cscli inspect: don't show metrics or converted rules if an item is not installed (#3602)

cmd/crowdsec-cli/cliitem/cmdinspect.go

@@ -56,12 +56,14 @@ func (cli *cliItem) inspect(ctx context.Context, args []string, url string, diff
 			continue
 		}
 
-		if err = inspectItem(hub, item, !noMetrics, cfg.Cscli.Output, cfg.Cscli.PrometheusUrl, cfg.Cscli.Color); err != nil {
+		wantMetrics := !noMetrics && item.State.IsInstalled()
+
+		if err := inspectItem(hub, item, wantMetrics, cfg.Cscli.Output, cfg.Cscli.PrometheusUrl, cfg.Cscli.Color); err != nil {
 			return err
 		}
 
 		if cli.inspectDetail != nil {
-			if err = cli.inspectDetail(item); err != nil {
+			if err := cli.inspectDetail(item); err != nil {
 				return err
 			}
 		}
@@ -71,7 +73,7 @@ func (cli *cliItem) inspect(ctx context.Context, args []string, url string, diff
 }
 
 // return the diff between the installed version and the latest version
-func (cli *cliItem) itemDiff(ctx context.Context, item *cwhub.Item, contentProvider cwhub.ContentProvider, reverse bool) (string, error) {
+func (*cliItem) itemDiff(ctx context.Context, item *cwhub.Item, contentProvider cwhub.ContentProvider, reverse bool) (string, error) {
 	if !item.State.IsInstalled() {
 		return "", fmt.Errorf("'%s' is not installed", item.FQName())
 	}

cmd/crowdsec-cli/cliitem/hubappsec.go

@@ -85,10 +85,11 @@ cscli appsec-configs upgrade crowdsecurity/virtual-patching -i
 cscli appsec-configs upgrade crowdsecurity/virtual-patching --interactive`,
 		},
 		inspectHelp: cliHelp{
-			example: `# Display metadata, state, metrics and ancestor collections of appsec-configs (installed or not).
+			example: `# Display metadata, state, ancestor collections of appsec-configs (installed or not).
 cscli appsec-configs inspect crowdsecurity/virtual-patching
 
-# Don't collect metrics (avoid error if crowdsec is not running).
+# If the config is installed, its metrics are collected and shown as well (with an error if crowdsec is not running).
+# To avoid this, use --no-metrics.
 cscli appsec-configs inspect crowdsecurity/virtual-patching --no-metrics
 
 # Display difference between a tainted item and the latest one.
@@ -119,6 +120,10 @@ func NewAppsecRule(cfg configGetter) *cliItem {
 
 		appsecRule := appsec.AppsecCollectionConfig{}
 
+		if item.State.LocalPath == "" {
+			return nil
+		}
+
 		yamlContent, err := os.ReadFile(item.State.LocalPath)
 		if err != nil {
 			return fmt.Errorf("unable to read file %s: %w", item.State.LocalPath, err)
@@ -129,7 +134,7 @@ func NewAppsecRule(cfg configGetter) *cliItem {
 		}
 
 		for _, ruleType := range appsec_rule.SupportedTypes() {
-			fmt.Printf("\n%s format:\n", cases.Title(language.Und, cases.NoLower).String(ruleType))
+			fmt.Fprintf(os.Stdout, "\n%s format:\n", cases.Title(language.Und, cases.NoLower).String(ruleType))
 
 			for _, rule := range appsecRule.Rules {
 				convertedRule, _, err := rule.Convert(ruleType, appsecRule.Name)
@@ -137,13 +142,13 @@ func NewAppsecRule(cfg configGetter) *cliItem {
 					return fmt.Errorf("unable to convert rule %s: %w", rule.Name, err)
 				}
 
-				fmt.Println(convertedRule)
+				fmt.Fprintln(os.Stdout, convertedRule)
 			}
 
 			switch ruleType { //nolint:gocritic
 			case appsec_rule.ModsecurityRuleType:
 				for _, rule := range appsecRule.SecLangRules {
-					fmt.Println(rule)
+					fmt.Fprintln(os.Stdout, rule)
 				}
 			}
 		}
@@ -222,10 +227,11 @@ cscli appsec-rules upgrade crowdsecurity/crs -i
 cscli appsec-rules upgrade crowdsecurity/crs --interactive`,
 		},
 		inspectHelp: cliHelp{
-			example: `# Display metadata, state, metrics and ancestor collections of appsec-rules (installed or not).
+			example: `# Display metadata, state, ancestor collections of appsec-rules (installed or not).
 cscli appsec-rules inspect crowdsecurity/crs
 
-# Don't collect metrics (avoid error if crowdsec is not running).
+# If the rule is installed, its metrics are collected and shown as well (with an error if crowdsec is not running).
+# To avoid this, use --no-metrics.
 cscli appsec-configs inspect crowdsecurity/crs --no-metrics
 
 # Display difference between a tainted item and the latest one.

cmd/crowdsec-cli/cliitem/hubcollection.go

@@ -76,10 +76,11 @@ cscli collections upgrade crowdsecurity/http-cve crowdsecurity/iptables -i
 cscli collections upgrade crowdsecurity/http-cve crowdsecurity/iptables --interactive`,
 		},
 		inspectHelp: cliHelp{
-			example: `# Display metadata, state, metrics and dependencies of collections (installed or not).
+			example: `# Display metadata, state, and dependencies of collections (installed or not).
 cscli collections inspect crowdsecurity/http-cve crowdsecurity/iptables
 
-# Don't collect metrics (avoid error if crowdsec is not running).
+# If the collection is installed, its metrics are collected and shown as well (with an error if crowdsec is not running).
+# To avoid this, use --no-metrics.
 cscli collections inspect crowdsecurity/http-cve crowdsecurity/iptables --no-metrics
 
