beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

CI: separate stderr in all func tests (#2250)

Browse source
This commit is contained in:
mmetc 2023-06-01 09:42:27 +02:00 committed by GitHub
parent 084186c67a
commit f6544962ea
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
26 changed files with 458 additions and 465 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.github/codecov.yml vendored Normal file
View file

@ -0,0 +1,5 @@
coverage:
status:
project:
default:
target: 0%

22
test/bats/02_nolapi.bats
View file

@ -24,35 +24,33 @@ teardown() {
#---------- #----------
@test "test without -no-api flag" { @test "test without -no-api flag" {
run -124 --separate-stderr timeout 2s "${CROWDSEC}" rune -124 timeout 2s "${CROWDSEC}"
# from `man timeout`: If the command times out, and --preserve-status is not set, then exit with status 124. # from `man timeout`: If the command times out, and --preserve-status is not set, then exit with status 124.
} }
@test "crowdsec should not run without LAPI (-no-api flag)" { @test "crowdsec should not run without LAPI (-no-api flag)" {
# really needs 4 secs on slow boxes # really needs 4 secs on slow boxes
run -1 --separate-stderr timeout 4s "${CROWDSEC}" -no-api rune -1 timeout 4s "${CROWDSEC}" -no-api
} }
@test "crowdsec should not run without LAPI (no api.server in configuration file)" { @test "crowdsec should not run without LAPI (no api.server in configuration file)" {
config_disable_lapi config_disable_lapi
config_log_stderr config_log_stderr
# really needs 4 secs on slow boxes # really needs 4 secs on slow boxes
run -1 --separate-stderr timeout 4s "${CROWDSEC}" rune -1 timeout 4s "${CROWDSEC}"
assert_stderr --partial "crowdsec local API is disabled" assert_stderr --partial "crowdsec local API is disabled"
} }
@test "capi status shouldn't be ok without api.server" { @test "capi status shouldn't be ok without api.server" {
config_disable_lapi config_disable_lapi
run -1 --separate-stderr cscli capi status rune -1 cscli capi status
assert_stderr --partial "crowdsec local API is disabled" assert_stderr --partial "crowdsec local API is disabled"
assert_stderr --partial "There is no configuration on 'api.server:'" assert_stderr --partial "There is no configuration on 'api.server:'"
} }
@test "cscli config show -o human" { @test "cscli config show -o human" {
config_disable_lapi config_disable_lapi
run -0 cscli config show -o human rune -0 cscli config show -o human
assert_output --partial "Global:" assert_output --partial "Global:"
assert_output --partial "Crowdsec:" assert_output --partial "Crowdsec:"
assert_output --partial "cscli:" assert_output --partial "cscli:"
@ -62,9 +60,9 @@ teardown() {
@test "cscli config backup" { @test "cscli config backup" {
config_disable_lapi config_disable_lapi
backupdir=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp -u) backupdir=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp -u)
run -0 cscli config backup "${backupdir}" rune -0 cscli config backup "${backupdir}"
assert_output --partial "Starting configuration backup" assert_stderr --partial "Starting configuration backup"
run -1 --separate-stderr cscli config backup "${backupdir}" rune -1 cscli config backup "${backupdir}"
rm -rf -- "${backupdir:?}" rm -rf -- "${backupdir:?}"
assert_stderr --partial "failed to backup config" assert_stderr --partial "failed to backup config"
@ -74,7 +72,7 @@ teardown() {
@test "lapi status shouldn't be ok without api.server" { @test "lapi status shouldn't be ok without api.server" {
config_disable_lapi config_disable_lapi
./instance-crowdsec start || true ./instance-crowdsec start || true
run -1 --separate-stderr cscli machines list rune -1 cscli machines list
assert_stderr --partial "local API is disabled, please run this command on the local API machine" assert_stderr --partial "local API is disabled, please run this command on the local API machine"
} }
@ -82,7 +80,7 @@ teardown() {
skip 'need to trigger metrics with a live parse' skip 'need to trigger metrics with a live parse'
config_disable_lapi config_disable_lapi
./instance-crowdsec start ./instance-crowdsec start
run -0 --separate-stderr cscli metrics rune -0 cscli metrics
assert_output --partial "ROUTE" assert_output --partial "ROUTE"
assert_output --partial "/v1/watchers/login" assert_output --partial "/v1/watchers/login"

20
test/bats/03_noagent.bats
View file

@ -23,25 +23,25 @@ teardown() {
#---------- #----------
@test "with agent: test without -no-cs flag" { @test "with agent: test without -no-cs flag" {
run -124 timeout 2s "${CROWDSEC}" rune -124 timeout 2s "${CROWDSEC}"
# from `man timeout`: If the command times out, and --preserve-status is not set, then exit with status 124. # from `man timeout`: If the command times out, and --preserve-status is not set, then exit with status 124.
} }
@test "no agent: crowdsec LAPI should run (-no-cs flag)" { @test "no agent: crowdsec LAPI should run (-no-cs flag)" {
run -124 timeout 2s "${CROWDSEC}" -no-cs rune -124 timeout 2s "${CROWDSEC}" -no-cs
} }
@test "no agent: crowdsec LAPI should run (no crowdsec_service in configuration file)" { @test "no agent: crowdsec LAPI should run (no crowdsec_service in configuration file)" {
config_disable_agent config_disable_agent
config_log_stderr config_log_stderr
run -124 --separate-stderr timeout 2s "${CROWDSEC}" rune -124 timeout 2s "${CROWDSEC}"
assert_stderr --partial "crowdsec agent is disabled" assert_stderr --partial "crowdsec agent is disabled"
} }
@test "no agent: cscli config show" { @test "no agent: cscli config show" {
config_disable_agent config_disable_agent
run -0 --separate-stderr cscli config show -o human rune -0 cscli config show -o human
assert_output --partial "Global:" assert_output --partial "Global:"
assert_output --partial "cscli:" assert_output --partial "cscli:"
assert_output --partial "Local API Server:" assert_output --partial "Local API Server:"
@ -52,9 +52,9 @@ teardown() {
@test "no agent: cscli config backup" { @test "no agent: cscli config backup" {
config_disable_agent config_disable_agent
backupdir=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp -u) backupdir=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp -u)
run -0 cscli config backup "${backupdir}" rune -0 cscli config backup "${backupdir}"
assert_output --partial "Starting configuration backup" assert_stderr --partial "Starting configuration backup"
run -1 --separate-stderr cscli config backup "${backupdir}" rune -1 cscli config backup "${backupdir}"
assert_stderr --partial "failed to backup config" assert_stderr --partial "failed to backup config"
assert_stderr --partial "file exists" assert_stderr --partial "file exists"
@ -64,13 +64,13 @@ teardown() {
@test "no agent: lapi status should be ok" { @test "no agent: lapi status should be ok" {
config_disable_agent config_disable_agent
./instance-crowdsec start ./instance-crowdsec start
run -0 --separate-stderr cscli lapi status rune -0 cscli lapi status
assert_stderr --partial "You can successfully interact with Local API (LAPI)" assert_stderr --partial "You can successfully interact with Local API (LAPI)"
} }
@test "cscli metrics" { @test "cscli metrics" {
config_disable_agent config_disable_agent
./instance-crowdsec start ./instance-crowdsec start
run -0 cscli lapi status rune -0 cscli lapi status
run -0 cscli metrics rune -0 cscli metrics
} }

27
test/bats/04_capi.bats
View file

@ -21,12 +21,12 @@ setup() {
@test "cscli capi status" { @test "cscli capi status" {
config_enable_capi config_enable_capi
run -0 cscli capi register --schmilblick githubciXXXXXXXXXXXXXXXXXXXXXXXX rune -0 cscli capi register --schmilblick githubciXXXXXXXXXXXXXXXXXXXXXXXX
run -0 cscli capi status rune -0 cscli capi status
assert_output --partial "Loaded credentials from" assert_stderr --partial "Loaded credentials from"
assert_output --partial "Trying to authenticate with username" assert_stderr --partial "Trying to authenticate with username"
assert_output --partial " on https://api.crowdsec.net/" assert_stderr --partial " on https://api.crowdsec.net/"
assert_output --partial "You can successfully interact with Central API (CAPI)" assert_stderr --partial "You can successfully interact with Central API (CAPI)"
} }
@test "cscli alerts list: receive a community pull when capi is enabled" { @test "cscli alerts list: receive a community pull when capi is enabled" {
@ -37,17 +37,14 @@ setup() {
[[ $(cscli alerts list -a -o json 2>/dev/null || cscli alerts list -o json) != "null" ]] && break [[ $(cscli alerts list -a -o json 2>/dev/null || cscli alerts list -o json) != "null" ]] && break
done done
run --separate-stderr cscli alerts list -a -o json rune -0 cscli alerts list -a -o json
if [[ "${status}" -ne 0 ]]; then rune -0 jq -r '. | length' <(output)
run --separate-stderr cscli alerts list -o json
fi
run -0 jq -r '. | length' <(output)
refute_output 0 refute_output 0
} }
@test "we have exactly one machine, localhost" { @test "we have exactly one machine, localhost" {
run -0 --separate-stderr cscli machines list -o json rune -0 cscli machines list -o json
run -0 jq -c '[. | length, .[0].machineId[0:32], .[0].isValidated, .[0].ipAddress]' <(output) rune -0 jq -c '[. | length, .[0].machineId[0:32], .[0].isValidated, .[0].ipAddress]' <(output)
assert_output '[1,"githubciXXXXXXXXXXXXXXXXXXXXXXXX",true,"127.0.0.1"]' assert_output '[1,"githubciXXXXXXXXXXXXXXXXXXXXXXXX",true,"127.0.0.1"]'
} }
@ -55,13 +52,13 @@ setup() {
./instance-crowdsec stop ./instance-crowdsec stop
config_disable_agent config_disable_agent
./instance-crowdsec start ./instance-crowdsec start
run -0 --separate-stderr cscli capi status rune -0 cscli capi status
assert_stderr --partial "You can successfully interact with Central API (CAPI)" assert_stderr --partial "You can successfully interact with Central API (CAPI)"
} }
@test "cscli capi status: fails without credentials" { @test "cscli capi status: fails without credentials" {
ONLINE_API_CREDENTIALS_YAML="$(config_get '.api.server.online_client.credentials_path')" ONLINE_API_CREDENTIALS_YAML="$(config_get '.api.server.online_client.credentials_path')"
rm "${ONLINE_API_CREDENTIALS_YAML}" rm "${ONLINE_API_CREDENTIALS_YAML}"
run -1 --separate-stderr cscli capi status rune -1 cscli capi status
assert_stderr --partial "Local API is disabled, please run this command on the local API machine: loading online client credentials: failed to read api server credentials configuration file '${ONLINE_API_CREDENTIALS_YAML}': open ${ONLINE_API_CREDENTIALS_YAML}: no such file or directory" assert_stderr --partial "Local API is disabled, please run this command on the local API machine: loading online client credentials: failed to read api server credentials configuration file '${ONLINE_API_CREDENTIALS_YAML}': open ${ONLINE_API_CREDENTIALS_YAML}: no such file or directory"
} }

20
test/bats/04_nocapi.bats
View file

@ -25,14 +25,14 @@ teardown() {
@test "without capi: crowdsec LAPI should run without capi (-no-capi flag)" { @test "without capi: crowdsec LAPI should run without capi (-no-capi flag)" {
config_set '.common.log_media="stdout"' config_set '.common.log_media="stdout"'
run -124 --separate-stderr timeout 1s "${CROWDSEC}" -no-capi rune -124 timeout 1s "${CROWDSEC}" -no-capi
assert_stderr --partial "Communication with CrowdSec Central API disabled from args" assert_stderr --partial "Communication with CrowdSec Central API disabled from args"
} }
@test "without capi: crowdsec LAPI should still work" { @test "without capi: crowdsec LAPI should still work" {
config_disable_capi config_disable_capi
config_set '.common.log_media="stdout"' config_set '.common.log_media="stdout"'
run -124 --separate-stderr timeout 1s "${CROWDSEC}" rune -124 timeout 1s "${CROWDSEC}"
# from `man timeout`: If the command times out, and --preserve-status is not set, then exit with status 124. # from `man timeout`: If the command times out, and --preserve-status is not set, then exit with status 124.
assert_stderr --partial "push and pull to Central API disabled" assert_stderr --partial "push and pull to Central API disabled"
} }
@ -40,13 +40,13 @@ teardown() {
@test "without capi: cscli capi status -> fail" { @test "without capi: cscli capi status -> fail" {
config_disable_capi config_disable_capi
./instance-crowdsec start ./instance-crowdsec start
run -1 --separate-stderr cscli capi status rune -1 cscli capi status
assert_stderr --partial "no configuration for Central API in " assert_stderr --partial "no configuration for Central API in "
} }
@test "no capi: cscli config show" { @test "no capi: cscli config show" {
config_disable_capi config_disable_capi
run -0 --separate-stderr cscli config show -o human rune -0 cscli config show -o human
assert_output --partial "Global:" assert_output --partial "Global:"
assert_output --partial "cscli:" assert_output --partial "cscli:"
assert_output --partial "Crowdsec:" assert_output --partial "Crowdsec:"
@ -56,9 +56,9 @@ teardown() {
@test "no agent: cscli config backup" { @test "no agent: cscli config backup" {
config_disable_capi config_disable_capi
backupdir=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp -u) backupdir=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp -u)
run -0 cscli config backup "${backupdir}" rune -0 cscli config backup "${backupdir}"
assert_output --partial "Starting configuration backup" assert_stderr --partial "Starting configuration backup"
run -1 --separate-stderr cscli config backup "${backupdir}" rune -1 cscli config backup "${backupdir}"
assert_stderr --partial "failed to backup config" assert_stderr --partial "failed to backup config"
assert_stderr --partial "file exists" assert_stderr --partial "file exists"
rm -rf -- "${backupdir:?}" rm -rf -- "${backupdir:?}"
@ -67,15 +67,15 @@ teardown() {
@test "without capi: cscli lapi status -> success" { @test "without capi: cscli lapi status -> success" {
config_disable_capi config_disable_capi
./instance-crowdsec start ./instance-crowdsec start
run -0 --separate-stderr cscli lapi status rune -0 cscli lapi status
assert_stderr --partial "You can successfully interact with Local API (LAPI)" assert_stderr --partial "You can successfully interact with Local API (LAPI)"
} }
@test "cscli metrics" { @test "cscli metrics" {
config_disable_capi config_disable_capi
./instance-crowdsec start ./instance-crowdsec start
run -0 cscli lapi status rune -0 cscli lapi status
run -0 --separate-stderr cscli metrics rune -0 cscli metrics
assert_output --partial "Route" assert_output --partial "Route"
assert_output --partial '/v1/watchers/login' assert_output --partial '/v1/watchers/login'
assert_output --partial "Local Api Metrics:" assert_output --partial "Local Api Metrics:"

56
test/bats/05_config_yaml_local.bats
View file

@ -20,7 +20,7 @@ teardown_file() {
setup() { setup() {
load "../lib/setup.sh" load "../lib/setup.sh"
./instance-data load ./instance-data load
run -0 config_get '.api.client.credentials_path' rune -0 config_get '.api.client.credentials_path'
LOCAL_API_CREDENTIALS="${output}" LOCAL_API_CREDENTIALS="${output}"
export LOCAL_API_CREDENTIALS export LOCAL_API_CREDENTIALS
} }
@ -33,82 +33,82 @@ teardown() {
@test "config.yaml.local - cscli (log_level)" { @test "config.yaml.local - cscli (log_level)" {
config_set '.common.log_level="warning"' config_set '.common.log_level="warning"'
run -0 --separate-stderr cscli config show --key Config.Common.LogLevel rune -0 cscli config show --key Config.Common.LogLevel
assert_output "warning" assert_output "warning"
echo "{'common':{'log_level':'debug'}}" >"${CONFIG_YAML}.local" echo "{'common':{'log_level':'debug'}}" >"${CONFIG_YAML}.local"
run -0 --separate-stderr cscli config show --key Config.Common.LogLevel rune -0 cscli config show --key Config.Common.LogLevel
assert_output "debug" assert_output "debug"
} }
@test "config.yaml.local - cscli (log_level - with envvar)" { @test "config.yaml.local - cscli (log_level - with envvar)" {
config_set '.common.log_level="warning"' config_set '.common.log_level="warning"'
run -0 --separate-stderr cscli config show --key Config.Common.LogLevel rune -0 cscli config show --key Config.Common.LogLevel
assert_output "warning" assert_output "warning"
export CROWDSEC_LOG_LEVEL=debug export CROWDSEC_LOG_LEVEL=debug
echo "{'common':{'log_level':'${CROWDSEC_LOG_LEVEL}'}}" >"${CONFIG_YAML}.local" echo "{'common':{'log_level':'${CROWDSEC_LOG_LEVEL}'}}" >"${CONFIG_YAML}.local"
run -0 --separate-stderr cscli config show --key Config.Common.LogLevel rune -0 cscli config show --key Config.Common.LogLevel
assert_output "debug" assert_output "debug"
} }
@test "config.yaml.local - crowdsec (listen_url)" { @test "config.yaml.local - crowdsec (listen_url)" {
# disable the agent or we'll need to patch api client credentials too # disable the agent or we'll need to patch api client credentials too
run -0 config_disable_agent rune -0 config_disable_agent
./instance-crowdsec start ./instance-crowdsec start
run -0 ./bin/wait-for-port -q 8080 rune -0 ./bin/wait-for-port -q 8080
./instance-crowdsec stop ./instance-crowdsec stop
run -1 ./bin/wait-for-port -q 8080 rune -1 ./bin/wait-for-port -q 8080
echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local" echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local"
./instance-crowdsec start ./instance-crowdsec start
run -0 ./bin/wait-for-port -q 8083 rune -0 ./bin/wait-for-port -q 8083
run -1 ./bin/wait-for-port -q 8080 rune -1 ./bin/wait-for-port -q 8080
./instance-crowdsec stop ./instance-crowdsec stop
rm -f "${CONFIG_YAML}.local" rm -f "${CONFIG_YAML}.local"
./instance-crowdsec start ./instance-crowdsec start
run -1 ./bin/wait-for-port -q 8083 rune -1 ./bin/wait-for-port -q 8083
run -0 ./bin/wait-for-port -q 8080 rune -0 ./bin/wait-for-port -q 8080
} }
@test "local_api_credentials.yaml.local" { @test "local_api_credentials.yaml.local" {
run -0 config_disable_agent rune -0 config_disable_agent
echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local" echo "{'api':{'server':{'listen_uri':127.0.0.1:8083}}}" >"${CONFIG_YAML}.local"
./instance-crowdsec start ./instance-crowdsec start
run -0 ./bin/wait-for-port -q 8083 rune -0 ./bin/wait-for-port -q 8083
run -1 cscli decisions list rune -1 cscli decisions list
echo "{'url':'http://127.0.0.1:8083'}" >"${LOCAL_API_CREDENTIALS}.local" echo "{'url':'http://127.0.0.1:8083'}" >"${LOCAL_API_CREDENTIALS}.local"
run -0 cscli decisions list rune -0 cscli decisions list
} }
@test "simulation.yaml.local" { @test "simulation.yaml.local" {
run -0 config_get '.config_paths.simulation_path' rune -0 config_get '.config_paths.simulation_path'
refute_output null refute_output null
SIMULATION="${output}" SIMULATION="${output}"
echo "simulation: off" >"${SIMULATION}" echo "simulation: off" >"${SIMULATION}"
run -0 cscli simulation status -o human rune -0 cscli simulation status -o human
assert_output --partial "global simulation: disabled" assert_stderr --partial "global simulation: disabled"
echo "simulation: on" >"${SIMULATION}" echo "simulation: on" >"${SIMULATION}"
run -0 cscli simulation status -o human rune -0 cscli simulation status -o human
assert_output --partial "global simulation: enabled" assert_stderr --partial "global simulation: enabled"
echo "simulation: off" >"${SIMULATION}.local" echo "simulation: off" >"${SIMULATION}.local"
run -0 cscli simulation status -o human rune -0 cscli simulation status -o human
assert_output --partial "global simulation: disabled" assert_stderr --partial "global simulation: disabled"
rm -f "${SIMULATION}.local" rm -f "${SIMULATION}.local"
run -0 cscli simulation status -o human rune -0 cscli simulation status -o human
assert_output --partial "global simulation: enabled" assert_stderr --partial "global simulation: enabled"
} }
@test "profiles.yaml.local" { @test "profiles.yaml.local" {
run -0 --separate-stderr config_get '.api.server.profiles_path' rune -0 config_get '.api.server.profiles_path'
refute_output null refute_output null
PROFILES="${output}" PROFILES="${output}"
@ -135,8 +135,8 @@ teardown() {
# wait more than required # wait more than required
for ((i=0;i<30;i++)); do for ((i=0;i<30;i++)); do
sleep .5 sleep .5
run -0 --separate-stderr cscli decisions list -o json rune -0 cscli decisions list -o json
run -0 jq --exit-status '.[].decisions[0] | [.value,.type] == ["1.1.1.172","captcha"]' <(output) && break rune -0 jq --exit-status '.[].decisions[0] | [.value,.type] == ["1.1.1.172","captcha"]' <(output) && break
done done
rm -f -- "${tmpfile}" rm -f -- "${tmpfile}"
[[ "${status}" -eq 0 ]] || fail "captcha not triggered" [[ "${status}" -eq 0 ]] || fail "captcha not triggered"

