mirrors/crowdsec
1
0
Fork 0
mirror of https://github.com/crowdsecurity/crowdsec.git synced 2025-05-10 20:05:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

cscli hub/items: always show action plan; fix --interactive in pipes (#3451)

Browse source
This commit is contained in:
mmetc 2025-02-21 00:17:01 +01:00 committed by GitHub
parent 45624c6fe5
commit 2b70dbf3e5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
16 changed files with 196 additions and 79 deletions
Download patch file Download diff file Expand all files Collapse all files

12
cmd/crowdsec-cli/clihub/hub.go
View file

@ -118,10 +118,15 @@ func (cli *cliHub) update(ctx context.Context, withContent bool) error {
indexProvider := require.HubDownloader(ctx, cli.cfg())
if err := hub.Update(ctx, indexProvider, withContent); err != nil {
updated, err := hub.Update(ctx, indexProvider, withContent)
if err != nil {
return fmt.Errorf("failed to update hub: %w", err)
}
if !updated && (log.StandardLogger().Level >= log.InfoLevel) {
fmt.Println("Nothing to do, the hub index is up to date.")
}
if err := hub.Load(); err != nil {
return fmt.Errorf("failed to load hub: %w", err)
}
@ -187,9 +192,10 @@ func (cli *cliHub) upgrade(ctx context.Context, interactive bool, dryRun bool, f
return err
}
verbose := (cfg.Cscli.Output == "raw")
showPlan := (log.StandardLogger().Level >= log.InfoLevel)
verbosePlan := (cfg.Cscli.Output == "raw")
if err := plan.Execute(ctx, interactive, dryRun, verbose); err != nil {
if err := plan.Execute(ctx, interactive, dryRun, showPlan, verbosePlan); err != nil {
return err
}

5
cmd/crowdsec-cli/cliitem/cmdinstall.go
View file

@ -78,9 +78,10 @@ func (cli cliItem) install(ctx context.Context, args []string, interactive bool,
}
}
verbose := (cfg.Cscli.Output == "raw")
showPlan := (log.StandardLogger().Level >= log.InfoLevel)
verbosePlan := (cfg.Cscli.Output == "raw")
if err := plan.Execute(ctx, interactive, dryRun, verbose); err != nil {
if err := plan.Execute(ctx, interactive, dryRun, showPlan, verbosePlan); err != nil {
if !ignoreError {
return err
}

5
cmd/crowdsec-cli/cliitem/cmdremove.go
View file

@ -98,9 +98,10 @@ func (cli cliItem) remove(ctx context.Context, args []string, interactive bool,
return err
}
verbose := (cfg.Cscli.Output == "raw")
showPlan := (log.StandardLogger().Level >= log.InfoLevel)
verbosePlan := (cfg.Cscli.Output == "raw")
if err := plan.Execute(ctx, interactive, dryRun, verbose); err != nil {
if err := plan.Execute(ctx, interactive, dryRun, showPlan, verbosePlan); err != nil {
return err
}

5
cmd/crowdsec-cli/cliitem/cmdupgrade.go
View file

@ -60,9 +60,10 @@ func (cli cliItem) upgrade(ctx context.Context, args []string, interactive bool,
return err
}
verbose := (cfg.Cscli.Output == "raw")
showPlan := (log.StandardLogger().Level >= log.InfoLevel)
verbosePlan := (cfg.Cscli.Output == "raw")
if err := plan.Execute(ctx, interactive, dryRun, verbose); err != nil {
if err := plan.Execute(ctx, interactive, dryRun, showPlan, verbosePlan); err != nil {
return err
}

