_requirements() { @@ -27,7 +27,7 @@ check_requirements() { silence_password_warning() { ( ( ( "$@" >&9 ) 2>&1 \ - | fgrep -v "[Warning] Using a password on the command line interface can be insecure." ) >&2 ) 9>&1 || [[ $? == 1 ]] + | grep -F -v "[Warning] Using a password on the command line interface can be insecure." ) >&2 ) 9>&1 || [[ $? == 1 ]] } exec_sql() { @@ -38,7 +38,7 @@ exec_sql() { "--host=${MYSQL_HOST}" \ "--user=${MYSQL_USER}" \ "--port=${MYSQL_PORT}" \ - "--password=${MYSQL_PASSWORD}" <<< "$cmd" + "--password=${MYSQL_PASSWORD}" <<< "${cmd}" } setup() { @@ -58,24 +58,24 @@ dump() { silence_password_warning \ mysqldump \ - $COLUMN_STATISTICS \ + "${COLUMN_STATISTICS}" \ "--host=${MYSQL_HOST}" \ "--port=${MYSQL_PORT}" \ "--user=${MYSQL_USER}" \ "--password=${MYSQL_PASSWORD}" \ - --databases crowdsec_test > "$backup_file" + --databases crowdsec_test > "${backup_file}" } restore() { backup_file="${1?missing file to restore database from}" - [ -f "$backup_file" ] || die "Backup file $backup_file doesn't exist" + [[ -f "${backup_file}" ]] || die "Backup file ${backup_file} doesn't exist" silence_password_warning \ mysql \ "--host=${MYSQL_HOST}" \ "--user=${MYSQL_USER}" \ "--port=${MYSQL_PORT}" \ - "--password=${MYSQL_PASSWORD}" < "$backup_file" + "--password=${MYSQL_PASSWORD}" < "${backup_file}" exec_sql "DROP USER IF EXISTS 'crowdsec_test';" exec_sql "CREATE USER 'crowdsec_test' IDENTIFIED BY 'crowdsec_test';" @@ -94,7 +94,7 @@ config_yaml() { ' -i "${CONFIG_YAML}" } -[ $# -lt 1 ] && about +[[ $# -lt 1 ]] && about check_requirements diff --git a/tests/lib/db/instance-postgres b/tests/lib/db/instance-postgres index dc29c825f..d1ebf81c0 100755 --- a/tests/lib/db/instance-postgres +++ b/tests/lib/db/instance-postgres @@ -2,7 +2,7 @@ set -eu script_name=$0 -DB_BACKEND=$(echo $script_name | cut -d- -f2) +DB_BACKEND=$(echo "${script_name}" | cut -d- -f2) export DB_BACKEND die() { @@ -20,7 +20,7 @@ export PGPASSWORD export PGUSER about() { - die "usage: $script_name [ config_yaml | setup | dump | restore ]" + die "usage: ${script_name} [ config_yaml | setup | dump | restore ]" } check_requirements() { @@ -37,7 +37,7 @@ check_requirements() { exec_sql() { cmd="${1?Missing required sql command}" - psql <<< "$cmd" + psql <<< "${cmd}" } setup() { @@ -50,13 +50,13 @@ setup() { dump() { backup_file="${1?Missing file to backup database to}" - pg_dump -Ft --dbname crowdsec_test --clean --create --file "$backup_file" + pg_dump -Ft --dbname crowdsec_test --clean --create --file "${backup_file}" } restore() { backup_file="${1?missing file to restore database from}" - [ -f "$backup_file" ] || die "Backup file $backup_file doesn't exist" - pg_restore --dbname crowdsec_test --clean "$backup_file" + [[ -f "${backup_file}" ]] || die "Backup file ${backup_file} doesn't exist" + pg_restore --dbname crowdsec_test --clean "${backup_file}" } config_yaml() { @@ -72,7 +72,7 @@ config_yaml() { ' -i "${CONFIG_YAML}" } -[ $# -lt 1 ] && about +[[ $# -lt 1 ]] && about check_requirements diff --git a/tests/lib/db/instance-sqlite b/tests/lib/db/instance-sqlite index 59629511b..a3044d784 100755 --- a/tests/lib/db/instance-sqlite +++ b/tests/lib/db/instance-sqlite @@ -2,7 +2,7 @@ set -eu script_name=$0 -DB_BACKEND=$(echo $script_name | cut -d- -f2) +DB_BACKEND=$(echo "${script_name}" | cut -d- -f2) export DB_BACKEND die() { @@ -11,7 +11,7 @@ die() { } about() { - die "usage: $script_name [ config-yaml | setup | dump | restore ]" + die "usage: ${script_name} [ config-yaml | setup | dump | restore ]" } #shellcheck disable=SC1007 @@ -21,7 +21,6 @@ cd "${THIS_DIR}"/../../ . ./.environment.sh exec_sql() { - cmd="${1?Missing required sql command}" sqlite3 "${DB_FILE}" "$@" } @@ -32,35 +31,36 @@ setup() { dump() { backup_file="${1?Missing file to backup database to}" # dirty fast cp. nothing should be accessing it right now, anyway. - [ -f "${DB_FILE}" ] || die "missing file ${DB_FILE}" - cp "${DB_FILE}" "$backup_file" + [[ -f "${DB_FILE}" ]] || die "missing file ${DB_FILE}" + cp "${DB_FILE}" "${backup_file}" } restore() { backup_file="${1?missing file to restore database from}" - [ -f "$backup_file" ] || die "Backup file $backup_file doesn't exist" - cp "$backup_file" "${DB_FILE}" + [[ -f "${backup_file}" ]] || die "Backup file ${backup_file} doesn't exist" + cp "${backup_file}" "${DB_FILE}" } # you have not removed set -u above, have you? -[ -z "${CONFIG_YAML-}" ] && die "\$CONFIG_YAML must be defined." +[[ -z "${CONFIG_YAML-}" ]] && die "\$CONFIG_YAML must be defined." # --------------------------- # In most cases this is called with setup argument, and it shouldn't fail for missing config file. -if [ -f "${CONFIG_YAML}" ] ; then +if [[ -f "${CONFIG_YAML}" ]]; then DATA_DIR=$(yq e '.config_paths.data_dir' - <"${CONFIG_YAML}") DB_FILE="${DATA_DIR}/crowdsec.db" + export DB_FILE fi config_yaml() { yq e ' .db_config.type=strenv(DB_BACKEND) | - .db_config.db_path="${DB_FILE}" + .db_config.db_path=strenv(DB_FILE) ' -i "${CONFIG_YAML}" } -[ $# -lt 1 ] && about +[[ $# -lt 1 ]] && about case "$1" in config-yaml) diff --git a/tests/lib/init/crowdsec-daemon b/tests/lib/init/crowdsec-daemon index f8a331d41..b7d3ab2c1 100755 --- a/tests/lib/init/crowdsec-daemon +++ b/tests/lib/init/crowdsec-daemon @@ -9,7 +9,7 @@ die() { } about() { - die "usage: $script_name [ start | stop ]" + die "usage: ${script_name} [ start | stop ]" } #shellcheck disable=SC1007 @@ -20,11 +20,11 @@ cd "${THIS_DIR}"/../../ # you have not removed set -u above, have you? -[ -z "${CROWDSEC-}" ] && die "\$CROWDSEC must be defined." -[ -z "${LOG_DIR-}" ] && die "\$LOG_DIR must be defined." -[ -z "${PID_DIR-}" ] && die "\$PID_DIR must be defined." +[[ -z "${CROWDSEC-}" ]] && die "\$CROWDSEC must be defined." +[[ -z "${LOG_DIR-}" ]] && die "\$LOG_DIR must be defined." +[[ -z "${PID_DIR-}" ]] && die "\$PID_DIR must be defined." -if [ ! -f "${CROWDSEC}" ]; then +if [[ ! -f "${CROWDSEC}" ]]; then die "${CROWDSEC} is missing. Please build (with 'make bats-build') or install it." fi @@ -38,12 +38,12 @@ start() { } stop() { - if [ -f "${DAEMON_PID}" ]; then + if [[ -f "${DAEMON_PID}" ]]; then # terminate quickly with extreme prejudice, all the application data will be # thrown away anyway. also terminate the child processes (notification plugin). PGID="$(ps -o pgid= -p "$(cat "${DAEMON_PID}")" | tr -d ' ')" # ps above should work on linux, freebsd, busybox.. - if [ -n "${PGID}" ]; then + if [[ -n "${PGID}" ]]; then kill -- "-${PGID}" fi rm -f -- "${DAEMON_PID}" @@ -53,7 +53,7 @@ stop() { # --------------------------- -[ $# -lt 1 ] && about +[[ $# -lt 1 ]] && about case "$1" in start) diff --git a/tests/lib/init/crowdsec-systemd b/tests/lib/init/crowdsec-systemd index 00c5070d8..041105f47 100755 --- a/tests/lib/init/crowdsec-systemd +++ b/tests/lib/init/crowdsec-systemd @@ -9,7 +9,7 @@ die() { } about() { - die "usage: $script_name [ start | stop ]" + die "usage: ${script_name} [ start | stop ]" } #shellcheck disable=SC1007 @@ -20,13 +20,13 @@ cd "${THIS_DIR}"/../../ # you have not removed set -u above, have you? -[ -z "${CROWDSEC-}" ] && die "\$CROWDSEC must be defined." -[ -z "${CSCLI-}" ] && die "\$CSCLI must be defined." -[ -z "${LOG_DIR-}" ] && die "\$LOG_DIR must be defined." -[ -z "${PID_DIR-}" ] && die "\$PID_DIR must be defined." +[[ -z "${CROWDSEC-}" ]] && die "\$CROWDSEC must be defined." +[[ -z "${CSCLI-}" ]] && die "\$CSCLI must be defined." +[[ -z "${LOG_DIR-}" ]] && die "\$LOG_DIR must be defined." +[[ -z "${PID_DIR-}" ]] && die "\$PID_DIR must be defined." -if [ ! -f "${CROWDSEC}" ]; then +if [[ ! -f "${CROWDSEC}" ]]; then die "${CROWDSEC} is missing. Please build (with 'make bats-build') or install it." fi @@ -45,7 +45,7 @@ stop() { # --------------------------- -[ $# -lt 1 ] && about +[[ $# -lt 1 ]] && about case "$1" in start) diff --git a/tests/lib/setup.sh b/tests/lib/setup.sh old mode 100644 new mode 100755 index f8581368c..a12ee0b59 --- a/tests/lib/setup.sh +++ b/tests/lib/setup.sh @@ -1,3 +1,4 @@ +#!/usr/bin/env bash # these plugins are always available diff --git a/tests/lib/setup_file.sh b/tests/lib/setup_file.sh old mode 100644 new mode 100755 index 9535f6960..558361420 --- a/tests/lib/setup_file.sh +++ b/tests/lib/setup_file.sh @@ -1,3 +1,4 @@ +#!/usr/bin/env bash debug() { echo 'exec 1<&-; exec 2<&-; exec 1>&3; exec 2>&1' @@ -48,28 +49,28 @@ export -f config_yq # shellcheck disable=SC2154 stderr() { - printf '%s' "$stderr" + printf '%s' "${stderr}" } export -f stderr # shellcheck disable=SC2154 output() { - printf '%s' "$output" + printf '%s' "${output}" } export -f output is_db_postgres() { - [[ "$DB_BACKEND" =~ ^postgres|pgx$ ]] + [[ "${DB_BACKEND}" =~ ^postgres|pgx$ ]] } export -f is_db_postgres is_db_mysql() { - [[ "$DB_BACKEND" == "mysql" ]] + [[ "${DB_BACKEND}" == "mysql" ]] } export -f is_db_mysql is_db_sqlite() { - [[ "$DB_BACKEND" == "sqlite" ]] + [[ "${DB_BACKEND}" == "sqlite" ]] } export -f is_db_sqlite diff --git a/tests/lib/teardown_file.sh b/tests/lib/teardown_file.sh old mode 100644 new mode 100755 index 2d9287980..918bdec44 --- a/tests/lib/teardown_file.sh +++ b/tests/lib/teardown_file.sh @@ -1,3 +1,4 @@ +#!