Skip to content

Commit b2246c9

Browse files
nwang92alishamayor
nwang92
and
alishamayor
authored
Adding test for custom HEC certs (#353)
Co-authored-by: Alisha Mayor <[email protected]>
1 parent b6a56bd commit b2246c9

File tree

1 file changed

+167
-5
lines changed

1 file changed

+167
-5
lines changed

tests/test_docker_splunk.py

Lines changed: 167 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -843,7 +843,7 @@ def test_adhoc_1so_change_tailed_files(self):
843843
try:
844844
splunk_container_name = generate_random_string()
845845
cid = self.client.create_container(self.SPLUNK_IMAGE_NAME, tty=True, ports=[8089],
846-
volumes=["/playbooks/play.yml"], name=splunk_container_name,
846+
name=splunk_container_name,
847847
environment={
848848
"DEBUG": "true",
849849
"SPLUNK_START_ARGS": "--accept-license",
@@ -879,7 +879,7 @@ def test_adhoc_1uf_change_tailed_files(self):
879879
try:
880880
splunk_container_name = generate_random_string()
881881
cid = self.client.create_container(self.UF_IMAGE_NAME, tty=True, ports=[8089],
882-
volumes=["/playbooks/play.yml"], name=splunk_container_name,
882+
name=splunk_container_name,
883883
environment={
884884
"DEBUG": "true",
885885
"SPLUNK_START_ARGS": "--accept-license",
@@ -1453,7 +1453,7 @@ def test_adhoc_1so_hec_idempotence(self):
14531453
try:
14541454
splunk_container_name = generate_random_string()
14551455
cid = self.client.create_container(self.SPLUNK_IMAGE_NAME, tty=True, ports=[8089, 8088, 9999],
1456-
volumes=["/playbooks/play.yml"], name=splunk_container_name,
1456+
name=splunk_container_name,
14571457
environment={
14581458
"DEBUG": "true",
14591459
"SPLUNK_START_ARGS": "--accept-license",
@@ -1595,13 +1595,175 @@ def test_adhoc_1so_hec_idempotence(self):
15951595
if cid:
15961596
self.client.remove_container(cid, v=True, force=True)
15971597