19
cmd/crowdsec-cli/clisetup/setup.go
View file

@ -95,8 +95,8 @@ func (cli *cliSetup) newDetectCmd() *cobra.Command {
func (cli *cliSetup) newInstallHubCmd() *cobra.Command {
var (
yes bool
dryRun bool
interactive bool
dryRun bool
)
cmd := &cobra.Command{
@ -105,14 +105,14 @@ func (cli *cliSetup) newInstallHubCmd() *cobra.Command {
Args: cobra.ExactArgs(1),
DisableAutoGenTag: true,
RunE: func(cmd *cobra.Command, args []string) error {
return cli.install(cmd.Context(), yes, dryRun, args[0])
return cli.install(cmd.Context(), interactive, dryRun, args[0])
},
}
flags := cmd.Flags()
flags.BoolVarP(&yes, "yes", "y", false, "confirm execution without prompt")
flags.BoolVarP(&interactive, "interactive", "i", false, "Ask for confirmation before proceeding")
flags.BoolVar(&dryRun, "dry-run", false, "don't install anything; print out what would have been")
cmd.MarkFlagsMutuallyExclusive("yes", "dry-run")
cmd.MarkFlagsMutuallyExclusive("interactive", "dry-run")
return cmd
}
@ -281,7 +281,7 @@ func (cli *cliSetup) dataSources(fromFile string, toDir string) error {
return nil
}
func (cli *cliSetup) install(ctx context.Context, yes bool, dryRun bool, fromFile string) error {
func (cli *cliSetup) install(ctx context.Context, interactive bool, dryRun bool, fromFile string) error {
input, err := os.ReadFile(fromFile)
if err != nil {
return fmt.Errorf("while reading file %s: %w", fromFile, err)
@ -294,11 +294,12 @@ func (cli *cliSetup) install(ctx context.Context, yes bool, dryRun bool, fromFil
return err
}
verbose := (cfg.Cscli.Output == "raw")
contentProvider := require.HubDownloader(ctx, cfg)
return setup.InstallHubItems(ctx, hub, contentProvider, input, yes, dryRun, verbose)
showPlan := (log.StandardLogger().Level >= log.InfoLevel)
verbosePlan := (cfg.Cscli.Output == "raw")
return setup.InstallHubItems(ctx, hub, contentProvider, input, interactive, dryRun, showPlan, verbosePlan)
}
func (cli *cliSetup) validate(fromFile string) error {

4
pkg/cwhub/cwhub_test.go
View file

@ -10,6 +10,7 @@ import (
"testing"
log "github.com/sirupsen/logrus"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/crowdsecurity/crowdsec/pkg/csconfig"
@ -61,8 +62,9 @@ func testHubOld(t *testing.T, update bool) *Hub {
URLTemplate: mockURLTemplate,
}
err = hub.Update(ctx, indexProvider, false)
updated, err := hub.Update(ctx, indexProvider, false)
require.NoError(t, err)
assert.True(t, updated)
}
err = hub.Load()

1
pkg/cwhub/download.go
View file

@ -62,6 +62,7 @@ func addURLParam(rawURL string, param string, value string) (string, error) {
// FetchIndex downloads the index from the hub and writes it to the filesystem.
// It uses a temporary file to avoid partial downloads, and won't overwrite the original
// if it has not changed.
// Return true if the file has been updated, false if already up to date.
func (d *Downloader) FetchIndex(ctx context.Context, destPath string, withContent bool, logger *logrus.Logger) (bool, error) {
url, err := d.urlTo(".index.json")
if err != nil {

17
pkg/cwhub/hub.go
View file

@ -153,24 +153,13 @@ var ErrUpdateAfterSync = errors.New("cannot update hub index after load/sync")
// Update downloads the latest version of the index and writes it to disk if it changed.
// It cannot be called after Load() unless the index was completely empty.
func (h *Hub) Update(ctx context.Context, indexProvider IndexProvider, withContent bool) error {
func (h *Hub) Update(ctx context.Context, indexProvider IndexProvider, withContent bool) (bool, error) {
if len(h.items) > 0 {
// if this happens, it's a bug.
return ErrUpdateAfterSync
return false, ErrUpdateAfterSync
}
downloaded, err := indexProvider.FetchIndex(ctx, h.local.HubIndexFile, withContent, h.logger)
if err != nil {
return err
}
if !downloaded {
// use logger and the message will be silenced in the cron job
// (no mail if nothing happened)
h.logger.Info("Nothing to do, the hub index is up to date.")
}
return nil
return indexProvider.FetchIndex(ctx, h.local.HubIndexFile, withContent, h.logger)
}
// addItem adds an item to the hub. It silently replaces an existing item with the same type and name.

12
pkg/cwhub/hub_test.go
View file

@ -130,8 +130,9 @@ func TestHubUpdate(t *testing.T) {
URLTemplate: mockServer.URL + "/%s/%s",
}
err = hub.Update(ctx, downloader, true)
updated, err := hub.Update(ctx, downloader, true)
require.NoError(t, err)
assert.True(t, updated)
err = hub.Load()
require.NoError(t, err)
@ -151,8 +152,9 @@ func TestHubUpdateInvalidTemplate(t *testing.T) {
URLTemplate: "x",
}
err = hub.Update(ctx, downloader, true)
updated, err := hub.Update(ctx, downloader, true)
cstest.RequireErrorMessage(t, err, "failed to build hub index request: invalid URL template 'x'")
assert.False(t, updated)
}
func TestHubUpdateCannotWrite(t *testing.T) {
@ -194,8 +196,9 @@ func TestHubUpdateCannotWrite(t *testing.T) {
hub.local.HubIndexFile = "/proc/foo/bar/baz/.index.json"
err = hub.Update(ctx, downloader, true)
updated, err := hub.Update(ctx, downloader, true)
cstest.RequireErrorContains(t, err, "failed to create temporary download file for /proc/foo/bar/baz/.index.json")
assert.False(t, updated)
}
func TestHubUpdateAfterLoad(t *testing.T) {
@ -252,6 +255,7 @@ func TestHubUpdateAfterLoad(t *testing.T) {
URLTemplate: mockServer.URL + "/%s/%s",
}
err = hub.Update(ctx, downloader, true)
updated, err := hub.Update(ctx, downloader, true)
require.ErrorIs(t, err, ErrUpdateAfterSync)
assert.False(t, updated)
}

39
pkg/hubops/plan.go
View file

@ -11,7 +11,6 @@ import (
"github.com/AlecAivazis/survey/v2"
"github.com/fatih/color"
isatty "github.com/mattn/go-isatty"
"github.com/crowdsecurity/go-cs-lib/slicetools"
@ -192,11 +191,6 @@ func (p *ActionPlan) compactDescription() string {
}
func (p *ActionPlan) Confirm(verbose bool) (bool, error) {
// user provided an --interactive flag, but we go with the defaults if it's not a tty
if !isatty.IsTerminal(os.Stdout.Fd()) && !isatty.IsCygwinTerminal(os.Stdout.Fd()) {
return true, nil
}
fmt.Println("The following actions will be performed:\n" + p.Description(verbose))
var answer bool
@ -206,9 +200,15 @@ func (p *ActionPlan) Confirm(verbose bool) (bool, error) {
Default: true,
}
tty, err := os.OpenFile("/dev/tty", os.O_RDWR, 0)
if err != nil {
return prompt.Default, nil
}
defer tty.Close()
// in case of EOF, it's likely stdin has been closed in a script or package manager,
// we can't do anything but go with the default
if err := survey.AskOne(prompt, &answer); err != nil {
if err := survey.AskOne(prompt, &answer, survey.WithStdio(tty, tty, tty)); err != nil {
if errors.Is(err, io.EOF) {
return prompt.Default, nil
}
@ -221,22 +221,18 @@ func (p *ActionPlan) Confirm(verbose bool) (bool, error) {
return answer, nil
}
func (p *ActionPlan) Execute(ctx context.Context, interactive bool, dryRun bool, verbose bool) error {
func (p *ActionPlan) Execute(ctx context.Context, interactive bool, dryRun bool, alwaysShowPlan bool, verbosePlan bool) error {
// interactive: show action plan, ask for confirm
// dry-run: show action plan, no prompt, no action
// alwaysShowPlan: print plan even if interactive and dry-run are false
// verbosePlan: plan summary is displaying each step in order
if len(p.commands) == 0 {
// XXX: show skipped commands, warnings?
fmt.Println("Nothing to do.")
return nil
}
if dryRun {
fmt.Println("Action plan:\n" + p.Description(verbose))
fmt.Println("Dry run, no action taken.")
return nil
}
if interactive {
answer, err := p.Confirm(verbose)
answer, err := p.Confirm(verbosePlan)
if err != nil {
return err
}
@ -245,6 +241,15 @@ func (p *ActionPlan) Execute(ctx context.Context, interactive bool, dryRun bool,
fmt.Println("Operation canceled.")
return nil
}
} else {
if dryRun || alwaysShowPlan {
fmt.Println("Action plan:\n" + p.Description(verbosePlan))
}
if dryRun {
fmt.Println("Dry run, no action taken.")
return nil
}
}
for _, c := range p.commands {