88
test/bats/07_setup.bats
View file

@ -67,7 +67,7 @@ teardown() {
assert_line --partial "--force-os-version string override OS.RawVersion (of OS or Linux distribution)" assert_line --partial "--force-os-version string override OS.RawVersion (of OS or Linux distribution)"
assert_line --partial "--skip-service strings ignore a service, don't recommend hub/datasources (can be repeated)" assert_line --partial "--skip-service strings ignore a service, don't recommend hub/datasources (can be repeated)"
rune -1 --separate-stderr cscli setup detect --detect-config /path/does/not/exist rune -1 cscli setup detect --detect-config /path/does/not/exist
assert_stderr --partial "detecting services: while reading file: open /path/does/not/exist: no such file or directory" assert_stderr --partial "detecting services: while reading file: open /path/does/not/exist: no such file or directory"
# rm -f "${HUB_DIR}/detect.yaml" # rm -f "${HUB_DIR}/detect.yaml"
@ -91,27 +91,27 @@ teardown() {
foobarbaz: foobarbaz:
EOT EOT
rune -0 --separate-stderr cscli setup detect --detect-config "$tempfile" rune -0 cscli setup detect --detect-config "$tempfile"
assert_json '{setup:[{detected_service:"foobarbaz"},{detected_service:"linux",install:{collections:["crowdsecurity/linux"]}}]}' assert_json '{setup:[{detected_service:"foobarbaz"},{detected_service:"linux",install:{collections:["crowdsecurity/linux"]}}]}'
rune -0 --separate-stderr cscli setup detect --detect-config "$tempfile" --skip-service linux rune -0 cscli setup detect --detect-config "$tempfile" --skip-service linux
assert_json '{setup:[{detected_service:"foobarbaz"}]}' assert_json '{setup:[{detected_service:"foobarbaz"}]}'
} }
@test "cscli setup detect --force-os-*" { @test "cscli setup detect --force-os-*" {
rune -0 --separate-stderr cscli setup detect --force-os-family linux --detect-config "${TESTDATA}/detect.yaml" rune -0 cscli setup detect --force-os-family linux --detect-config "${TESTDATA}/detect.yaml"
rune -0 jq -cS '.setup[] | select(.detected_service=="linux")' <(output) rune -0 jq -cS '.setup[] | select(.detected_service=="linux")' <(output)
assert_json '{detected_service:"linux",install:{collections:["crowdsecurity/linux"]},datasource:{source:"file",labels:{type:"syslog"},filenames:["/var/log/syslog","/var/log/kern.log","/var/log/messages"]}}' assert_json '{detected_service:"linux",install:{collections:["crowdsecurity/linux"]},datasource:{source:"file",labels:{type:"syslog"},filenames:["/var/log/syslog","/var/log/kern.log","/var/log/messages"]}}'
rune -0 --separate-stderr cscli setup detect --force-os-family freebsd --detect-config "${TESTDATA}/detect.yaml" rune -0 cscli setup detect --force-os-family freebsd --detect-config "${TESTDATA}/detect.yaml"
rune -0 jq -cS '.setup[] | select(.detected_service=="freebsd")' <(output) rune -0 jq -cS '.setup[] | select(.detected_service=="freebsd")' <(output)
assert_json '{detected_service:"freebsd",install:{collections:["crowdsecurity/freebsd"]}}' assert_json '{detected_service:"freebsd",install:{collections:["crowdsecurity/freebsd"]}}'
rune -0 --separate-stderr cscli setup detect --force-os-family windows --detect-config "${TESTDATA}/detect.yaml" rune -0 cscli setup detect --force-os-family windows --detect-config "${TESTDATA}/detect.yaml"
rune -0 jq -cS '.setup[] | select(.detected_service=="windows")' <(output) rune -0 jq -cS '.setup[] | select(.detected_service=="windows")' <(output)
assert_json '{detected_service:"windows",install:{collections:["crowdsecurity/windows"]}}' assert_json '{detected_service:"windows",install:{collections:["crowdsecurity/windows"]}}'
rune -0 --separate-stderr cscli setup detect --force-os-family darwin --detect-config "${TESTDATA}/detect.yaml" rune -0 cscli setup detect --force-os-family darwin --detect-config "${TESTDATA}/detect.yaml"
# XXX do we want do disallow unknown family? # XXX do we want do disallow unknown family?
# assert_stderr --partial "detecting services: OS 'darwin' not supported" # assert_stderr --partial "detecting services: OS 'darwin' not supported"
@ -129,7 +129,7 @@ teardown() {
apache2: apache2:
EOT EOT
rune -0 --separate-stderr cscli setup detect --list-supported-services --detect-config "$tempfile" rune -0 cscli setup detect --list-supported-services --detect-config "$tempfile"
# the service list is sorted # the service list is sorted
assert_output - <<-EOT assert_output - <<-EOT
apache2 apache2
@ -141,7 +141,7 @@ teardown() {
thisisajoke thisisajoke
EOT EOT
rune -1 --separate-stderr cscli setup detect --list-supported-services --detect-config "$tempfile" rune -1 cscli setup detect --list-supported-services --detect-config "$tempfile"
assert_stderr --partial "while parsing ${tempfile}: yaml: unmarshal errors:" assert_stderr --partial "while parsing ${tempfile}: yaml: unmarshal errors:"
rm -f "$tempfile" rm -f "$tempfile"
@ -201,7 +201,7 @@ update-notifier-motd.timer enabled enabled
20 unit files listed.' 20 unit files listed.'
mock_set_status "$mock" 1 2 mock_set_status "$mock" 1 2
rune -0 --separate-stderr cscli setup detect rune -0 cscli setup detect
rune -0 jq -c '.setup' <(output) rune -0 jq -c '.setup' <(output)
# If a call to UnitFoundwas part of the expression and it returned true, # If a call to UnitFoundwas part of the expression and it returned true,
@ -254,7 +254,7 @@ update-notifier-motd.timer enabled enabled
mock_set_output "$mock" "" mock_set_output "$mock" ""
mock_set_status "$mock" 1 2 mock_set_status "$mock" 1 2
rune -0 --separate-stderr cscli setup detect --snub-systemd rune -0 cscli setup detect --snub-systemd
# setup must not be 'null', but an empty list # setup must not be 'null', but an empty list
assert_json '{setup:[]}' assert_json '{setup:[]}'
@ -291,20 +291,20 @@ update-notifier-motd.timer enabled enabled
type: apache3 type: apache3
EOT EOT
rune -0 --separate-stderr cscli setup detect --force-unit force-apache2 rune -0 cscli setup detect --force-unit force-apache2
rune -0 jq -cS '.setup' <(output) rune -0 jq -cS '.setup' <(output)
assert_json '[{datasource:{source:"file",filename:"dummy.log",labels:{"type":"apache2"}},detected_service:"apache2"}]' assert_json '[{datasource:{source:"file",filename:"dummy.log",labels:{"type":"apache2"}},detected_service:"apache2"}]'
rune -0 --separate-stderr cscli setup detect --force-unit force-apache2,force-apache3 rune -0 cscli setup detect --force-unit force-apache2,force-apache3
rune -0 jq -cS '.setup' <(output) rune -0 jq -cS '.setup' <(output)
assert_json '[{datasource:{source:"file",filename:"dummy.log",labels:{type:"apache2"}},detected_service:"apache2"},{datasource:{source:"file",filename:"dummy.log",labels:{"type":"apache3"}},detected_service:"apache3"}]' assert_json '[{datasource:{source:"file",filename:"dummy.log",labels:{type:"apache2"}},detected_service:"apache2"},{datasource:{source:"file",filename:"dummy.log",labels:{"type":"apache3"}},detected_service:"apache3"}]'
# force-unit can be specified multiple times, the order does not matter # force-unit can be specified multiple times, the order does not matter
rune -0 --separate-stderr cscli setup detect --force-unit force-apache3 --force-unit force-apache2 rune -0 cscli setup detect --force-unit force-apache3 --force-unit force-apache2
rune -0 jq -cS '.setup' <(output) rune -0 jq -cS '.setup' <(output)
assert_json '[{datasource:{source:"file",filename:"dummy.log",labels:{type:"apache2"}},detected_service:"apache2"},{datasource:{source:"file",filename:"dummy.log",labels:{type:"apache3"}},detected_service:"apache3"}]' assert_json '[{datasource:{source:"file",filename:"dummy.log",labels:{type:"apache2"}},detected_service:"apache2"},{datasource:{source:"file",filename:"dummy.log",labels:{type:"apache3"}},detected_service:"apache3"}]'
rune -1 --separate-stderr cscli setup detect --force-unit mock-doesnotexist rune -1 cscli setup detect --force-unit mock-doesnotexist
assert_stderr --partial "detecting services: unit(s) forced but not supported: [mock-doesnotexist]" assert_stderr --partial "detecting services: unit(s) forced but not supported: [mock-doesnotexist]"
} }
@ -324,7 +324,7 @@ update-notifier-motd.timer enabled enabled
- ProcessRunning("this-does-not-exist") - ProcessRunning("this-does-not-exist")
EOT EOT
rune -0 --separate-stderr cscli setup detect rune -0 cscli setup detect
rune -0 jq -cS '.setup' <(output) rune -0 jq -cS '.setup' <(output)
assert_json '[{detected_service:"apache2"}]' assert_json '[{detected_service:"apache2"}]'
} }
@ -341,7 +341,7 @@ update-notifier-motd.timer enabled enabled
- ProcessRunning("this-does-not-exist") - ProcessRunning("this-does-not-exist")
EOT EOT
rune -0 --separate-stderr cscli setup detect --force-process force-apache2 rune -0 cscli setup detect --force-process force-apache2
rune -0 jq -cS '.setup' <(output) rune -0 jq -cS '.setup' <(output)
assert_json '[{detected_service:"apache2"}]' assert_json '[{detected_service:"apache2"}]'
} }
@ -360,11 +360,11 @@ update-notifier-motd.timer enabled enabled
type: apache2 type: apache2
EOT EOT
rune -0 --separate-stderr cscli setup detect --force-unit force-apache2 rune -0 cscli setup detect --force-unit force-apache2
rune -0 jq -cS '.setup' <(output) rune -0 jq -cS '.setup' <(output)
assert_json '[{datasource:{source:"file",filename:"dummy.log",labels:{type:"apache2"}},detected_service:"apache2"}]' assert_json '[{datasource:{source:"file",filename:"dummy.log",labels:{type:"apache2"}},detected_service:"apache2"}]'
rune -0 --separate-stderr cscli setup detect --force-unit force-apache2 --yaml rune -0 cscli setup detect --force-unit force-apache2 --yaml
assert_output - <<-EOT assert_output - <<-EOT
setup: setup:
- detected_service: apache2 - detected_service: apache2
@ -417,7 +417,7 @@ update-notifier-motd.timer enabled enabled
always: always:
EOT EOT
rune -0 --separate-stderr cscli setup detect rune -0 cscli setup detect
assert_json '{setup:[{detected_service:"always"}]}' assert_json '{setup:[{detected_service:"always"}]}'
setup=$output setup=$output
rune -0 cscli setup datasources /dev/stdin <<<"$setup" rune -0 cscli setup datasources /dev/stdin <<<"$setup"
@ -448,7 +448,7 @@ update-notifier-motd.timer enabled enabled
- crowdsecurity/apache2 - crowdsecurity/apache2
EOT EOT
rune -0 --separate-stderr cscli setup detect --force-process force-apache2,force-foobar rune -0 cscli setup detect --force-process force-apache2,force-foobar
rune -0 jq -Sc '.setup | sort' <(output) rune -0 jq -Sc '.setup | sort' <(output)
assert_json '[{install:{collections:["crowdsecurity/apache2"]},detected_service:"apache2"},{install:{collections:["crowdsecurity/foobar"]},detected_service:"foobar"}]' assert_json '[{install:{collections:["crowdsecurity/apache2"]},detected_service:"apache2"},{install:{collections:["crowdsecurity/foobar"]},detected_service:"foobar"}]'
} }
@ -469,7 +469,7 @@ update-notifier-motd.timer enabled enabled
- /var/log/*http*/*.log - /var/log/*http*/*.log
EOT EOT
rune -0 --separate-stderr cscli setup detect --force-process force-foobar rune -0 cscli setup detect --force-process force-foobar
rune -0 yq -op '.setup | sort_keys(..)' <(output) rune -0 yq -op '.setup | sort_keys(..)' <(output)
assert_output - <<-EOT assert_output - <<-EOT
0.datasource.filenames.0 = /var/log/apache2/*.log 0.datasource.filenames.0 = /var/log/apache2/*.log
@ -479,7 +479,7 @@ update-notifier-motd.timer enabled enabled
0.detected_service = foobar 0.detected_service = foobar
EOT EOT
rune -1 --separate-stderr cscli setup detect --force-process mock-doesnotexist rune -1 cscli setup detect --force-process mock-doesnotexist
assert_stderr --partial "detecting services: process(es) forced but not supported: [mock-doesnotexist]" assert_stderr --partial "detecting services: process(es) forced but not supported: [mock-doesnotexist]"
} }
@ -493,7 +493,7 @@ update-notifier-motd.timer enabled enabled
type: something type: something
EOT EOT
rune -1 --separate-stderr cscli setup detect rune -1 cscli setup detect
assert_stderr --partial "detecting services: invalid datasource for foobar: source is empty" assert_stderr --partial "detecting services: invalid datasource for foobar: source is empty"
# more datasource-specific tests are in detect_test.go # more datasource-specific tests are in detect_test.go
@ -501,38 +501,38 @@ update-notifier-motd.timer enabled enabled
@test "cscli setup install-hub (dry run)" { @test "cscli setup install-hub (dry run)" {
# it's not installed # it's not installed
rune -0 --separate-stderr cscli collections list -o json rune -0 cscli collections list -o json
rune -0 jq -r '.collections[].name' <(output) rune -0 jq -r '.collections[].name' <(output)
refute_line "crowdsecurity/apache2" refute_line "crowdsecurity/apache2"
# we install it # we install it
rune -0 --separate-stderr cscli setup install-hub /dev/stdin --dry-run <<< '{"setup":[{"install":{"collections":["crowdsecurity/apache2"]}}]}' rune -0 cscli setup install-hub /dev/stdin --dry-run <<< '{"setup":[{"install":{"collections":["crowdsecurity/apache2"]}}]}'
assert_output 'dry-run: would install collection crowdsecurity/apache2' assert_output 'dry-run: would install collection crowdsecurity/apache2'
# still not installed # still not installed
rune -0 --separate-stderr cscli collections list -o json rune -0 cscli collections list -o json
rune -0 jq -r '.collections[].name' <(output) rune -0 jq -r '.collections[].name' <(output)
refute_line "crowdsecurity/apache2" refute_line "crowdsecurity/apache2"
} }
@test "cscli setup install-hub (dry run: install multiple collections)" { @test "cscli setup install-hub (dry run: install multiple collections)" {
# it's not installed # it's not installed
rune -0 --separate-stderr cscli collections list -o json rune -0 cscli collections list -o json
rune -0 jq -r '.collections[].name' <(output) rune -0 jq -r '.collections[].name' <(output)
refute_line "crowdsecurity/apache2" refute_line "crowdsecurity/apache2"
# we install it # we install it
rune -0 --separate-stderr cscli setup install-hub /dev/stdin --dry-run <<< '{"setup":[{"install":{"collections":["crowdsecurity/apache2"]}}]}' rune -0 cscli setup install-hub /dev/stdin --dry-run <<< '{"setup":[{"install":{"collections":["crowdsecurity/apache2"]}}]}'
assert_output 'dry-run: would install collection crowdsecurity/apache2' assert_output 'dry-run: would install collection crowdsecurity/apache2'
# still not installed # still not installed
rune -0 --separate-stderr cscli collections list -o json rune -0 cscli collections list -o json
rune -0 jq -r '.collections[].name' <(output) rune -0 jq -r '.collections[].name' <(output)
refute_line "crowdsecurity/apache2" refute_line "crowdsecurity/apache2"
} }
@test "cscli setup install-hub (dry run: install multiple collections, parsers, scenarios, postoverflows)" { @test "cscli setup install-hub (dry run: install multiple collections, parsers, scenarios, postoverflows)" {
rune -0 --separate-stderr cscli setup install-hub /dev/stdin --dry-run <<< '{"setup":[{"install":{"collections":["crowdsecurity/foo","johndoe/bar"],"parsers":["crowdsecurity/fooparser","johndoe/barparser"],"scenarios":["crowdsecurity/fooscenario","johndoe/barscenario"],"postoverflows":["crowdsecurity/foopo","johndoe/barpo"]}}]}' rune -0 cscli setup install-hub /dev/stdin --dry-run <<< '{"setup":[{"install":{"collections":["crowdsecurity/foo","johndoe/bar"],"parsers":["crowdsecurity/fooparser","johndoe/barparser"],"scenarios":["crowdsecurity/fooscenario","johndoe/barscenario"],"postoverflows":["crowdsecurity/foopo","johndoe/barpo"]}}]}'
assert_line 'dry-run: would install collection crowdsecurity/foo' assert_line 'dry-run: would install collection crowdsecurity/foo'
assert_line 'dry-run: would install collection johndoe/bar' assert_line 'dry-run: would install collection johndoe/bar'
assert_line 'dry-run: would install parser crowdsecurity/fooparser' assert_line 'dry-run: would install parser crowdsecurity/fooparser'
@ -544,12 +544,12 @@ update-notifier-motd.timer enabled enabled
} }
@test "cscli setup datasources" { @test "cscli setup datasources" {
rune -0 --separate-stderr cscli setup datasources --help rune -0 cscli setup datasources --help
assert_line --partial "--to-dir string write the configuration to a directory, in multiple files" assert_line --partial "--to-dir string write the configuration to a directory, in multiple files"
# single item # single item
rune -0 --separate-stderr cscli setup datasources /dev/stdin <<-EOT rune -0 cscli setup datasources /dev/stdin <<-EOT
setup: setup:
- datasource: - datasource:
source: file source: file
@ -575,7 +575,7 @@ update-notifier-motd.timer enabled enabled
# multiple items # multiple items
rune -0 --separate-stderr cscli setup datasources /dev/stdin <<-EOT rune -0 cscli setup datasources /dev/stdin <<-EOT
setup: setup:
- datasource: - datasource:
labels: labels:
@ -713,14 +713,14 @@ update-notifier-motd.timer enabled enabled
EOT EOT
# the directory must exist # the directory must exist
rune -1 --separate-stderr cscli setup datasources /dev/stdin --to-dir /path/does/not/exist <<< '{}' rune -1 cscli setup datasources /dev/stdin --to-dir /path/does/not/exist <<< '{}'
assert_stderr --partial "directory /path/does/not/exist does not exist" assert_stderr --partial "directory /path/does/not/exist does not exist"
# of course it must be a directory # of course it must be a directory
touch "${acquisdir}/notadir" touch "${acquisdir}/notadir"
rune -1 --separate-stderr cscli setup datasources /dev/stdin --to-dir "${acquisdir}/notadir" <<-EOT rune -1 cscli setup datasources /dev/stdin --to-dir "${acquisdir}/notadir" <<-EOT
setup: setup:
- detected_service: apache2 - detected_service: apache2
datasource: datasource:
@ -735,11 +735,11 @@ update-notifier-motd.timer enabled enabled
@test "cscli setup datasources (disclaimer)" { @test "cscli setup datasources (disclaimer)" {
disclaimer="This file was automatically generated" disclaimer="This file was automatically generated"
rune -0 --separate-stderr cscli setup datasources /dev/stdin <<<"setup:" rune -0 cscli setup datasources /dev/stdin <<<"setup:"
rune -0 yq 'head_comment' <(output) rune -0 yq 'head_comment' <(output)
assert_output --partial "$disclaimer" assert_output --partial "$disclaimer"
rune -0 --separate-stderr cscli setup datasources /dev/stdin <<-EOT rune -0 cscli setup datasources /dev/stdin <<-EOT
setup: setup:
- detected_service: something - detected_service: something
datasource: datasource:
@ -768,10 +768,10 @@ update-notifier-motd.timer enabled enabled
- "SYSLOG_IDENTIFIER=TheWiz" - "SYSLOG_IDENTIFIER=TheWiz"
EOT EOT
rune -0 --separate-stderr cscli setup detect --detect-config "$tempfile" --force-unit thewiz.service rune -0 cscli setup detect --detect-config "$tempfile" --force-unit thewiz.service
rune -0 jq -cS '.' <(output) rune -0 jq -cS '.' <(output)
assert_json '{setup:[{datasource:{source:"journalctl",journalctl_filter:["SYSLOG_IDENTIFIER=TheWiz"],labels:{type:"thewiz"}},detected_service:"thewiz"}]}' assert_json '{setup:[{datasource:{source:"journalctl",journalctl_filter:["SYSLOG_IDENTIFIER=TheWiz"],labels:{type:"thewiz"}},detected_service:"thewiz"}]}'
rune -0 --separate-stderr cscli setup datasources <(output) rune -0 cscli setup datasources <(output)
rune -0 yq '. head_comment=""' <(output) rune -0 yq '. head_comment=""' <(output)
assert_output - <<-EOT assert_output - <<-EOT
journalctl_filter: journalctl_filter:
@ -786,17 +786,17 @@ update-notifier-motd.timer enabled enabled
@test "cscli setup validate" { @test "cscli setup validate" {
# an empty file is not enough # an empty file is not enough
rune -1 --separate-stderr cscli setup validate /dev/null rune -1 cscli setup validate /dev/null
assert_output "EOF" assert_output "EOF"
assert_stderr --partial "invalid setup file" assert_stderr --partial "invalid setup file"
# this is ok; install nothing # this is ok; install nothing
rune -0 --separate-stderr cscli setup validate /dev/stdin <<-EOT rune -0 cscli setup validate /dev/stdin <<-EOT
setup: setup:
EOT EOT
refute_output refute_output
rune -1 --separate-stderr cscli setup validate /dev/stdin <<-EOT rune -1 cscli setup validate /dev/stdin <<-EOT
se tup: se tup:
EOT EOT
assert_output - <<-EOT assert_output - <<-EOT
@ -806,7 +806,7 @@ update-notifier-motd.timer enabled enabled
EOT EOT
assert_stderr --partial "invalid setup file" assert_stderr --partial "invalid setup file"
rune -1 --separate-stderr cscli setup validate /dev/stdin <<-EOT rune -1 cscli setup validate /dev/stdin <<-EOT
setup: setup:
alsdk al; sdf alsdk al; sdf
EOT EOT

