Compare commits
1 commit
master
...
cscli-outp
Author | SHA1 | Date | |
---|---|---|---|
|
9acd23d0ac |
13 changed files with 45 additions and 54 deletions
|
@ -194,15 +194,15 @@ func (cli *cliCapi) status() error {
|
||||||
Scenarios: scenarios,
|
Scenarios: scenarios,
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Infof("Loaded credentials from %s", cfg.API.Server.OnlineClient.CredentialsFilePath)
|
fmt.Printf("Loaded credentials from %s\n", cfg.API.Server.OnlineClient.CredentialsFilePath)
|
||||||
log.Infof("Trying to authenticate with username %s on %s", cfg.API.Server.OnlineClient.Credentials.Login, apiurl)
|
fmt.Printf("Trying to authenticate with username %s on %s\n", cfg.API.Server.OnlineClient.Credentials.Login, apiurl)
|
||||||
|
|
||||||
_, _, err = Client.Auth.AuthenticateWatcher(context.Background(), t)
|
_, _, err = Client.Auth.AuthenticateWatcher(context.Background(), t)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to authenticate to Central API (CAPI): %w", err)
|
return fmt.Errorf("failed to authenticate to Central API (CAPI): %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Info("You can successfully interact with Central API (CAPI)")
|
fmt.Println("You can successfully interact with Central API (CAPI)")
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -75,16 +75,16 @@ func (cli *cliLapi) status() error {
|
||||||
Scenarios: scenarios,
|
Scenarios: scenarios,
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Infof("Loaded credentials from %s", cfg.API.Client.CredentialsFilePath)
|
fmt.Printf("Loaded credentials from %s\n", cfg.API.Client.CredentialsFilePath)
|
||||||
// use the original string because apiURL would print 'http://unix/'
|
// use the original string because apiURL would print 'http://unix/'
|
||||||
log.Infof("Trying to authenticate with username %s on %s", login, origURL)
|
fmt.Printf("Trying to authenticate with username %s on %s\n", login, origURL)
|
||||||
|
|
||||||
_, _, err = Client.Auth.AuthenticateWatcher(context.Background(), t)
|
_, _, err = Client.Auth.AuthenticateWatcher(context.Background(), t)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to authenticate to Local API (LAPI): %w", err)
|
return fmt.Errorf("failed to authenticate to Local API (LAPI): %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Infof("You can successfully interact with Local API (LAPI)")
|
fmt.Println("You can successfully interact with Local API (LAPI)")
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -278,6 +278,8 @@ It is meant to allow you to manage bans, parsers/scenarios/etc, api and generall
|
||||||
func main() {
|
func main() {
|
||||||
cmd := newCliRoot().NewCommand()
|
cmd := newCliRoot().NewCommand()
|
||||||
if err := cmd.Execute(); err != nil {
|
if err := cmd.Execute(); err != nil {
|
||||||
log.Fatal(err)
|
color.New(color.FgRed).Fprint(os.Stderr, "Error: ")
|
||||||
|
fmt.Fprintln(os.Stderr, err)
|
||||||
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,8 +34,7 @@ teardown() {
|
||||||
# no "usage" output after every error
|
# no "usage" output after every error
|
||||||
rune -1 cscli blahblah
|
rune -1 cscli blahblah
|
||||||
# error is displayed as log entry, not with print
|
# error is displayed as log entry, not with print
|
||||||
assert_stderr --partial 'level=fatal msg="unknown command \"blahblah\" for \"cscli\""'
|
assert_stderr --partial 'Error: unknown command "blahblah" for "cscli"'
|
||||||
refute_stderr --partial 'unknown command "blahblah" for "cscli"'
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "cscli version" {
|
@test "cscli version" {
|
||||||
|
@ -214,9 +213,9 @@ teardown() {
|
||||||
rune -0 ./instance-crowdsec start
|
rune -0 ./instance-crowdsec start
|
||||||
rune -0 cscli lapi status
|
rune -0 cscli lapi status
|
||||||
|
|
||||||
assert_stderr --partial "Loaded credentials from"
|
assert_output --partial "Loaded credentials from"
|
||||||
assert_stderr --partial "Trying to authenticate with username"
|
assert_output --partial "Trying to authenticate with username"
|
||||||
assert_stderr --partial "You can successfully interact with Local API (LAPI)"
|
assert_output --partial "You can successfully interact with Local API (LAPI)"