1598+
def test_adhoc_1so_hec_custom_cert(self):
1599+
# Generate default.yml
1600+
cid = self.client.create_container(self.SPLUNK_IMAGE_NAME, tty=True, command="create-defaults")
1601+
self.client.start(cid.get("Id"))
1602+
output = self.get_container_logs(cid.get("Id"))
1603+
self.client.remove_container(cid.get("Id"), v=True, force=True)
1604+
# Commands to generate self-signed certificates for Splunk here: https://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkforwardingtousesignedcertificates
1605+
passphrase = "glootie"
1606+
cmds = [
1607+
"openssl genrsa -aes256 -passout pass:{pw} -out {path}/ca.key 2048".format(pw=passphrase, path=FIXTURES_DIR),
1608+
"openssl req -new -key {path}/ca.key -passin pass:{pw} -out {path}/ca.csr -subj /CN=localhost".format(pw=passphrase, path=FIXTURES_DIR),
1609+
"openssl x509 -req -in {path}/ca.csr -sha512 -passin pass:{pw} -signkey {path}/ca.key -CAcreateserial -out {path}/ca.pem -days 3".format(pw=passphrase, path=FIXTURES_DIR),
1610+
"openssl genrsa -aes256 -passout pass:{pw} -out {path}/server.key 2048".format(pw=passphrase, path=FIXTURES_DIR),
1611+
"openssl req -new -passin pass:{pw} -key {path}/server.key -out {path}/server.csr -subj /CN=localhost".format(pw=passphrase, path=FIXTURES_DIR),
1612+
"openssl x509 -req -passin pass:{pw} -in {path}/server.csr -SHA256 -CA {path}/ca.pem -CAkey {path}/ca.key -CAcreateserial -out {path}/server.pem -days 3".format(pw=passphrase, path=FIXTURES_DIR),
1613+
"cat {path}/server.pem {path}/server.key {path}/ca.pem > {path}/cert.pem".format(path=FIXTURES_DIR),
1614+
"cat {path}/server.pem {path}/ca.pem > {path}/cacert.pem".format(path=FIXTURES_DIR)
1615+
]
1616+
for cmd in cmds:
1617+
execute_cmd = subprocess.check_output(["/bin/sh", "-c", cmd])
1618+
# Update s2s ssl settings
1619+
output = re.sub(r''' hec:.*? token: .*?\n''', r''' hec:
1620+
enable: True
1621+
port: 8088
1622+
ssl: True
1623+
token: doyouwannadevelopanapp
1624+
cert: /tmp/defaults/cert.pem
1625+
password: {}\n'''.format(passphrase), output, flags=re.DOTALL)
1626+
# Write the default.yml to a file
1627+
with open(os.path.join(FIXTURES_DIR, "default.yml"), "w") as f:
1628+
f.write(output)
1629+
# Create the container and mount the default.yml
1630+
cid = None
1631+
try:
1632+
splunk_container_name = generate_random_string()
1633+
password = "helloworld"
1634+
cid = self.client.create_container(self.SPLUNK_IMAGE_NAME, tty=True, ports=[8088, 8089],
1635+
volumes=["/tmp/defaults/"], name=splunk_container_name,
1636+
environment={"DEBUG": "true",
1637+
"SPLUNK_START_ARGS": "--accept-license",
1638+
"SPLUNK_PASSWORD": password},
1639+
host_config=self.client.create_host_config(binds=[FIXTURES_DIR + ":/tmp/defaults/"],
1640+
port_bindings={8089: ("0.0.0.0",), 8088: ("0.0.0.0",)})
1641+
)
1642+
cid = cid.get("Id")
1643+
self.client.start(cid)
1644+
# Poll for the container to be ready
1645+
assert self.wait_for_containers(1, name=splunk_container_name)
1646+
# Check splunkd
1647+
assert self.check_splunkd("admin", password)
1648+
# Check if the created file exists
1649+
exec_command = self.client.exec_create(cid, "cat /opt/splunk/etc/apps/splunk_httpinput/local/inputs.conf", user="splunk")
1650+
std_out = self.client.exec_start(exec_command)
1651+
assert "[http://splunk_hec_token]" in std_out
1652+
assert "serverCert = /tmp/defaults/cert.pem" in std_out
1653+
assert "sslPassword = " in std_out
1654+
# Check HEC using the custom certs
1655+
hec_port = self.client.port(cid, 8088)[0]["HostPort"]
1656+
url = "https://localhost:{}/services/collector/event".format(hec_port)
1657+
kwargs = {"json": {"event": "hello world"}, "headers": {"Authorization": "Splunk doyouwannadevelopanapp"}, "verify": "{}/cacert.pem".format(FIXTURES_DIR)}
1658+
status, content = self.handle_request_retry("POST", url, kwargs)
1659+
assert status == 200
1660+
except Exception as e:
1661+
self.logger.error(e)
1662+
raise e
1663+
finally:
1664+
if cid:
1665+
self.client.remove_container(cid, v=True, force=True)
1666+
files = [
1667+
os.path.join(FIXTURES_DIR, "ca.key"),
1668+
os.path.join(FIXTURES_DIR, "ca.csr"),
1669+
os.path.join(FIXTURES_DIR, "ca.pem"),
1670+
os.path.join(FIXTURES_DIR, "cacert.pem"),
1671+
os.path.join(FIXTURES_DIR, "server.key"),
1672+
os.path.join(FIXTURES_DIR, "server.csr"),
1673+
os.path.join(FIXTURES_DIR, "server.pem"),
1674+
os.path.join(FIXTURES_DIR, "cert.pem"),
1675+
os.path.join(FIXTURES_DIR, "default.yml")
1676+
]
1677+
self.cleanup_files(files)
1678+
1679+
def test_adhoc_1uf_hec_custom_cert(self):
1680+
# Generate default.yml
1681+
cid = self.client.create_container(self.UF_IMAGE_NAME, tty=True, command="create-defaults")
1682+
self.client.start(cid.get("Id"))
1683+
output = self.get_container_logs(cid.get("Id"))
1684+
self.client.remove_container(cid.get("Id"), v=True, force=True)
1685+
# Commands to generate self-signed certificates for Splunk here: https://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkforwardingtousesignedcertificates
1686+
