ce32fc019e
* faster reload test * decode-jwt script * replace 'netcat' requirement with python script * fix lapi status test
244 lines
7.4 KiB
Bash
244 lines
7.4 KiB
Bash
#!/usr/bin/env bats
|
|
# vim: ft=bats:list:ts=8:sts=4:sw=4:et:ai:si:
|
|
|
|
set -u
|
|
|
|
setup_file() {
|
|
load "../lib/setup_file.sh"
|
|
}
|
|
|
|
teardown_file() {
|
|
load "../lib/teardown_file.sh"
|
|
}
|
|
|
|
setup() {
|
|
load "../lib/setup.sh"
|
|
load "../lib/bats-file/load.bash"
|
|
./instance-data load
|
|
}
|
|
|
|
teardown() {
|
|
./instance-crowdsec stop
|
|
}
|
|
|
|
#----------
|
|
|
|
@test "crowdsec (usage)" {
|
|
rune -0 wait-for --out "Usage of " "${CROWDSEC}" -h
|
|
rune -0 wait-for --out "Usage of " "${CROWDSEC}" --help
|
|
}
|
|
|
|
@test "crowdsec (unknown flag)" {
|
|
rune -0 wait-for --err "flag provided but not defined: -foobar" "$CROWDSEC" --foobar
|
|
}
|
|
|
|
@test "crowdsec (unknown argument)" {
|
|
rune -0 wait-for --err "argument provided but not defined: trololo" "${CROWDSEC}" trololo
|
|
}
|
|
|
|
@test "crowdsec (no api and no agent)" {
|
|
rune -0 wait-for \
|
|
--err "You must run at least the API Server or crowdsec" \
|
|
"${CROWDSEC}" -no-api -no-cs
|
|
}
|
|
|
|
@test "crowdsec - print error on exit" {
|
|
# errors that cause program termination are printed to stderr, not only logs
|
|
config_set '.db_config.type="meh"'
|
|
rune -1 "${CROWDSEC}"
|
|
assert_stderr --partial "unable to create database client: unknown database type 'meh'"
|
|
}
|
|
|
|
@test "crowdsec - default logging configuration (empty/missing common section)" {
|
|
config_set '.common={}'
|
|
rune -0 wait-for \
|
|
--err "Starting processing data" \
|
|
"${CROWDSEC}"
|
|
refute_output
|
|
|
|
config_set 'del(.common)'
|
|
rune -0 wait-for \
|
|
--err "Starting processing data" \
|
|
"${CROWDSEC}"
|
|
refute_output
|
|
}
|
|
|
|
@test "CS_LAPI_SECRET not strong enough" {
|
|
CS_LAPI_SECRET=foo rune -1 wait-for "${CROWDSEC}"
|
|
assert_stderr --partial "api server init: unable to run local API: controller init: CS_LAPI_SECRET not strong enough"
|
|
}
|
|
|
|
@test "crowdsec - reload (change of logfile, disabled agent)" {
|
|
logdir1=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp -u)
|
|
log_old="${logdir1}/crowdsec.log"
|
|
config_set ".common.log_dir=\"${logdir1}\""
|
|
|
|
rune -0 ./instance-crowdsec start-pid
|
|
PID="$output"
|
|
assert_file_exists "$log_old"
|
|
assert_file_contains "$log_old" "Starting processing data"
|
|
|
|
logdir2=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp -u)
|
|
log_new="${logdir2}/crowdsec.log"
|
|
config_set ".common.log_dir=\"${logdir2}\""
|
|
|
|
config_disable_agent
|
|
|
|
sleep 2
|
|
|
|
rune -0 kill -HUP "$PID"
|
|
|
|
for ((i=0; i<10; i++)); do
|
|
sleep 1
|
|
grep -q "serve: shutting down api server" <"$log_old" && break
|
|
done
|
|
|
|
echo "waited $i seconds"
|
|
|
|
echo
|
|
echo "OLD LOG"
|
|
echo
|
|
ls -la "$log_old" || true
|
|
cat "$log_old" || true
|
|
|
|
assert_file_contains "$log_old" "SIGHUP received, reloading"
|
|
assert_file_contains "$log_old" "Crowdsec engine shutting down"
|
|
assert_file_contains "$log_old" "Killing parser routines"
|
|
assert_file_contains "$log_old" "Bucket routine exiting"
|
|
assert_file_contains "$log_old" "serve: shutting down api server"
|
|
|
|
sleep 2
|
|
|
|
assert_file_exists "$log_new"
|
|
|
|
for ((i=0; i<10; i++)); do
|
|
sleep 1
|
|
grep -q "Reload is finished" <"$log_new" && break
|
|
done
|
|
|
|
echo "waited $i seconds"
|
|
|
|
echo
|
|
echo "NEW LOG"
|
|
echo
|
|
ls -la "$log_new" || true
|
|
cat "$log_new" || true
|
|
|
|
assert_file_contains "$log_new" "CrowdSec Local API listening on 127.0.0.1:8080"
|
|
assert_file_contains "$log_new" "Reload is finished"
|
|
|
|
rune -0 ./instance-crowdsec stop
|
|
}
|
|
|
|
@test "crowdsec (error if the acquisition_path file is defined but missing)" {
|
|
ACQUIS_YAML=$(config_get '.crowdsec_service.acquisition_path')
|
|
rm -f "$ACQUIS_YAML"
|
|
|
|
rune -1 wait-for "${CROWDSEC}"
|
|
