func tests: update curl wrapper (#3121)

2025-05-11 04:15:54 +02:00 · 2024-07-10 12:57:16 +02:00 · 2024-07-10 12:57:16 +02:00 · 6f5e970f50
commit 6f5e970f50
parent 31195ddf36
18 changed files with 76 additions and 78 deletions
--- a/test/bats/00_wait_for.bats
+++ b/test/bats/00_wait_for.bats
@ -68,4 +68,3 @@ setup() {
 	2
 	EOT
 }
-
--- a/test/bats/01_crowdsec_lapi.bats
+++ b/test/bats/01_crowdsec_lapi.bats
@ -48,4 +48,3 @@ teardown() {
    rune -0 config_set 'del(.api.server.listen_socket) | .api.server.listen_uri="127.0.0.1:0"'
    rune -0 wait-for --err "CrowdSec Local API listening on 127.0.0.1:" "$CROWDSEC" -no-cs
 }
-
--- a/test/bats/01_cscli.bats
+++ b/test/bats/01_cscli.bats
@ -130,7 +130,6 @@ teardown() {
 	EOT
 }

-
@test "cscli - required configuration paths" {
    config=$(cat "$CONFIG_YAML")
    configdir=$(config_get '.config_paths.config_dir')
--- a/test/bats/07_setup.bats
+++ b/test/bats/07_setup.bats
@ -822,4 +822,3 @@ update-notifier-motd.timer              enabled enabled
    assert_output "while unmarshaling setup file: yaml: line 2: could not find expected ':'"
    assert_stderr --partial "invalid setup file"
 }
-
--- a/test/bats/10_bouncers.bats
+++ b/test/bats/10_bouncers.bats
@ -68,7 +68,7 @@ teardown() {
    assert_output --regexp 'ciTestBouncer.*api-key.*'

    # the first connection sets last_pull and ip address
-    rune -0 lapi-get '/v1/decisions'
+    rune -0 curl-with-key '/v1/decisions'
    rune -0 cscli bouncers list -o json
    rune -0 jq -r '.[] | .ip_address' <(output)
    assert_output 127.0.0.1
--- a/test/bats/11_bouncers_tls.bats
+++ b/test/bats/11_bouncers_tls.bats
@ -146,12 +146,13 @@ teardown() {
 }

@test "simulate a bouncer request with a valid cert" {
-    rune -0 curl -f -s \
+    rune -0 curl --fail-with-body -sS \
        --cert "$tmpdir/leaf.pem" \
        --key "$tmpdir/leaf-key.pem" \
        --cacert "$tmpdir/bundle.pem" \
        https://localhost:8080/v1/decisions\?ip=42.42.42.42
    assert_output "null"
+    refute_stderr
    rune -0 cscli bouncers list -o json
    rune -0 jq '. | length' <(output)
    assert_output '1'
@ -162,22 +163,24 @@ teardown() {
 }

@test "simulate a bouncer request with an invalid cert" {
-    rune -77 curl -f -s \
+    rune -77 curl --fail-with-body -sS \
        --cert "$tmpdir/leaf_invalid.pem" \
        --key "$tmpdir/leaf_invalid-key.pem" \
        --cacert "$tmpdir/root-key.pem" \
        https://localhost:8080/v1/decisions\?ip=42.42.42.42
+    assert_stderr --partial 'error setting certificate file'
    rune -0 cscli bouncers list -o json
    assert_output "[]"
 }

