From 3921c3f480e7340bdcb6ae4aeb8d458a33b207f7 Mon Sep 17 00:00:00 2001 From: mmetc <92726601+mmetc@users.noreply.github.com> Date: Wed, 31 Jan 2024 12:07:27 +0100 Subject: [PATCH] CI: rename workflows, improve docker build and tests (#2798) --- .github/workflows/bats-hub.yml | 4 +- .github/workflows/bats-mysql.yml | 4 +- .github/workflows/bats-postgres.yml | 4 +- .github/workflows/bats-sqlite-coverage.yml | 4 +- .github/workflows/docker-tests.yml | 46 ++---- .github/workflows/publish-docker-master.yml | 6 +- .github/workflows/publish-docker-release.yml | 14 +- .github/workflows/publish-docker.yml | 2 +- .github/workflows/update_docker_hub_doc.yml | 2 +- Dockerfile | 17 +-- Dockerfile.debian | 17 +-- docker/README.md | 1 + docker/docker_start.sh | 6 +- docker/test/Pipfile | 2 +- docker/test/Pipfile.lock | 142 ++++++++++--------- docker/test/tests/test_tls.py | 10 +- 16 files changed, 137 insertions(+), 144 deletions(-) diff --git a/.github/workflows/bats-hub.yml b/.github/workflows/bats-hub.yml index aa29f1e1f..fe45210ae 100644 --- a/.github/workflows/bats-hub.yml +++ b/.github/workflows/bats-hub.yml @@ -1,4 +1,4 @@ -name: Hub tests +name: (sub) Bats / Hub on: workflow_call: @@ -17,7 +17,7 @@ jobs: matrix: test-file: ["hub-1.bats", "hub-2.bats", "hub-3.bats"] - name: "Build + tests" + name: "Functional tests" runs-on: ubuntu-latest timeout-minutes: 30 steps: diff --git a/.github/workflows/bats-mysql.yml b/.github/workflows/bats-mysql.yml index 7daab04a8..902c25ba3 100644 --- a/.github/workflows/bats-mysql.yml +++ b/.github/workflows/bats-mysql.yml @@ -1,4 +1,4 @@ -name: Functional tests (MySQL) +name: (sub) Bats / MySQL on: workflow_call: @@ -12,7 +12,7 @@ env: jobs: build: - name: "Build + tests" + name: "Functional tests" runs-on: ubuntu-latest timeout-minutes: 30 services: diff --git a/.github/workflows/bats-postgres.yml b/.github/workflows/bats-postgres.yml index 14fe2939c..e15f1e410 100644 --- a/.github/workflows/bats-postgres.yml +++ b/.github/workflows/bats-postgres.yml @@ -1,4 +1,4 @@ -name: Functional tests (Postgres) +name: (sub) Bats / Postgres on: workflow_call: @@ -8,7 +8,7 @@ env: jobs: build: - name: "Build + tests" + name: "Functional tests" runs-on: ubuntu-latest timeout-minutes: 30 services: diff --git a/.github/workflows/bats-sqlite-coverage.yml b/.github/workflows/bats-sqlite-coverage.yml index 309e4d6b3..36194555e 100644 --- a/.github/workflows/bats-sqlite-coverage.yml +++ b/.github/workflows/bats-sqlite-coverage.yml @@ -1,4 +1,4 @@ -name: Functional tests (sqlite) +name: (sub) Bats / sqlite + coverage on: workflow_call: @@ -9,7 +9,7 @@ env: jobs: build: - name: "Build + tests" + name: "Functional tests" runs-on: ubuntu-latest timeout-minutes: 20 diff --git a/.github/workflows/docker-tests.yml b/.github/workflows/docker-tests.yml index fdf2b1a52..7bc63de01 100644 --- a/.github/workflows/docker-tests.yml +++ b/.github/workflows/docker-tests.yml @@ -15,7 +15,14 @@ on: - 'README.md' jobs: - test_docker_image: + test_flavor: + strategy: + # we could test all the flavors in a single pytest job, + # but let's split them (and the image build) in multiple runners for performance + matrix: + # can be slim, full or debian (no debian slim). + flavor: ["slim", "debian"] + runs-on: ubuntu-latest timeout-minutes: 30 steps: @@ -30,37 +37,13 @@ jobs: with: config: .github/buildkit.toml - - name: "Build flavor: slim" + - name: "Build image" uses: docker/build-push-action@v5 with: context: . - file: ./Dockerfile - tags: crowdsecurity/crowdsec:test-slim - target: slim - platforms: linux/amd64 - load: true - cache-from: type=gha - cache-to: type=gha,mode=min - - - name: "Build flavor: full" - uses: docker/build-push-action@v5 - with: - context: . - file: ./Dockerfile - tags: crowdsecurity/crowdsec:test - target: full - platforms: linux/amd64 - load: true - cache-from: type=gha - cache-to: type=gha,mode=min - - - name: "Build flavor: full (debian)" - uses: docker/build-push-action@v5 - with: - context: . - file: ./Dockerfile.debian - tags: crowdsecurity/crowdsec:test-debian - target: full + file: ./Dockerfile${{ matrix.flavor == 'debian' && '.debian' || '' }} + tags: crowdsecurity/crowdsec:test${{ matrix.flavor == 'full' && '' || '-' }}${{ matrix.flavor == 'full' && '' || matrix.flavor }} + target: ${{ matrix.flavor == 'debian' && 'full' || matrix.flavor }} platforms: linux/amd64 load: true cache-from: type=gha @@ -95,9 +78,10 @@ jobs: - name: "Run tests" env: CROWDSEC_TEST_VERSION: test - CROWDSEC_TEST_FLAVORS: slim,debian + CROWDSEC_TEST_FLAVORS: ${{ matrix.flavor }} CROWDSEC_TEST_NETWORK: net-test CROWDSEC_TEST_TIMEOUT: 90 + # running serially to reduce test flakiness run: | cd docker/test - pipenv run pytest -n 2 --durations=0 --color=yes + pipenv run pytest -n 1 --durations=0 --color=yes diff --git a/.github/workflows/publish-docker-master.yml b/.github/workflows/publish-docker-master.yml index e6f9cebf7..e8bfb10dd 100644 --- a/.github/workflows/publish-docker-master.yml +++ b/.github/workflows/publish-docker-master.yml @@ -1,4 +1,4 @@ -name: Publish Docker image on Push to Master +name: (push-master) Publish latest Docker images on: push: @@ -6,10 +6,10 @@ on: paths: - 'pkg/**' - 'cmd/**' - - 'plugins/**' + - 'mk/**' - 'docker/docker_start.sh' - 'docker/config.yaml' - - '.github/workflows/publish_docker-master.yml' + - '.github/workflows/publish-docker-master.yml' - '.github/workflows/publish-docker.yml' - 'Dockerfile' - 'Dockerfile.debian' diff --git a/.github/workflows/publish-docker-release.yml b/.github/workflows/publish-docker-release.yml index 648b08ce9..5ec2d0e14 100644 --- a/.github/workflows/publish-docker-release.yml +++ b/.github/workflows/publish-docker-release.yml @@ -1,4 +1,4 @@ -name: Publish Docker images +name: (manual) Publish Docker images on: workflow_dispatch: @@ -20,37 +20,29 @@ on: jobs: alpine: - strategy: - matrix: - platform: ["linux/amd64", "linux/386", "linux/arm64", "linux/arm/v7", "linux/arm/v6"] - uses: ./.github/workflows/publish-docker.yml secrets: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} with: - platform: ${{ matrix.platform }} image_version: ${{ github.event.inputs.image_version }} crowdsec_version: ${{ github.event.inputs.crowdsec_version }} latest: ${{ github.event.inputs.latest == 'true' }} push: ${{ github.event.inputs.push == 'true' }} slim: true debian: false + platform: "linux/amd64,linux/386,linux/arm64,linux/arm/v7,linux/arm/v6" debian: - strategy: - matrix: - platform: ["linux/amd64", "linux/386", "linux/arm64"] - uses: ./.github/workflows/publish-docker.yml secrets: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} with: - platform: ${{ matrix.platform }} image_version: ${{ github.event.inputs.image_version }} crowdsec_version: ${{ github.event.inputs.crowdsec_version }} latest: ${{ github.event.inputs.latest == 'true' }} push: ${{ github.event.inputs.push == 'true' }} slim: false debian: true + platform: "linux/amd64,linux/386,linux/arm64" diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml index 99218f588..005db0cc9 100644 --- a/.github/workflows/publish-docker.yml +++ b/.github/workflows/publish-docker.yml @@ -1,4 +1,4 @@ -name: Publish Docker image / platform +name: (sub) Publish Docker images on: workflow_call: diff --git a/.github/workflows/update_docker_hub_doc.yml b/.github/workflows/update_docker_hub_doc.yml index 1803802b6..5c5f76acc 100644 --- a/.github/workflows/update_docker_hub_doc.yml +++ b/.github/workflows/update_docker_hub_doc.yml @@ -1,4 +1,4 @@ -name: Update Docker Hub README +name: (push-master) Update Docker Hub README on: push: diff --git a/Dockerfile b/Dockerfile index 0409f6e7c..2369c09df 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,10 +39,8 @@ RUN apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/co mkdir -p /staging/var/lib/crowdsec && \ mkdir -p /var/lib/crowdsec/data -COPY --from=build /go/bin/yq /usr/local/bin/yq +COPY --from=build /go/bin/yq /usr/local/bin/crowdsec /usr/local/bin/cscli /usr/local/bin/ COPY --from=build /etc/crowdsec /staging/etc/crowdsec -COPY --from=build /usr/local/bin/crowdsec /usr/local/bin/crowdsec -COPY --from=build /usr/local/bin/cscli /usr/local/bin/cscli COPY --from=build /go/src/crowdsec/docker/docker_start.sh / COPY --from=build /go/src/crowdsec/docker/config.yaml /staging/etc/crowdsec/config.yaml RUN yq -n '.url="http://0.0.0.0:8080"' | install -m 0600 /dev/stdin /staging/etc/crowdsec/local_api_credentials.yaml @@ -53,11 +51,14 @@ FROM slim as plugins # Due to the wizard using cp -n, we have to copy the config files directly from the source as -n does not exist in busybox cp # The files are here for reference, as users will need to mount a new version to be actually able to use notifications -COPY --from=build /go/src/crowdsec/cmd/notification-email/email.yaml /staging/etc/crowdsec/notifications/email.yaml -COPY --from=build /go/src/crowdsec/cmd/notification-http/http.yaml /staging/etc/crowdsec/notifications/http.yaml -COPY --from=build /go/src/crowdsec/cmd/notification-slack/slack.yaml /staging/etc/crowdsec/notifications/slack.yaml -COPY --from=build /go/src/crowdsec/cmd/notification-splunk/splunk.yaml /staging/etc/crowdsec/notifications/splunk.yaml -COPY --from=build /go/src/crowdsec/cmd/notification-sentinel/sentinel.yaml /staging/etc/crowdsec/notifications/sentinel.yaml +COPY --from=build \ + /go/src/crowdsec/cmd/notification-email/email.yaml \ + /go/src/crowdsec/cmd/notification-http/http.yaml \ + /go/src/crowdsec/cmd/notification-slack/slack.yaml \ + /go/src/crowdsec/cmd/notification-splunk/splunk.yaml \ + /go/src/crowdsec/cmd/notification-sentinel/sentinel.yaml \ + /staging/etc/crowdsec/notifications/ + COPY --from=build /usr/local/lib/crowdsec/plugins /usr/local/lib/crowdsec/plugins FROM slim as geoip diff --git a/Dockerfile.debian b/Dockerfile.debian index ef9d905ac..ba0cd20fb 100644 --- a/Dockerfile.debian +++ b/Dockerfile.debian @@ -55,10 +55,8 @@ RUN apt-get update && \ mkdir -p /staging/var/lib/crowdsec && \ mkdir -p /var/lib/crowdsec/data -COPY --from=build /go/bin/yq /usr/local/bin/yq +COPY --from=build /go/bin/yq /usr/local/bin/crowdsec /usr/local/bin/cscli /usr/local/bin/ COPY --from=build /etc/crowdsec /staging/etc/crowdsec -COPY --from=build /usr/local/bin/crowdsec /usr/local/bin/crowdsec -COPY --from=build /usr/local/bin/cscli /usr/local/bin/cscli COPY --from=build /go/src/crowdsec/docker/docker_start.sh / COPY --from=build /go/src/crowdsec/docker/config.yaml /staging/etc/crowdsec/config.yaml RUN yq -n '.url="http://0.0.0.0:8080"' | install -m 0600 /dev/stdin /staging/etc/crowdsec/local_api_credentials.yaml && \ @@ -70,11 +68,14 @@ FROM slim as plugins # Due to the wizard using cp -n, we have to copy the config files directly from the source as -n does not exist in busybox cp # The files are here for reference, as users will need to mount a new version to be actually able to use notifications -COPY --from=build /go/src/crowdsec/cmd/notification-email/email.yaml /staging/etc/crowdsec/notifications/email.yaml -COPY --from=build /go/src/crowdsec/cmd/notification-http/http.yaml /staging/etc/crowdsec/notifications/http.yaml -COPY --from=build /go/src/crowdsec/cmd/notification-slack/slack.yaml /staging/etc/crowdsec/notifications/slack.yaml -COPY --from=build /go/src/crowdsec/cmd/notification-splunk/splunk.yaml /staging/etc/crowdsec/notifications/splunk.yaml -COPY --from=build /go/src/crowdsec/cmd/notification-sentinel/sentinel.yaml /staging/etc/crowdsec/notifications/sentinel.yaml +COPY --from=build \ + /go/src/crowdsec/cmd/notification-email/email.yaml \ + /go/src/crowdsec/cmd/notification-http/http.yaml \ + /go/src/crowdsec/cmd/notification-slack/slack.yaml \ + /go/src/crowdsec/cmd/notification-splunk/splunk.yaml \ + /go/src/crowdsec/cmd/notification-sentinel/sentinel.yaml \ + /staging/etc/crowdsec/notifications/ + COPY --from=build /usr/local/lib/crowdsec/plugins /usr/local/lib/crowdsec/plugins FROM slim as geoip diff --git a/docker/README.md b/docker/README.md index 928ed39a7..5e39838a1 100644 --- a/docker/README.md +++ b/docker/README.md @@ -316,6 +316,7 @@ config.yaml) each time the container is run. | `BOUNCERS_ALLOWED_OU` | bouncer-ou | OU values allowed for bouncers, separated by comma | | | | | | __Hub management__ | | | +| `NO_HUB_UPGRADE` | false | Skip hub update / upgrade when the container starts | | `COLLECTIONS` | | Collections to install, separated by space: `-e COLLECTIONS="crowdsecurity/linux crowdsecurity/apache2"` | | `PARSERS` | | Parsers to install, separated by space | | `SCENARIOS` | | Scenarios to install, separated by space | diff --git a/docker/docker_start.sh b/docker/docker_start.sh index 5393feeb8..dd96184cc 100755 --- a/docker/docker_start.sh +++ b/docker/docker_start.sh @@ -303,8 +303,12 @@ fi conf_set_if "$PLUGIN_DIR" '.config_paths.plugin_dir = strenv(PLUGIN_DIR)' ## Install hub items + cscli hub update || true -cscli hub upgrade || true + +if isfalse "$NO_HUB_UPGRADE"; then + cscli hub upgrade || true +fi cscli_if_clean parsers install crowdsecurity/docker-logs cscli_if_clean parsers install crowdsecurity/cri-logs diff --git a/docker/test/Pipfile b/docker/test/Pipfile index d5249ac32..c57ccb628 100644 --- a/docker/test/Pipfile +++ b/docker/test/Pipfile @@ -1,7 +1,7 @@ [packages] pytest-dotenv = "0.5.2" pytest-xdist = "3.5.0" -pytest-cs = {ref = "0.7.18", git = "https://github.com/crowdsecurity/pytest-cs.git"} +pytest-cs = {ref = "0.7.19", git = "https://github.com/crowdsecurity/pytest-cs.git"} [dev-packages] gnureadline = "8.1.2" diff --git a/docker/test/Pipfile.lock b/docker/test/Pipfile.lock index a1ecd3ce7..75437876b 100644 --- a/docker/test/Pipfile.lock +++ b/docker/test/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "575cb97d0b7fb66caf843191b843724307f7bc39c3c160f22330ba38ee055c80" + "sha256": "b5d25a7199d15a900b285be1af97cf7b7083c6637d631ad777b454471c8319fe" }, "pipfile-spec": 6, "requires": { @@ -79,7 +79,7 @@ "sha256:fa3a0128b152627161ce47201262d3140edb5a5c3da88d73a1b790a959126956", "sha256:fcc8eb6d5902bb1cf6dc4f187ee3ea80a1eba0a89aba40a5cb20a5087d961357" ], - "markers": "python_version >= '3.8'", + "markers": "platform_python_implementation != 'PyPy'", "version": "==1.16.0" }, "charset-normalizer": { @@ -180,32 +180,41 @@ }, "cryptography": { "hashes": [ - "sha256:079b85658ea2f59c4f43b70f8119a52414cdb7be34da5d019a77bf96d473b960", - "sha256:09616eeaef406f99046553b8a40fbf8b1e70795a91885ba4c96a70793de5504a", - "sha256:13f93ce9bea8016c253b34afc6bd6a75993e5c40672ed5405a9c832f0d4a00bc", - "sha256:37a138589b12069efb424220bf78eac59ca68b95696fc622b6ccc1c0a197204a", - "sha256:3c78451b78313fa81607fa1b3f1ae0a5ddd8014c38a02d9db0616133987b9cdf", - "sha256:43f2552a2378b44869fe8827aa19e69512e3245a219104438692385b0ee119d1", - "sha256:48a0476626da912a44cc078f9893f292f0b3e4c739caf289268168d8f4702a39", - "sha256:49f0805fc0b2ac8d4882dd52f4a3b935b210935d500b6b805f321addc8177406", - "sha256:5429ec739a29df2e29e15d082f1d9ad683701f0ec7709ca479b3ff2708dae65a", - "sha256:5a1b41bc97f1ad230a41657d9155113c7521953869ae57ac39ac7f1bb471469a", - "sha256:68a2dec79deebc5d26d617bfdf6e8aab065a4f34934b22d3b5010df3ba36612c", - "sha256:7a698cb1dac82c35fcf8fe3417a3aaba97de16a01ac914b89a0889d364d2f6be", - "sha256:841df4caa01008bad253bce2a6f7b47f86dc9f08df4b433c404def869f590a15", - "sha256:90452ba79b8788fa380dfb587cca692976ef4e757b194b093d845e8d99f612f2", - "sha256:928258ba5d6f8ae644e764d0f996d61a8777559f72dfeb2eea7e2fe0ad6e782d", - "sha256:af03b32695b24d85a75d40e1ba39ffe7db7ffcb099fe507b39fd41a565f1b157", - "sha256:b640981bf64a3e978a56167594a0e97db71c89a479da8e175d8bb5be5178c003", - "sha256:c5ca78485a255e03c32b513f8c2bc39fedb7f5c5f8535545bdc223a03b24f248", - "sha256:c7f3201ec47d5207841402594f1d7950879ef890c0c495052fa62f58283fde1a", - "sha256:d5ec85080cce7b0513cfd233914eb8b7bbd0633f1d1703aa28d1dd5a72f678ec", - "sha256:d6c391c021ab1f7a82da5d8d0b3cee2f4b2c455ec86c8aebbc84837a631ff309", - "sha256:e3114da6d7f95d2dee7d3f4eec16dacff819740bbab931aff8648cb13c5ff5e7", - "sha256:f983596065a18a2183e7f79ab3fd4c475205b839e02cbc0efbbf9666c4b3083d" + "sha256:087887e55e0b9c8724cf05361357875adb5c20dec27e5816b653492980d20380", + "sha256:09a77e5b2e8ca732a19a90c5bca2d124621a1edb5438c5daa2d2738bfeb02589", + "sha256:130c0f77022b2b9c99d8cebcdd834d81705f61c68e91ddd614ce74c657f8b3ea", + "sha256:141e2aa5ba100d3788c0ad7919b288f89d1fe015878b9659b307c9ef867d3a65", + "sha256:28cb2c41f131a5758d6ba6a0504150d644054fd9f3203a1e8e8d7ac3aea7f73a", + "sha256:2f9f14185962e6a04ab32d1abe34eae8a9001569ee4edb64d2304bf0d65c53f3", + "sha256:320948ab49883557a256eab46149df79435a22d2fefd6a66fe6946f1b9d9d008", + "sha256:36d4b7c4be6411f58f60d9ce555a73df8406d484ba12a63549c88bd64f7967f1", + "sha256:3b15c678f27d66d247132cbf13df2f75255627bcc9b6a570f7d2fd08e8c081d2", + "sha256:3dbd37e14