30
test/bats/10_bouncers.bats
View file

@ -24,37 +24,35 @@ teardown() {
#---------- #----------
@test "there are 0 bouncers" { @test "there are 0 bouncers" {
run -0 --separate-stderr cscli bouncers list -o json rune -0 cscli bouncers list -o json
assert_output "[]" assert_output "[]"
} }
@test "we can add one bouncer, and delete it" { @test "we can add one bouncer, and delete it" {
run -0 cscli bouncers add ciTestBouncer rune -0 cscli bouncers add ciTestBouncer
assert_output --partial "Api key for 'ciTestBouncer':" assert_output --partial "Api key for 'ciTestBouncer':"
run -0 cscli bouncers delete ciTestBouncer rune -0 cscli bouncers delete ciTestBouncer
run -0 --separate-stderr cscli bouncers list -o json rune -0 cscli bouncers list -o json
assert_output '[]' assert_output '[]'
} }
@test "we can't add the same bouncer twice" { @test "we can't add the same bouncer twice" {
run -0 cscli bouncers add ciTestBouncer rune -0 cscli bouncers add ciTestBouncer
run -1 --separate-stderr cscli bouncers add ciTestBouncer -o json rune -1 cscli bouncers add ciTestBouncer -o json
# XXX temporary hack to filter out unwanted log lines that may appear before # XXX temporary hack to filter out unwanted log lines that may appear before
# log configuration (= not json) # log configuration (= not json)
run -0 jq -r '.level' <(stderr | grep "^{") rune -0 jq -c '[.level,.msg]' <(stderr | grep "^{")
assert_output 'fatal' assert_output '["fatal","unable to create bouncer: bouncer ciTestBouncer already exists"]'
run -0 jq -r '.msg' <(stderr | grep "^{")
assert_output "unable to create bouncer: bouncer ciTestBouncer already exists"
run -0 --separate-stderr cscli bouncers list -o json rune -0 cscli bouncers list -o json
run -0 jq '. | length' <(output) rune -0 jq '. | length' <(output)
assert_output 1 assert_output 1
} }
@test "delete the bouncer multiple times, even if it does not exist" { @test "delete the bouncer multiple times, even if it does not exist" {
run -0 cscli bouncers add ciTestBouncer rune -0 cscli bouncers add ciTestBouncer
run -0 cscli bouncers delete ciTestBouncer rune -0 cscli bouncers delete ciTestBouncer
run -1 cscli bouncers delete ciTestBouncer rune -1 cscli bouncers delete ciTestBouncer
run -1 cscli bouncers delete foobarbaz rune -1 cscli bouncers delete foobarbaz
} }

26
test/bats/11_bouncers_tls.bats
View file

@ -61,37 +61,37 @@ teardown() {
#---------- #----------
@test "there are 0 bouncers" { @test "there are 0 bouncers" {
run -0 --separate-stderr cscli bouncers list -o json rune -0 cscli bouncers list -o json
assert_output "[]" assert_output "[]"
} }
@test "simulate one bouncer request with a valid cert" { @test "simulate one bouncer request with a valid cert" {
run -0 curl -s --cert "${tmpdir}/bouncer.pem" --key "${tmpdir}/bouncer-key.pem" --cacert "${tmpdir}/bundle.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42 rune -0 curl -s --cert "${tmpdir}/bouncer.pem" --key "${tmpdir}/bouncer-key.pem" --cacert "${tmpdir}/bundle.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
assert_output "null" assert_output "null"
run -0 --separate-stderr cscli bouncers list -o json rune -0 cscli bouncers list -o json
run -0 jq '. | length' <(output) rune -0 jq '. | length' <(output)
assert_output '1' assert_output '1'
run -0 --separate-stderr cscli bouncers list -o json rune -0 cscli bouncers list -o json
run -0 jq -r '.[] | .name' <(output) rune -0 jq -r '.[] | .name' <(output)
assert_output "localhost@127.0.0.1" assert_output "localhost@127.0.0.1"
run cscli bouncers delete localhost@127.0.0.1 rune cscli bouncers delete localhost@127.0.0.1
} }
@test "simulate one bouncer request with an invalid cert" { @test "simulate one bouncer request with an invalid cert" {
run curl -s --cert "${tmpdir}/bouncer_invalid.pem" --key "${tmpdir}/bouncer_invalid-key.pem" --cacert "${tmpdir}/ca-key.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42 rune curl -s --cert "${tmpdir}/bouncer_invalid.pem" --key "${tmpdir}/bouncer_invalid-key.pem" --cacert "${tmpdir}/ca-key.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
run -0 --separate-stderr cscli bouncers list -o json rune -0 cscli bouncers list -o json
assert_output "[]" assert_output "[]"
} }
@test "simulate one bouncer request with an invalid OU" { @test "simulate one bouncer request with an invalid OU" {
run curl -s --cert "${tmpdir}/bouncer_bad_ou.pem" --key "${tmpdir}/bouncer_bad_ou-key.pem" --cacert "${tmpdir}/bundle.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42 rune curl -s --cert "${tmpdir}/bouncer_bad_ou.pem" --key "${tmpdir}/bouncer_bad_ou-key.pem" --cacert "${tmpdir}/bundle.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
run -0 --separate-stderr cscli bouncers list -o json rune -0 cscli bouncers list -o json
assert_output "[]" assert_output "[]"
} }
@test "simulate one bouncer request with a revoked certificate" { @test "simulate one bouncer request with a revoked certificate" {
run -0 curl -i -s --cert "${tmpdir}/bouncer_revoked.pem" --key "${tmpdir}/bouncer_revoked-key.pem" --cacert "${tmpdir}/bundle.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42 rune -0 curl -i -s --cert "${tmpdir}/bouncer_revoked.pem" --key "${tmpdir}/bouncer_revoked-key.pem" --cacert "${tmpdir}/bundle.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
assert_output --partial "access forbidden" assert_output --partial "access forbidden"
run -0 --separate-stderr cscli bouncers list -o json rune -0 cscli bouncers list -o json
assert_output "[]" assert_output "[]"
} }

4
test/bats/20_collections.bats
View file

@ -24,7 +24,7 @@ teardown() {
#---------- #----------
@test "we can list collections" { @test "we can list collections" {
run -0 cscli collections list rune -0 cscli collections list
} }
@test "there are 2 collections (linux and sshd)" { @test "there are 2 collections (linux and sshd)" {
@ -105,7 +105,7 @@ teardown() {
rune -0 cscli collections remove --all rune -0 cscli collections remove --all
assert_stderr --partial "Removed symlink [crowdsecurity/sshd]" assert_stderr --partial "Removed symlink [crowdsecurity/sshd]"
assert_stderr --partial "Removed symlink [crowdsecurity/linux]" assert_stderr --partial "Removed symlink [crowdsecurity/linux]"
rune -0 --separate-stderr cscli hub list -o json rune -0 cscli hub list -o json
assert_json '{collections:[],parsers:[],postoverflows:[],scenarios:[]}' assert_json '{collections:[],parsers:[],postoverflows:[],scenarios:[]}'
rune -0 cscli collections remove --all rune -0 cscli collections remove --all
assert_stderr --partial 'Disabled 0 items' assert_stderr --partial 'Disabled 0 items'

50
test/bats/30_machines.bats
View file

@ -24,60 +24,60 @@ teardown() {
#---------- #----------
@test "can list machines as regular user" { @test "can list machines as regular user" {
run -0 cscli machines list rune -0 cscli machines list
} }
@test "we have exactly one machine" { @test "we have exactly one machine" {
run -0 --separate-stderr cscli machines list -o json rune -0 cscli machines list -o json
run -0 jq -c '[. | length, .[0].machineId[0:32], .[0].isValidated]' <(output) rune -0 jq -c '[. | length, .[0].machineId[0:32], .[0].isValidated]' <(output)
assert_output '[1,"githubciXXXXXXXXXXXXXXXXXXXXXXXX",true]' assert_output '[1,"githubciXXXXXXXXXXXXXXXXXXXXXXXX",true]'
} }
@test "add a new machine and delete it" { @test "add a new machine and delete it" {
run -0 cscli machines add -a -f /dev/null CiTestMachine -o human rune -0 cscli machines add -a -f /dev/null CiTestMachine -o human
assert_output --partial "Machine 'CiTestMachine' successfully added to the local API" assert_stderr --partial "Machine 'CiTestMachine' successfully added to the local API"
assert_output --partial "API credentials dumped to '/dev/null'" assert_stderr --partial "API credentials dumped to '/dev/null'"
# we now have two machines # we now have two machines
run -0 --separate-stderr cscli machines list -o json rune -0 cscli machines list -o json
run -0 jq -c '[. | length, .[-1].machineId, .[0].isValidated]' <(output) rune -0 jq -c '[. | length, .[-1].machineId, .[0].isValidated]' <(output)
assert_output '[2,"CiTestMachine",true]' assert_output '[2,"CiTestMachine",true]'
# delete the test machine # delete the test machine
run -0 cscli machines delete CiTestMachine -o human rune -0 cscli machines delete CiTestMachine -o human
assert_output --partial "machine 'CiTestMachine' deleted successfully" assert_stderr --partial "machine 'CiTestMachine' deleted successfully"
# we now have one machine again # we now have one machine again
run -0 --separate-stderr cscli machines list -o json rune -0 cscli machines list -o json
run -0 jq '. | length' <(output) rune -0 jq '. | length' <(output)
assert_output 1 assert_output 1
} }
@test "register, validate and then remove a machine" { @test "register, validate and then remove a machine" {
run -0 cscli lapi register --machine CiTestMachineRegister -f /dev/null -o human rune -0 cscli lapi register --machine CiTestMachineRegister -f /dev/null -o human
assert_output --partial "Successfully registered to Local API (LAPI)" assert_stderr --partial "Successfully registered to Local API (LAPI)"
assert_output --partial "Local API credentials dumped to '/dev/null'" assert_stderr --partial "Local API credentials dumped to '/dev/null'"
# the machine is not validated yet # the machine is not validated yet
run -0 --separate-stderr cscli machines list -o json rune -0 cscli machines list -o json
run -0 jq '.[-1].isValidated' <(output) rune -0 jq '.[-1].isValidated' <(output)
assert_output 'null' assert_output 'null'
# validate the machine # validate the machine
run -0 cscli machines validate CiTestMachineRegister -o human rune -0 cscli machines validate CiTestMachineRegister -o human
assert_output --partial "machine 'CiTestMachineRegister' validated successfully" assert_stderr --partial "machine 'CiTestMachineRegister' validated successfully"
# the machine is now validated # the machine is now validated
run -0 --separate-stderr cscli machines list -o json rune -0 cscli machines list -o json
run -0 jq '.[-1].isValidated' <(output) rune -0 jq '.[-1].isValidated' <(output)
assert_output 'true' assert_output 'true'
# delete the test machine again # delete the test machine again
run -0 cscli machines delete CiTestMachineRegister -o human rune -0 cscli machines delete CiTestMachineRegister -o human
assert_output --partial "machine 'CiTestMachineRegister' deleted successfully" assert_stderr --partial "machine 'CiTestMachineRegister' deleted successfully"
# we now have one machine, again # we now have one machine, again
run -0 --separate-stderr cscli machines list -o json rune -0 cscli machines list -o json
run -0 jq '. | length' <(output) rune -0 jq '. | length' <(output)
assert_output 1 assert_output 1
} }