@test "simulate a bouncer request with an invalid OU" {
-    rune -0 curl -s \
+    rune -22 curl --fail-with-body -sS \
        --cert "$tmpdir/leaf_bad_ou.pem" \
        --key "$tmpdir/leaf_bad_ou-key.pem" \
        --cacert "$tmpdir/bundle.pem" \
        https://localhost:8080/v1/decisions\?ip=42.42.42.42
-    assert_json '{message:"access forbidden"}'
+    assert_json '{message: "access forbidden"}'
+    assert_stderr --partial 'error: 403'
    rune -0 cscli bouncers list -o json
    assert_output "[]"
 }
@ -187,13 +190,14 @@ teardown() {
    # we connect twice to test the cache too
    for cert in "leaf_rev1" "leaf_rev2" "leaf_rev1" "leaf_rev2"; do
        truncate_log
-        rune -0 curl -s \
+        rune -22 curl --fail-with-body -sS \
            --cert "$tmpdir/$cert.pem" \
            --key "$tmpdir/$cert-key.pem" \
            --cacert "$tmpdir/bundle.pem" \
            https://localhost:8080/v1/decisions\?ip=42.42.42.42
        assert_log --partial "certificate revoked by CRL"
-        assert_output --partial "access forbidden"
+        assert_json '{message: "access forbidden"}'
+        assert_stderr --partial "error: 403"
        rune -0 cscli bouncers list -o json
        assert_output "[]"
    done
--- a/test/bats/20_hub_items.bats
+++ b/test/bats/20_hub_items.bats
@ -46,7 +46,7 @@ teardown() {
        '. * {collections:{"crowdsecurity/sshd":{"versions":{"1.2":{"digest":$DIGEST, "deprecated": false}, "1.10": {"digest":$DIGEST, "deprecated": false}}}}}' \
    )
    echo "$new_hub" >"$INDEX_PATH"
- 
+
    rune -0 cscli collections install crowdsecurity/sshd

    truncate -s 0 "$CONFIG_DIR/collections/sshd.yaml"
@ -78,7 +78,7 @@ teardown() {
        '. * {collections:{"crowdsecurity/sshd":{"versions":{"1.2.3.4":{"digest":"foo", "deprecated": false}}}}}' \
    )
    echo "$new_hub" >"$INDEX_PATH"
- 
+
    rune -0 cscli collections install crowdsecurity/sshd
    rune -1 cscli collections inspect crowdsecurity/sshd --no-metrics -o json
    # XXX: we are on the verbose side here...
--- a/test/bats/20_hub_scenarios.bats
+++ b/test/bats/20_hub_scenarios.bats
@ -96,7 +96,7 @@ teardown() {
    # non-existent
    rune -1 cscli scenario install foo/bar
    assert_stderr --partial "can't find 'foo/bar' in scenarios"
- 
+
    # not installed
    rune -0 cscli scenarios list crowdsecurity/ssh-bf
    assert_output --regexp 'crowdsecurity/ssh-bf.*disabled'
--- a/test/bats/30_machines_tls.bats
+++ b/test/bats/30_machines_tls.bats
@ -3,7 +3,6 @@

 set -u

-
 # root: root CA
 # inter: intermediate CA
 # inter_rev: intermediate CA revoked by root (CRL3)
--- a/test/bats/90_decisions.bats
+++ b/test/bats/90_decisions.bats
@ -179,7 +179,6 @@ teardown() {

    # disarding only some invalid decisions

-
    rune -0 cscli alerts delete --all
    truncate -s 0 "$LOGFILE"

--- a/test/bats/97_ipv4_single.bats
+++ b/test/bats/97_ipv4_single.bats
@ -30,7 +30,7 @@ setup() {
 }

@test "API - first decisions list: must be empty" {
-    rune -0 lapi-get '/v1/decisions'
+    rune -0 curl-with-key '/v1/decisions'
    assert_output 'null'
 }

@ -46,7 +46,7 @@ setup() {
 }

@test "API - all decisions" {
-    rune -0 lapi-get '/v1/decisions'
+    rune -0 curl-with-key '/v1/decisions'
    rune -0 jq -c '[ . | length, .[0].value ]' <(output)
    assert_output '[1,"1.2.3.4"]'
 }
@ -60,7 +60,7 @@ setup() {
 }

@test "API - decision for 1.2.3.4" {
-    rune -0 lapi-get '/v1/decisions?ip=1.2.3.4'
+    rune -0 curl-with-key '/v1/decisions?ip=1.2.3.4'
    rune -0 jq -r '.[0].value' <(output)
    assert_output '1.2.3.4'
 }
@ -71,7 +71,7 @@ setup() {
 }

@test "API - decision for 1.2.3.5" {
-    rune -0 lapi-get '/v1/decisions?ip=1.2.3.5'
+    rune -0 curl-with-key '/v1/decisions?ip=1.2.3.5'
    assert_output 'null'
 }