ce795b4af61b89b037d4bc157f2cb23e676fa16932185a04dfbf635", + "sha256:4383b47f45b14459cab66048d384614019965ba6c1a1a141f11b5a551cace1b2", + "sha256:44c95c0e96b3cb628e8452ec060413a49002a247b2b9938989e23a2c8291fc90", + "sha256:4b063d3413f853e056161eb0c7724822a9740ad3caa24b8424d776cebf98e7ee", + "sha256:52ed9ebf8ac602385126c9a2fe951db36f2cb0c2538d22971487f89d0de4065a", + "sha256:55d1580e2d7e17f45d19d3b12098e352f3a37fe86d380bf45846ef257054b242", + "sha256:5ef9bc3d046ce83c4bbf4c25e1e0547b9c441c01d30922d812e887dc5f125c12", + "sha256:5fa82a26f92871eca593b53359c12ad7949772462f887c35edaf36f87953c0e2", + "sha256:61321672b3ac7aade25c40449ccedbc6db72c7f5f0fdf34def5e2f8b51ca530d", + "sha256:701171f825dcab90969596ce2af253143b93b08f1a716d4b2a9d2db5084ef7be", + "sha256:841ec8af7a8491ac76ec5a9522226e287187a3107e12b7d686ad354bb78facee", + "sha256:8a06641fb07d4e8f6c7dda4fc3f8871d327803ab6542e33831c7ccfdcb4d0ad6", + "sha256:8e88bb9eafbf6a4014d55fb222e7360eef53e613215085e65a13290577394529", + "sha256:a00aee5d1b6c20620161984f8ab2ab69134466c51f58c052c11b076715e72929", + "sha256:a047682d324ba56e61b7ea7c7299d51e61fd3bca7dad2ccc39b72bd0118d60a1", + "sha256:a7ef8dd0bf2e1d0a27042b231a3baac6883cdd5557036f5e8df7139255feaac6", + "sha256:ad28cff53f60d99a928dfcf1e861e0b2ceb2bc1f08a074fdd601b314e1cc9e0a", + "sha256:b9097a208875fc7bbeb1286d0125d90bdfed961f61f214d3f5be62cd4ed8a446", + "sha256:b97fe7d7991c25e6a31e5d5e795986b18fbbb3107b873d5f3ae6dc9a103278e9", + "sha256:e0ec52ba3c7f1b7d813cd52649a5b3ef1fc0d433219dc8c93827c57eab6cf888", + "sha256:ea2c3ffb662fec8bbbfce5602e2c159ff097a4631d96235fcf0fb00e59e3ece4", + "sha256:fa3dec4ba8fb6e662770b74f62f1a0c7d4e37e25b58b2bf2c1be4c95372b4a33", + "sha256:fbeb725c9dc799a574518109336acccaf1303c30d45c075c665c0793c2f79a7f" ], "markers": "python_version >= '3.7'", - "version": "==41.0.7" + "version": "==42.0.2" }, "docker": { "hashes": [ @@ -249,33 +258,33 @@ }, "pluggy": { "hashes": [ - "sha256:cf61ae8f126ac6f7c451172cf30e3e43d3ca77615509771b3a984a0730651e12", - "sha256:d89c696a773f8bd377d18e5ecda92b7a3793cbe66c87060a6fb58c7b6e1061f7" + "sha256:7db9f7b503d67d1c5b95f59773ebb58a8c1c288129a88665838012cfb07b8981", + "sha256:8c85c2876142a764e5b7548e7d9a0e0ddb46f5185161049a79b7e974454223be" ], "markers": "python_version >= '3.8'", - "version": "==1.3.0" + "version": "==1.4.0" }, "psutil": { "hashes": [ - "sha256:032f4f2c909818c86cea4fe2cc407f1c0f0cde8e6c6d702b28b8ce0c0d143340", - "sha256:0bd41bf2d1463dfa535942b2a8f0e958acf6607ac0be52265ab31f7923bcd5e6", - "sha256:1132704b876e58d277168cd729d64750633d5ff0183acf5b3c986b8466cd0284", - "sha256:1d4bc4a0148fdd7fd8f38e0498639ae128e64538faa507df25a20f8f7fb2341c", - "sha256:3c4747a3e2ead1589e647e64aad601981f01b68f9398ddf94d01e3dc0d1e57c7", - "sha256:3f02134e82cfb5d089fddf20bb2e03fd5cd52395321d1c8458a9e58500ff417c", - "sha256:44969859757f4d8f2a9bd5b76eba8c3099a2c8cf3992ff62144061e39ba8568e", - "sha256:4c03362e280d06bbbfcd52f29acd79c733e0af33d707c54255d21029b8b32ba6", - "sha256:5794944462509e49d4d458f4dbfb92c47539e7d8d15c796f141f474010084056", - "sha256:b27f8fdb190c8c03914f908a4555159327d7481dac2f01008d483137ef3311a9", - "sha256:c727ca5a9b2dd5193b8644b9f0c883d54f1248310023b5ad3e92036c5e2ada68", - "sha256:e469990e28f1ad738f65a42dcfc17adaed9d0f325d55047593cb9033a0ab63df", - "sha256:ea36cc62e69a13ec52b2f625c27527f6e4479bca2b340b7a452af55b34fcbe2e", - "sha256