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "cscli - missing LAPI credentials file" {
|
@test "cscli - missing LAPI credentials file" {
|
||||||
|
@ -261,9 +260,8 @@ teardown() {
|
||||||
LOCAL_API_CREDENTIALS=$(config_get '.api.client.credentials_path')
|
LOCAL_API_CREDENTIALS=$(config_get '.api.client.credentials_path')
|
||||||
config_set "${LOCAL_API_CREDENTIALS}" '.url="http://127.0.0.1:-80"'
|
config_set "${LOCAL_API_CREDENTIALS}" '.url="http://127.0.0.1:-80"'
|
||||||
|
|
||||||
rune -1 cscli lapi status -o json
|
rune -1 cscli lapi status
|
||||||
rune -0 jq -r '.msg' <(stderr)
|
assert_stderr 'Error: parsing api url: parse "http://127.0.0.1:-80/": invalid port ":-80" after host'
|
||||||
assert_output 'parsing api url: parse "http://127.0.0.1:-80/": invalid port ":-80" after host'
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "cscli - bad LAPI password" {
|
@test "cscli - bad LAPI password" {
|
||||||
|
@ -271,9 +269,8 @@ teardown() {
|
||||||
LOCAL_API_CREDENTIALS=$(config_get '.api.client.credentials_path')
|
LOCAL_API_CREDENTIALS=$(config_get '.api.client.credentials_path')
|
||||||
config_set "${LOCAL_API_CREDENTIALS}" '.password="meh"'
|
config_set "${LOCAL_API_CREDENTIALS}" '.password="meh"'
|
||||||
|
|
||||||
rune -1 cscli lapi status -o json
|
rune -1 cscli lapi status
|
||||||
rune -0 jq -r '.msg' <(stderr)
|
assert_stderr 'Error: failed to authenticate to Local API (LAPI): API error: incorrect Username or Password'
|
||||||
assert_output 'failed to authenticate to Local API (LAPI): API error: incorrect Username or Password'
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "'cscli completion' with or without configuration file" {
|
@test "'cscli completion' with or without configuration file" {
|
||||||
|
@ -355,7 +352,7 @@ teardown() {
|
||||||
# it is possible to enable subcommands with feature flags defined in feature.yaml
|
# it is possible to enable subcommands with feature flags defined in feature.yaml
|
||||||
|
|
||||||
rune -1 cscli setup
|
rune -1 cscli setup
|
||||||
assert_stderr --partial 'unknown command \"setup\" for \"cscli\"'
|
assert_stderr 'Error: unknown command "setup" for "cscli"'
|
||||||
CONFIG_DIR=$(dirname "$CONFIG_YAML")
|
CONFIG_DIR=$(dirname "$CONFIG_YAML")
|
||||||
echo ' - cscli_setup' >> "$CONFIG_DIR"/feature.yaml
|
echo ' - cscli_setup' >> "$CONFIG_DIR"/feature.yaml
|
||||||
rune -0 cscli setup
|
rune -0 cscli setup
|
||||||
|
|
|
@ -76,7 +76,7 @@ teardown() {
|
||||||
config_disable_agent
|
config_disable_agent
|
||||||
./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
rune -0 cscli lapi status
|
rune -0 cscli lapi status
|
||||||
assert_stderr --partial "You can successfully interact with Local API (LAPI)"
|
assert_line "You can successfully interact with Local API (LAPI)"
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "cscli metrics" {
|
@test "cscli metrics" {
|
||||||
|
|
|
@ -55,10 +55,10 @@ setup() {
|
||||||
|
|
||||||
rune -0 cscli scenarios install crowdsecurity/ssh-bf
|
rune -0 cscli scenarios install crowdsecurity/ssh-bf
|
||||||
rune -0 cscli capi status
|
rune -0 cscli capi status
|
||||||
assert_stderr --partial "Loaded credentials from"
|
assert_output --partial "Loaded credentials from"
|
||||||
assert_stderr --partial "Trying to authenticate with username"
|
assert_output --partial "Trying to authenticate with username"
|
||||||
assert_stderr --partial " on https://api.crowdsec.net/"
|
assert_output --partial " on https://api.crowdsec.net/"
|
||||||
assert_stderr --partial "You can successfully interact with Central API (CAPI)"
|
assert_output --partial "You can successfully interact with Central API (CAPI)"
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "cscli alerts list: receive a community pull when capi is enabled" {
|
@test "cscli alerts list: receive a community pull when capi is enabled" {
|
||||||
|
@ -85,7 +85,7 @@ setup() {
|
||||||
config_disable_agent
|
config_disable_agent
|
||||||
./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
rune -0 cscli capi status
|
rune -0 cscli capi status
|
||||||
assert_stderr --partial "You can successfully interact with Central API (CAPI)"
|
assert_line "You can successfully interact with Central API (CAPI)"
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "capi register must be run from lapi" {