@ -83,7 +83,7 @@ setup() {
 }

@test "API - decision for 1.2.3.0/24" {
-    rune -0 lapi-get '/v1/decisions?range=1.2.3.0/24'
+    rune -0 curl-with-key '/v1/decisions?range=1.2.3.0/24'
    assert_output 'null'
 }

@ -94,7 +94,7 @@ setup() {
 }

@test "API - decisions where IP in 1.2.3.0/24" {
-    rune -0 lapi-get '/v1/decisions?range=1.2.3.0/24&contains=false'
+    rune -0 curl-with-key '/v1/decisions?range=1.2.3.0/24&contains=false'
    rune -0 jq -r '.[0].value' <(output)
    assert_output '1.2.3.4'
 }
--- a/test/bats/97_ipv6_single.bats
+++ b/test/bats/97_ipv6_single.bats
@ -41,7 +41,7 @@ setup() {
 }

@test "API - all decisions" {
-    rune -0 lapi-get "/v1/decisions"
+    rune -0 curl-with-key "/v1/decisions"
    rune -0 jq -r '.[].value' <(output)
    assert_output '1111:2222:3333:4444:5555:6666:7777:8888'
 }
@ -53,7 +53,7 @@ setup() {
 }

@test "API - decisions for ip 1111:2222:3333:4444:5555:6666:7777:888" {
-    rune -0 lapi-get '/v1/decisions?ip=1111:2222:3333:4444:5555:6666:7777:8888'
+    rune -0 curl-with-key '/v1/decisions?ip=1111:2222:3333:4444:5555:6666:7777:8888'
    rune -0 jq -r '.[].value' <(output)
    assert_output '1111:2222:3333:4444:5555:6666:7777:8888'
 }
@ -64,7 +64,7 @@ setup() {
 }

@test "API - decisions for ip 1211:2222:3333:4444:5555:6666:7777:888" {
-    rune -0 lapi-get '/v1/decisions?ip=1211:2222:3333:4444:5555:6666:7777:8888'
+    rune -0 curl-with-key '/v1/decisions?ip=1211:2222:3333:4444:5555:6666:7777:8888'
    assert_output 'null'
 }

@ -74,7 +74,7 @@ setup() {
 }

@test "API - decisions for ip 1111:2222:3333:4444:5555:6666:7777:8887" {
-    rune -0 lapi-get '/v1/decisions?ip=1111:2222:3333:4444:5555:6666:7777:8887'
+    rune -0 curl-with-key '/v1/decisions?ip=1111:2222:3333:4444:5555:6666:7777:8887'
    assert_output 'null'
 }

@ -84,7 +84,7 @@ setup() {
 }

@test "API - decisions for range 1111:2222:3333:4444:5555:6666:7777:8888/48" {
-    rune -0 lapi-get '/v1/decisions?range=1111:2222:3333:4444:5555:6666:7777:8888/48'
+    rune -0 curl-with-key '/v1/decisions?range=1111:2222:3333:4444:5555:6666:7777:8888/48'
    assert_output 'null'
 }

@ -95,7 +95,7 @@ setup() {
 }

@test "API - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/48" {
-    rune -0 lapi-get '/v1/decisions?range=1111:2222:3333:4444:5555:6666:7777:8888/48&&contains=false'
+    rune -0 curl-with-key '/v1/decisions?range=1111:2222:3333:4444:5555:6666:7777:8888/48&&contains=false'
    rune -0 jq -r '.[].value' <(output)
    assert_output '1111:2222:3333:4444:5555:6666:7777:8888'
 }
@ -106,7 +106,7 @@ setup() {
 }

@test "API - decisions for range 1111:2222:3333:4444:5555:6666:7777:8888/64" {
-    rune -0 lapi-get '/v1/decisions?range=1111:2222:3333:4444:5555:6666:7777:8888/64'
+    rune -0 curl-with-key '/v1/decisions?range=1111:2222:3333:4444:5555:6666:7777:8888/64'
    assert_output 'null'
 }