19
test/bats/30_machines_tls.bats
View file

@ -47,10 +47,8 @@ setup_file() {
# remove all machines # remove all machines
run -0 cscli machines list -o json for machine in $(cscli machines list -o json | jq -r '.[].machineId'); do
run -0 jq -r '.[].machineId' <(output) cscli machines delete "${machine}"
for machine in $(output); do
run -0 cscli machines delete "${machine}"
done done
config_disable_agent config_disable_agent
@ -69,7 +67,6 @@ setup() {
.api.server.tls.crl_path=strenv(tmpdir) + "/crl.pem" | .api.server.tls.crl_path=strenv(tmpdir) + "/crl.pem" |
.api.server.tls.agents_allowed_ou=["agent-ou"] .api.server.tls.agents_allowed_ou=["agent-ou"]
' '
} }
teardown() { teardown() {
@ -102,7 +99,7 @@ teardown() {
config_set "${CONFIG_DIR}/local_api_credentials.yaml" 'del(.login,.password)' config_set "${CONFIG_DIR}/local_api_credentials.yaml" 'del(.login,.password)'
./instance-crowdsec start ./instance-crowdsec start
run -0 --separate-stderr cscli machines list -o json rune -0 cscli machines list -o json
assert_output '[]' assert_output '[]'
} }
@ -116,9 +113,9 @@ teardown() {
config_set "${CONFIG_DIR}/local_api_credentials.yaml" 'del(.login,.password)' config_set "${CONFIG_DIR}/local_api_credentials.yaml" 'del(.login,.password)'
./instance-crowdsec start ./instance-crowdsec start
run -0 cscli lapi status rune -0 cscli lapi status
run -0 --separate-stderr cscli machines list -o json rune -0 cscli machines list -o json
run -0 jq -c '[. | length, .[0].machineId[0:32], .[0].isValidated, .[0].ipAddress, .[0].auth_type]' <(output) rune -0 jq -c '[. | length, .[0].machineId[0:32], .[0].isValidated, .[0].ipAddress, .[0].auth_type]' <(output)
assert_output '[1,"localhost@127.0.0.1",true,"127.0.0.1","tls"]' assert_output '[1,"localhost@127.0.0.1",true,"127.0.0.1","tls"]'
cscli machines delete localhost@127.0.0.1 cscli machines delete localhost@127.0.0.1
@ -133,7 +130,7 @@ teardown() {
' '
config_set "${CONFIG_DIR}/local_api_credentials.yaml" 'del(.login,.password)' config_set "${CONFIG_DIR}/local_api_credentials.yaml" 'del(.login,.password)'
./instance-crowdsec start ./instance-crowdsec start
run -0 --separate-stderr cscli machines list -o json rune -0 cscli machines list -o json
assert_output '[]' assert_output '[]'
} }
@ -147,6 +144,6 @@ teardown() {
config_set "${CONFIG_DIR}/local_api_credentials.yaml" 'del(.login,.password)' config_set "${CONFIG_DIR}/local_api_credentials.yaml" 'del(.login,.password)'
./instance-crowdsec start ./instance-crowdsec start
run -0 --separate-stderr cscli machines list -o json rune -0 cscli machines list -o json
assert_output '[]' assert_output '[]'
} }

4
test/bats/40_live-ban.bats
View file

@ -39,7 +39,7 @@ teardown() {
fake_log >>"${tmpfile}" fake_log >>"${tmpfile}"
sleep 2 sleep 2
rm -f -- "${tmpfile}" rm -f -- "${tmpfile}"
run -0 --separate-stderr cscli decisions list -o json rune -0 cscli decisions list -o json
run -0 jq -r '.[].decisions[0].value' <(output) rune -0 jq -r '.[].decisions[0].value' <(output)
assert_output '1.1.1.172' assert_output '1.1.1.172'
} }

28
test/bats/50_simulation.bats
View file

@ -27,40 +27,40 @@ setup() {
#---------- #----------
@test "we have one decision" { @test "we have one decision" {
run -0 cscli simulation disable --global rune -0 cscli simulation disable --global
fake_log | "${CROWDSEC}" -dsn file:///dev/fd/0 -type syslog -no-api fake_log | "${CROWDSEC}" -dsn file:///dev/fd/0 -type syslog -no-api
run -0 --separate-stderr cscli decisions list -o json rune -0 cscli decisions list -o json
run -0 jq '. | length' <(output) rune -0 jq '. | length' <(output)
assert_output 1 assert_output 1
} }
@test "1.1.1.174 has been banned (exact)" { @test "1.1.1.174 has been banned (exact)" {
run -0 cscli simulation disable --global rune -0 cscli simulation disable --global
fake_log | "${CROWDSEC}" -dsn file:///dev/fd/0 -type syslog -no-api fake_log | "${CROWDSEC}" -dsn file:///dev/fd/0 -type syslog -no-api
run -0 --separate-stderr cscli decisions list -o json rune -0 cscli decisions list -o json
run -0 jq -r '.[].decisions[0].value' <(output) rune -0 jq -r '.[].decisions[0].value' <(output)
assert_output '1.1.1.174' assert_output '1.1.1.174'
} }
@test "decision has simulated == false (exact)" { @test "decision has simulated == false (exact)" {
run -0 cscli simulation disable --global rune -0 cscli simulation disable --global
fake_log | "${CROWDSEC}" -dsn file:///dev/fd/0 -type syslog -no-api fake_log | "${CROWDSEC}" -dsn file:///dev/fd/0 -type syslog -no-api
run -0 --separate-stderr cscli decisions list -o json rune -0 cscli decisions list -o json
run -0 jq '.[].decisions[0].simulated' <(output) rune -0 jq '.[].decisions[0].simulated' <(output)
assert_output 'false' assert_output 'false'
} }
@test "simulated scenario, listing non-simulated: expect no decision" { @test "simulated scenario, listing non-simulated: expect no decision" {
run -0 cscli simulation enable crowdsecurity/ssh-bf rune -0 cscli simulation enable crowdsecurity/ssh-bf
fake_log | "${CROWDSEC}" -dsn file:///dev/fd/0 -type syslog -no-api fake_log | "${CROWDSEC}" -dsn file:///dev/fd/0 -type syslog -no-api
run -0 --separate-stderr cscli decisions list --no-simu -o json rune -0 cscli decisions list --no-simu -o json
assert_output 'null' assert_output 'null'
} }
@test "global simulation, listing non-simulated: expect no decision" { @test "global simulation, listing non-simulated: expect no decision" {
run -0 cscli simulation disable crowdsecurity/ssh-bf rune -0 cscli simulation disable crowdsecurity/ssh-bf
run -0 cscli simulation enable --global rune -0 cscli simulation enable --global
fake_log | "${CROWDSEC}" -dsn file:///dev/fd/0 -type syslog -no-api fake_log | "${CROWDSEC}" -dsn file:///dev/fd/0 -type syslog -no-api
run -0 --separate-stderr cscli decisions list --no-simu -o json rune -0 cscli decisions list --no-simu -o json
assert_output 'null' assert_output 'null'
} }

16
test/bats/70_http_plugin.bats
View file

@ -54,33 +54,33 @@ setup() {
#---------- #----------
@test "add two bans" { @test "add two bans" {
run -0 --separate-stderr cscli decisions add --ip 1.2.3.4 --duration 30s rune -0 cscli decisions add --ip 1.2.3.4 --duration 30s
assert_stderr --partial 'Decision successfully added' assert_stderr --partial 'Decision successfully added'
run -0 --separate-stderr cscli decisions add --ip 1.2.3.5 --duration 30s rune -0 cscli decisions add --ip 1.2.3.5 --duration 30s
assert_stderr --partial 'Decision successfully added' assert_stderr --partial 'Decision successfully added'
sleep 5 sleep 5
} }
@test "expected 1 log line from http server" { @test "expected 1 log line from http server" {
run -0 wc -l <"${MOCK_OUT}" rune -0 wc -l <"${MOCK_OUT}"
# wc can pad with spaces on some platforms # wc can pad with spaces on some platforms
run -0 tr -d ' ' < <(output) rune -0 tr -d ' ' < <(output)
assert_output 1 assert_output 1
} }
@test "expected to receive 2 alerts in the request body from plugin" { @test "expected to receive 2 alerts in the request body from plugin" {
run -0 jq -r '.request_body' <"${MOCK_OUT}" rune -0 jq -r '.request_body' <"${MOCK_OUT}"
run -0 jq -r 'length' <(output) rune -0 jq -r 'length' <(output)
assert_output 2 assert_output 2
} }
@test "expected to receive IP 1.2.3.4 as value of first decision" { @test "expected to receive IP 1.2.3.4 as value of first decision" {
run -0 jq -r '.request_body[0].decisions[0].value' <"${MOCK_OUT}" rune -0 jq -r '.request_body[0].decisions[0].value' <"${MOCK_OUT}"
assert_output 1.2.3.4 assert_output 1.2.3.4
} }
@test "expected to receive IP 1.2.3.5 as value of second decision" { @test "expected to receive IP 1.2.3.5 as value of second decision" {
run -0 jq -r '.request_body[1].decisions[0].value' <"${MOCK_OUT}" rune -0 jq -r '.request_body[1].decisions[0].value' <"${MOCK_OUT}"
assert_output 1.2.3.5 assert_output 1.2.3.5
} }

8
test/bats/71_dummy_plugin.bats
View file

@ -58,21 +58,21 @@ setup() {
#---------- #----------
@test "add two bans" { @test "add two bans" {
run -0 --separate-stderr cscli decisions add --ip 1.2.3.4 --duration 30s rune -0 cscli decisions add --ip 1.2.3.4 --duration 30s
assert_stderr --partial 'Decision successfully added' assert_stderr --partial 'Decision successfully added'
run -0 --separate-stderr cscli decisions add --ip 1.2.3.5 --duration 30s rune -0 cscli decisions add --ip 1.2.3.5 --duration 30s
assert_stderr --partial 'Decision successfully added' assert_stderr --partial 'Decision successfully added'
sleep 2 sleep 2
} }
@test "expected 1 notification" { @test "expected 1 notification" {
run -0 cat "${tempfile}" rune -0 cat "${tempfile}"
assert_output --partial 1.2.3.4 assert_output --partial 1.2.3.4
assert_output --partial 1.2.3.5 assert_output --partial 1.2.3.5
} }
@test "second notification works too" { @test "second notification works too" {
run -0 cat "${tempfile2}" rune -0 cat "${tempfile2}"
assert_output --partial secondfile assert_output --partial secondfile
} }

22
test/bats/72_plugin_badconfig.bats
View file

@ -35,76 +35,76 @@ teardown() {
@test "misconfigured plugin, only user is empty" { @test "misconfigured plugin, only user is empty" {
config_set '.plugin_config.user="" | .plugin_config.group="nogroup"' config_set '.plugin_config.user="" | .plugin_config.group="nogroup"'
config_set "${PROFILES_PATH}" '.notifications=["http_default"]' config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
run -1 --separate-stderr timeout 2s "${CROWDSEC}" rune -1 timeout 2s "${CROWDSEC}"
assert_stderr --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: both plugin user and group must be set" assert_stderr --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: both plugin user and group must be set"
} }
@test "misconfigured plugin, only group is empty" { @test "misconfigured plugin, only group is empty" {
config_set '(.plugin_config.user="nobody") | (.plugin_config.group="")' config_set '(.plugin_config.user="nobody") | (.plugin_config.group="")'
config_set "${PROFILES_PATH}" '.notifications=["http_default"]' config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
run -1 --separate-stderr timeout 2s "${CROWDSEC}" rune -1 timeout 2s "${CROWDSEC}"
assert_stderr --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: both plugin user and group must be set" assert_stderr --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: both plugin user and group must be set"
} }
@test "misconfigured plugin, user does not exist" { @test "misconfigured plugin, user does not exist" {
config_set '(.plugin_config.user="userdoesnotexist") | (.plugin_config.group="groupdoesnotexist")' config_set '(.plugin_config.user="userdoesnotexist") | (.plugin_config.group="groupdoesnotexist")'
config_set "${PROFILES_PATH}" '.notifications=["http_default"]' config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
run -1 --separate-stderr timeout 2s "${CROWDSEC}" rune -1 timeout 2s "${CROWDSEC}"
assert_stderr --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: user: unknown user userdoesnotexist" assert_stderr --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: user: unknown user userdoesnotexist"
} }
@test "misconfigured plugin, group does not exist" { @test "misconfigured plugin, group does not exist" {
config_set '(.plugin_config.user=strenv(USER)) | (.plugin_config.group="groupdoesnotexist")' config_set '(.plugin_config.user=strenv(USER)) | (.plugin_config.group="groupdoesnotexist")'
config_set "${PROFILES_PATH}" '.notifications=["http_default"]' config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
run -1 --separate-stderr timeout 2s "${CROWDSEC}" rune -1 timeout 2s "${CROWDSEC}"
assert_stderr --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: group: unknown group groupdoesnotexist" assert_stderr --partial "api server init: unable to run local API: while loading plugin: while getting process attributes: group: unknown group groupdoesnotexist"
} }
@test "bad plugin name" { @test "bad plugin name" {
config_set "${PROFILES_PATH}" '.notifications=["http_default"]' config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
cp "${PLUGIN_DIR}"/notification-http "${PLUGIN_DIR}"/badname cp "${PLUGIN_DIR}"/notification-http "${PLUGIN_DIR}"/badname
run -1 --separate-stderr timeout 2s "${CROWDSEC}" rune -1 timeout 2s "${CROWDSEC}"
assert_stderr --partial "api server init: unable to run local API: while loading plugin: plugin name ${PLUGIN_DIR}/badname is invalid. Name should be like {type-name}" assert_stderr --partial "api server init: unable to run local API: while loading plugin: plugin name ${PLUGIN_DIR}/badname is invalid. Name should be like {type-name}"
} }
@test "bad plugin permission (group writable)" { @test "bad plugin permission (group writable)" {
config_set "${PROFILES_PATH}" '.notifications=["http_default"]' config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
chmod g+w "${PLUGIN_DIR}"/notification-http chmod g+w "${PLUGIN_DIR}"/notification-http
run -1 --separate-stderr timeout 2s "${CROWDSEC}" rune -1 timeout 2s "${CROWDSEC}"
assert_stderr --partial "api server init: unable to run local API: while loading plugin: plugin at ${PLUGIN_DIR}/notification-http is group writable, group writable plugins are invalid" assert_stderr --partial "api server init: unable to run local API: while loading plugin: plugin at ${PLUGIN_DIR}/notification-http is group writable, group writable plugins are invalid"
} }
@test "bad plugin permission (world writable)" { @test "bad plugin permission (world writable)" {
config_set "${PROFILES_PATH}" '.notifications=["http_default"]' config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
chmod o+w "${PLUGIN_DIR}"/notification-http chmod o+w "${PLUGIN_DIR}"/notification-http
run -1 --separate-stderr timeout 2s "${CROWDSEC}" rune -1 timeout 2s "${CROWDSEC}"
assert_stderr --partial "api server init: unable to run local API: while loading plugin: plugin at ${PLUGIN_DIR}/notification-http is world writable, world writable plugins are invalid" assert_stderr --partial "api server init: unable to run local API: while loading plugin: plugin at ${PLUGIN_DIR}/notification-http is world writable, world writable plugins are invalid"
} }
@test "config.yaml: missing .plugin_config section" { @test "config.yaml: missing .plugin_config section" {
config_set 'del(.plugin_config)' config_set 'del(.plugin_config)'
config_set "${PROFILES_PATH}" '.notifications=["http_default"]' config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
run -1 --separate-stderr timeout 2s "${CROWDSEC}" rune -1 timeout 2s "${CROWDSEC}"
assert_stderr --partial "api server init: plugins are enabled, but the plugin_config section is missing in the configuration" assert_stderr --partial "api server init: plugins are enabled, but the plugin_config section is missing in the configuration"
} }
@test "config.yaml: missing config_paths.notification_dir" { @test "config.yaml: missing config_paths.notification_dir" {
config_set 'del(.config_paths.notification_dir)' config_set 'del(.config_paths.notification_dir)'
config_set "${PROFILES_PATH}" '.notifications=["http_default"]' config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
run -1 --separate-stderr timeout 2s "${CROWDSEC}" rune -1 timeout 2s "${CROWDSEC}"
assert_stderr --partial "api server init: plugins are enabled, but config_paths.notification_dir is not defined" assert_stderr --partial "api server init: plugins are enabled, but config_paths.notification_dir is not defined"
} }
@test "config.yaml: missing config_paths.plugin_dir" { @test "config.yaml: missing config_paths.plugin_dir" {
config_set 'del(.config_paths.plugin_dir)' config_set 'del(.config_paths.plugin_dir)'
config_set "${PROFILES_PATH}" '.notifications=["http_default"]' config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
run -1 --separate-stderr timeout 2s "${CROWDSEC}" rune -1 timeout 2s "${CROWDSEC}"
assert_stderr --partial "api server init: plugins are enabled, but config_paths.plugin_dir is not defined" assert_stderr --partial "api server init: plugins are enabled, but config_paths.plugin_dir is not defined"
} }
@test "unable to run local API: while reading plugin config" { @test "unable to run local API: while reading plugin config" {
config_set '.config_paths.notification_dir="/this/path/does/not/exist"' config_set '.config_paths.notification_dir="/this/path/does/not/exist"'
config_set "${PROFILES_PATH}" '.notifications=["http_default"]' config_set "${PROFILES_PATH}" '.notifications=["http_default"]'
run -1 --separate-stderr timeout 2s "${CROWDSEC}" rune -1 timeout 2s "${CROWDSEC}"
assert_stderr --partial "api server init: unable to run local API: while loading plugin config: open /this/path/does/not/exist: no such file or directory" assert_stderr --partial "api server init: unable to run local API: while loading plugin config: open /this/path/does/not/exist: no such file or directory"
} }

