github.com/crowdsecurity/crowdsec@v1.6.1/test/bats/09_socket.bats

github.com/crowdsecurity/crowdsec@v1.6.1/test/bats/09_socket.bats (about)

     1  #!/usr/bin/env bats
     2  # vim: ft=bats:list:ts=8:sts=4:sw=4:et:ai:si:
     3  
     4  set -u
     5  
     6  setup_file() {
     7      load "../lib/setup_file.sh"
     8      sockdir=$(TMPDIR="$BATS_FILE_TMPDIR" mktemp -u)
     9      export sockdir
    10      mkdir -p "$sockdir"
    11      socket="$sockdir/crowdsec_api.sock"
    12      export socket
    13      LOCAL_API_CREDENTIALS=$(config_get '.api.client.credentials_path')
    14      export LOCAL_API_CREDENTIALS
    15  }
    16  
    17  teardown_file() {
    18      load "../lib/teardown_file.sh"
    19  }
    20  
    21  setup() {
    22      load "../lib/setup.sh"
    23      load "../lib/bats-file/load.bash"
    24      ./instance-data load
    25      config_set ".api.server.listen_socket=strenv(socket)"
    26  }
    27  
    28  teardown() {
    29      ./instance-crowdsec stop
    30  }
    31  
    32  #----------
    33  
    34  @test "cscli - connects from existing machine with socket" {
    35      config_set "$LOCAL_API_CREDENTIALS" ".url=strenv(socket)"
    36  
    37      ./instance-crowdsec start
    38  
    39      rune -0 cscli lapi status
    40      assert_stderr --regexp "Trying to authenticate with username .* on $socket"
    41      assert_stderr --partial "You can successfully interact with Local API (LAPI)"
    42  }
    43  
    44  @test "crowdsec - listen on both socket and TCP" {
    45      ./instance-crowdsec start
    46  
    47      rune -0 cscli lapi status
    48      assert_stderr --regexp "Trying to authenticate with username .* on http://127.0.0.1:8080/"
    49      assert_stderr --partial "You can successfully interact with Local API (LAPI)"
    50  
    51      config_set "$LOCAL_API_CREDENTIALS" ".url=strenv(socket)"
    52  
    53      rune -0 cscli lapi status
    54      assert_stderr --regexp "Trying to authenticate with username .* on $socket"
    55      assert_stderr --partial "You can successfully interact with Local API (LAPI)"
    56  }
    57  
    58  @test "cscli - authenticate new machine with socket" {
    59      # verify that if a listen_uri and a socket are set, the socket is used
    60      # by default when creating a local machine.
    61  
    62      rune -0 cscli machines delete "$(cscli machines list -o json | jq -r '.[].machineId')"
    63  
    64      # this one should be using the socket
    65      rune -0 cscli machines add --auto --force
    66  
    67      using=$(config_get "$LOCAL_API_CREDENTIALS" ".url")
    68  
    69      assert [ "$using" = "$socket" ]
    70  
    71      # disable the agent because it counts as a first authentication
    72      config_disable_agent
    73      ./instance-crowdsec start
    74  
    75      # the machine does not have an IP yet
    76  
    77      rune -0 cscli machines list -o json
    78      rune -0 jq -r '.[].ipAddress' <(output)
    79      assert_output null
    80  
    81      # upon first authentication, it's assigned to localhost
    82  
    83      rune -0 cscli lapi status
    84  
    85      rune -0 cscli machines list -o json
    86      rune -0 jq -r '.[].ipAddress' <(output)
    87      assert_output 127.0.0.1
    88  }
    89  
    90  bouncer_http() {
    91      URI="$1"
    92      curl -fs -H "X-Api-Key: $API_KEY" "http://localhost:8080$URI"
    93  }
    94  
    95  bouncer_socket() {
    96      URI="$1"
    97      curl -fs -H "X-Api-Key: $API_KEY" --unix-socket "$socket" "http://localhost$URI"
    98  }
    99  
   100  @test "lapi - connects from existing bouncer with socket" {
   101      ./instance-crowdsec start
   102      API_KEY=$(cscli bouncers add testbouncer -o raw)
   103      export API_KEY
   104  
   105      # the bouncer does not have an IP yet
   106  
   107      rune -0 cscli bouncers list -o json
   108      rune -0 jq -r '.[].ip_address' <(output)
   109      assert_output ""
   110  
   111      # upon first authentication, it's assigned to localhost
   112  
   113      rune -0 bouncer_socket '/v1/decisions'
   114      assert_output 'null'
   115      refute_stderr
   116  
   117      rune -0 cscli bouncers list -o json
   118      rune -0 jq -r '.[].ip_address' <(output)
   119      assert_output "127.0.0.1"
   120  
   121      # we can still use TCP of course
   122  
   123      rune -0 bouncer_http '/v1/decisions'
   124      assert_output 'null'
   125      refute_stderr
   126  }
   127  
   128  @test "lapi - listen on socket only" {
   129      config_set "del(.api.server.listen_uri)"
   130  
   131      mkdir -p "$sockdir"
   132  
   133      # agent is not able to connect right now
   134      config_disable_agent
   135      ./instance-crowdsec start
   136  
   137      API_KEY=$(cscli bouncers add testbouncer -o raw)
   138      export API_KEY
   139  
   140      # now we can't
   141  
   142      rune -1 cscli lapi status
   143      assert_stderr --partial "connection refused"
   144  
   145      rune -7 bouncer_http '/v1/decisions'
   146      refute_output
   147      refute_stderr
   148  
   149      # here we can
   150  
   151      config_set "$LOCAL_API_CREDENTIALS" ".url=strenv(socket)"
   152  
   153      rune -0 cscli lapi status
   154  
   155      rune -0 bouncer_socket '/v1/decisions'
   156      assert_output 'null'
   157      refute_stderr
   158  }