@ -117,7 +117,7 @@ setup() {
 }

@test "API - decisions for ip/range in 1111:2222:3333:4444:5555:6666:7777:8888/64" {
-    rune -0 lapi-get '/v1/decisions?range=1111:2222:3333:4444:5555:6666:7777:8888/64&&contains=false'
+    rune -0 curl-with-key '/v1/decisions?range=1111:2222:3333:4444:5555:6666:7777:8888/64&&contains=false'
    rune -0 jq -r '.[].value' <(output)
    assert_output '1111:2222:3333:4444:5555:6666:7777:8888'
 }
--- a/test/bats/98_ipv4_range.bats
+++ b/test/bats/98_ipv4_range.bats
@ -41,7 +41,7 @@ setup() {
 }

@test "API - all decisions" {
-    rune -0 lapi-get '/v1/decisions'
+    rune -0 curl-with-key '/v1/decisions'
    rune -0 jq -r '.[0].value' <(output)
    assert_output '4.4.4.0/24'
 }
@ -55,7 +55,7 @@ setup() {
 }

@test "API - decisions for ip 4.4.4." {
-    rune -0 lapi-get '/v1/decisions?ip=4.4.4.3'
+    rune -0 curl-with-key '/v1/decisions?ip=4.4.4.3'
    rune -0 jq -r '.[0].value' <(output)
    assert_output '4.4.4.0/24'
 }
@ -66,7 +66,7 @@ setup() {
 }

@test "API - decisions for ip contained in 4.4.4." {
-    rune -0 lapi-get '/v1/decisions?ip=4.4.4.4&contains=false'
+    rune -0 curl-with-key '/v1/decisions?ip=4.4.4.4&contains=false'
    assert_output 'null'
 }

@ -76,7 +76,7 @@ setup() {
 }

@test "API - decisions for ip 5.4.4." {
-    rune -0 lapi-get '/v1/decisions?ip=5.4.4.3'
+    rune -0 curl-with-key '/v1/decisions?ip=5.4.4.3'
    assert_output 'null'
 }

@ -86,7 +86,7 @@ setup() {
 }

@test "API - decisions for range 4.4.0.0/1" {
-    rune -0 lapi-get '/v1/decisions?range=4.4.0.0/16'
+    rune -0 curl-with-key '/v1/decisions?range=4.4.0.0/16'
    assert_output 'null'
 }

@ -97,7 +97,7 @@ setup() {
 }

@test "API - decisions for ip/range in 4.4.0.0/1" {
-    rune -0 lapi-get '/v1/decisions?range=4.4.0.0/16&contains=false'
+    rune -0 curl-with-key '/v1/decisions?range=4.4.0.0/16&contains=false'
    rune -0 jq -r '.[0].value' <(output)
    assert_output '4.4.4.0/24'
 }
@ -111,7 +111,7 @@ setup() {
 }

@test "API - decisions for range 4.4.4.2/2" {
-    rune -0 lapi-get '/v1/decisions?range=4.4.4.2/28'
+    rune -0 curl-with-key '/v1/decisions?range=4.4.4.2/28'
    rune -0 jq -r '.[].value' <(output)
    assert_output '4.4.4.0/24'
 }
@ -122,6 +122,6 @@ setup() {
 }

@test "API - decisions for range 4.4.3.2/2" {
-    rune -0 lapi-get '/v1/decisions?range=4.4.3.2/28'
+    rune -0 curl-with-key '/v1/decisions?range=4.4.3.2/28'
    assert_output 'null'
 }
--- a/test/bats/98_ipv6_range.bats
+++ b/test/bats/98_ipv6_range.bats
@ -41,7 +41,7 @@ setup() {
 }

@test "API - all decisions (2)" {
-    rune -0 lapi-get '/v1/decisions'
+    rune -0 curl-with-key '/v1/decisions'
    rune -0 jq -r '.[].value' <(output)
    assert_output 'aaaa:2222:3333:4444::/64'
 }
@ -55,7 +55,7 @@ setup() {
 }