passphrase = "glootie"
1687+
cmds = [
1688+
"openssl genrsa -aes256 -passout pass:{pw} -out {path}/ca.key 2048".format(pw=passphrase, path=FIXTURES_DIR),
1689+
"openssl req -new -key {path}/ca.key -passin pass:{pw} -out {path}/ca.csr -subj /CN=localhost".format(pw=passphrase, path=FIXTURES_DIR),
1690+
"openssl x509 -req -in {path}/ca.csr -sha512 -passin pass:{pw} -signkey {path}/ca.key -CAcreateserial -out {path}/ca.pem -days 3".format(pw=passphrase, path=FIXTURES_DIR),
1691+
"openssl genrsa -aes256 -passout pass:{pw} -out {path}/server.key 2048".format(pw=passphrase, path=FIXTURES_DIR),
1692+
"openssl req -new -passin pass:{pw} -key {path}/server.key -out {path}/server.csr -subj /CN=localhost".format(pw=passphrase, path=FIXTURES_DIR),
1693+
"openssl x509 -req -passin pass:{pw} -in {path}/server.csr -SHA256 -CA {path}/ca.pem -CAkey {path}/ca.key -CAcreateserial -out {path}/server.pem -days 3".format(pw=passphrase, path=FIXTURES_DIR),
1694+
"cat {path}/server.pem {path}/server.key {path}/ca.pem > {path}/cert.pem".format(path=FIXTURES_DIR),
1695+
"cat {path}/server.pem {path}/ca.pem > {path}/cacert.pem".format(path=FIXTURES_DIR)
1696+
]
1697+
for cmd in cmds:
1698+
execute_cmd = subprocess.check_output(["/bin/sh", "-c", cmd])
1699+
# Update s2s ssl settings
1700+
output = re.sub(r''' hec:.*? token: .*?\n''', r''' hec:
1701+
enable: True
1702+
port: 8088
1703+
ssl: True
1704+
token: doyouwannadevelopanapp
1705+
cert: /tmp/defaults/cert.pem
1706+
password: {}\n'''.format(passphrase), output, flags=re.DOTALL)
1707+
# Write the default.yml to a file
1708+
with open(os.path.join(FIXTURES_DIR, "default.yml"), "w") as f:
1709+
f.write(output)
1710+
# Create the container and mount the default.yml
1711+
cid = None
1712+
try:
1713+
splunk_container_name = generate_random_string()
1714+
password = "helloworld"
1715+
cid = self.client.create_container(self.UF_IMAGE_NAME, tty=True, ports=[8088, 8089],
1716+
volumes=["/tmp/defaults/"], name=splunk_container_name,
1717+
environment={"DEBUG": "true",
1718+
"SPLUNK_START_ARGS": "--accept-license",
1719+
"SPLUNK_PASSWORD": password},
1720+
host_config=self.client.create_host_config(binds=[FIXTURES_DIR + ":/tmp/defaults/"],
1721+
port_bindings={8089: ("0.0.0.0",), 8088: ("0.0.0.0",)})
1722+
)
1723+
cid = cid.get("Id")
1724+
self.client.start(cid)
1725+
# Poll for the container to be ready
1726+
assert self.wait_for_containers(1, name=splunk_container_name)
1727+
# Check splunkd
1728+
assert self.check_splunkd("admin", password)
1729+
# Check if the created file exists
1730+
exec_command = self.client.exec_create(cid, "cat /opt/splunkforwarder/etc/apps/splunk_httpinput/local/inputs.conf", user="splunk")
1731+
std_out = self.client.exec_start(exec_command)
1732+
assert "[http://splunk_hec_token]" in std_out
1733+
assert "serverCert = /tmp/defaults/cert.pem" in std_out
1734+
assert "sslPassword = " in std_out
1735+
# Check HEC using the custom certs
1736+
hec_port = self.client.port(cid, 8088)[0]["HostPort"]
1737+
url = "https://localhost:{}/services/collector/event".format(hec_port)
1738+
kwargs = {"json": {"event": "hello world"}, "headers": {"Authorization": "Splunk doyouwannadevelopanapp"}, "verify": "{}/cacert.pem".format(FIXTURES_DIR)}
1739+
status, content = self.handle_request_retry("POST", url, kwargs)
1740+
assert status == 200
1741+
except Exception as e:
1742+
self.logger.error(e)
1743+
raise e
1744+
finally:
1745+
if cid:
1746+
self.client.remove_container(cid, v=True, force=True)
1747+
files = [
1748+
os.path.join(FIXTURES_DIR, "ca.key"),
1749+
os.path.join(FIXTURES_DIR, "ca.csr"),
1750+
os.path.join(FIXTURES_DIR, "ca.pem"),
1751+
os.path.join(FIXTURES_DIR, "cacert.pem"),
1752+
os.path.join(FIXTURES_DIR, "server.key"),
1753+
os.path.join(FIXTURES_DIR, "server.csr"),
1754+
os.path.join(FIXTURES_DIR, "server.pem"),
1755+
os.path.join(FIXTURES_DIR, "cert.pem"),
1756+
os.path.join(FIXTURES_DIR, "default.yml")
1757+
]
1758+
self.cleanup_files(files)
1759+
15981760
def test_adhoc_1so_hec_ssl_disabled(self):
15991761
# Create the container
16001762
cid = None
16011763
try:
16021764
splunk_container_name = generate_random_string()
16031765
cid = self.client.create_container(self.SPLUNK_IMAGE_NAME, tty=True, ports=[8089, 8088],
1604-
volumes=["/tmp/defaults/"], name=splunk_container_name,
1766+
name=splunk_container_name,
16051767
environment={
16061768
"DEBUG": "true",
16071769
"SPLUNK_START_ARGS": "--accept-license",
@@ -1640,7 +1802,7 @@ def test_adhoc_1uf_hec_ssl_disabled(self):
16401802
try:
16411803
splunk_container_name = generate_random_string()
16421804
cid = self.client.create_container(self.UF_IMAGE_NAME, tty=True, ports=[8089, 8088],
1643-
volumes=["/tmp/defaults/"], name=splunk_container_name,
1805+
name=splunk_container_name,
16441806
environment={
16451807
"DEBUG": "true",
16461808
"SPLUNK_START_ARGS": "--accept-license",

0 commit comments

Comments
 (0)