94
test/bats/80_alerts.bats
View file

@ -25,42 +25,42 @@ teardown() {
@test "cscli alerts list, with and without --machine" { @test "cscli alerts list, with and without --machine" {
is_db_postgres && skip is_db_postgres && skip
run -0 cscli decisions add -i 10.20.30.40 -t ban rune -0 cscli decisions add -i 10.20.30.40 -t ban
run -0 cscli alerts list rune -0 cscli alerts list
refute_output --partial 'machine' refute_output --partial 'machine'
# machine name appears quoted in the "REASON" column # machine name appears quoted in the "REASON" column
assert_output --regexp " 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?' " assert_output --regexp " 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?' "
refute_output --regexp " githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})? " refute_output --regexp " githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})? "
run -0 cscli alerts list -m rune -0 cscli alerts list -m
assert_output --partial 'machine' assert_output --partial 'machine'
assert_output --regexp " 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?' " assert_output --regexp " 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?' "
assert_output --regexp " githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})? " assert_output --regexp " githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})? "
run -0 cscli alerts list --machine rune -0 cscli alerts list --machine
assert_output --partial 'machine' assert_output --partial 'machine'
assert_output --regexp " 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?' " assert_output --regexp " 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?' "
assert_output --regexp " githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})? " assert_output --regexp " githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})? "
} }
@test "cscli alerts list, human/json/raw" { @test "cscli alerts list, human/json/raw" {
run -0 cscli decisions add -i 10.20.30.40 -t ban rune -0 cscli decisions add -i 10.20.30.40 -t ban
run -0 cscli alerts list -o human rune -0 cscli alerts list -o human
run -0 plaintext < <(output) rune -0 plaintext < <(output)
assert_output --regexp ".* ID .* value .* reason .* country .* as .* decisions .* created_at .*" assert_output --regexp ".* ID .* value .* reason .* country .* as .* decisions .* created_at .*"
assert_output --regexp ".*Ip:10.20.30.40.*manual 'ban' from.*ban:1.*" assert_output --regexp ".*Ip:10.20.30.40.*manual 'ban' from.*ban:1.*"
run -0 --separate-stderr cscli alerts list -o json rune -0 cscli alerts list -o json
run -0 jq -c '.[].decisions[0] | [.origin, .scenario, .scope, .simulated, .type, .value]' <(output) rune -0 jq -c '.[].decisions[0] | [.origin, .scenario, .scope, .simulated, .type, .value]' <(output)
assert_line --regexp "\[\"cscli\",\"manual 'ban' from 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?'\",\"Ip\",false,\"ban\",\"10.20.30.40\"\]" assert_line --regexp "\[\"cscli\",\"manual 'ban' from 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?'\",\"Ip\",false,\"ban\",\"10.20.30.40\"\]"
run -0 cscli alerts list -o raw rune -0 cscli alerts list -o raw
assert_line "id,scope,value,reason,country,as,decisions,created_at" assert_line "id,scope,value,reason,country,as,decisions,created_at"
assert_line --regexp ".*,Ip,10.20.30.40,manual 'ban' from 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?',,,ban:1,.*" assert_line --regexp ".*,Ip,10.20.30.40,manual 'ban' from 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?',,,ban:1,.*"
run -0 cscli alerts list -o raw --machine rune -0 cscli alerts list -o raw --machine
assert_line "id,scope,value,reason,country,as,decisions,created_at,machine" assert_line "id,scope,value,reason,country,as,decisions,created_at,machine"
assert_line --regexp "^[0-9]+,Ip,10.20.30.40,manual 'ban' from 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?',,,ban:1,.*,githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?$" assert_line --regexp "^[0-9]+,Ip,10.20.30.40,manual 'ban' from 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?',,,ban:1,.*,githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?$"
} }
@ -69,14 +69,14 @@ teardown() {
rune -1 cscli alerts inspect rune -1 cscli alerts inspect
assert_stderr --partial 'missing alert_id' assert_stderr --partial 'missing alert_id'
run -0 cscli decisions add -i 10.20.30.40 -t ban rune -0 cscli decisions add -i 10.20.30.40 -t ban
run -0 cscli alerts list -o raw <(output) rune -0 cscli alerts list -o raw <(output)
run -0 grep 10.20.30.40 <(output) rune -0 grep 10.20.30.40 <(output)
run -0 cut -d, -f1 <(output) rune -0 cut -d, -f1 <(output)
ALERT_ID="${output}" ALERT_ID="${output}"
run -0 cscli alerts inspect "${ALERT_ID}" -o human rune -0 cscli alerts inspect "${ALERT_ID}" -o human
run -0 plaintext < <(output) rune -0 plaintext < <(output)
assert_line --regexp '^#+$' assert_line --regexp '^#+$'
assert_line --regexp "^ - ID *: ${ALERT_ID}$" assert_line --regexp "^ - ID *: ${ALERT_ID}$"
assert_line --regexp "^ - Date *: .*$" assert_line --regexp "^ - Date *: .*$"
@ -93,10 +93,10 @@ teardown() {
assert_line --regexp "^.* ID .* scope:value .* action .* expiration .* created_at .*$" assert_line --regexp "^.* ID .* scope:value .* action .* expiration .* created_at .*$"
assert_line --regexp "^.* Ip:10.20.30.40 .* ban .*$" assert_line --regexp "^.* Ip:10.20.30.40 .* ban .*$"
run -0 cscli alerts inspect "${ALERT_ID}" -o human --details rune -0 cscli alerts inspect "${ALERT_ID}" -o human --details
# XXX can we have something here? # XXX can we have something here?
run -0 cscli alerts inspect "${ALERT_ID}" -o raw rune -0 cscli alerts inspect "${ALERT_ID}" -o raw
assert_line --regexp "^ *capacity: 0$" assert_line --regexp "^ *capacity: 0$"
assert_line --regexp "^ *id: ${ALERT_ID}$" assert_line --regexp "^ *id: ${ALERT_ID}$"
assert_line --regexp "^ *origin: cscli$" assert_line --regexp "^ *origin: cscli$"
@ -106,91 +106,91 @@ teardown() {
assert_line --regexp "^ *type: ban$" assert_line --regexp "^ *type: ban$"
assert_line --regexp "^ *value: 10.20.30.40$" assert_line --regexp "^ *value: 10.20.30.40$"
run -0 --separate-stderr cscli alerts inspect "${ALERT_ID}" -o json rune -0 cscli alerts inspect "${ALERT_ID}" -o json
alert=${output} alert=${output}
run jq -c '.decisions[] | [.origin,.scenario,.scope,.simulated,.type,.value]' <<<"${alert}" rune jq -c '.decisions[] | [.origin,.scenario,.scope,.simulated,.type,.value]' <<<"${alert}"
assert_output --regexp "\[\"cscli\",\"manual 'ban' from 'githubciXXXXXXXXXXXXXXXXXXXXXXXX.*'\",\"Ip\",false,\"ban\",\"10.20.30.40\"\]" assert_output --regexp "\[\"cscli\",\"manual 'ban' from 'githubciXXXXXXXXXXXXXXXXXXXXXXXX.*'\",\"Ip\",false,\"ban\",\"10.20.30.40\"\]"
run jq -c '.source' <<<"${alert}" rune jq -c '.source' <<<"${alert}"
assert_json '{ip:"10.20.30.40",scope:"Ip",value:"10.20.30.40"}' assert_json '{ip:"10.20.30.40",scope:"Ip",value:"10.20.30.40"}'
} }
@test "no active alerts" { @test "no active alerts" {
run -0 --separate-stderr cscli alerts list --until 200d -o human rune -0 cscli alerts list --until 200d -o human
assert_output "No active alerts" assert_output "No active alerts"
run -0 --separate-stderr cscli alerts list --until 200d -o json rune -0 cscli alerts list --until 200d -o json
assert_output "null" assert_output "null"
run -0 --separate-stderr cscli alerts list --until 200d -o raw rune -0 cscli alerts list --until 200d -o raw
assert_output "id,scope,value,reason,country,as,decisions,created_at" assert_output "id,scope,value,reason,country,as,decisions,created_at"
run -0 --separate-stderr cscli alerts list --until 200d -o raw --machine rune -0 cscli alerts list --until 200d -o raw --machine
assert_output "id,scope,value,reason,country,as,decisions,created_at,machine" assert_output "id,scope,value,reason,country,as,decisions,created_at,machine"
} }
@test "cscli alerts delete (by id)" { @test "cscli alerts delete (by id)" {
run -0 --separate-stderr cscli alerts delete --help rune -0 cscli alerts delete --help
if [[ ! "$output" =~ "--id string" ]]; then if [[ ! "$output" =~ "--id string" ]]; then
skip "cscli alerts delete --id not supported" skip "cscli alerts delete --id not supported"
fi fi
# make sure there is at least one alert # make sure there is at least one alert
run -0 cscli decisions add -i 127.0.0.1 -d 1h -R crowdsecurity/test rune -0 cscli decisions add -i 127.0.0.1 -d 1h -R crowdsecurity/test
# when testing with global config, alert id is not guaranteed to be 1. # when testing with global config, alert id is not guaranteed to be 1.
# we'll just remove the first alert we find # we'll just remove the first alert we find
run -0 --separate-stderr cscli alerts list -o json rune -0 cscli alerts list -o json
run -0 jq -c '.[0].id' <(output) rune -0 jq -c '.[0].id' <(output)
ALERT_ID="$output" ALERT_ID="$output"
run -0 --separate-stderr cscli alerts delete --id "$ALERT_ID" rune -0 cscli alerts delete --id "$ALERT_ID"
refute_output refute_output
assert_stderr --partial "1 alert(s) deleted" assert_stderr --partial "1 alert(s) deleted"
# can't delete twice # can't delete twice
run -1 --separate-stderr cscli alerts delete --id "$ALERT_ID" rune -1 cscli alerts delete --id "$ALERT_ID"
refute_output refute_output
assert_stderr --partial "unable to delete alert" assert_stderr --partial "unable to delete alert"
assert_stderr --partial "API error: ent: alert not found" assert_stderr --partial "API error: ent: alert not found"
} }
@test "cscli alerts delete (all)" { @test "cscli alerts delete (all)" {
run -0 --separate-stderr cscli alerts delete --all rune -0 cscli alerts delete --all
assert_stderr --partial '0 alert(s) deleted' assert_stderr --partial '0 alert(s) deleted'
run -0 cscli decisions add -i 1.2.3.4 -d 1h -R crowdsecurity/test rune -0 cscli decisions add -i 1.2.3.4 -d 1h -R crowdsecurity/test
run -0 cscli decisions add -i 1.2.3.5 -d 1h -R crowdsecurity/test rune -0 cscli decisions add -i 1.2.3.5 -d 1h -R crowdsecurity/test
run -0 --separate-stderr cscli alerts delete --all rune -0 cscli alerts delete --all
assert_stderr --partial '2 alert(s) deleted' assert_stderr --partial '2 alert(s) deleted'
# XXX TODO: delete by scope, value, scenario, range.. # XXX TODO: delete by scope, value, scenario, range..
} }
@test "cscli alerts delete (with cascade to decisions)" { @test "cscli alerts delete (with cascade to decisions)" {
run -0 cscli decisions add -i 1.2.3.4 rune -0 cscli decisions add -i 1.2.3.4
run -0 --separate-stderr cscli decisions list -o json rune -0 cscli decisions list -o json
run -0 jq '. | length' <(output) rune -0 jq '. | length' <(output)
assert_output 1 assert_output 1
run -0 --separate-stderr cscli alerts delete -i 1.2.3.4 rune -0 cscli alerts delete -i 1.2.3.4
assert_stderr --partial 'alert(s) deleted' assert_stderr --partial 'alert(s) deleted'
run -0 --separate-stderr cscli decisions list -o json rune -0 cscli decisions list -o json
assert_output null assert_output null
} }
@test "cscli alerts delete (must ignore the query limit)" { @test "cscli alerts delete (must ignore the query limit)" {
for i in $(seq 1 200); do for i in $(seq 1 200); do
run -0 cscli decisions add -i 1.2.3.4 rune -0 cscli decisions add -i 1.2.3.4
done done
run -0 --separate-stderr cscli alerts delete -i 1.2.3.4 rune -0 cscli alerts delete -i 1.2.3.4
assert_stderr --partial '200 alert(s) deleted' assert_stderr --partial '200 alert(s) deleted'
} }
@test "bad duration" { @test "bad duration" {
skip 'TODO' skip 'TODO'
run -0 cscli decisions add -i 10.20.30.40 -t ban rune -0 cscli decisions add -i 10.20.30.40 -t ban
run -9 --separate-stderr cscli decisions list --ip 10.20.30.40 -o json rune -9 cscli decisions list --ip 10.20.30.40 -o json
run -9 jq -r '.[].decisions[].id' <(output) rune -9 jq -r '.[].decisions[].id' <(output)
DECISION_ID="${output}" DECISION_ID="${output}"
./instance-crowdsec stop ./instance-crowdsec stop
run -0 ./instance-db exec_sql "UPDATE decisions SET ... WHERE id=${DECISION_ID}" rune -0 ./instance-db exec_sql "UPDATE decisions SET ... WHERE id=${DECISION_ID}"
./instance-crowdsec start ./instance-crowdsec start
} }

24
test/bats/90_decisions.bats
View file

@ -21,47 +21,43 @@ teardown() {
./instance-crowdsec stop ./instance-crowdsec stop
} }
declare stderr
#---------- #----------
@test "'decisions add' requires parameters" { @test "'decisions add' requires parameters" {
run -1 --separate-stderr cscli decisions add rune -1 cscli decisions add
assert_line "Usage:" assert_line "Usage:"
assert_stderr --partial "Missing arguments, a value is required (--ip, --range or --scope and --value)" assert_stderr --partial "Missing arguments, a value is required (--ip, --range or --scope and --value)"
run -1 --separate-stderr cscli decisions add -o json rune -1 cscli decisions add -o json
run echo "${stderr}" rune -0 jq -c '[ .level, .msg]' <(stderr | grep "^{")
run -0 jq -c '[ .level, .msg]' <(output | grep "^{")
assert_output '["fatal","Missing arguments, a value is required (--ip, --range or --scope and --value)"]' assert_output '["fatal","Missing arguments, a value is required (--ip, --range or --scope and --value)"]'
} }
@test "cscli decisions list, with and without --machine" { @test "cscli decisions list, with and without --machine" {
is_db_postgres && skip is_db_postgres && skip
run -0 cscli decisions add -i 10.20.30.40 -t ban rune -0 cscli decisions add -i 10.20.30.40 -t ban
run -0 cscli decisions list rune -0 cscli decisions list
refute_output --partial 'Machine' refute_output --partial 'Machine'
# machine name appears quoted in the "REASON" column # machine name appears quoted in the "REASON" column
assert_output --regexp " 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?' " assert_output --regexp " 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?' "
refute_output --regexp " githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})? " refute_output --regexp " githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})? "
run -0 cscli decisions list -m rune -0 cscli decisions list -m
assert_output --partial 'Machine' assert_output --partial 'Machine'
assert_output --regexp " 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?' " assert_output --regexp " 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?' "
assert_output --regexp " githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})? " assert_output --regexp " githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})? "
run -0 cscli decisions list --machine rune -0 cscli decisions list --machine
assert_output --partial 'Machine' assert_output --partial 'Machine'
assert_output --regexp " 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?' " assert_output --regexp " 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?' "
assert_output --regexp " githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})? " assert_output --regexp " githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})? "
} }
@test "cscli decisions list, incorrect parameters" { @test "cscli decisions list, incorrect parameters" {
run -1 --separate-stderr cscli decisions list --until toto rune -1 cscli decisions list --until toto
assert_stderr --partial 'Unable to list decisions : performing request: API error: while parsing duration: time: invalid duration \"toto\"' assert_stderr --partial 'Unable to list decisions : performing request: API error: while parsing duration: time: invalid duration \"toto\"'
run -1 --separate-stderr cscli decisions list --until toto -o json rune -1 cscli decisions list --until toto -o json
run echo "${stderr}" rune -0 jq -c '[.level, .msg]' <(stderr | grep "^{")
run -0 jq -c '[.level, .msg]' <(output | grep "^{")
assert_output '["fatal","Unable to list decisions : performing request: API error: while parsing duration: time: invalid duration \"toto\""]' assert_output '["fatal","Unable to list decisions : performing request: API error: while parsing duration: time: invalid duration \"toto\""]'
} }

40
test/bats/97_ipv4_single.bats
View file

@ -31,77 +31,77 @@ api() {
@test "cli - first decisions list: must be empty" { @test "cli - first decisions list: must be empty" {
# delete community pull # delete community pull
run -0 cscli decisions delete --all rune -0 cscli decisions delete --all
run -0 --separate-stderr cscli decisions list -o json rune -0 cscli decisions list -o json
assert_output 'null' assert_output 'null'
} }
@test "API - first decisions list: must be empty" { @test "API - first decisions list: must be empty" {
run -0 --separate-stderr api '/v1/decisions' rune -0 api '/v1/decisions'
assert_output 'null' assert_output 'null'
} }
@test "adding decision for 1.2.3.4" { @test "adding decision for 1.2.3.4" {
run -0 --separate-stderr cscli decisions add -i '1.2.3.4' rune -0 cscli decisions add -i '1.2.3.4'
assert_stderr --partial 'Decision successfully added' assert_stderr --partial 'Decision successfully added'
} }
@test "CLI - all decisions" { @test "CLI - all decisions" {
run -0 --separate-stderr cscli decisions list -o json rune -0 cscli decisions list -o json
run -0 jq -r '.[0].decisions[0].value' <(output) rune -0 jq -r '.[0].decisions[0].value' <(output)
assert_output '1.2.3.4' assert_output '1.2.3.4'
} }
@test "API - all decisions" { @test "API - all decisions" {
run -0 --separate-stderr api '/v1/decisions' rune -0 api '/v1/decisions'
run -0 jq -c '[ . | length, .[0].value ]' <(output) rune -0 jq -c '[ . | length, .[0].value ]' <(output)
assert_output '[1,"1.2.3.4"]' assert_output '[1,"1.2.3.4"]'
} }
# check ip match # check ip match
@test "CLI - decision for 1.2.3.4" { @test "CLI - decision for 1.2.3.4" {
run -0 --separate-stderr cscli decisions list -i '1.2.3.4' -o json rune -0 cscli decisions list -i '1.2.3.4' -o json
run -0 jq -r '.[0].decisions[0].value' <(output) rune -0 jq -r '.[0].decisions[0].value' <(output)
assert_output '1.2.3.4' assert_output '1.2.3.4'
} }
@test "API - decision for 1.2.3.4" { @test "API - decision for 1.2.3.4" {
run -0 --separate-stderr api '/v1/decisions?ip=1.2.3.4' rune -0 api '/v1/decisions?ip=1.2.3.4'
run -0 jq -r '.[0].value' <(output) rune -0 jq -r '.[0].value' <(output)
assert_output '1.2.3.4' assert_output '1.2.3.4'
} }
@test "CLI - decision for 1.2.3.5" { @test "CLI - decision for 1.2.3.5" {
run -0 --separate-stderr cscli decisions list -i '1.2.3.5' -o json rune -0 cscli decisions list -i '1.2.3.5' -o json
assert_output 'null' assert_output 'null'
} }
@test "API - decision for 1.2.3.5" { @test "API - decision for 1.2.3.5" {
run -0 --separate-stderr api '/v1/decisions?ip=1.2.3.5' rune -0 api '/v1/decisions?ip=1.2.3.5'
assert_output 'null' assert_output 'null'
} }
## check outer range match ## check outer range match
@test "CLI - decision for 1.2.3.0/24" { @test "CLI - decision for 1.2.3.0/24" {
run -0 --separate-stderr cscli decisions list -r '1.2.3.0/24' -o json rune -0 cscli decisions list -r '1.2.3.0/24' -o json
assert_output 'null' assert_output 'null'
} }
@test "API - decision for 1.2.3.0/24" { @test "API - decision for 1.2.3.0/24" {
run -0 --separate-stderr api '/v1/decisions?range=1.2.3.0/24' rune -0 api '/v1/decisions?range=1.2.3.0/24'
assert_output 'null' assert_output 'null'
} }
@test "CLI - decisions where IP in 1.2.3.0/24" { @test "CLI - decisions where IP in 1.2.3.0/24" {
run -0 --separate-stderr cscli decisions list -r '1.2.3.0/24' --contained -o json rune -0 cscli decisions list -r '1.2.3.0/24' --contained -o json
run -0 jq -r '.[0].decisions[0].value' <(output) rune -0 jq -r '.[0].decisions[0].value' <(output)
assert_output '1.2.3.4' assert_output '1.2.3.4'
} }
@test "API - decisions where IP in 1.2.3.0/24" { @test "API - decisions where IP in 1.2.3.0/24" {
run -0 --separate-stderr api '/v1/decisions?range=1.2.3.0/24&contains=false' rune -0 api '/v1/decisions?range=1.2.3.0/24&contains=false'
run -0 jq -r '.[0].value' <(output) rune -0 jq -r '.[0].value' <(output)
assert_output '1.2.3.4' assert_output '1.2.3.4'
} }