@test "API - decisions for ip aaaa:2222:3333:4444:5555:6666:7777:8888" {
-    rune -0 lapi-get '/v1/decisions?ip=aaaa:2222:3333:4444:5555:6666:7777:8888'
+    rune -0 curl-with-key '/v1/decisions?ip=aaaa:2222:3333:4444:5555:6666:7777:8888'
    rune -0 jq -r '.[].value' <(output)
    assert_output 'aaaa:2222:3333:4444::/64'
 }
@ -66,7 +66,7 @@ setup() {
 }

@test "API - decisions for ip aaaa:2222:3333:4445:5555:6666:7777:8888" {
-    rune -0 lapi-get '/v1/decisions?ip=aaaa:2222:3333:4445:5555:6666:7777:8888'
+    rune -0 curl-with-key '/v1/decisions?ip=aaaa:2222:3333:4445:5555:6666:7777:8888'
    assert_output 'null'
 }

@ -76,7 +76,7 @@ setup() {
 }

@test "API - decisions for ip aaa1:2222:3333:4444:5555:6666:7777:8887" {
-    rune -0 lapi-get '/v1/decisions?ip=aaa1:2222:3333:4444:5555:6666:7777:8887'
+    rune -0 curl-with-key '/v1/decisions?ip=aaa1:2222:3333:4444:5555:6666:7777:8887'
    assert_output 'null'
 }

@ -89,7 +89,7 @@ setup() {
 }

@test "API - decisions for range aaaa:2222:3333:4444:5555::/80" {
-    rune -0 lapi-get '/v1/decisions?range=aaaa:2222:3333:4444:5555::/80'
+    rune -0 curl-with-key '/v1/decisions?range=aaaa:2222:3333:4444:5555::/80'
    rune -0 jq -r '.[].value' <(output)
    assert_output 'aaaa:2222:3333:4444::/64'
 }
@ -101,7 +101,7 @@ setup() {
 }

@test "API - decisions for range aaaa:2222:3333:4441:5555::/80" {
-    rune -0 lapi-get '/v1/decisions?range=aaaa:2222:3333:4441:5555::/80'
+    rune -0 curl-with-key '/v1/decisions?range=aaaa:2222:3333:4441:5555::/80'
    assert_output 'null'
 }

@ -111,7 +111,7 @@ setup() {
 }

@test "API - decisions for range aaa1:2222:3333:4444:5555::/80" {
-    rune -0 lapi-get '/v1/decisions?range=aaa1:2222:3333:4444:5555::/80'
+    rune -0 curl-with-key '/v1/decisions?range=aaa1:2222:3333:4444:5555::/80'
    assert_output 'null'
 }

@ -123,7 +123,7 @@ setup() {
 }

@test "API - decisions for range aaaa:2222:3333:4444:5555:6666:7777:8888/48" {
-    rune -0 lapi-get '/v1/decisions?range=aaaa:2222:3333:4444:5555:6666:7777:8888/48'
+    rune -0 curl-with-key '/v1/decisions?range=aaaa:2222:3333:4444:5555:6666:7777:8888/48'
    assert_output 'null'
 }

@ -134,7 +134,7 @@ setup() {
 }

@test "API - decisions for ip/range in aaaa:2222:3333:4444:5555:6666:7777:8888/48" {
-    rune -0 lapi-get '/v1/decisions?range=aaaa:2222:3333:4444:5555:6666:7777:8888/48&contains=false'
+    rune -0 curl-with-key '/v1/decisions?range=aaaa:2222:3333:4444:5555:6666:7777:8888/48&contains=false'
    rune -0 jq -r '.[].value' <(output)
    assert_output 'aaaa:2222:3333:4444::/64'
 }
@ -145,7 +145,7 @@ setup() {
 }

@test "API - decisions for ip/range in aaaa:2222:3333:4445:5555:6666:7777:8888/48" {
-    rune -0 lapi-get '/v1/decisions?range=aaaa:2222:3333:4445:5555:6666:7777:8888/48'
+    rune -0 curl-with-key '/v1/decisions?range=aaaa:2222:3333:4445:5555:6666:7777:8888/48'
    assert_output 'null'
 }

@ -163,7 +163,7 @@ setup() {
 }

@test "API - decisions for ip in bbbb:db8:0000:0000:0000:6fff:ffff:ffff" {
-    rune -0 lapi-get '/v1/decisions?ip=bbbb:db8:0000:0000:0000:6fff:ffff:ffff'
+    rune -0 curl-with-key '/v1/decisions?ip=bbbb:db8:0000:0000:0000:6fff:ffff:ffff'
    rune -0 jq -r '.[].value' <(output)
    assert_output 'bbbb:db8::/81'
 }
@ -174,7 +174,7 @@ setup() {
 }

@test "API - decisions for ip in bbbb:db8:0000:0000:0000:8fff:ffff:ffff" {
-    rune -0 lapi-get '/v1/decisions?ip=bbbb:db8:0000:0000:0000:8fff:ffff:ffff'
+    rune -0 curl-with-key '/v1/decisions?ip=bbbb:db8:0000:0000:0000:8fff:ffff:ffff'
    assert_output 'null'
 }

--- a/test/bats/99_lapi-stream-mode-scenario.bats
+++ b/test/bats/99_lapi-stream-mode-scenario.bats
@ -26,7 +26,6 @@ output_new_decisions() {
    jq -c '.new | map(select(.origin!="CAPI")) | .[] | del(.id) | (.. | .duration?) |= capture("(?<d>[[:digit:]]+h[[:digit:]]+m)").d' <(output) | sort
 }

-
@test "adding decisions with different duration, scenario, origin" {
    # origin: test
    rune -0 cscli decisions add -i 127.0.0.1 -d 1h -R crowdsecurity/test
@ -55,7 +54,7 @@ output_new_decisions() {
 }

@test "test startup" {
-    rune -0 lapi-get "/v1/decisions/stream?startup=true"
+    rune -0 curl-with-key "/v1/decisions/stream?startup=true"
    rune -0 output_new_decisions
    assert_output - <<-EOT
 	{"duration":"2h59m","origin":"test","scenario":"crowdsecurity/test","scope":"Ip","type":"ban","value":"127.0.0.2"}
@ -64,7 +63,7 @@ output_new_decisions() {
 }

@test "test startup with scenarios containing" {
-    rune -0 lapi-get "/v1/decisions/stream?startup=true&scenarios_containing=ssh_bf"
+    rune -0 curl-with-key "/v1/decisions/stream?startup=true&scenarios_containing=ssh_bf"
    rune -0 output_new_decisions
    assert_output - <<-EOT
 	{"duration":"2h59m","origin":"another_origin","scenario":"crowdsecurity/ssh_bf","scope":"Ip","type":"ban","value":"127.0.0.1"}
@ -73,7 +72,7 @@ output_new_decisions() {
 }

@test "test startup with multiple scenarios containing" {
-    rune -0 lapi-get "/v1/decisions/stream?startup=true&scenarios_containing=ssh_bf,test"
+    rune -0 curl-with-key "/v1/decisions/stream?startup=true&scenarios_containing=ssh_bf,test"
    rune -0 output_new_decisions
    assert_output - <<-EOT
 	{"duration":"2h59m","origin":"another_origin","scenario":"crowdsecurity/ssh_bf","scope":"Ip","type":"ban","value":"127.0.0.1"}
@ -82,12 +81,12 @@ output_new_decisions() {
 }

@test "test startup with unknown scenarios containing" {
-    rune -0 lapi-get "/v1/decisions/stream?startup=true&scenarios_containing=unknown"
+    rune -0 curl-with-key "/v1/decisions/stream?startup=true&scenarios_containing=unknown"
    assert_output '{"deleted":null,"new":null}'
 }

@test "test startup with scenarios containing and not containing" {
-    rune -0 lapi-get "/v1/decisions/stream?startup=true&scenarios_containing=test&scenarios_not_containing=ssh_bf"
+    rune -0 curl-with-key "/v1/decisions/stream?startup=true&scenarios_containing=test&scenarios_not_containing=ssh_bf"
    rune -0 output_new_decisions
    assert_output - <<-EOT
 	{"duration":"2h59m","origin":"test","scenario":"crowdsecurity/test","scope":"Ip","type":"ban","value":"127.0.0.2"}
@ -96,7 +95,7 @@ output_new_decisions() {
 }