assert_stderr --partial "acquis.yaml: no such file or directory"
|
|
}
|
|
|
|
@test "crowdsec (error if acquisition_path is not defined and acquisition_dir is empty)" {
|
|
ACQUIS_YAML=$(config_get '.crowdsec_service.acquisition_path')
|
|
rm -f "$ACQUIS_YAML"
|
|
config_set '.crowdsec_service.acquisition_path=""'
|
|
|
|
ACQUIS_DIR=$(config_get '.crowdsec_service.acquisition_dir')
|
|
rm -f "$ACQUIS_DIR"
|
|
|
|
config_set '.common.log_media="stdout"'
|
|
rune -1 wait-for "${CROWDSEC}"
|
|
# check warning
|
|
assert_stderr --partial "no acquisition file found"
|
|
assert_stderr --partial "crowdsec init: while loading acquisition config: no datasource enabled"
|
|
}
|
|
|
|
@test "crowdsec (error if acquisition_path and acquisition_dir are not defined)" {
|
|
ACQUIS_YAML=$(config_get '.crowdsec_service.acquisition_path')
|
|
rm -f "$ACQUIS_YAML"
|
|
config_set '.crowdsec_service.acquisition_path=""'
|
|
|
|
ACQUIS_DIR=$(config_get '.crowdsec_service.acquisition_dir')
|
|
rm -f "$ACQUIS_DIR"
|
|
config_set '.crowdsec_service.acquisition_dir=""'
|
|
|
|
config_set '.common.log_media="stdout"'
|
|
rune -1 wait-for "${CROWDSEC}"
|
|
# check warning
|
|
assert_stderr --partial "no acquisition_path or acquisition_dir specified"
|
|
assert_stderr --partial "crowdsec init: while loading acquisition config: no datasource enabled"
|
|
}
|
|
|
|
@test "crowdsec (no error if acquisition_path is empty string but acquisition_dir is not empty)" {
|
|
config_set '.common.log_media="stdout"'
|
|
|
|
ACQUIS_YAML=$(config_get '.crowdsec_service.acquisition_path')
|
|
config_set '.crowdsec_service.acquisition_path=""'
|
|
|
|
ACQUIS_DIR=$(config_get '.crowdsec_service.acquisition_dir')
|
|
mkdir -p "$ACQUIS_DIR"
|
|
mv "$ACQUIS_YAML" "$ACQUIS_DIR"/foo.yaml
|
|
|
|
rune -0 wait-for \
|
|
--err "Starting processing data" \
|
|
"${CROWDSEC}"
|
|
|
|
# now, if foo.yaml is empty instead, there won't be valid datasources.
|
|
|
|
cat /dev/null >"$ACQUIS_DIR"/foo.yaml
|
|
|
|
rune -1 wait-for "${CROWDSEC}"
|
|
assert_stderr --partial "crowdsec init: while loading acquisition config: no datasource enabled"
|
|
}
|
|
|
|
@test "crowdsec (disabled datasources)" {
|
|
if is_package_testing; then
|
|
# we can't hide journalctl in package testing
|
|
# because crowdsec is run from systemd
|
|
skip "n/a for package testing"
|
|
fi
|
|
|
|
config_set '.common.log_media="stdout"'
|
|
|
|
# a datasource cannot run - missing journalctl command
|
|
|
|
ACQUIS_DIR=$(config_get '.crowdsec_service.acquisition_dir')
|
|
mkdir -p "$ACQUIS_DIR"
|
|
cat >"$ACQUIS_DIR"/foo.yaml <<-EOT
|
|
source: journalctl
|
|
journalctl_filter:
|
|
- "_SYSTEMD_UNIT=ssh.service"
|
|
labels:
|
|
type: syslog
|
|
EOT
|
|
|
|
#shellcheck disable=SC2016
|
|
rune -0 wait-for \
|
|
--err 'datasource '\''journalctl'\'' is not available: exec: "journalctl": executable file not found in ' \
|
|
env PATH='' "${CROWDSEC}"
|
|
|
|
# if all datasources are disabled, crowdsec should exit
|
|
|
|
ACQUIS_YAML=$(config_get '.crowdsec_service.acquisition_path')
|
|
rm -f "$ACQUIS_YAML"
|
|
config_set '.crowdsec_service.acquisition_path=""'
|
|
|
|
rune -1 wait-for env PATH='' "${CROWDSEC}"
|
|
assert_stderr --partial "crowdsec init: while loading acquisition config: no datasource enabled"
|
|
}
|
|
|
|
@test "crowdsec -t (error in acquisition file)" {
|
|
# we can verify the acquisition configuration without running crowdsec
|
|
ACQUIS_YAML=$(config_get '.crowdsec_service.acquisition_path')
|
|
config_set "$ACQUIS_YAML" 'del(.filenames)'
|
|
|
|
# if filenames are missing, it won't be able to detect source type
|
|
config_set "$ACQUIS_YAML" '.source="file"'
|
|
rune -1 wait-for "${CROWDSEC}"
|
|
assert_stderr --partial "failed to configure datasource file: no filename or filenames configuration provided"
|
|
|
|
config_set "$ACQUIS_YAML" '.filenames=["file.log"]'
|
|
config_set "$ACQUIS_YAML" '.meh=3'
|
|
rune -1 wait-for "${CROWDSEC}"
|
|
assert_stderr --partial "field meh not found in type fileacquisition.FileConfiguration"
|
|
}
|