/usr/bin/env bash # any stdout, stderr from now on will go to &3 eval "$(debug)" diff --git a/tests/lib/util/wait-for-port b/tests/lib/util/wait-for-port index f08d59930..75397ccc7 100755 --- a/tests/lib/util/wait-for-port +++ b/tests/lib/util/wait-for-port @@ -13,7 +13,7 @@ about() { die "usage: ${script_name} [-q] " } -[ $# -lt 1 ] && about +[[ $# -lt 1 ]] && about QUIET= if [[ "$1" == "-q" ]]; then @@ -21,7 +21,7 @@ if [[ "$1" == "-q" ]]; then shift fi -[ $# -lt 1 ] && about +[[ $# -lt 1 ]] && about port_number=$1 diff --git a/tests/run-as-daemon b/tests/run-as-daemon index fba251259..d1d1a97a6 100755 --- a/tests/run-as-daemon +++ b/tests/run-as-daemon @@ -7,6 +7,9 @@ die() { exit 1 } +[[ -n "${DAEMON_PID}" ]] || die "\$DAEMON_PID is required and must be the path of the pid file" +[[ -n "${OUT_FILE}" ]] || die "\$OUT_FILE is required and must be the path of the resulting stdout" + # Simplified dudeist daemonizer. Don't care about lock files, separate # stdout/stderr and fancy stuff. #YOLO @@ -18,7 +21,7 @@ case "${SYSTEM,,}" in daemon -p "${DAEMON_PID}" -o "${OUT_FILE}" "$@" ;; *) - die "unsupported system: $SYSTEM" + die "unsupported system: ${SYSTEM}" ;; esac diff --git a/tests/run-tests b/tests/run-tests index ccb3d291b..4937e8407 100755 --- a/tests/run-tests +++ b/tests/run-tests @@ -15,8 +15,8 @@ TEST_DIR=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd) "${TEST_DIR}/check-requirements" echo "Running tests..." -echo "DB_BACKEND: $DB_BACKEND" -if [ -z "$TEST_COVERAGE" ]; then +echo "DB_BACKEND: ${DB_BACKEND}" +if [[ -z "${TEST_COVERAGE}" ]]; then echo "Coverage report: no" else echo "Coverage report: yes" @@ -26,15 +26,16 @@ fi dump_backend="$(cat "${LOCAL_INIT_DIR}/.backend")" -if [ "$DB_BACKEND" != "$dump_backend" ]; then - die "Can't run with backend '$DB_BACKEND' because the test data was build with '$dump_backend'" +if [[ "${DB_BACKEND}" != "${dump_backend}" ]]; then + die "Can't run with backend '${DB_BACKEND}' because the test data was build with '${dump_backend}'" fi -if [ $# -ge 1 ]; then +if [[ $# -ge 1 ]]; then echo "test files: $*" "${TEST_DIR}/lib/bats-core/bin/bats" \ --jobs 1 \ --print-output-on-failure \ + --timing \ "$@" else echo "test files: ${TEST_DIR}/bats ${TEST_DIR}/dyn-bats" @@ -44,7 +45,7 @@ else -T "${TEST_DIR}/bats" "${TEST_DIR}/dyn-bats" fi -if [ -n "$TEST_COVERAGE" ]; then +if [[ -n "${TEST_COVERAGE}" ]]; then # empty files just to avoid merge errors touch "${LOCAL_DIR}"/var/lib/coverage/crowdsec- touch "${LOCAL_DIR}"/var/lib/coverage/cscli-