4
pkg/setup/install.go
View file

@ -48,7 +48,7 @@ func decodeSetup(input []byte, fancyErrors bool) (Setup, error) {
}
// InstallHubItems installs the objects recommended in a setup file.
func InstallHubItems(ctx context.Context, hub *cwhub.Hub, contentProvider cwhub.ContentProvider, input []byte, yes, dryRun, verbose bool) error {
func InstallHubItems(ctx context.Context, hub *cwhub.Hub, contentProvider cwhub.ContentProvider, input []byte, interactive, dryRun, showPlan, verbosePlan bool) error {
setupEnvelope, err := decodeSetup(input, false)
if err != nil {
return err
@ -134,7 +134,7 @@ func InstallHubItems(ctx context.Context, hub *cwhub.Hub, contentProvider cwhub.
}
}
return plan.Execute(ctx, yes, dryRun, verbose)
return plan.Execute(ctx, interactive, dryRun, showPlan, verbosePlan)
}
// marshalAcquisDocuments creates the monolithic file, or itemized files (if a directory is provided) with the acquisition documents.

22
test/bats/20_hub.bats
View file

@ -109,17 +109,33 @@ teardown() {
rune -0 cscli hub update
assert_output "Downloading $INDEX_PATH"
rune -0 cscli hub update
assert_output "Nothing to do, the hub index is up to date."
# hub update must honor the --error flag to be silent in noop cron jobs
rune -0 cscli hub update --error
refute_output
assert_stderr 'level=info msg="Nothing to do, the hub index is up to date."'
refute_stderr
}
@test "cscli hub upgrade (up to date)" {
rune -0 cscli hub upgrade
refute_output
assert_output - <<-EOT
Action plan:
🔄 check & update data files
EOT
rune -0 cscli parsers install crowdsecurity/syslog-logs
rune -0 cscli hub upgrade --force
assert_output - <<-EOT
Action plan:
🔄 check & update data files
EOT
# hub upgrade must honor the --error flag to be silent in noop cron jobs
rune -0 cscli hub upgrade --error
refute_output
refute_stderr
skip "todo: data files are re-downloaded with --force"
}
@ -129,6 +145,8 @@ teardown() {
rune -0 cscli hub upgrade
assert_output - <<-EOT
collections:foo.yaml - not downloading local item
Action plan:
🔄 check & update data files
EOT
}

