Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test tls: allowed ou in client cert #74

Merged
merged 2 commits into from
Jun 8, 2023
Merged

test tls: allowed ou in client cert #74

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
423b2da
test tls: allowed ou in client cert
mmetc Jun 7, 2023
cf3a6fa
check log on crowdsec side
mmetc Jun 8, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions cmd/root.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,8 @@ func Execute() error {
return err
}

log.Infof("Starting %s %s", name, version.String())

if *testConfig {
log.Info("config is valid")
return nil
Expand Down
6 changes: 3 additions & 3 deletions test/bouncer/test_custom_bouncer.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ def test_no_lapi(bouncer, cb_stream_cfg_factory):
cb.wait_for_lines_fnmatch([
"*connection refused*",
"*terminating bouncer process*",
"*bouncer stream halted*",
"*process terminated with error: bouncer stream halted*",
])


Expand All @@ -56,9 +56,9 @@ def test_bad_api_key(crowdsec, bouncer, cb_stream_cfg_factory):
"*Using API key auth*",
"*Processing new and deleted decisions . . .*",
"*auth-api: auth with api key failed return nil response, error*",
"*bouncer stream halted*",
"*process terminated with error: bouncer stream halted*",
])
cb.proc.wait(timeout=0.5)
cb.proc.wait(timeout=1)
assert not cb.proc.is_running()


Expand Down
19 changes: 18 additions & 1 deletion test/bouncer/test_tls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,12 +73,29 @@ def test_tls_mutual(crowdsec, certs_dir, api_key_factory, bouncer, cb_stream_cfg
port = cs.probe.get_bound_port('8080')
cfg = cb_stream_cfg_factory()
cfg['api_url'] = f'https://localhost:{port}'
cfg['ca_cert_path'] = (certs / 'ca.crt').as_posix()

cfg['cert_path'] = (certs / 'agent.crt').as_posix()
cfg['key_path'] = (certs / 'agent.key').as_posix()

with bouncer(cfg) as cb:
cb.wait_for_lines_fnmatch([
"*Starting crowdsec-custom-bouncer*",
"*Using CA cert*",
"*Using cert auth with cert * and key *",
"*API error: access forbidden*",
])

cs.wait_for_log("*client certificate OU (?agent-ou?) doesn't match expected OU (?bouncer-ou?)*")

cfg['cert_path'] = (certs / 'bouncer.crt').as_posix()
cfg['key_path'] = (certs / 'bouncer.key').as_posix()
cfg['ca_cert_path'] = (certs / 'ca.crt').as_posix()

with bouncer(cfg) as cb:
cb.wait_for_lines_fnmatch([
"*Starting crowdsec-custom-bouncer*",
"*Using CA cert*",
"*Using cert auth with cert * and key *",
"*Processing new and deleted decisions . . .*",
"*deleting 0 decisions*",
"*adding 0 decisions*",
Expand Down