:f37f87e4d73b79e6c5e749440c3113b81d1ee7d26f21c19c47371ddea834f414", - "sha256:fe361f743cb3389b8efda21980d93eb55c1f1e3898269bc9a2a1d0bb7b1f6508", - "sha256:fe8b7f07948f1304497ce4f4684881250cd859b16d06a1dc4d7941eeb6233bfe" + "sha256:02615ed8c5ea222323408ceba16c60e99c3f91639b07da6373fb7e6539abc56d", + "sha256:05806de88103b25903dff19bb6692bd2e714ccf9e668d050d144012055cbca73", + "sha256:26bd09967ae00920df88e0352a91cff1a78f8d69b3ecabbfe733610c0af486c8", + "sha256:27cc40c3493bb10de1be4b3f07cae4c010ce715290a5be22b98493509c6299e2", + "sha256:36f435891adb138ed3c9e58c6af3e2e6ca9ac2f365efe1f9cfef2794e6c93b4e", + "sha256:50187900d73c1381ba1454cf40308c2bf6f34268518b3f36a9b663ca87e65e36", + "sha256:611052c4bc70432ec770d5d54f64206aa7203a101ec273a0cd82418c86503bb7", + "sha256:6be126e3225486dff286a8fb9a06246a5253f4c7c53b475ea5f5ac934e64194c", + "sha256:7d79560ad97af658a0f6adfef8b834b53f64746d45b403f225b85c5c2c140eee", + "sha256:8cb6403ce6d8e047495a701dc7c5bd788add903f8986d523e3e20b98b733e421", + "sha256:8db4c1b57507eef143a15a6884ca10f7c73876cdf5d51e713151c1236a0e68cf", + "sha256:aee678c8720623dc456fa20659af736241f575d79429a0e5e9cf88ae0605cc81", + "sha256:bc56c2a1b0d15aa3eaa5a60c9f3f8e3e565303b465dbf57a1b730e7a2b9844e0", + "sha256:bd1184ceb3f87651a67b2708d4c3338e9b10c5df903f2e3776b62303b26cb631", + "sha256:d06016f7f8625a1825ba3732081d77c94589dca78b7a3fc072194851e88461a4", + "sha256:d16bbddf0693323b8c6123dd804100241da461e41d6e332fb0ba6058f630f8c8" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", - "version": "==5.9.7" + "version": "==5.9.8" }, "pycparser": { "hashes": [ @@ -286,15 +295,15 @@ }, "pytest": { "hashes": [ - "sha256:0d009c083ea859a71b76adf7c1d502e4bc170b80a8ef002da5806527b9591fac", - "sha256:d989d136982de4e3b29dabcc838ad581c64e8ed52c11fbe86ddebd9da0818cd5" + "sha256:249b1b0864530ba251b7438274c4d251c58d868edaaec8762893ad4a0d71c36c", + "sha256:50fb9cbe836c3f20f0dfa99c565201fb75dc54c8d76373cd1bde06b06657bdb6" ], - "markers": "python_version >= '3.7'", - "version": "==7.4.3" + "markers": "python_version >= '3.8'", + "version": "==8.0.0" }, "pytest-cs": { "git": "https://github.com/crowdsecurity/pytest-cs.git", - "ref": "df835beabc539be7f7f627b21caa0d6ad333daae" + "ref": "aea7e8549faa32f5e1d1f17755a5db3712396a2a" }, "pytest-datadir": { "hashes": [ @@ -322,11 +331,11 @@ }, "python-dotenv": { "hashes": [ - "sha256:a8df96034aae6d2d50a4ebe8216326c61c3eb64836776504fcca410e5937a3ba", - "sha256:f5971a9226b701070a4bf2c38c89e5a3f0d64de8debda981d1db98583009122a" + "sha256:e324ee90a023d808f1959c46bcbc04446a10ced277783dc6ee09987c37ec10ca", + "sha256:f7b63ef50f1b690dddf550d03497b66d609393b40b564ed0d674909a68ebf16a" ], "markers": "python_version >= '3.8'", - "version": "==1.0.0" + "version": "==1.0.1" }, "pyyaml": { "hashes": [ @@ -359,6 +368,7 @@ "sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4", "sha256:9046c58c4395dff28dd494285c82ba00b546adfc7ef001486fbf0324bc174fba", "sha256:9eb6caa9a297fc2c2fb8862bc5370d0303ddba53ba97e71f08023b6cd73d16a8", + "sha256:a08c6f0fe150303c1c6b71ebcd7213c2858041a7e01975da3a99aed1e7a378ef", "sha256:a0cd17c15d3bb3fa06978b4e8958dcdc6e0174ccea823003a106c7d4d7899ac5", "sha256:afd7e57eddb1a54f0f1a974bc4391af8bcce0b444685d936840f125cf046d5bd", "sha256:b1275ad35a5d18c62a7220633c913e1b42d44b46ee12554e5fd39c70a243d6a3", @@ -402,11 +412,11 @@ }, "urllib3": { "hashes": [ - "sha256:55901e917a5896a349ff771be919f8bd99aff50b79fe58fec595eb37bbc56bb3", - "sha256:df7aa8afb0148fa78488e7899b2c59b5f4ffcfa82e6c54ccb9dd37c1d7b52d54" + "sha256:051d961ad0c62a94e50ecf1af379c3aba230c66c710493493560c0c223c49f20", + "sha256:ce3711610ddce217e6d113a2732fafad960a03fd0318c91faa79481e35c11224" ], "markers": "python_version >= '3.8'", - "version": "==2.1.0" + "version": "==2.2.0" } }, "develop": { @@ -476,11 +486,11 @@ }, "ipython": { "hashes": [ - "sha256:ca6f079bb33457c66e233e4580ebfc4128855b4cf6370dddd73842a9563e8a27", - "sha256:e8267419d72d81955ec1177f8a29aaa90ac80ad647499201119e2f05e99aa397" + "sha256:1050a3ab8473488d7eee163796b02e511d0735cf43a04ba2a8348bd0f2eaf8a5", + "sha256:48fbc236fbe0e138b88773fa0437751f14c3645fb483f1d4c5dee58b37e5ce73" ], "markers": "python_version >= '3.11'", - "version": "==8.18.1" + "version": "==8.21.0" }, "jedi": { "hashes": [ @@ -561,18 +571,18 @@ }, "traitlets": { "hashes": [ - "sha256:f14949d23829023013c47df20b4a76ccd1a85effb786dc060f34de7948361b33", - "sha256:fcdaa8ac49c04dfa0ed3ee3384ef6dfdb5d6f3741502be247279407679296772" + "sha256:2e5a030e6eff91737c643231bfcf04a65b0132078dad75e4936700b213652e74", + "sha256:8585105b371a04b8316a43d5ce29c098575c2e477850b62b848b964f1444527e" ], "markers": "python_version >= '3.8'", - "version": "==5.14.0" + "version": "==5.14.1" }, "wcwidth": { "hashes": [ - "sha256:f01c104efdf57971bcb756f054dd58ddec5204dd15fa31d6503ea57947d97c02", - "sha256:f26ec43d96c8cbfed76a5075dac87680124fa84e0855195a6184da9c187f133c" + "sha256:3da69048e4540d84af32131829ff948f1e022c1c6bdb8d6102117aac784f6859", + "sha256:72ea0c06399eb286d978fdedb6923a9eb47e1c486ce63e9b4e64fc18303972b5" ], - "version": "==0.2.12" + "version": "==0.2.13" } } } diff --git a/docker/test/tests/test_tls.py b/docker/test/tests/test_tls.py index f12b2ff1b..591afe0d3 100644 --- a/docker/test/tests/test_tls.py +++ b/docker/test/tests/test_tls.py @@ -241,7 +241,7 @@ def test_tls_mutual_split_lapi_agent(crowdsec, flavor, certs_dir): assert "You can successfully interact with Local API (LAPI)" in stdout -def test_tls_client_ou(crowdsec, certs_dir): +def test_tls_client_ou(crowdsec, flavor, certs_dir): """Check behavior of client certificate vs AGENTS_ALLOWED_OU""" rand = uuid.uuid1() @@ -270,8 +270,8 @@ def test_tls_client_ou(crowdsec, certs_dir): certs_dir(lapi_hostname=lapiname, agent_ou='custom-client-ou'): {'bind': '/etc/ssl/crowdsec', 'mode': 'ro'}, } - cs_lapi = crowdsec(name=lapiname, environment=lapi_env, volumes=volumes) - cs_agent = crowdsec(name=agentname, environment=agent_env, volumes=volumes) + cs_lapi = crowdsec(flavor=flavor, name=lapiname, environment=lapi_env, volumes=volumes) + cs_agent = crowdsec(flavor=flavor, name=agentname, environment=agent_env, volumes=volumes) with cs_lapi as lapi: lapi.wait_for_log([ @@ -300,8 +300,8 @@ def test_tls_client_ou(crowdsec, certs_dir): certs_dir(lapi_hostname=lapiname, agent_ou='custom-client-ou'): {'bind': '/etc/ssl/crowdsec', 'mode': 'ro'}, } - cs_lapi = crowdsec(name=lapiname, environment=lapi_env, volumes=volumes) - cs_agent = crowdsec(name=agentname, environment=agent_env, volumes=volumes) + cs_lapi = crowdsec(flavor=flavor, name=lapiname, environment=lapi_env, volumes=volumes) + cs_agent = crowdsec(flavor=flavor, name=agentname, environment=agent_env, volumes=volumes) with cs_lapi as lapi: lapi.wait_for_log([