126 lines
4.7 KiB
Bash
126 lines
4.7 KiB
Bash
#!/usr/bin/env bats
|
|
# vim: ft=bats:list:ts=8:sts=4:sw=4:et:ai:si:
|
|
|
|
set -u
|
|
|
|
setup_file() {
|
|
load "../lib/setup_file.sh"
|
|
./instance-data load
|
|
INDEX_PATH=$(config_get '.config_paths.index_path')
|
|
export INDEX_PATH
|
|
CONFIG_DIR=$(config_get '.config_paths.config_dir')
|
|
export CONFIG_DIR
|
|
}
|
|
|
|
teardown_file() {
|
|
load "../lib/teardown_file.sh"
|
|
}
|
|
|
|
setup() {
|
|
load "../lib/setup.sh"
|
|
load "../lib/bats-file/load.bash"
|
|
./instance-data load
|
|
hub_strip_index
|
|
}
|
|
|
|
teardown() {
|
|
./instance-crowdsec stop
|
|
}
|
|
|
|
#----------
|
|
|
|
@test "cscli collections (dependencies)" {
|
|
# inject a dependency: smb requires sshd
|
|
hub_dep=$(jq <"$INDEX_PATH" '. * {collections:{"crowdsecurity/smb":{collections:["crowdsecurity/sshd"]}}}')
|
|
echo "$hub_dep" >"$INDEX_PATH"
|
|
|
|
# verify that installing smb brings sshd
|
|
rune -0 cscli collections install crowdsecurity/smb
|
|
rune -0 cscli collections list -o json
|
|
rune -0 jq -e '[.collections[].name]==["crowdsecurity/smb","crowdsecurity/sshd"]' <(output)
|
|
|
|
# verify that removing smb removes sshd too
|
|
rune -0 cscli collections remove crowdsecurity/smb
|
|
rune -0 cscli collections list -o json
|
|
rune -0 jq -e '.collections | length == 0' <(output)
|
|
|
|
# we can't remove sshd without --force
|
|
rune -0 cscli collections install crowdsecurity/smb
|
|
# XXX: should this be an error?
|
|
rune -0 cscli collections remove crowdsecurity/sshd
|
|
assert_stderr --partial "crowdsecurity/sshd belongs to collections: [crowdsecurity/smb]"
|
|
assert_stderr --partial "Run 'sudo cscli collections remove crowdsecurity/sshd --force' if you want to force remove this collection"
|
|
rune -0 cscli collections list -o json
|
|
rune -0 jq -c '[.collections[].name]' <(output)
|
|
assert_json '["crowdsecurity/smb","crowdsecurity/sshd"]'
|
|
|
|
# use the --force
|
|
rune -0 cscli collections remove crowdsecurity/sshd --force
|
|
rune -0 cscli collections list -o json
|
|
rune -0 jq -c '[.collections[].name]' <(output)
|
|
assert_json '["crowdsecurity/smb"]'
|
|
|
|
# and now smb is tainted!
|
|
rune -0 cscli collections inspect crowdsecurity/smb -o json
|
|
rune -0 jq -e '.tainted==true' <(output)
|
|
rune -0 cscli collections remove crowdsecurity/smb --force
|
|
|
|
# empty
|
|
rune -0 cscli collections list -o json
|
|
rune -0 jq -e '.collections | length == 0' <(output)
|
|
|
|
# reinstall
|
|
rune -0 cscli collections install crowdsecurity/smb --force
|
|
|
|
# taint on sshd means smb is tainted as well
|
|
rune -0 cscli collections inspect crowdsecurity/smb -o json
|
|
rune -0 jq -e '.tainted==false' <(output)
|
|
echo "dirty" >"$CONFIG_DIR/collections/sshd.yaml"
|
|
rune -0 cscli collections inspect crowdsecurity/smb -o json
|
|
rune -0 jq -e '.tainted==true' <(output)
|
|
|
|
# now we can't remove smb without --force
|
|
rune -1 cscli collections remove crowdsecurity/smb
|
|
assert_stderr --partial "crowdsecurity/smb is tainted, use '--force' to remove"
|
|
}
|
|
|
|
@test "cscli collections (dependencies II: the revenge)" {
|
|
rune -0 cscli collections install crowdsecurity/wireguard baudneo/gotify
|
|
rune -0 cscli collections remove crowdsecurity/wireguard
|
|
assert_stderr --partial "crowdsecurity/syslog-logs was not removed because it also belongs to baudneo/gotify"
|
|
rune -0 cscli collections inspect crowdsecurity/wireguard -o json
|
|
rune -0 jq -e '.installed==false' <(output)
|
|
}
|
|
|
|
@test "cscli collections (dependencies III: origins)" {
|
|
# it is perfectly fine to remove an item belonging to a collection that we are removing anyway
|
|
|
|
# inject a dependency: sshd requires the syslog-logs parsers, but linux does too
|
|
hub_dep=$(jq <"$INDEX_PATH" '. * {collections:{"crowdsecurity/sshd":{parsers:["crowdsecurity/syslog-logs"]}}}')
|
|
echo "$hub_dep" >"$INDEX_PATH"
|
|
|
|
# verify that installing sshd brings syslog-logs
|
|
rune -0 cscli collections install crowdsecurity/sshd
|
|
rune -0 cscli parsers inspect crowdsecurity/syslog-logs -o json
|
|
rune -0 jq -e '.installed==true' <(output)
|
|
|
|
rune -0 cscli collections install crowdsecurity/linux
|
|
|
|
# removing linux should remove syslog-logs even though sshd depends on it
|
|
rune -0 cscli collections remove crowdsecurity/linux
|
|
refute_stderr --partial "crowdsecurity/syslog-logs was not removed"
|
|
# we must also consider indirect dependencies
|
|
refute_stderr --partial "crowdsecurity/ssh-bf was not removed"
|
|
rune -0 cscli parsers list -o json
|
|
rune -0 jq -e '.parsers | length == 0' <(output)
|
|
}
|
|
|
|
@test "cscli collections (dependencies IV: looper)" {
|
|
hub_dep=$(jq <"$INDEX_PATH" '. * {collections:{"crowdsecurity/sshd":{collections:["crowdsecurity/linux"]}}}')
|
|
echo "$hub_dep" >"$INDEX_PATH"
|
|
|
|
rune -1 cscli hub list
|
|
assert_stderr --partial "circular dependency detected"
|
|
rune -1 wait-for "${CROWDSEC}"
|
|
assert_stderr --partial "circular dependency detected"
|
|
}
|