 # Display difference between a tainted item and the latest one, or the reason for the taint if it's a dependency.

cmd/crowdsec-cli/cliitem/hubparser.go

@@ -76,10 +76,11 @@ cscli parsers upgrade crowdsecurity/caddy-logs crowdsecurity/sshd-logs -i
 cscli parsers upgrade crowdsecurity/caddy-logs crowdsecurity/sshd-logs --interactive`,
 		},
 		inspectHelp: cliHelp{
-			example: `# Display metadata, state, metrics and ancestor collections of parsers (installed or not).
+			example: `# Display metadata, state and ancestor collections of parsers (installed or not).
 cscli parsers inspect crowdsecurity/httpd-logs crowdsecurity/sshd-logs
 
-# Don't collect metrics (avoid error if crowdsec is not running).
+# If the parser is installed, its metrics are collected and shown as well (with an error if crowdsec is not running).
+# To avoid this, use --no-metrics.
 cscli parsers inspect crowdsecurity/httpd-logs --no-metrics
 
 # Display difference between a tainted item and the latest one.

cmd/crowdsec-cli/cliitem/hubscenario.go

@@ -76,10 +76,11 @@ cscli scenarios upgrade crowdsecurity/ssh-bf crowdsecurity/http-probing -i
 cscli scenarios upgrade crowdsecurity/ssh-bf crowdsecurity/http-probing --interactive`,
 		},
 		inspectHelp: cliHelp{
-			example: `# Display metadata, state, metrics and ancestor collections of scenarios (installed or not).
+			example: `# Display metadata, state and ancestor collections of scenarios (installed or not).
 cscli scenarios inspect crowdsecurity/ssh-bf crowdsecurity/http-probing
 
-# Don't collect metrics (avoid error if crowdsec is not running).
+# If the scenario is installed, its metrics are collected and shown as well (with an error if crowdsec is not running).
+# To avoid this, use --no-metrics.
 cscli scenarios inspect crowdsecurity/ssh-bf --no-metrics
 
 # Display difference between a tainted item and the latest one.

test/bats/cscli-hubtype-inspect.bats

@@ -42,29 +42,34 @@ teardown() {
     rune -1 cscli parsers inspect blahblah/blahblah
     assert_stderr --partial "can't find 'blahblah/blahblah' in parsers"
 
-    # one item
-    rune -0 cscli parsers inspect crowdsecurity/sshd-logs --no-metrics
+    # one item. if it's not installed, metrics won't be read.
+    rune -0 cscli parsers inspect crowdsecurity/sshd-logs
     assert_line 'type: parsers'
     assert_line 'name: crowdsecurity/sshd-logs'
     assert_line 'path: parsers/s01-parse/crowdsecurity/sshd-logs.yaml'
     assert_line 'installed: false'
-    refute_line --partial 'Current metrics:'
+    refute_output --partial 'Current metrics:'
+
+    rune -0 cscli parsers install crowdsecurity/sshd-logs
+
+    rune -0 cscli parsers inspect crowdsecurity/sshd-logs --no-metrics
+    refute_output --partial 'Current metrics:'
 
     # one item, with metrics
     rune -0 cscli parsers inspect crowdsecurity/sshd-logs
-    assert_line --partial 'Current metrics:'
+    assert_output --partial 'Current metrics:'
 
     # one item, json
     rune -0 cscli parsers inspect crowdsecurity/sshd-logs -o json
     rune -0 jq -c '[.type, .name, .path, .installed]' <(output)
-    assert_json '["parsers","crowdsecurity/sshd-logs","parsers/s01-parse/crowdsecurity/sshd-logs.yaml",false]'
+    assert_json '["parsers","crowdsecurity/sshd-logs","parsers/s01-parse/crowdsecurity/sshd-logs.yaml",true]'
 
     # one item, raw
     rune -0 cscli parsers inspect crowdsecurity/sshd-logs -o raw
     assert_line 'type: parsers'
     assert_line 'name: crowdsecurity/sshd-logs'
     assert_line 'path: parsers/s01-parse/crowdsecurity/sshd-logs.yaml'
-    assert_line 'installed: false'
+    assert_line 'installed: true'
     refute_line --partial 'Current metrics:'
 
     # multiple items
@@ -74,6 +79,8 @@ teardown() {
     rune -1 grep -c 'Current metrics:' <(output)
     assert_output "0"
 
+    rune -0 cscli parsers install crowdsecurity/whitelists
+
     # multiple items, with metrics
     rune -0 cscli parsers inspect crowdsecurity/sshd-logs crowdsecurity/whitelists
     rune -0 grep -c 'Current metrics:' <(output)
@@ -82,7 +89,7 @@ teardown() {
     # multiple items, json
     rune -0 cscli parsers inspect crowdsecurity/sshd-logs crowdsecurity/whitelists -o json
     rune -0 jq -sc '[.[] | [.type, .name, .path, .installed]]' <(output)
-    assert_json '[["parsers","crowdsecurity/sshd-logs","parsers/s01-parse/crowdsecurity/sshd-logs.yaml",false],["parsers","crowdsecurity/whitelists","parsers/s02-enrich/crowdsecurity/whitelists.yaml",false]]'
+    assert_json '[["parsers","crowdsecurity/sshd-logs","parsers/s01-parse/crowdsecurity/sshd-logs.yaml",true],["parsers","crowdsecurity/whitelists","parsers/s02-enrich/crowdsecurity/whitelists.yaml",true]]'
 
     # multiple items, raw
     rune -0 cscli parsers inspect crowdsecurity/sshd-logs crowdsecurity/whitelists -o raw