@test "test startup with scenarios containing and not containing 2" {
-    rune -0 lapi-get "/v1/decisions/stream?startup=true&scenarios_containing=longest&scenarios_not_containing=ssh_bf,test"
+    rune -0 curl-with-key "/v1/decisions/stream?startup=true&scenarios_containing=longest&scenarios_not_containing=ssh_bf,test"
    rune -0 output_new_decisions
    assert_output - <<-EOT
 	{"duration":"4h59m","origin":"test","scenario":"crowdsecurity/longest","scope":"Ip","type":"ban","value":"127.0.0.1"}
@ -104,7 +103,7 @@ output_new_decisions() {
 }

@test "test startup with scenarios not containing" {
-    rune -0 lapi-get "/v1/decisions/stream?startup=true&scenarios_not_containing=ssh_bf"
+    rune -0 curl-with-key "/v1/decisions/stream?startup=true&scenarios_not_containing=ssh_bf"
    rune -0 output_new_decisions
    assert_output - <<-EOT
 	{"duration":"2h59m","origin":"test","scenario":"crowdsecurity/test","scope":"Ip","type":"ban","value":"127.0.0.2"}
@ -113,7 +112,7 @@ output_new_decisions() {
 }

@test "test startup with multiple scenarios not containing" {
-    rune -0 lapi-get "/v1/decisions/stream?startup=true&scenarios_not_containing=ssh_bf,test"
+    rune -0 curl-with-key "/v1/decisions/stream?startup=true&scenarios_not_containing=ssh_bf,test"
    rune -0 output_new_decisions
    assert_output - <<-EOT
 	{"duration":"4h59m","origin":"test","scenario":"crowdsecurity/longest","scope":"Ip","type":"ban","value":"127.0.0.1"}
@ -121,7 +120,7 @@ output_new_decisions() {
 }

@test "test startup with origins parameter" {
-    rune -0 lapi-get "/v1/decisions/stream?startup=true&origins=another_origin"
+    rune -0 curl-with-key "/v1/decisions/stream?startup=true&origins=another_origin"
    rune -0 output_new_decisions
    assert_output - <<-EOT
 	{"duration":"1h59m","origin":"another_origin","scenario":"crowdsecurity/test","scope":"Ip","type":"ban","value":"127.0.0.2"}
@ -130,7 +129,7 @@ output_new_decisions() {
 }

@test "test startup with multiple origins parameter" {
-    rune -0 lapi-get "/v1/decisions/stream?startup=true&origins=another_origin,test"
+    rune -0 curl-with-key "/v1/decisions/stream?startup=true&origins=another_origin,test"
    rune -0 output_new_decisions
    assert_output - <<-EOT
 	{"duration":"2h59m","origin":"test","scenario":"crowdsecurity/test","scope":"Ip","type":"ban","value":"127.0.0.2"}
@ -139,7 +138,7 @@ output_new_decisions() {
 }

@test "test startup with unknown origins" {
-    rune -0 lapi-get "/v1/decisions/stream?startup=true&origins=unknown"
+    rune -0 curl-with-key "/v1/decisions/stream?startup=true&origins=unknown"
    assert_output '{"deleted":null,"new":null}'
 }

@ -223,4 +222,3 @@ output_new_decisions() {
 #            NewChecks: []DecisionCheck{},
 #        },
 #}
-
--- a/test/bats/99_lapi-stream-mode-scopes.bats
+++ b/test/bats/99_lapi-stream-mode-scopes.bats
@ -29,28 +29,28 @@ setup() {
 }

@test "stream start (implicit ip scope)" {
-    rune -0 lapi-get "/v1/decisions/stream?startup=true"
+    rune -0 curl-with-key "/v1/decisions/stream?startup=true"
    rune -0 jq -r '.new' <(output)
    assert_output --partial '1.2.3.6'
    refute_output --partial 'toto'
 }

