github.com/crowdsecurity/crowdsec@v1.6.1/test/bats/09_context.bats

github.com/crowdsecurity/crowdsec@v1.6.1/test/bats/09_context.bats (about)

     1  #!/usr/bin/env bats
     2  # vim: ft=bats:list:ts=8:sts=4:sw=4:et:ai:si:
     3  
     4  set -u
     5  
     6  setup_file() {
     7      load "../lib/setup_file.sh"
     8      CONFIG_DIR=$(config_get '.config_paths.config_dir')
     9      export CONFIG_DIR
    10      CONTEXT_YAML="$CONFIG_DIR/console/context.yaml"
    11      export CONTEXT_YAML
    12  }
    13  
    14  teardown_file() {
    15      load "../lib/teardown_file.sh"
    16  }
    17  
    18  setup() {
    19      load "../lib/setup.sh"
    20      load "../lib/bats-file/load.bash"
    21      ./instance-data load
    22      config_set '.common.log_media="stdout"'
    23      mkdir -p "$CONFIG_DIR/console"
    24  }
    25  
    26  teardown() {
    27      ./instance-crowdsec stop
    28  }
    29  
    30  #----------
    31  
    32  @test "detect available context" {
    33      rune -0 cscli lapi context detect -a
    34      rune -0 yq -o json <(output)
    35      assert_json '{"Acquisition":["evt.Line.Module","evt.Line.Raw","evt.Line.Src"]}'
    36  
    37      rune -0 cscli parsers install crowdsecurity/dateparse-enrich
    38      rune -0 cscli lapi context detect crowdsecurity/dateparse-enrich
    39      rune -0 yq -o json '.crowdsecurity/dateparse-enrich' <(output)
    40      assert_json '["evt.MarshaledTime","evt.Meta.timestamp"]'
    41  }
    42  
    43  @test "attempt to load from default context file, ignore if missing" {
    44      rune -0 rm -f "$CONTEXT_YAML"
    45      rune -0 "$CROWDSEC" -t --trace
    46      assert_stderr --partial "loading console context from $CONTEXT_YAML"
    47  }
    48  
    49  @test "no error if context file is missing but not explicitly set" {
    50      config_set "del(.crowdsec_service.console_context_path)"
    51      rune -0 rm -f "$CONTEXT_YAML"
    52      rune -0 cscli lapi context status --error
    53      refute_stderr
    54      assert_output --partial "No context found on this agent."
    55      rune -0 "$CROWDSEC" -t
    56      refute_stderr --partial "no such file or directory"
    57  }
    58  
    59  @test "error if context file is explicitly set but does not exist" {
    60      config_set ".crowdsec_service.console_context_path=strenv(CONTEXT_YAML)"
    61      rune -0 rm -f "$CONTEXT_YAML"
    62      rune -1 cscli lapi context status --error
    63      assert_stderr --partial "context.yaml: no such file or directory"
    64      rune -1 "$CROWDSEC" -t
    65      assert_stderr --partial "while checking console_context_path: stat $CONTEXT_YAML: no such file or directory"
    66  }
    67  
    68  @test "context file is bad" {
    69      echo "bad yaml" > "$CONTEXT_YAML"
    70      rune -1 "$CROWDSEC" -t
    71      assert_stderr --partial "while loading context: $CONTEXT_YAML: yaml: unmarshal errors"
    72  }
    73  
    74  @test "context file is good" {
    75      echo '{"source_ip":["evt.Parsed.source_ip"]}' > "$CONTEXT_YAML"
    76      rune -0 "$CROWDSEC" -t --debug
    77      # the log content may have quotes escaped or not, depending on tty detection
    78      assert_stderr --regexp 'console context to send: .*source_ip.*evt.Parsed.source_ip'
    79  }
    80  
    81  @test "context file is from hub (local item)" {
    82      mkdir -p "$CONFIG_DIR/contexts"
    83      config_set "del(.crowdsec_service.console_context_path)"
    84      echo '{"context":{"source_ip":["evt.Parsed.source_ip"]}}' > "$CONFIG_DIR/contexts/foobar.yaml"
    85      rune -0 "$CROWDSEC" -t --trace
    86      assert_stderr --partial "loading console context from $CONFIG_DIR/contexts/foobar.yaml"
    87      assert_stderr --regexp 'console context to send: .*source_ip.*evt.Parsed.source_ip'
    88  }
    89  
    90  @test "merge multiple contexts" {
    91      mkdir -p "$CONFIG_DIR/contexts"
    92      echo '{"context":{"one":["evt.Parsed.source_ip"]}}' > "$CONFIG_DIR/contexts/one.yaml"
    93      echo '{"context":{"two":["evt.Parsed.source_ip"]}}' > "$CONFIG_DIR/contexts/two.yaml"
    94      rune -0 "$CROWDSEC" -t --trace
    95      assert_stderr --partial "loading console context from $CONFIG_DIR/contexts/one.yaml"
    96      assert_stderr --partial "loading console context from $CONFIG_DIR/contexts/two.yaml"
    97      assert_stderr --regexp 'console context to send: .*one.*evt.Parsed.source_ip.*two.*evt.Parsed.source_ip'
    98  }
    99  
   100  @test "merge contexts from hub and context.yaml file" {
   101      mkdir -p "$CONFIG_DIR/contexts"
   102      echo '{"context":{"one":["evt.Parsed.source_ip"]}}' > "$CONFIG_DIR/contexts/one.yaml"
   103      echo '{"one":["evt.Parsed.source_ip_2"]}' > "$CONFIG_DIR/console/context.yaml"
   104      rune -0 "$CROWDSEC" -t --trace
   105      assert_stderr --partial "loading console context from $CONFIG_DIR/contexts/one.yaml"
   106      assert_stderr --partial "loading console context from $CONFIG_DIR/console/context.yaml"
   107      assert_stderr --regexp 'console context to send: .*one.*evt.Parsed.source_ip.*evt.Parsed.source_ip_2'
   108  }