|
@test "capi register must be run from lapi" {
|
||||||
|
|
|
@ -66,7 +66,7 @@ teardown() {
|
||||||
config_disable_capi
|
config_disable_capi
|
||||||
./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
rune -0 cscli lapi status
|
rune -0 cscli lapi status
|
||||||
assert_stderr --partial "You can successfully interact with Local API (LAPI)"
|
assert_line "You can successfully interact with Local API (LAPI)"
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "cscli metrics" {
|
@test "cscli metrics" {
|
||||||
|
|
|
@ -25,7 +25,7 @@ teardown() {
|
||||||
@test "cscli metrics (crowdsec not running)" {
|
@test "cscli metrics (crowdsec not running)" {
|
||||||
rune -1 cscli metrics
|
rune -1 cscli metrics
|
||||||
# crowdsec is down
|
# crowdsec is down
|
||||||
assert_stderr --partial 'failed to fetch metrics: executing GET request for URL \"http://127.0.0.1:6060/metrics\" failed: Get \"http://127.0.0.1:6060/metrics\": dial tcp 127.0.0.1:6060: connect: connection refused'
|
assert_stderr --partial 'Error: failed to fetch metrics: executing GET request for URL "http://127.0.0.1:6060/metrics" failed: Get "http://127.0.0.1:6060/metrics": dial tcp 127.0.0.1:6060: connect: connection refused'
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "cscli metrics (bad configuration)" {
|
@test "cscli metrics (bad configuration)" {
|
||||||
|
|
|
@ -37,22 +37,22 @@ teardown() {
|
||||||
./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
|
|
||||||
rune -0 cscli lapi status
|
rune -0 cscli lapi status
|
||||||
assert_stderr --regexp "Trying to authenticate with username .* on $socket"
|
assert_output --regexp "Trying to authenticate with username .* on $socket"
|
||||||
assert_stderr --partial "You can successfully interact with Local API (LAPI)"
|
assert_line "You can successfully interact with Local API (LAPI)"
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "crowdsec - listen on both socket and TCP" {
|
@test "crowdsec - listen on both socket and TCP" {
|
||||||
./instance-crowdsec start
|
./instance-crowdsec start
|
||||||
|
|
||||||
rune -0 cscli lapi status
|
rune -0 cscli lapi status
|
||||||
assert_stderr --regexp "Trying to authenticate with username .* on http://127.0.0.1:8080/"
|
assert_output --regexp "Trying to authenticate with username .* on http://127.0.0.1:8080/"
|
||||||
assert_stderr --partial "You can successfully interact with Local API (LAPI)"
|
assert_line "You can successfully interact with Local API (LAPI)"
|
||||||
|
|
||||||
config_set "$LOCAL_API_CREDENTIALS" ".url=strenv(socket)"
|
config_set "$LOCAL_API_CREDENTIALS" ".url=strenv(socket)"
|
||||||
|
|
||||||
rune -0 cscli lapi status
|
rune -0 cscli lapi status
|
||||||
assert_stderr --regexp "Trying to authenticate with username .* on $socket"
|
assert_output --regexp "Trying to authenticate with username .* on $socket"
|
||||||
assert_stderr --partial "You can successfully interact with Local API (LAPI)"
|
assert_line "You can successfully interact with Local API (LAPI)"
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "cscli - authenticate new machine with socket" {
|
@test "cscli - authenticate new machine with socket" {
|
||||||
|
|
|
@ -56,12 +56,9 @@ teardown() {
|
||||||
|
|
||||||
@test "we can't add the same bouncer twice" {
|
@test "we can't add the same bouncer twice" {
|
||||||
rune -0 cscli bouncers add ciTestBouncer
|
rune -0 cscli bouncers add ciTestBouncer
|
||||||
rune -1 cscli bouncers add ciTestBouncer -o json
|
rune -1 cscli bouncers add ciTestBouncer
|
||||||
|
|
||||||
# XXX temporary hack to filter out unwanted log lines that may appear before
|
assert_stderr 'Error: unable to create bouncer: bouncer ciTestBouncer already exists'
|
||||||
# log configuration (= not json)
|
|
||||||
rune -0 jq -c '[.level,.msg]' <(stderr | grep "^{")
|
|
||||||
assert_output '["fatal","unable to create bouncer: bouncer ciTestBouncer already exists"]'
|
|
||||||
|
|
||||||
rune -0 cscli bouncers list -o json
|
rune -0 cscli bouncers list -o json
|
||||||
rune -0 jq '. | length' <(output)
|
rune -0 jq '. | length' <(output)
|
||||||
|
|
|
@ -80,10 +80,8 @@ teardown() {
|
||||||
echo "$new_hub" >"$INDEX_PATH"
|
echo "$new_hub" >"$INDEX_PATH"