50
test/bats/cscli-hubtype-install.bats
View file

@ -34,6 +34,15 @@ teardown() {
./instance-crowdsec stop
}
get_latest_version() {
local hubtype=$1
shift
local item_name=$1
shift
cscli "$hubtype" inspect "$item_name" -o json | jq -r '.version'
}
#----------
@test "cscli <hubtype> install (no argument)" {
@ -55,10 +64,11 @@ teardown() {
@test "install an item (dry run)" {
rune -0 cscli parsers install crowdsecurity/whitelists --dry-run
assert_output - --regexp <<-EOT
latest_whitelists=$(get_latest_version parsers crowdsecurity/whitelists)
assert_output - <<-EOT
Action plan:
📥 download
parsers: crowdsecurity/whitelists \([0-9]+.[0-9]+\)
parsers: crowdsecurity/whitelists ($latest_whitelists)
✅ enable
parsers: crowdsecurity/whitelists
@ -71,9 +81,10 @@ teardown() {
@test "install an item (dry-run, de-duplicate commands)" {
rune -0 cscli parsers install crowdsecurity/whitelists crowdsecurity/whitelists --dry-run --output raw
assert_output - --regexp <<-EOT
latest_whitelists=$(get_latest_version parsers crowdsecurity/whitelists)
assert_output - <<-EOT
Action plan:
📥 download parsers:crowdsecurity/whitelists \([0-9]+.[0-9]+\)
📥 download parsers:crowdsecurity/whitelists ($latest_whitelists)
✅ enable parsers:crowdsecurity/whitelists
Dry run, no action taken.
@ -83,7 +94,14 @@ teardown() {
@test "install an item" {
rune -0 cscli parsers install crowdsecurity/whitelists
latest_whitelists=$(get_latest_version parsers crowdsecurity/whitelists)
assert_output - <<-EOT
Action plan:
📥 download
parsers: crowdsecurity/whitelists ($latest_whitelists)
✅ enable
parsers: crowdsecurity/whitelists
downloading parsers:crowdsecurity/whitelists
enabling parsers:crowdsecurity/whitelists
@ -105,7 +123,12 @@ teardown() {
@test "install an item (download only)" {
assert_file_not_exists "$HUB_DIR/parsers/s02-enrich/crowdsecurity/whitelists.yaml"
rune -0 cscli parsers install crowdsecurity/whitelists --download-only
latest_whitelists=$(get_latest_version parsers crowdsecurity/whitelists)
assert_output - <<-EOT
Action plan:
📥 download
parsers: crowdsecurity/whitelists ($latest_whitelists)
downloading parsers:crowdsecurity/whitelists
$RELOAD_MESSAGE
@ -157,7 +180,12 @@ teardown() {
refute_stderr
rune -0 cscli parsers install crowdsecurity/whitelists --force
latest_whitelists=$(get_latest_version parsers crowdsecurity/whitelists)
assert_output - <<-EOT
Action plan:
📥 download
parsers: crowdsecurity/whitelists (? -> $latest_whitelists)
downloading parsers:crowdsecurity/whitelists
$RELOAD_MESSAGE
@ -178,10 +206,11 @@ teardown() {
@test "install multiple items (some already installed)" {
rune -0 cscli parsers install crowdsecurity/pgsql-logs
rune -0 cscli parsers install crowdsecurity/pgsql-logs crowdsecurity/postfix-logs --dry-run
assert_output - --regexp <<-EOT
latest_postfix=$(get_latest_version parsers crowdsecurity/postfix-logs)
assert_output - <<-EOT
Action plan:
📥 download
parsers: crowdsecurity/postfix-logs \([0-9]+.[0-9]+\)
parsers: crowdsecurity/postfix-logs ($latest_postfix)
✅ enable
parsers: crowdsecurity/postfix-logs
@ -209,11 +238,18 @@ teardown() {
# error on one item, should still install the others
rune -0 cscli parsers install crowdsecurity/whitelists crowdsecurity/pgsql-logs --ignore
refute_stderr
latest_pgsql=$(get_latest_version parsers crowdsecurity/pgsql-logs)
assert_output - <<-EOT
WARN parsers:crowdsecurity/whitelists is tainted, use '--force' to overwrite
Action plan:
📥 download
parsers: crowdsecurity/pgsql-logs ($latest_pgsql)
✅ enable
parsers: crowdsecurity/pgsql-logs
downloading parsers:crowdsecurity/pgsql-logs
enabling parsers:crowdsecurity/pgsql-logs
$RELOAD_MESSAGE
EOT
rune -0 cscli parsers inspect crowdsecurity/pgsql-logs --no-metrics -o json

20
test/bats/cscli-hubtype-remove.bats
View file

@ -121,8 +121,12 @@ teardown() {
rune -0 cscli parsers remove crowdsecurity/whitelists
assert_output - <<-EOT
Action plan:
❌ disable
parsers: crowdsecurity/whitelists
disabling parsers:crowdsecurity/whitelists
$RELOAD_MESSAGE
EOT
refute_stderr
@ -139,6 +143,12 @@ teardown() {
rune -0 cscli parsers remove crowdsecurity/whitelists --purge
assert_output - <<-EOT
Action plan:
❌ disable
parsers: crowdsecurity/whitelists
🗑 purge (delete source)
parsers: crowdsecurity/whitelists
disabling parsers:crowdsecurity/whitelists
purging parsers:crowdsecurity/whitelists
@ -208,6 +218,10 @@ teardown() {
rune -0 cscli parsers remove crowdsecurity/whitelists --force
assert_output - <<-EOT
Action plan:
❌ disable
parsers: crowdsecurity/whitelists
disabling parsers:crowdsecurity/whitelists
$RELOAD_MESSAGE
@ -229,6 +243,10 @@ teardown() {
rune -0 cscli parsers remove crowdsecurity/sshd-logs --force
assert_output - <<-EOT
Action plan:
❌ disable
parsers: crowdsecurity/sshd-logs
disabling parsers:crowdsecurity/sshd-logs
$RELOAD_MESSAGE