64
test/bats/97_ipv6_single.bats
View file

@ -31,125 +31,125 @@ api() {
@test "cli - first decisions list: must be empty" { @test "cli - first decisions list: must be empty" {
# delete community pull # delete community pull
run -0 cscli decisions delete --all rune -0 cscli decisions delete --all
run -0 --separate-stderr cscli decisions list -o json rune -0 cscli decisions list -o json
assert_output 'null' assert_output 'null'
} }
@test "adding decision for ip 1111:2222:3333:4444:5555:6666:7777:8888" { @test "adding decision for ip 1111:2222:3333:4444:5555:6666:7777:8888" {
run -0 --separate-stderr cscli decisions add -i '1111:2222:3333:4444:5555:6666:7777:8888' rune -0 cscli decisions add -i '1111:2222:3333:4444:5555:6666:7777:8888'
assert_stderr --partial 'Decision successfully added' assert_stderr --partial 'Decision successfully added'
} }
@test "CLI - all decisions" { @test "CLI - all decisions" {
run -0 --separate-stderr cscli decisions list -o json rune -0 cscli decisions list -o json
run -0 jq -r '.[].decisions[0].value' <(output) rune -0 jq -r '.[].decisions[0].value' <(output)
assert_output '1111:2222:3333:4444:5555:6666:7777:8888' assert_output '1111:2222:3333:4444:5555:6666:7777:8888'
} }
@test "API - all decisions" { @test "API - all decisions" {
run -0 --separate-stderr api "/v1/decisions" rune -0 api "/v1/decisions"
run -0 jq -r '.[].value' <(output) rune -0 jq -r '.[].value' <(output)
assert_output '1111:2222:3333:4444:5555:6666:7777:8888' assert_output '1111:2222:3333:4444:5555:6666:7777:8888'
} }
@test "CLI - decisions for ip 1111:2222:3333:4444:5555:6666:7777:8888" { @test "CLI - decisions for ip 1111:2222:3333:4444:5555:6666:7777:8888" {
run -0 --separate-stderr cscli decisions list -i '1111:2222:3333:4444:5555:6666:7777:8888' -o json rune -0 cscli decisions list -i '1111:2222:3333:4444:5555:6666:7777:8888' -o json
run -0 jq -r '.[].decisions[0].value' <(output) rune -0 jq -r '.[].decisions[0].value' <(output)
assert_output '1111:2222:3333:4444:5555:6666:7777:8888' assert_output '1111:2222:3333:4444:5555:6666:7777:8888'
} }
@test "API - decisions for ip 1111:2222:3333:4444:5555:6666:7777:888" { @test "API - decisions for ip 1111:2222:3333:4444:5555:6666:7777:888" {
run -0 --separate-stderr api '/v1/decisions?ip=1111:2222:3333:4444:5555:6666:7777:8888' rune -0 api '/v1/decisions?ip=1111:2222:3333:4444:5555:6666:7777:8888'
run -0 jq -r '.[].value' <(output) rune -0 jq -r '.[].value' <(output)
assert_output '1111:2222:3333:4444:5555:6666:7777:8888' assert_output '1111:2222:3333:4444:5555:6666:7777:8888'
} }
@test "CLI - decisions for ip 1211:2222:3333:4444:5555:6666:7777:8888" { @test "CLI - decisions for ip 1211:2222:3333:4444:5555:6666:7777:8888" {
run -0 --separate-stderr cscli decisions list -i '1211:2222:3333:4444:5555:6666:7777:8888' -o json rune -0 cscli decisions list -i '1211:2222:3333:4444:5555:6666:7777:8888' -o json
assert_output 'null' assert_output 'null'
} }
@test "API - decisions for ip 1211:2222:3333:4444:5555:6666:7777:888" { @test "API - decisions for ip 1211:2222:3333:4444:5555:6666:7777:888" {
run -0 --separate-stderr api '/v1/decisions?ip=1211:2222:3333:4444:5555:6666:7777:8888' rune -0 api '/v1/decisions?ip=1211:2222:3333:4444:5555:6666:7777:8888'
assert_output 'null' assert_output 'null'
} }
@test "CLI - decisions for ip 1111:2222:3333:4444:5555:6666:7777:8887" { @test "CLI - decisions for ip 1111:2222:3333:4444:5555:6666:7777:8887" {
run -0 --separate-stderr cscli decisions list -i '1111:2222:3333:4444:5555:6666:7777:8887' -o json rune -0 cscli decisions list -i '1111:2222:3333:4444:5555:6666:7777:8887' -o json
assert_output 'null' assert_output 'null'
} }
@test "API - decisions for ip 1111:2222:3333:4444:5555:6666:7777:8887" { @test "API - decisions for ip 1111:2222:3333:4444:5555:6666:7777:8887" {
run -0 --separate-stderr api '/v1/decisions?ip=1111:2222:3333:4444:5555:6666:7777:8887' rune -0 api '/v1/decisions?ip=1111:2222:3333:4444:5555:6666:7777:8887'
assert_output 'null' assert_output 'null'
} }
@test "CLI - decisions for range 1111:2222:3333:4444:5555:6666:7777:8888/48" { @test "CLI - decisions for range 1111:2222:3333:4444:5555:6666:7777:8888/48" {
run -0 --separate-stderr cscli decisions list -r '1111:2222:3333:4444:5555:6666:7777:8888/48' -o json rune -0 cscli decisions list -r '1111:2222:3333:4444:5555:6666:7777:8888/48' -o json
assert_output 'null' assert_output 'null'
} }
@test "API - decisions for range 1111:2222:3333:4444:5555:6666:7777:8888/48" { @test "API - decisions for range 1111:2222:3333:4444:5555:6666:7777:8888/48" {
run -0 --separate-stderr api '/v1/decisions?range=1111:2222:3333:4444:5555:6666:7777:8888/48' rune -0 api '/v1/decisions?range=1111:2222:3333:4444:5555:6666:7777:8888/48'
assert_output 'null' assert_output 'null'
} }
@test "CLI - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/48" { @test "CLI - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/48" {
run -0 --separate-stderr cscli decisions list -r '1111:2222:3333:4444:5555:6666:7777:8888/48' --contained -o json rune -0 cscli decisions list -r '1111:2222:3333:4444:5555:6666:7777:8888/48' --contained -o json
run -0 jq -r '.[].decisions[0].value' <(output) rune -0 jq -r '.[].decisions[0].value' <(output)
assert_output '1111:2222:3333:4444:5555:6666:7777:8888' assert_output '1111:2222:3333:4444:5555:6666:7777:8888'
} }
@test "API - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/48" { @test "API - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/48" {
run -0 --separate-stderr api '/v1/decisions?range=1111:2222:3333:4444:5555:6666:7777:8888/48&&contains=false' rune -0 api '/v1/decisions?range=1111:2222:3333:4444:5555:6666:7777:8888/48&&contains=false'
run -0 jq -r '.[].value' <(output) rune -0 jq -r '.[].value' <(output)
assert_output '1111:2222:3333:4444:5555:6666:7777:8888' assert_output '1111:2222:3333:4444:5555:6666:7777:8888'
} }
@test "CLI - decisions for range 1111:2222:3333:4444:5555:6666:7777:8888/64" { @test "CLI - decisions for range 1111:2222:3333:4444:5555:6666:7777:8888/64" {
run -0 --separate-stderr cscli decisions list -r '1111:2222:3333:4444:5555:6666:7777:8888/64' -o json rune -0 cscli decisions list -r '1111:2222:3333:4444:5555:6666:7777:8888/64' -o json
assert_output 'null' assert_output 'null'
} }
@test "API - decisions for range 1111:2222:3333:4444:5555:6666:7777:8888/64" { @test "API - decisions for range 1111:2222:3333:4444:5555:6666:7777:8888/64" {
run -0 --separate-stderr api '/v1/decisions?range=1111:2222:3333:4444:5555:6666:7777:8888/64' rune -0 api '/v1/decisions?range=1111:2222:3333:4444:5555:6666:7777:8888/64'
assert_output 'null' assert_output 'null'
} }
@test "CLI - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/64" { @test "CLI - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/64" {
run -0 --separate-stderr cscli decisions list -r '1111:2222:3333:4444:5555:6666:7777:8888/64' -o json --contained rune -0 cscli decisions list -r '1111:2222:3333:4444:5555:6666:7777:8888/64' -o json --contained
run -0 jq -r '.[].decisions[0].value' <(output) rune -0 jq -r '.[].decisions[0].value' <(output)
assert_output '1111:2222:3333:4444:5555:6666:7777:8888' assert_output '1111:2222:3333:4444:5555:6666:7777:8888'
} }
@test "API - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/64" { @test "API - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/64" {
run -0 --separate-stderr api '/v1/decisions?range=1111:2222:3333:4444:5555:6666:7777:8888/64&&contains=false' rune -0 api '/v1/decisions?range=1111:2222:3333:4444:5555:6666:7777:8888/64&&contains=false'
run -0 jq -r '.[].value' <(output) rune -0 jq -r '.[].value' <(output)
assert_output '1111:2222:3333:4444:5555:6666:7777:8888' assert_output '1111:2222:3333:4444:5555:6666:7777:8888'
} }
@test "adding decision for ip 1111:2222:3333:4444:5555:6666:7777:8889" { @test "adding decision for ip 1111:2222:3333:4444:5555:6666:7777:8889" {
run -0 --separate-stderr cscli decisions add -i '1111:2222:3333:4444:5555:6666:7777:8889' rune -0 cscli decisions add -i '1111:2222:3333:4444:5555:6666:7777:8889'
assert_stderr --partial 'Decision successfully added' assert_stderr --partial 'Decision successfully added'
} }
@test "deleting decision for ip 1111:2222:3333:4444:5555:6666:7777:8889" { @test "deleting decision for ip 1111:2222:3333:4444:5555:6666:7777:8889" {
run -0 --separate-stderr cscli decisions delete -i '1111:2222:3333:4444:5555:6666:7777:8889' rune -0 cscli decisions delete -i '1111:2222:3333:4444:5555:6666:7777:8889'
assert_stderr --partial '1 decision(s) deleted' assert_stderr --partial '1 decision(s) deleted'
} }
@test "CLI - decisions for ip 1111:2222:3333:4444:5555:6666:7777:8889 after delete" { @test "CLI - decisions for ip 1111:2222:3333:4444:5555:6666:7777:8889 after delete" {
run -0 --separate-stderr cscli decisions list -i '1111:2222:3333:4444:5555:6666:7777:8889' -o json rune -0 cscli decisions list -i '1111:2222:3333:4444:5555:6666:7777:8889' -o json
assert_output 'null' assert_output 'null'
} }
@test "deleting decision for range 1111:2222:3333:4444:5555:6666:7777:8888/64" { @test "deleting decision for range 1111:2222:3333:4444:5555:6666:7777:8888/64" {
run -0 --separate-stderr cscli decisions delete -r '1111:2222:3333:4444:5555:6666:7777:8888/64' --contained rune -0 cscli decisions delete -r '1111:2222:3333:4444:5555:6666:7777:8888/64' --contained
assert_stderr --partial '1 decision(s) deleted' assert_stderr --partial '1 decision(s) deleted'
} }
@test "CLI - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/64 after delete" { @test "CLI - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/64 after delete" {
run -0 --separate-stderr cscli decisions list -r '1111:2222:3333:4444:5555:6666:7777:8888/64' -o json --contained rune -0 cscli decisions list -r '1111:2222:3333:4444:5555:6666:7777:8888/64' -o json --contained
assert_output 'null' assert_output 'null'
} }

54
test/bats/98_ipv4_range.bats
View file

@ -31,104 +31,104 @@ api() {
@test "cli - first decisions list: must be empty" { @test "cli - first decisions list: must be empty" {
# delete community pull # delete community pull
run -0 cscli decisions delete --all rune -0 cscli decisions delete --all
run -0 --separate-stderr cscli decisions list -o json rune -0 cscli decisions list -o json
assert_output 'null' assert_output 'null'
} }
@test "adding decision for range 4.4.4.0/24" { @test "adding decision for range 4.4.4.0/24" {
run -0 --separate-stderr cscli decisions add -r '4.4.4.0/24' rune -0 cscli decisions add -r '4.4.4.0/24'
assert_stderr --partial 'Decision successfully added' assert_stderr --partial 'Decision successfully added'
} }
@test "CLI - all decisions" { @test "CLI - all decisions" {
run -0 --separate-stderr cscli decisions list -o json rune -0 cscli decisions list -o json
run -0 jq -r '.[0].decisions[0].value' <(output) rune -0 jq -r '.[0].decisions[0].value' <(output)
assert_output '4.4.4.0/24' assert_output '4.4.4.0/24'
} }
@test "API - all decisions" { @test "API - all decisions" {
run -0 --separate-stderr api '/v1/decisions' rune -0 api '/v1/decisions'
run -0 jq -r '.[0].value' <(output) rune -0 jq -r '.[0].value' <(output)
assert_output '4.4.4.0/24' assert_output '4.4.4.0/24'
} }
# check ip within/outside of range # check ip within/outside of range
@test "CLI - decisions for ip 4.4.4." { @test "CLI - decisions for ip 4.4.4." {
run -0 --separate-stderr cscli decisions list -i '4.4.4.3' -o json rune -0 cscli decisions list -i '4.4.4.3' -o json
run -0 jq -r '.[0].decisions[0].value' <(output) rune -0 jq -r '.[0].decisions[0].value' <(output)
assert_output '4.4.4.0/24' assert_output '4.4.4.0/24'
} }
@test "API - decisions for ip 4.4.4." { @test "API - decisions for ip 4.4.4." {
run -0 --separate-stderr api '/v1/decisions?ip=4.4.4.3' rune -0 api '/v1/decisions?ip=4.4.4.3'
run -0 jq -r '.[0].value' <(output) rune -0 jq -r '.[0].value' <(output)
assert_output '4.4.4.0/24' assert_output '4.4.4.0/24'
} }
@test "CLI - decisions for ip contained in 4.4.4." { @test "CLI - decisions for ip contained in 4.4.4." {
run -0 --separate-stderr cscli decisions list -i '4.4.4.4' -o json --contained rune -0 cscli decisions list -i '4.4.4.4' -o json --contained
assert_output 'null' assert_output 'null'
} }
@test "API - decisions for ip contained in 4.4.4." { @test "API - decisions for ip contained in 4.4.4." {
run -0 --separate-stderr api '/v1/decisions?ip=4.4.4.4&contains=false' rune -0 api '/v1/decisions?ip=4.4.4.4&contains=false'
assert_output 'null' assert_output 'null'
} }
@test "CLI - decisions for ip 5.4.4." { @test "CLI - decisions for ip 5.4.4." {
run -0 --separate-stderr cscli decisions list -i '5.4.4.3' -o json rune -0 cscli decisions list -i '5.4.4.3' -o json
assert_output 'null' assert_output 'null'
} }
@test "API - decisions for ip 5.4.4." { @test "API - decisions for ip 5.4.4." {
run -0 --separate-stderr api '/v1/decisions?ip=5.4.4.3' rune -0 api '/v1/decisions?ip=5.4.4.3'
assert_output 'null' assert_output 'null'
} }
@test "CLI - decisions for range 4.4.0.0/1" { @test "CLI - decisions for range 4.4.0.0/1" {
run -0 --separate-stderr cscli decisions list -r '4.4.0.0/16' -o json rune -0 cscli decisions list -r '4.4.0.0/16' -o json
assert_output 'null' assert_output 'null'
} }
@test "API - decisions for range 4.4.0.0/1" { @test "API - decisions for range 4.4.0.0/1" {
run -0 --separate-stderr api '/v1/decisions?range=4.4.0.0/16' rune -0 api '/v1/decisions?range=4.4.0.0/16'
assert_output 'null' assert_output 'null'
} }
@test "CLI - decisions for ip/range in 4.4.0.0/1" { @test "CLI - decisions for ip/range in 4.4.0.0/1" {
run -0 --separate-stderr cscli decisions list -r '4.4.0.0/16' -o json --contained rune -0 cscli decisions list -r '4.4.0.0/16' -o json --contained
run -0 jq -r '.[0].decisions[0].value' <(output) rune -0 jq -r '.[0].decisions[0].value' <(output)
assert_output '4.4.4.0/24' assert_output '4.4.4.0/24'
} }
@test "API - decisions for ip/range in 4.4.0.0/1" { @test "API - decisions for ip/range in 4.4.0.0/1" {
run -0 --separate-stderr api '/v1/decisions?range=4.4.0.0/16&contains=false' rune -0 api '/v1/decisions?range=4.4.0.0/16&contains=false'
run -0 jq -r '.[0].value' <(output) rune -0 jq -r '.[0].value' <(output)
assert_output '4.4.4.0/24' assert_output '4.4.4.0/24'
} }
# check subrange # check subrange
@test "CLI - decisions for range 4.4.4.2/2" { @test "CLI - decisions for range 4.4.4.2/2" {
run -0 --separate-stderr cscli decisions list -r '4.4.4.2/28' -o json rune -0 cscli decisions list -r '4.4.4.2/28' -o json
run -0 jq -r '.[].decisions[0].value' <(output) rune -0 jq -r '.[].decisions[0].value' <(output)
assert_output '4.4.4.0/24' assert_output '4.4.4.0/24'
} }
@test "API - decisions for range 4.4.4.2/2" { @test "API - decisions for range 4.4.4.2/2" {
run -0 --separate-stderr api '/v1/decisions?range=4.4.4.2/28' rune -0 api '/v1/decisions?range=4.4.4.2/28'
run -0 jq -r '.[].value' <(output) rune -0 jq -r '.[].value' <(output)
assert_output '4.4.4.0/24' assert_output '4.4.4.0/24'
} }
@test "CLI - decisions for range 4.4.3.2/2" { @test "CLI - decisions for range 4.4.3.2/2" {
run -0 --separate-stderr cscli decisions list -r '4.4.3.2/28' -o json rune -0 cscli decisions list -r '4.4.3.2/28' -o json
assert_output 'null' assert_output 'null'
} }
@test "API - decisions for range 4.4.3.2/2" { @test "API - decisions for range 4.4.3.2/2" {
run -0 --separate-stderr api '/v1/decisions?range=4.4.3.2/28' rune -0 api '/v1/decisions?range=4.4.3.2/28'
assert_output 'null' assert_output 'null'
} }