|
||||||
|
|
||||||
rune -0 cscli collections install crowdsecurity/sshd
|
rune -0 cscli collections install crowdsecurity/sshd
|
||||||
rune -1 cscli collections inspect crowdsecurity/sshd --no-metrics -o json
|
rune -1 cscli collections inspect crowdsecurity/sshd --no-metrics
|
||||||
# XXX: we are on the verbose side here...
|
assert_stderr --regexp "Error: failed to read Hub index: failed to sync items: failed to scan .*: while syncing collections sshd.yaml: 1.2.3.4: Invalid Semantic Version. Run 'sudo cscli hub update' to download the index again"
|
||||||
rune -0 jq -r ".msg" <(stderr)
|
|
||||||
assert_output --regexp "failed to read Hub index: failed to sync items: failed to scan .*: while syncing collections sshd.yaml: 1.2.3.4: Invalid Semantic Version. Run 'sudo cscli hub update' to download the index again"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "removing or purging an item already removed by hand" {
|
@test "removing or purging an item already removed by hand" {
|
||||||
|
|
|
@ -30,9 +30,8 @@ teardown() {
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "don't overwrite local credentials by default" {
|
@test "don't overwrite local credentials by default" {
|
||||||
rune -1 cscli machines add local -a -o json
|
rune -1 cscli machines add local -a
|
||||||
rune -0 jq -r '.msg' <(stderr)
|
assert_stderr --regexp 'Error: credentials file '.*' already exists: please remove it, use "--force" or specify a different file with "-f"'
|
||||||
assert_output --partial 'already exists: please remove it, use "--force" or specify a different file with "-f"'
|
|
||||||
rune -0 cscli machines add local -a --force
|
rune -0 cscli machines add local -a --force
|
||||||
assert_stderr --partial "Machine 'local' successfully added to the local API."
|
assert_stderr --partial "Machine 'local' successfully added to the local API."
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,9 +34,8 @@ teardown() {
|
||||||
assert_line "Usage:"
|
assert_line "Usage:"
|
||||||
assert_stderr --partial "missing arguments, a value is required (--ip, --range or --scope and --value)"
|
assert_stderr --partial "missing arguments, a value is required (--ip, --range or --scope and --value)"
|
||||||
|
|
||||||
rune -1 cscli decisions add -o json
|
rune -1 cscli decisions add
|
||||||
rune -0 jq -c '[ .level, .msg]' <(stderr | grep "^{")
|
assert_stderr 'Error: missing arguments, a value is required (--ip, --range or --scope and --value)'
|
||||||
assert_output '["fatal","missing arguments, a value is required (--ip, --range or --scope and --value)"]'
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "cscli decisions list, with and without --machine" {
|
@test "cscli decisions list, with and without --machine" {
|
||||||
|
@ -62,20 +61,19 @@ teardown() {
|
||||||
|
|
||||||
@test "cscli decisions list, incorrect parameters" {
|
@test "cscli decisions list, incorrect parameters" {
|
||||||
rune -1 cscli decisions list --until toto
|
rune -1 cscli decisions list --until toto
|
||||||
assert_stderr --partial 'unable to retrieve decisions: performing request: API error: while parsing duration: time: invalid duration \"toto\"'
|
assert_stderr 'Error: unable to retrieve decisions: performing request: API error: while parsing duration: time: invalid duration "toto"'
|
||||||
rune -1 cscli decisions list --until toto -o json
|
rune -1 cscli decisions list --until toto
|
||||||
rune -0 jq -c '[.level, .msg]' <(stderr | grep "^{")
|
assert_stderr 'Error: unable to retrieve decisions: performing request: API error: while parsing duration: time: invalid duration "toto"'
|
||||||
assert_output '["fatal","unable to retrieve decisions: performing request: API error: while parsing duration: time: invalid duration \"toto\""]'
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "cscli decisions import" {
|
@test "cscli decisions import" {
|
||||||
# required input
|
# required input
|
||||||
rune -1 cscli decisions import
|
rune -1 cscli decisions import
|
||||||
assert_stderr --partial 'required flag(s) \"input\" not set"'
|
assert_stderr --partial 'Error: required flag(s) "input" not set'
|
||||||
|
|
||||||
# unsupported format
|
# unsupported format
|
||||||
rune -1 cscli decisions import -i - <<<'value\n5.6.7.8' --format xml
|
rune -1 cscli decisions import -i - <<<'value\n5.6.7.8' --format xml
|
||||||
assert_stderr --partial "invalid format 'xml', expected one of 'json', 'csv', 'values'"
|
assert_stderr "Error: invalid format 'xml', expected one of 'json', 'csv', 'values'"
|
||||||
|
|
||||||
# invalid defaults
|
# invalid defaults
|
||||||
rune -1 cscli decisions import --duration "" -i - <<<'value\n5.6.7.8' --format csv
|
rune -1 cscli decisions import --duration "" -i - <<<'value\n5.6.7.8' --format csv
|
||||||
|
|
Loading…
Reference in a new issue