@test "stream start (explicit ip scope)" {
-    rune -0 lapi-get "/v1/decisions/stream?startup=true&scopes=ip"
+    rune -0 curl-with-key "/v1/decisions/stream?startup=true&scopes=ip"
    rune -0 jq -r '.new' <(output)
    assert_output --partial '1.2.3.6'
    refute_output --partial 'toto'
 }

@test "stream start (user scope)" {
-    rune -0 lapi-get "/v1/decisions/stream?startup=true&scopes=user"
+    rune -0 curl-with-key "/v1/decisions/stream?startup=true&scopes=user"
    rune -0 jq -r '.new' <(output)
    refute_output --partial '1.2.3.6'
    assert_output --partial 'toto'
 }

@test "stream start (user+ip scope)" {
-    rune -0 lapi-get "/v1/decisions/stream?startup=true&scopes=user,ip"
+    rune -0 curl-with-key "/v1/decisions/stream?startup=true&scopes=user,ip"
    rune -0 jq -r '.new' <(output)
    assert_output --partial '1.2.3.6'
    assert_output --partial 'toto'
--- a/test/bats/99_lapi-stream-mode.bats
+++ b/test/bats/99_lapi-stream-mode.bats
@ -31,7 +31,7 @@ setup() {
 }

@test "stream start" {
-    rune -0 lapi-get "/v1/decisions/stream?startup=true"
+    rune -0 curl-with-key "/v1/decisions/stream?startup=true"
    if is_db_mysql; then sleep 3; fi
    rune -0 jq -r '.new' <(output)
    assert_output --partial '1111:2222:3333:4444:5555:6666:7777:8888'
@ -42,7 +42,7 @@ setup() {
@test "stream cont (add)" {
    rune -0 cscli decisions add -i '1.2.3.5'
    if is_db_mysql; then sleep 3; fi
-    rune -0 lapi-get "/v1/decisions/stream"
+    rune -0 curl-with-key "/v1/decisions/stream"
    rune -0 jq -r '.new' <(output)
    assert_output --partial '1.2.3.5'
 }
@ -50,13 +50,13 @@ setup() {
@test "stream cont (del)" {
    rune -0 cscli decisions delete -i '1.2.3.4'
    if is_db_mysql; then sleep 3; fi
-    rune -0 lapi-get "/v1/decisions/stream"
+    rune -0 curl-with-key "/v1/decisions/stream"
    rune -0 jq -r '.deleted' <(output)
    assert_output --partial '1.2.3.4'
 }

@test "stream restart" {
-    rune -0 lapi-get "/v1/decisions/stream?startup=true"
+    rune -0 curl-with-key "/v1/decisions/stream?startup=true"
    api_out=${output}
    rune -0 jq -r '.deleted' <(output)
    assert_output --partial '1.2.3.4'
--- a/test/lib/setup_file.sh
+++ b/test/lib/setup_file.sh
@ -283,15 +283,17 @@ rune() {
 export -f rune

 # call the lapi through unix socket with an API_KEY (authenticates as a bouncer)
-lapi-get() {
-    [[ -z "$1" ]] && { fail "lapi-get: missing path"; }
-    [[ -z "$API_KEY" ]] && { fail "lapi-get: missing API_KEY"; }
+# after $1, pass throught extra arguments to curl
+curl-with-key() {
+    [[ -z "$1" ]] && { fail "${FUNCNAME[0]}: missing path"; }
+    local path=$1
+    shift
+    [[ -z "$API_KEY" ]] && { fail "${FUNCNAME[0]}: missing API_KEY"; }
    local socket
    socket=$(config_get '.api.server.listen_socket')
-    [[ -z "$socket" ]] && { fail "lapi-get: missing .api.server.listen_socket"; }
+    [[ -z "$socket" ]] && { fail "${FUNCNAME[0]}: missing .api.server.listen_socket"; }

    # curl needs a fake hostname when using a unix socket
-    curl -s -f -H "X-Api-Key: $API_KEY" --unix-socket "$socket" "http://lapi$1"
+    curl -sS --fail-with-body -H "X-Api-Key: $API_KEY" --unix-socket "$socket" "http://lapi$path" "$@"
 }
-export -f lapi-get
-
+export -f curl-with-key