90
test/bats/98_ipv6_range.bats
View file

@ -31,187 +31,187 @@ api() {
@test "cli - first decisions list: must be empty" { @test "cli - first decisions list: must be empty" {
# delete community pull # delete community pull
run -0 cscli decisions delete --all rune -0 cscli decisions delete --all
run -0 --separate-stderr cscli decisions list -o json rune -0 cscli decisions list -o json
assert_output 'null' assert_output 'null'
} }
@test "adding decision for range aaaa:2222:3333:4444::/64" { @test "adding decision for range aaaa:2222:3333:4444::/64" {
run -0 --separate-stderr cscli decisions add -r 'aaaa:2222:3333:4444::/64' rune -0 cscli decisions add -r 'aaaa:2222:3333:4444::/64'
assert_stderr --partial 'Decision successfully added' assert_stderr --partial 'Decision successfully added'
} }
@test "CLI - all decisions (2)" { @test "CLI - all decisions (2)" {
run -0 --separate-stderr cscli decisions list -o json rune -0 cscli decisions list -o json
run -0 jq -r '.[].decisions[0].value' <(output) rune -0 jq -r '.[].decisions[0].value' <(output)
assert_output 'aaaa:2222:3333:4444::/64' assert_output 'aaaa:2222:3333:4444::/64'
} }
@test "API - all decisions (2)" { @test "API - all decisions (2)" {
run -0 --separate-stderr api '/v1/decisions' rune -0 api '/v1/decisions'
run -0 jq -r '.[].value' <(output) rune -0 jq -r '.[].value' <(output)
assert_output 'aaaa:2222:3333:4444::/64' assert_output 'aaaa:2222:3333:4444::/64'
} }
# check ip within/out of range # check ip within/out of range
@test "CLI - decisions for ip aaaa:2222:3333:4444:5555:6666:7777:8888" { @test "CLI - decisions for ip aaaa:2222:3333:4444:5555:6666:7777:8888" {
run -0 --separate-stderr cscli decisions list -i 'aaaa:2222:3333:4444:5555:6666:7777:8888' -o json rune -0 cscli decisions list -i 'aaaa:2222:3333:4444:5555:6666:7777:8888' -o json
run -0 jq -r '.[].decisions[0].value' <(output) rune -0 jq -r '.[].decisions[0].value' <(output)
assert_output 'aaaa:2222:3333:4444::/64' assert_output 'aaaa:2222:3333:4444::/64'
} }
@test "API - decisions for ip aaaa:2222:3333:4444:5555:6666:7777:8888" { @test "API - decisions for ip aaaa:2222:3333:4444:5555:6666:7777:8888" {
run -0 --separate-stderr api '/v1/decisions?ip=aaaa:2222:3333:4444:5555:6666:7777:8888' rune -0 api '/v1/decisions?ip=aaaa:2222:3333:4444:5555:6666:7777:8888'
run -0 jq -r '.[].value' <(output) rune -0 jq -r '.[].value' <(output)
assert_output 'aaaa:2222:3333:4444::/64' assert_output 'aaaa:2222:3333:4444::/64'
} }
@test "CLI - decisions for ip aaaa:2222:3333:4445:5555:6666:7777:8888" { @test "CLI - decisions for ip aaaa:2222:3333:4445:5555:6666:7777:8888" {
run -0 --separate-stderr cscli decisions list -i 'aaaa:2222:3333:4445:5555:6666:7777:8888' -o json rune -0 cscli decisions list -i 'aaaa:2222:3333:4445:5555:6666:7777:8888' -o json
assert_output 'null' assert_output 'null'
} }
@test "API - decisions for ip aaaa:2222:3333:4445:5555:6666:7777:8888" { @test "API - decisions for ip aaaa:2222:3333:4445:5555:6666:7777:8888" {
run -0 --separate-stderr api '/v1/decisions?ip=aaaa:2222:3333:4445:5555:6666:7777:8888' rune -0 api '/v1/decisions?ip=aaaa:2222:3333:4445:5555:6666:7777:8888'
assert_output 'null' assert_output 'null'
} }
@test "CLI - decisions for ip aaa1:2222:3333:4444:5555:6666:7777:8887" { @test "CLI - decisions for ip aaa1:2222:3333:4444:5555:6666:7777:8887" {
run -0 --separate-stderr cscli decisions list -i 'aaa1:2222:3333:4444:5555:6666:7777:8887' -o json rune -0 cscli decisions list -i 'aaa1:2222:3333:4444:5555:6666:7777:8887' -o json
assert_output 'null' assert_output 'null'
} }
@test "API - decisions for ip aaa1:2222:3333:4444:5555:6666:7777:8887" { @test "API - decisions for ip aaa1:2222:3333:4444:5555:6666:7777:8887" {
run -0 --separate-stderr api '/v1/decisions?ip=aaa1:2222:3333:4444:5555:6666:7777:8887' rune -0 api '/v1/decisions?ip=aaa1:2222:3333:4444:5555:6666:7777:8887'
assert_output 'null' assert_output 'null'
} }
# check subrange within/out of range # check subrange within/out of range
@test "CLI - decisions for range aaaa:2222:3333:4444:5555::/80" { @test "CLI - decisions for range aaaa:2222:3333:4444:5555::/80" {
run -0 --separate-stderr cscli decisions list -r 'aaaa:2222:3333:4444:5555::/80' -o json rune -0 cscli decisions list -r 'aaaa:2222:3333:4444:5555::/80' -o json
run -0 jq -r '.[].decisions[0].value' <(output) rune -0 jq -r '.[].decisions[0].value' <(output)
assert_output 'aaaa:2222:3333:4444::/64' assert_output 'aaaa:2222:3333:4444::/64'
} }
@test "API - decisions for range aaaa:2222:3333:4444:5555::/80" { @test "API - decisions for range aaaa:2222:3333:4444:5555::/80" {
run -0 --separate-stderr api '/v1/decisions?range=aaaa:2222:3333:4444:5555::/80' rune -0 api '/v1/decisions?range=aaaa:2222:3333:4444:5555::/80'
run -0 jq -r '.[].value' <(output) rune -0 jq -r '.[].value' <(output)
assert_output 'aaaa:2222:3333:4444::/64' assert_output 'aaaa:2222:3333:4444::/64'
} }
@test "CLI - decisions for range aaaa:2222:3333:4441:5555::/80" { @test "CLI - decisions for range aaaa:2222:3333:4441:5555::/80" {
run -0 --separate-stderr cscli decisions list -r 'aaaa:2222:3333:4441:5555::/80' -o json rune -0 cscli decisions list -r 'aaaa:2222:3333:4441:5555::/80' -o json
assert_output 'null' assert_output 'null'
} }
@test "API - decisions for range aaaa:2222:3333:4441:5555::/80" { @test "API - decisions for range aaaa:2222:3333:4441:5555::/80" {
run -0 --separate-stderr api '/v1/decisions?range=aaaa:2222:3333:4441:5555::/80' rune -0 api '/v1/decisions?range=aaaa:2222:3333:4441:5555::/80'
assert_output 'null' assert_output 'null'
} }
@test "CLI - decisions for range aaa1:2222:3333:4444:5555::/80" { @test "CLI - decisions for range aaa1:2222:3333:4444:5555::/80" {
run -0 --separate-stderr cscli decisions list -r 'aaa1:2222:3333:4444:5555::/80' -o json rune -0 cscli decisions list -r 'aaa1:2222:3333:4444:5555::/80' -o json
assert_output 'null' assert_output 'null'
} }
@test "API - decisions for range aaa1:2222:3333:4444:5555::/80" { @test "API - decisions for range aaa1:2222:3333:4444:5555::/80" {
run -0 --separate-stderr api '/v1/decisions?range=aaa1:2222:3333:4444:5555::/80' rune -0 api '/v1/decisions?range=aaa1:2222:3333:4444:5555::/80'
assert_output 'null' assert_output 'null'
} }
# check outer range # check outer range
@test "CLI - decisions for range aaaa:2222:3333:4444:5555:6666:7777:8888/48" { @test "CLI - decisions for range aaaa:2222:3333:4444:5555:6666:7777:8888/48" {
run -0 --separate-stderr cscli decisions list -r 'aaaa:2222:3333:4444:5555:6666:7777:8888/48' -o json rune -0 cscli decisions list -r 'aaaa:2222:3333:4444:5555:6666:7777:8888/48' -o json
assert_output 'null' assert_output 'null'
} }
@test "API - decisions for range aaaa:2222:3333:4444:5555:6666:7777:8888/48" { @test "API - decisions for range aaaa:2222:3333:4444:5555:6666:7777:8888/48" {
run -0 --separate-stderr api '/v1/decisions?range=aaaa:2222:3333:4444:5555:6666:7777:8888/48' rune -0 api '/v1/decisions?range=aaaa:2222:3333:4444:5555:6666:7777:8888/48'
assert_output 'null' assert_output 'null'
} }
@test "CLI - decisions for ip/range in aaaa:2222:3333:4444:5555:6666:7777:8888/48" { @test "CLI - decisions for ip/range in aaaa:2222:3333:4444:5555:6666:7777:8888/48" {
run -0 --separate-stderr cscli decisions list -r 'aaaa:2222:3333:4444:5555:6666:7777:8888/48' -o json --contained rune -0 cscli decisions list -r 'aaaa:2222:3333:4444:5555:6666:7777:8888/48' -o json --contained
run -0 jq -r '.[].decisions[0].value' <(output) rune -0 jq -r '.[].decisions[0].value' <(output)
assert_output 'aaaa:2222:3333:4444::/64' assert_output 'aaaa:2222:3333:4444::/64'
} }
@test "API - decisions for ip/range in aaaa:2222:3333:4444:5555:6666:7777:8888/48" { @test "API - decisions for ip/range in aaaa:2222:3333:4444:5555:6666:7777:8888/48" {
run -0 --separate-stderr api '/v1/decisions?range=aaaa:2222:3333:4444:5555:6666:7777:8888/48&contains=false' rune -0 api '/v1/decisions?range=aaaa:2222:3333:4444:5555:6666:7777:8888/48&contains=false'
run -0 jq -r '.[].value' <(output) rune -0 jq -r '.[].value' <(output)
assert_output 'aaaa:2222:3333:4444::/64' assert_output 'aaaa:2222:3333:4444::/64'
} }
@test "CLI - decisions for ip/range in aaaa:2222:3333:4445:5555:6666:7777:8888/48" { @test "CLI - decisions for ip/range in aaaa:2222:3333:4445:5555:6666:7777:8888/48" {
run -0 --separate-stderr cscli decisions list -r 'aaaa:2222:3333:4445:5555:6666:7777:8888/48' -o json rune -0 cscli decisions list -r 'aaaa:2222:3333:4445:5555:6666:7777:8888/48' -o json
assert_output 'null' assert_output 'null'
} }
@test "API - decisions for ip/range in aaaa:2222:3333:4445:5555:6666:7777:8888/48" { @test "API - decisions for ip/range in aaaa:2222:3333:4445:5555:6666:7777:8888/48" {
run -0 --separate-stderr api '/v1/decisions?range=aaaa:2222:3333:4445:5555:6666:7777:8888/48' rune -0 api '/v1/decisions?range=aaaa:2222:3333:4445:5555:6666:7777:8888/48'
assert_output 'null' assert_output 'null'
} }
# bbbb:db8:: -> bbbb:db8:0000:0000:0000:7fff:ffff:ffff # bbbb:db8:: -> bbbb:db8:0000:0000:0000:7fff:ffff:ffff
@test "adding decision for range bbbb:db8::/81" { @test "adding decision for range bbbb:db8::/81" {
run -0 --separate-stderr cscli decisions add -r 'bbbb:db8::/81' rune -0 cscli decisions add -r 'bbbb:db8::/81'
assert_stderr --partial 'Decision successfully added' assert_stderr --partial 'Decision successfully added'
} }
@test "CLI - decisions for ip bbbb:db8:0000:0000:0000:6fff:ffff:ffff" { @test "CLI - decisions for ip bbbb:db8:0000:0000:0000:6fff:ffff:ffff" {
run -0 --separate-stderr cscli decisions list -o json -i 'bbbb:db8:0000:0000:0000:6fff:ffff:ffff' rune -0 cscli decisions list -o json -i 'bbbb:db8:0000:0000:0000:6fff:ffff:ffff'
run -0 jq -r '.[].decisions[0].value' <(output) rune -0 jq -r '.[].decisions[0].value' <(output)
assert_output 'bbbb:db8::/81' assert_output 'bbbb:db8::/81'
} }
@test "API - decisions for ip in bbbb:db8:0000:0000:0000:6fff:ffff:ffff" { @test "API - decisions for ip in bbbb:db8:0000:0000:0000:6fff:ffff:ffff" {
run -0 --separate-stderr api '/v1/decisions?ip=bbbb:db8:0000:0000:0000:6fff:ffff:ffff' rune -0 api '/v1/decisions?ip=bbbb:db8:0000:0000:0000:6fff:ffff:ffff'
run -0 jq -r '.[].value' <(output) rune -0 jq -r '.[].value' <(output)
assert_output 'bbbb:db8::/81' assert_output 'bbbb:db8::/81'
} }
@test "CLI - decisions for ip bbbb:db8:0000:0000:0000:8fff:ffff:ffff" { @test "CLI - decisions for ip bbbb:db8:0000:0000:0000:8fff:ffff:ffff" {
run -0 --separate-stderr cscli decisions list -o json -i 'bbbb:db8:0000:0000:0000:8fff:ffff:ffff' rune -0 cscli decisions list -o json -i 'bbbb:db8:0000:0000:0000:8fff:ffff:ffff'
assert_output 'null' assert_output 'null'
} }
@test "API - decisions for ip in bbbb:db8:0000:0000:0000:8fff:ffff:ffff" { @test "API - decisions for ip in bbbb:db8:0000:0000:0000:8fff:ffff:ffff" {
run -0 --separate-stderr api '/v1/decisions?ip=bbbb:db8:0000:0000:0000:8fff:ffff:ffff' rune -0 api '/v1/decisions?ip=bbbb:db8:0000:0000:0000:8fff:ffff:ffff'
assert_output 'null' assert_output 'null'
} }
@test "deleting decision for range aaaa:2222:3333:4444:5555:6666:7777:8888/48" { @test "deleting decision for range aaaa:2222:3333:4444:5555:6666:7777:8888/48" {
run -0 --separate-stderr cscli decisions delete -r 'aaaa:2222:3333:4444:5555:6666:7777:8888/48' --contained rune -0 cscli decisions delete -r 'aaaa:2222:3333:4444:5555:6666:7777:8888/48' --contained
assert_stderr --partial '1 decision(s) deleted' assert_stderr --partial '1 decision(s) deleted'
} }
@test "CLI - decisions for range aaaa:2222:3333:4444::/64 after delete" { @test "CLI - decisions for range aaaa:2222:3333:4444::/64 after delete" {
run -0 --separate-stderr cscli decisions list -o json -r 'aaaa:2222:3333:4444::/64' rune -0 cscli decisions list -o json -r 'aaaa:2222:3333:4444::/64'
assert_output 'null' assert_output 'null'
} }
@test "adding decision for ip bbbb:db8:0000:0000:0000:8fff:ffff:ffff" { @test "adding decision for ip bbbb:db8:0000:0000:0000:8fff:ffff:ffff" {
run -0 --separate-stderr cscli decisions add -i 'bbbb:db8:0000:0000:0000:8fff:ffff:ffff' rune -0 cscli decisions add -i 'bbbb:db8:0000:0000:0000:8fff:ffff:ffff'
assert_stderr --partial 'Decision successfully added' assert_stderr --partial 'Decision successfully added'
} }
@test "adding decision for ip bbbb:db8:0000:0000:0000:6fff:ffff:ffff" { @test "adding decision for ip bbbb:db8:0000:0000:0000:6fff:ffff:ffff" {
run -0 --separate-stderr cscli decisions add -i 'bbbb:db8:0000:0000:0000:6fff:ffff:ffff' rune -0 cscli decisions add -i 'bbbb:db8:0000:0000:0000:6fff:ffff:ffff'
assert_stderr --partial 'Decision successfully added' assert_stderr --partial 'Decision successfully added'
} }
@test "deleting decisions for range bbbb:db8::/81" { @test "deleting decisions for range bbbb:db8::/81" {
run -0 --separate-stderr cscli decisions delete -r 'bbbb:db8::/81' --contained rune -0 cscli decisions delete -r 'bbbb:db8::/81' --contained
assert_stderr --partial '2 decision(s) deleted' assert_stderr --partial '2 decision(s) deleted'
} }
@test "CLI - all decisions (3)" { @test "CLI - all decisions (3)" {
run -0 --separate-stderr cscli decisions list -o json rune -0 cscli decisions list -o json
run -0 jq -r '.[].decisions[0].value' <(output) rune -0 jq -r '.[].decisions[0].value' <(output)
assert_output 'bbbb:db8:0000:0000:0000:8fff:ffff:ffff' assert_output 'bbbb:db8:0000:0000:0000:8fff:ffff:ffff'
} }

