diff --git a/pkg/acquisition/modules/http/http.go b/pkg/acquisition/modules/http/http.go index 255317c4ec0..9e9f63074bd 100644 --- a/pkg/acquisition/modules/http/http.go +++ b/pkg/acquisition/modules/http/http.go @@ -40,7 +40,7 @@ var linesRead = prometheus.NewCounterVec( type HttpConfiguration struct { //IPFilter []string `yaml:"ip_filter"` //ChunkSize *int64 `yaml:"chunk_size"` - Port int `yaml:"port"` + ListenAddr string `yaml:"listen_addr"` Path string `yaml:"path"` AuthType string `yaml:"auth_type"` BasicAuth *BasicAuthConfig `yaml:"basic_auth"` @@ -91,11 +91,12 @@ func (h *HTTPSource) UnmarshalConfig(yamlConfig []byte) error { } func (hc *HttpConfiguration) Validate() error { - if hc.Port == 0 { - return errors.New("port is required") + if hc.ListenAddr == "" { + return errors.New("listen_addr is required") } + if hc.Path == "" { - return errors.New("path is required") + hc.Path = "/" } if hc.Path[0] != '/' { return errors.New("path must start with /") @@ -121,9 +122,7 @@ func (hc *HttpConfiguration) Validate() error { return errors.New("ca_cert is required") } default: - if hc.TLS == nil { - return errors.New("at least one of tls or auth_type is required") - } + return errors.New("invalid auth_type: must be one of basic_auth, headers, mtls") } if hc.TLS != nil { @@ -362,13 +361,13 @@ func (h *HTTPSource) RunServer(out chan types.Event, t *tomb.Tomb) error { return } if err := authorizeRequest(r, &h.Config); err != nil { - h.logger.Errorf("failed to authorize request: %s", err) + h.logger.Errorf("failed to authorize request from '%s': %s", r.RemoteAddr, err) http.Error(w, "Unauthorized", http.StatusUnauthorized) return } err := h.processRequest(w, r, &h.Config, out) if err != nil { - h.logger.Errorf("failed to process request: %s", err) + h.logger.Errorf("failed to process request from '%s': %s", r.RemoteAddr, err) return } @@ -387,7 +386,7 @@ func (h *HTTPSource) RunServer(out chan types.Event, t *tomb.Tomb) error { }) h.Server = &http.Server{ - Addr: fmt.Sprintf(":%d", h.Config.Port), + Addr: h.Config.ListenAddr, Handler: mux, } @@ -407,13 +406,13 @@ func (h *HTTPSource) RunServer(out chan types.Event, t *tomb.Tomb) error { t.Go(func() error { defer trace.CatchPanic("crowdsec/acquis/http/server") if h.Config.TLS != nil { - h.logger.Infof("start https server on port %d", h.Config.Port) + h.logger.Infof("start https server on %s", h.Config.ListenAddr) err := h.Server.ListenAndServeTLS(h.Config.TLS.ServerCert, h.Config.TLS.ServerKey) if err != nil && err != http.ErrServerClosed { return fmt.Errorf("https server failed: %w", err) } } else { - h.logger.Infof("start http server on port %d", h.Config.Port) + h.logger.Infof("start http server on %s", h.Config.ListenAddr) err := h.Server.ListenAndServe() if err != nil && err != http.ErrServerClosed { return fmt.Errorf("http server failed: %w", err) @@ -436,7 +435,7 @@ func (h *HTTPSource) RunServer(out chan types.Event, t *tomb.Tomb) error { } func (h *HTTPSource) StreamingAcquisition(ctx context.Context, out chan types.Event, t *tomb.Tomb) error { - h.logger.Debugf("start http server on port %d", h.Config.Port) + h.logger.Debugf("start http server on %s", h.Config.ListenAddr) t.Go(func() error { defer trace.CatchPanic("crowdsec/acquis/http/live") diff --git a/pkg/acquisition/modules/http/http_test.go b/pkg/acquisition/modules/http/http_test.go index b2efebf24b6..590248fd651 100644 --- a/pkg/acquisition/modules/http/http_test.go +++ b/pkg/acquisition/modules/http/http_test.go @@ -32,31 +32,19 @@ func TestConfigure(t *testing.T) { { config: ` foobar: bla`, - expectedErr: "invalid configuration: port is required", + expectedErr: "invalid configuration: listen_addr is required", }, { config: ` source: http -port: aa`, - expectedErr: "cannot parse http datasource configuration: yaml: unmarshal errors:\n line 3: cannot unmarshal !!str `aa` into int", - }, - { - config: ` -source: http -port: 8080`, - expectedErr: "invalid configuration: path is required", - }, - { - config: ` -source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: wrongpath`, expectedErr: "invalid configuration: path must start with /", }, { config: ` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: basic_auth`, expectedErr: "invalid configuration: basic_auth is required", @@ -64,7 +52,7 @@ auth_type: basic_auth`, { config: ` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: headers`, expectedErr: "invalid configuration: headers is required", @@ -72,7 +60,7 @@ auth_type: headers`, { config: ` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: basic_auth basic_auth: @@ -82,7 +70,7 @@ basic_auth: { config: ` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: basic_auth basic_auth: @@ -92,7 +80,7 @@ basic_auth: { config: ` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: headers headers:`, @@ -101,15 +89,15 @@ headers:`, { config: ` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: toto`, - expectedErr: "invalid configuration: at least one of tls or auth_type is required", + expectedErr: "invalid configuration: invalid auth_type: must be one of basic_auth, headers, mtls", }, { config: ` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: headers headers: @@ -121,7 +109,7 @@ tls: { config: ` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: headers headers: @@ -133,7 +121,7 @@ tls: { config: ` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: mtls tls: @@ -144,7 +132,7 @@ tls: { config: ` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: headers headers: @@ -155,7 +143,7 @@ max_body_size: 0`, { config: ` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: headers headers: @@ -166,7 +154,7 @@ timeout: toto`, { config: ` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: headers headers: @@ -199,7 +187,7 @@ func TestUnmarshalConfig(t *testing.T) { h := HTTPSource{} err := h.UnmarshalConfig([]byte(` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: 15 auth_type: headers`)) cstest.AssertErrorMessage(t, err, "cannot parse http datasource configuration: yaml: line 4: found a tab character that violates indentation") @@ -254,7 +242,7 @@ func TestStreamingAcquisitionWrongHTTPMethod(t *testing.T) { h := &HTTPSource{} _, tomb := SetupAndRunHTTPSource(t, h, []byte(` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: basic_auth basic_auth: @@ -281,7 +269,7 @@ func TestStreamingAcquisitionUnknownPath(t *testing.T) { h := &HTTPSource{} _, tomb := SetupAndRunHTTPSource(t, h, []byte(` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: basic_auth basic_auth: @@ -308,7 +296,7 @@ func TestStreamingAcquisitionBasicAuth(t *testing.T) { h := &HTTPSource{} _, tomb := SetupAndRunHTTPSource(t, h, []byte(` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: basic_auth basic_auth: @@ -349,7 +337,7 @@ func TestStreamingAcquisitionBadHeaders(t *testing.T) { h := &HTTPSource{} _, tomb := SetupAndRunHTTPSource(t, h, []byte(` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: headers headers: @@ -381,7 +369,7 @@ func TestStreamingAcquisitionMaxBodySize(t *testing.T) { h := &HTTPSource{} _, tomb := SetupAndRunHTTPSource(t, h, []byte(` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: headers headers: @@ -413,7 +401,7 @@ func TestStreamingAcquisitionSuccess(t *testing.T) { h := &HTTPSource{} out, tomb := SetupAndRunHTTPSource(t, h, []byte(` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: headers headers: @@ -453,7 +441,7 @@ func TestStreamingAcquisitionCustomStatusCodeAndCustomHeaders(t *testing.T) { h := &HTTPSource{} out, tomb := SetupAndRunHTTPSource(t, h, []byte(` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: headers headers: @@ -546,7 +534,7 @@ func TestStreamingAcquisitionTimeout(t *testing.T) { h := &HTTPSource{} _, tomb := SetupAndRunHTTPSource(t, h, []byte(` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: headers headers: @@ -585,7 +573,8 @@ func TestStreamingAcquisitionTLSHTTPRequest(t *testing.T) { h := &HTTPSource{} _, tomb := SetupAndRunHTTPSource(t, h, []byte(` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 +auth_type: mtls path: /test tls: server_cert: testdata/server.crt @@ -612,7 +601,7 @@ func TestStreamingAcquisitionTLSWithHeadersAuthSuccess(t *testing.T) { h := &HTTPSource{} out, tomb := SetupAndRunHTTPSource(t, h, []byte(` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: headers headers: @@ -672,7 +661,7 @@ func TestStreamingAcquisitionMTLS(t *testing.T) { h := &HTTPSource{} out, tomb := SetupAndRunHTTPSource(t, h, []byte(` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: mtls tls: @@ -739,7 +728,7 @@ func TestStreamingAcquisitionGzipData(t *testing.T) { h := &HTTPSource{} out, tomb := SetupAndRunHTTPSource(t, h, []byte(` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: headers headers: @@ -795,7 +784,7 @@ func TestStreamingAcquisitionNDJson(t *testing.T) { h := &HTTPSource{} out, tomb := SetupAndRunHTTPSource(t, h, []byte(` source: http -port: 8080 +listen_addr: 127.0.0.1:8080 path: /test auth_type: headers headers: