github.com/crowdsecurity/crowdsec@v1.6.1/test/bats/20_hub_collections_dep.bats

github.com/crowdsecurity/crowdsec@v1.6.1/test/bats/20_hub_collections_dep.bats (about)

     1  #!/usr/bin/env bats
     2  # vim: ft=bats:list:ts=8:sts=4:sw=4:et:ai:si:
     3  
     4  set -u
     5  
     6  setup_file() {
     7      load "../lib/setup_file.sh"
     8      ./instance-data load
     9      INDEX_PATH=$(config_get '.config_paths.index_path')
    10      export INDEX_PATH
    11      CONFIG_DIR=$(config_get '.config_paths.config_dir')
    12      export CONFIG_DIR
    13  }
    14  
    15  teardown_file() {
    16      load "../lib/teardown_file.sh"
    17  }
    18  
    19  setup() {
    20      load "../lib/setup.sh"
    21      load "../lib/bats-file/load.bash"
    22      ./instance-data load
    23      hub_strip_index
    24  }
    25  
    26  teardown() {
    27      ./instance-crowdsec stop
    28  }
    29  
    30  #----------
    31  
    32  @test "cscli collections (dependencies)" {
    33      # inject a dependency: smb requires sshd
    34      hub_dep=$(jq <"$INDEX_PATH" '. * {collections:{"crowdsecurity/smb":{collections:["crowdsecurity/sshd"]}}}')
    35      echo "$hub_dep" >"$INDEX_PATH"
    36  
    37      # verify that installing smb brings sshd
    38      rune -0 cscli collections install crowdsecurity/smb
    39      rune -0 cscli collections list -o json
    40      rune -0 jq -e '[.collections[].name]==["crowdsecurity/smb","crowdsecurity/sshd"]' <(output)
    41  
    42      # verify that removing smb removes sshd too
    43      rune -0 cscli collections remove crowdsecurity/smb
    44      rune -0 cscli collections list -o json
    45      rune -0 jq -e '.collections | length == 0' <(output)
    46  
    47      # we can't remove sshd without --force
    48      rune -0 cscli collections install crowdsecurity/smb
    49      # XXX: should this be an error?
    50      rune -0 cscli collections remove crowdsecurity/sshd
    51      assert_stderr --partial "crowdsecurity/sshd belongs to collections: [crowdsecurity/smb]"
    52      assert_stderr --partial "Run 'sudo cscli collections remove crowdsecurity/sshd --force' if you want to force remove this collection"
    53      rune -0 cscli collections list -o json
    54      rune -0 jq -c '[.collections[].name]' <(output)
    55      assert_json '["crowdsecurity/smb","crowdsecurity/sshd"]'
    56  
    57      # use the --force
    58      rune -0 cscli collections remove crowdsecurity/sshd --force
    59      rune -0 cscli collections list -o json
    60      rune -0 jq -c '[.collections[].name]' <(output)
    61      assert_json '["crowdsecurity/smb"]'
    62  
    63      # and now smb is tainted!
    64      rune -0 cscli collections inspect crowdsecurity/smb -o json
    65      rune -0 jq -e '.tainted==true' <(output)
    66      rune -0 cscli collections remove crowdsecurity/smb --force
    67  
    68      # empty
    69      rune -0 cscli collections list -o json
    70      rune -0 jq -e '.collections | length == 0' <(output)
    71  
    72      # reinstall
    73      rune -0 cscli collections install crowdsecurity/smb --force
    74  
    75      # taint on sshd means smb is tainted as well
    76      rune -0 cscli collections inspect crowdsecurity/smb -o json
    77      rune -0 jq -e '.tainted==false' <(output)
    78      echo "dirty" >"$CONFIG_DIR/collections/sshd.yaml"
    79      rune -0 cscli collections inspect crowdsecurity/smb -o json
    80      rune -0 jq -e '.tainted==true' <(output)
    81  
    82      # now we can't remove smb without --force
    83      rune -1 cscli collections remove crowdsecurity/smb
    84      assert_stderr --partial "crowdsecurity/smb is tainted, use '--force' to remove"
    85  }
    86  
    87  @test "cscli collections (dependencies II: the revenge)" {
    88      rune -0 cscli collections install crowdsecurity/wireguard baudneo/gotify
    89      rune -0 cscli collections remove crowdsecurity/wireguard
    90      assert_stderr --partial "crowdsecurity/syslog-logs was not removed because it also belongs to baudneo/gotify"
    91      rune -0 cscli collections inspect crowdsecurity/wireguard -o json
    92      rune -0 jq -e '.installed==false' <(output)
    93  }
    94  
    95  @test "cscli collections (dependencies III: origins)" {
    96      # it is perfectly fine to remove an item belonging to a collection that we are removing anyway
    97  
    98      # inject a dependency: sshd requires the syslog-logs parsers, but linux does too
    99      hub_dep=$(jq <"$INDEX_PATH" '. * {collections:{"crowdsecurity/sshd":{parsers:["crowdsecurity/syslog-logs"]}}}')
   100      echo "$hub_dep" >"$INDEX_PATH"
   101  
   102      # verify that installing sshd brings syslog-logs
   103      rune -0 cscli collections install crowdsecurity/sshd
   104      rune -0 cscli parsers inspect crowdsecurity/syslog-logs -o json
   105      rune -0 jq -e '.installed==true' <(output)
   106  
   107      rune -0 cscli collections install crowdsecurity/linux
   108  
   109      # removing linux should remove syslog-logs even though sshd depends on it
   110      rune -0 cscli collections remove crowdsecurity/linux
   111      refute_stderr --partial "crowdsecurity/syslog-logs was not removed"
   112      # we must also consider indirect dependencies
   113      refute_stderr --partial "crowdsecurity/ssh-bf was not removed"
   114      rune -0 cscli parsers list -o json
   115      rune -0 jq -e '.parsers | length == 0' <(output)
   116  }
   117  
   118  @test "cscli collections (dependencies IV: looper)" {
   119      hub_dep=$(jq <"$INDEX_PATH" '. * {collections:{"crowdsecurity/sshd":{collections:["crowdsecurity/linux"]}}}')
   120      echo "$hub_dep" >"$INDEX_PATH"
   121  
   122      rune -1 cscli hub list
   123      assert_stderr --partial "circular dependency detected"
   124      rune -1 wait-for "${CROWDSEC}"
   125      assert_stderr --partial "circular dependency detected"
   126  }