51
test/bats/cscli-hubtype-upgrade.bats
View file

@ -57,6 +57,15 @@ install_v0() {
printf "%s" "v0.0" > "$(jq -r '.local_path' <(cscli "$hubtype" inspect "$item_name" --no-metrics -o json))"
}
get_latest_version() {
local hubtype=$1
shift
local item_name=$1
shift
cscli "$hubtype" inspect "$item_name" -o json | jq -r '.version'
}
#----------
@test "cscli <hubtype> upgrade (no argument)" {
@ -78,9 +87,15 @@ install_v0() {
@test "upgrade an item (non installed)" {
rune -0 cscli parsers upgrade crowdsecurity/whitelists
latest_whitelists=$(get_latest_version parsers crowdsecurity/whitelists)
assert_output - <<-EOT
Action plan:
📥 download
parsers: crowdsecurity/whitelists ($latest_whitelists)
downloading parsers:crowdsecurity/whitelists
$RELOAD_MESSAGE
EOT
refute_stderr
@ -115,15 +130,6 @@ install_v0() {
refute_stderr
}
get_latest_version() {
local hubtype=$1
shift
local item_name=$1
shift
cscli "$hubtype" inspect "$item_name" -o json | jq -r '.version'
}
@test "upgrade an item" {
hub_inject_v0
install_v0 parsers crowdsecurity/whitelists
@ -132,9 +138,14 @@ get_latest_version() {
rune -0 jq -e '.local_version=="0.0"' <(output)
rune -0 cscli parsers upgrade crowdsecurity/whitelists
latest_whitelists=$(get_latest_version parsers crowdsecurity/whitelists)
assert_output - <<-EOT
Action plan:
📥 download
parsers: crowdsecurity/whitelists (0.0 -> $latest_whitelists)
downloading parsers:crowdsecurity/whitelists
$RELOAD_MESSAGE
EOT
refute_stderr
@ -168,8 +179,12 @@ get_latest_version() {
rune -0 cscli parsers upgrade crowdsecurity/whitelists --force
assert_output - <<-EOT
Action plan:
📥 download
parsers: crowdsecurity/whitelists (? -> 0.2)
downloading parsers:crowdsecurity/whitelists
$RELOAD_MESSAGE
EOT
refute_stderr
@ -202,7 +217,13 @@ get_latest_version() {
refute_stderr
rune -0 cscli parsers upgrade crowdsecurity/whitelists crowdsecurity/sshd-logs
latest_sshd=$(get_latest_version parsers crowdsecurity/sshd-logs)
latest_whitelists=$(get_latest_version parsers crowdsecurity/whitelists)
assert_output - <<-EOT
Action plan:
📥 download
parsers: crowdsecurity/sshd-logs (0.0 -> $latest_sshd), crowdsecurity/whitelists (0.0 -> $latest_whitelists)
downloading parsers:crowdsecurity/whitelists
downloading parsers:crowdsecurity/sshd-logs
@ -226,10 +247,14 @@ get_latest_version() {
rune -0 cscli parsers upgrade --all
assert_output - <<-EOT
Action plan:
📥 download
parsers: crowdsecurity/sshd-logs (0.0 -> 2.9), crowdsecurity/whitelists (0.0 -> 0.2), crowdsecurity/windows-auth (0.0 -> 0.2)
downloading parsers:crowdsecurity/sshd-logs
downloading parsers:crowdsecurity/whitelists
downloading parsers:crowdsecurity/windows-auth
$RELOAD_MESSAGE
EOT
refute_stderr

9
test/bats/hub-index.bats
View file

@ -215,6 +215,15 @@ teardown() {
rune -0 cscli hub list -o raw
rune -0 cscli collections upgrade author/coll1
assert_output - <<-EOT
Action plan:
📥 download
collections: author/coll1 (0.0 -> 0.1)
parsers: author/pars2 (0.0)
✅ enable
parsers: author/pars2
❌ disable
parsers: author/pars1
downloading parsers:author/pars2
enabling parsers:author/pars2
disabling parsers:author/pars1