62
test/bats/99_lapi-stream-mode-scenario.bats
View file

@ -36,34 +36,34 @@ output_new_decisions() {
@test "adding decisions with different duration, scenario, origin" { @test "adding decisions with different duration, scenario, origin" {
# origin: test # origin: test
run -0 cscli decisions add -i 127.0.0.1 -d 1h -R crowdsecurity/test rune -0 cscli decisions add -i 127.0.0.1 -d 1h -R crowdsecurity/test
./instance-crowdsec stop ./instance-crowdsec stop
run -0 ./instance-db exec_sql "update decisions set origin='test' where origin='cscli'" rune -0 ./instance-db exec_sql "update decisions set origin='test' where origin='cscli'"
./instance-crowdsec start ./instance-crowdsec start
run -0 cscli decisions add -i 127.0.0.1 -d 3h -R crowdsecurity/ssh_bf rune -0 cscli decisions add -i 127.0.0.1 -d 3h -R crowdsecurity/ssh_bf
./instance-crowdsec stop ./instance-crowdsec stop
run -0 ./instance-db exec_sql "update decisions set origin='another_origin' where origin='cscli'" rune -0 ./instance-db exec_sql "update decisions set origin='another_origin' where origin='cscli'"
./instance-crowdsec start ./instance-crowdsec start
run -0 cscli decisions add -i 127.0.0.1 -d 5h -R crowdsecurity/longest rune -0 cscli decisions add -i 127.0.0.1 -d 5h -R crowdsecurity/longest
run -0 cscli decisions add -i 127.0.0.2 -d 3h -R crowdsecurity/test rune -0 cscli decisions add -i 127.0.0.2 -d 3h -R crowdsecurity/test
run -0 cscli decisions add -i 127.0.0.2 -d 3h -R crowdsecurity/ssh_bf rune -0 cscli decisions add -i 127.0.0.2 -d 3h -R crowdsecurity/ssh_bf
run -0 cscli decisions add -i 127.0.0.2 -d 1h -R crowdsecurity/ssh_bf rune -0 cscli decisions add -i 127.0.0.2 -d 1h -R crowdsecurity/ssh_bf
./instance-crowdsec stop ./instance-crowdsec stop
run -0 ./instance-db exec_sql "update decisions set origin='test' where origin='cscli'" rune -0 ./instance-db exec_sql "update decisions set origin='test' where origin='cscli'"
./instance-crowdsec start ./instance-crowdsec start
# origin: another_origin # origin: another_origin
run -0 cscli decisions add -i 127.0.0.2 -d 2h -R crowdsecurity/test rune -0 cscli decisions add -i 127.0.0.2 -d 2h -R crowdsecurity/test
./instance-crowdsec stop ./instance-crowdsec stop
run -0 ./instance-db exec_sql "update decisions set origin='another_origin' where origin='cscli'" rune -0 ./instance-db exec_sql "update decisions set origin='another_origin' where origin='cscli'"
./instance-crowdsec start ./instance-crowdsec start
} }
@test "test startup" { @test "test startup" {
run -0 api "/v1/decisions/stream?startup=true" rune -0 api "/v1/decisions/stream?startup=true"
run -0 output_new_decisions rune -0 output_new_decisions
assert_output - <<-EOT assert_output - <<-EOT
{"duration":"2h59m","origin":"test","scenario":"crowdsecurity/test","scope":"Ip","type":"ban","value":"127.0.0.2"} {"duration":"2h59m","origin":"test","scenario":"crowdsecurity/test","scope":"Ip","type":"ban","value":"127.0.0.2"}
{"duration":"4h59m","origin":"test","scenario":"crowdsecurity/longest","scope":"Ip","type":"ban","value":"127.0.0.1"} {"duration":"4h59m","origin":"test","scenario":"crowdsecurity/longest","scope":"Ip","type":"ban","value":"127.0.0.1"}
@ -71,8 +71,8 @@ output_new_decisions() {
} }
@test "test startup with scenarios containing" { @test "test startup with scenarios containing" {
run -0 api "/v1/decisions/stream?startup=true&scenarios_containing=ssh_bf" rune -0 api "/v1/decisions/stream?startup=true&scenarios_containing=ssh_bf"
run -0 output_new_decisions rune -0 output_new_decisions
assert_output - <<-EOT assert_output - <<-EOT
{"duration":"2h59m","origin":"another_origin","scenario":"crowdsecurity/ssh_bf","scope":"Ip","type":"ban","value":"127.0.0.1"} {"duration":"2h59m","origin":"another_origin","scenario":"crowdsecurity/ssh_bf","scope":"Ip","type":"ban","value":"127.0.0.1"}
{"duration":"2h59m","origin":"test","scenario":"crowdsecurity/ssh_bf","scope":"Ip","type":"ban","value":"127.0.0.2"} {"duration":"2h59m","origin":"test","scenario":"crowdsecurity/ssh_bf","scope":"Ip","type":"ban","value":"127.0.0.2"}
@ -80,8 +80,8 @@ output_new_decisions() {
} }
@test "test startup with multiple scenarios containing" { @test "test startup with multiple scenarios containing" {
run -0 api "/v1/decisions/stream?startup=true&scenarios_containing=ssh_bf,test" rune -0 api "/v1/decisions/stream?startup=true&scenarios_containing=ssh_bf,test"
run -0 output_new_decisions rune -0 output_new_decisions
assert_output - <<-EOT assert_output - <<-EOT
{"duration":"2h59m","origin":"another_origin","scenario":"crowdsecurity/ssh_bf","scope":"Ip","type":"ban","value":"127.0.0.1"} {"duration":"2h59m","origin":"another_origin","scenario":"crowdsecurity/ssh_bf","scope":"Ip","type":"ban","value":"127.0.0.1"}
{"duration":"2h59m","origin":"test","scenario":"crowdsecurity/test","scope":"Ip","type":"ban","value":"127.0.0.2"} {"duration":"2h59m","origin":"test","scenario":"crowdsecurity/test","scope":"Ip","type":"ban","value":"127.0.0.2"}
@ -89,13 +89,13 @@ output_new_decisions() {
} }
@test "test startup with unknown scenarios containing" { @test "test startup with unknown scenarios containing" {
run -0 api "/v1/decisions/stream?startup=true&scenarios_containing=unknown" rune -0 api "/v1/decisions/stream?startup=true&scenarios_containing=unknown"
assert_output '{"deleted":null,"new":null}' assert_output '{"deleted":null,"new":null}'
} }
@test "test startup with scenarios containing and not containing" { @test "test startup with scenarios containing and not containing" {
run -0 api "/v1/decisions/stream?startup=true&scenarios_containing=test&scenarios_not_containing=ssh_bf" rune -0 api "/v1/decisions/stream?startup=true&scenarios_containing=test&scenarios_not_containing=ssh_bf"
run -0 output_new_decisions rune -0 output_new_decisions
assert_output - <<-EOT assert_output - <<-EOT
{"duration":"2h59m","origin":"test","scenario":"crowdsecurity/test","scope":"Ip","type":"ban","value":"127.0.0.2"} {"duration":"2h59m","origin":"test","scenario":"crowdsecurity/test","scope":"Ip","type":"ban","value":"127.0.0.2"}
{"origin":"test","scenario":"crowdsecurity/test","scope":"Ip","type":"ban","value":"127.0.0.1"} {"origin":"test","scenario":"crowdsecurity/test","scope":"Ip","type":"ban","value":"127.0.0.1"}
@ -103,16 +103,16 @@ output_new_decisions() {
} }
@test "test startup with scenarios containing and not containing 2" { @test "test startup with scenarios containing and not containing 2" {
run -0 api "/v1/decisions/stream?startup=true&scenarios_containing=longest&scenarios_not_containing=ssh_bf,test" rune -0 api "/v1/decisions/stream?startup=true&scenarios_containing=longest&scenarios_not_containing=ssh_bf,test"
run -0 output_new_decisions rune -0 output_new_decisions
assert_output - <<-EOT assert_output - <<-EOT
{"duration":"4h59m","origin":"test","scenario":"crowdsecurity/longest","scope":"Ip","type":"ban","value":"127.0.0.1"} {"duration":"4h59m","origin":"test","scenario":"crowdsecurity/longest","scope":"Ip","type":"ban","value":"127.0.0.1"}
EOT EOT
} }
@test "test startup with scenarios not containing" { @test "test startup with scenarios not containing" {
run -0 api "/v1/decisions/stream?startup=true&scenarios_not_containing=ssh_bf" rune -0 api "/v1/decisions/stream?startup=true&scenarios_not_containing=ssh_bf"
run -0 output_new_decisions rune -0 output_new_decisions
assert_output - <<-EOT assert_output - <<-EOT
{"duration":"2h59m","origin":"test","scenario":"crowdsecurity/test","scope":"Ip","type":"ban","value":"127.0.0.2"} {"duration":"2h59m","origin":"test","scenario":"crowdsecurity/test","scope":"Ip","type":"ban","value":"127.0.0.2"}
{"duration":"4h59m","origin":"test","scenario":"crowdsecurity/longest","scope":"Ip","type":"ban","value":"127.0.0.1"} {"duration":"4h59m","origin":"test","scenario":"crowdsecurity/longest","scope":"Ip","type":"ban","value":"127.0.0.1"}
@ -120,16 +120,16 @@ output_new_decisions() {
} }
@test "test startup with multiple scenarios not containing" { @test "test startup with multiple scenarios not containing" {
run -0 api "/v1/decisions/stream?startup=true&scenarios_not_containing=ssh_bf,test" rune -0 api "/v1/decisions/stream?startup=true&scenarios_not_containing=ssh_bf,test"
run -0 output_new_decisions rune -0 output_new_decisions
assert_output - <<-EOT assert_output - <<-EOT
{"duration":"4h59m","origin":"test","scenario":"crowdsecurity/longest","scope":"Ip","type":"ban","value":"127.0.0.1"} {"duration":"4h59m","origin":"test","scenario":"crowdsecurity/longest","scope":"Ip","type":"ban","value":"127.0.0.1"}
EOT EOT
} }
@test "test startup with origins parameter" { @test "test startup with origins parameter" {
run -0 api "/v1/decisions/stream?startup=true&origins=another_origin" rune -0 api "/v1/decisions/stream?startup=true&origins=another_origin"
run -0 output_new_decisions rune -0 output_new_decisions
assert_output - <<-EOT assert_output - <<-EOT
{"duration":"1h59m","origin":"another_origin","scenario":"crowdsecurity/test","scope":"Ip","type":"ban","value":"127.0.0.2"} {"duration":"1h59m","origin":"another_origin","scenario":"crowdsecurity/test","scope":"Ip","type":"ban","value":"127.0.0.2"}
{"duration":"2h59m","origin":"another_origin","scenario":"crowdsecurity/ssh_bf","scope":"Ip","type":"ban","value":"127.0.0.1"} {"duration":"2h59m","origin":"another_origin","scenario":"crowdsecurity/ssh_bf","scope":"Ip","type":"ban","value":"127.0.0.1"}
@ -137,8 +137,8 @@ output_new_decisions() {
} }
@test "test startup with multiple origins parameter" { @test "test startup with multiple origins parameter" {
run -0 api "/v1/decisions/stream?startup=true&origins=another_origin,test" rune -0 api "/v1/decisions/stream?startup=true&origins=another_origin,test"
run -0 output_new_decisions rune -0 output_new_decisions
assert_output - <<-EOT assert_output - <<-EOT
{"duration":"2h59m","origin":"test","scenario":"crowdsecurity/test","scope":"Ip","type":"ban","value":"127.0.0.2"} {"duration":"2h59m","origin":"test","scenario":"crowdsecurity/test","scope":"Ip","type":"ban","value":"127.0.0.2"}
{"duration":"4h59m","origin":"test","scenario":"crowdsecurity/longest","scope":"Ip","type":"ban","value":"127.0.0.1"} {"duration":"4h59m","origin":"test","scenario":"crowdsecurity/longest","scope":"Ip","type":"ban","value":"127.0.0.1"}
@ -146,7 +146,7 @@ output_new_decisions() {
} }
@test "test startup with unknown origins" { @test "test startup with unknown origins" {
run -0 api "/v1/decisions/stream?startup=true&origins=unknown" rune -0 api "/v1/decisions/stream?startup=true&origins=unknown"
assert_output '{"deleted":null,"new":null}' assert_output '{"deleted":null,"new":null}'
} }

20
test/bats/99_lapi-stream-mode-scopes.bats
View file

@ -29,36 +29,36 @@ api() {
} }
@test "adding decisions for multiple scopes" { @test "adding decisions for multiple scopes" {
run -0 --separate-stderr cscli decisions add -i '1.2.3.6' rune -0 cscli decisions add -i '1.2.3.6'
assert_stderr --partial 'Decision successfully added' assert_stderr --partial 'Decision successfully added'
run -0 --separate-stderr cscli decisions add --scope user --value toto rune -0 cscli decisions add --scope user --value toto
assert_stderr --partial 'Decision successfully added' assert_stderr --partial 'Decision successfully added'
} }
@test "stream start (implicit ip scope)" { @test "stream start (implicit ip scope)" {
run -0 api "/v1/decisions/stream?startup=true" rune -0 api "/v1/decisions/stream?startup=true"
run -0 jq -r '.new' <(output) rune -0 jq -r '.new' <(output)
assert_output --partial '1.2.3.6' assert_output --partial '1.2.3.6'
refute_output --partial 'toto' refute_output --partial 'toto'
} }
@test "stream start (explicit ip scope)" { @test "stream start (explicit ip scope)" {
run -0 api "/v1/decisions/stream?startup=true&scopes=ip" rune -0 api "/v1/decisions/stream?startup=true&scopes=ip"
run -0 jq -r '.new' <(output) rune -0 jq -r '.new' <(output)
assert_output --partial '1.2.3.6' assert_output --partial '1.2.3.6'
refute_output --partial 'toto' refute_output --partial 'toto'
} }
@test "stream start (user scope)" { @test "stream start (user scope)" {
run -0 api "/v1/decisions/stream?startup=true&scopes=user" rune -0 api "/v1/decisions/stream?startup=true&scopes=user"
run -0 jq -r '.new' <(output) rune -0 jq -r '.new' <(output)
refute_output --partial '1.2.3.6' refute_output --partial '1.2.3.6'
assert_output --partial 'toto' assert_output --partial 'toto'
} }
@test "stream start (user+ip scope)" { @test "stream start (user+ip scope)" {
run -0 api "/v1/decisions/stream?startup=true&scopes=user,ip" rune -0 api "/v1/decisions/stream?startup=true&scopes=user,ip"
run -0 jq -r '.new' <(output) rune -0 jq -r '.new' <(output)
assert_output --partial '1.2.3.6' assert_output --partial '1.2.3.6'
assert_output --partial 'toto' assert_output --partial 'toto'
} }

30
test/bats/99_lapi-stream-mode.bats
View file

@ -29,44 +29,46 @@ api() {
} }
@test "adding decisions for multiple ips" { @test "adding decisions for multiple ips" {
run -0 cscli decisions add -i '1111:2222:3333:4444:5555:6666:7777:8888' rune -0 cscli decisions add -i '1111:2222:3333:4444:5555:6666:7777:8888'
run -0 cscli decisions add -i '1.2.3.4' assert_stderr --partial 'Decision successfully added'
run -0 --separate-stderr cscli decisions add -r '1.2.4.0/24' rune -0 cscli decisions add -i '1.2.3.4'
assert_stderr --partial 'Decision successfully added'
rune -0 cscli decisions add -r '1.2.4.0/24'
assert_stderr --partial 'Decision successfully added' assert_stderr --partial 'Decision successfully added'
} }
@test "stream start" { @test "stream start" {
run -0 --separate-stderr api "/v1/decisions/stream?startup=true" rune -0 api "/v1/decisions/stream?startup=true"
if is_db_mysql; then sleep 3; fi if is_db_mysql; then sleep 3; fi
run -0 jq -r '.new' <(output) rune -0 jq -r '.new' <(output)
assert_output --partial '1111:2222:3333:4444:5555:6666:7777:8888' assert_output --partial '1111:2222:3333:4444:5555:6666:7777:8888'
assert_output --partial '1.2.3.4' assert_output --partial '1.2.3.4'
assert_output --partial '1.2.4.0/24' assert_output --partial '1.2.4.0/24'
} }
@test "stream cont (add)" { @test "stream cont (add)" {
run -0 cscli decisions add -i '1.2.3.5' rune -0 cscli decisions add -i '1.2.3.5'
if is_db_mysql; then sleep 3; fi if is_db_mysql; then sleep 3; fi
run -0 --separate-stderr api "/v1/decisions/stream" rune -0 api "/v1/decisions/stream"
run -0 jq -r '.new' <(output) rune -0 jq -r '.new' <(output)
assert_output --partial '1.2.3.5' assert_output --partial '1.2.3.5'
} }
@test "stream cont (del)" { @test "stream cont (del)" {
run -0 cscli decisions delete -i '1.2.3.4' rune -0 cscli decisions delete -i '1.2.3.4'
if is_db_mysql; then sleep 3; fi if is_db_mysql; then sleep 3; fi
run -0 --separate-stderr api "/v1/decisions/stream" rune -0 api "/v1/decisions/stream"
run -0 jq -r '.deleted' <(output) rune -0 jq -r '.deleted' <(output)
assert_output --partial '1.2.3.4' assert_output --partial '1.2.3.4'
} }
@test "stream restart" { @test "stream restart" {
run -0 --separate-stderr api "/v1/decisions/stream?startup=true" rune -0 api "/v1/decisions/stream?startup=true"
api_out=${output} api_out=${output}
run -0 jq -r '.deleted' <(output) rune -0 jq -r '.deleted' <(output)
assert_output --partial '1.2.3.4' assert_output --partial '1.2.3.4'
output=${api_out} output=${api_out}
run -0 jq -r '.new' <(output) rune -0 jq -r '.new' <(output)
assert_output --partial '1111:2222:3333:4444:5555:6666:7777:8888' assert_output --partial '1111:2222:3333:4444:5555:6666:7777:8888'
assert_output --partial '1.2.3.5' assert_output --partial '1.2.3.5'
assert_output --partial '1.2.4.0/24' assert_output --partial '1.2.4.0/24'