Dev (#23)

* fix KeyError: 'queued_msgs', added docker compose, preparing for unit tests
pyToshka · Jan 29, 2024 · ed73f27 · ed73f27
1 parent 59c1b28
commit ed73f27
Show file tree

Hide file tree

Showing 19 changed files with 770 additions and 121 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -19,5 +19,5 @@ docs/
 docker-compose.yaml
 Dockerfile
 venv
-tests
 *.json
+tests/*
diff --git a/.gitignore b/.gitignore
@@ -2,7 +2,7 @@
 __pycache__/
 *.py[cod]
 *$py.class
-vault
 config.json
 curator.yml
 data
+tests/single-node/config/wazuh_indexer_ssl_certs/*
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
 -   repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.5.0
     hooks:
     -   id: check-yaml
         args: [--allow-multiple-documents]
@@ -10,17 +10,14 @@ repos:
     -   id: check-merge-conflict
     -   id: mixed-line-ending
         args: [--fix=lf]
+
 - repo: https://github.com/ambv/black
-  rev: 22.6.0
-  hooks:
-    - id: black
-- repo: https://github.com/ambv/black
-  rev: 22.6.0
+  rev: 24.1.1
   hooks:
   - id: black
     language_version: python3.8
 - repo: https://github.com/pre-commit/pygrep-hooks
-  rev: v1.9.0
+  rev: v1.10.0
   hooks:
   - id: python-use-type-annotations
   - id: python-check-blanket-noqa
@@ -29,22 +26,19 @@ repos:
   - id: rst-backticks
   - id: text-unicode-replacement-char
 - repo: https://github.com/jumanjihouse/pre-commit-hooks
-  rev: 2.1.6
+  rev: 3.0.0
   hooks:
     - id: bundler-audit
     - id: fasterer
     - id: forbid-binary
     - id: git-check
-    - id: markdownlint
     - id: reek
-    - id: require-ascii
-      exclude: '.github'
     - id: script-must-have-extension
     - id: script-must-not-have-extension
     - id: shellcheck
     - id: shfmt
 - repo: https://github.com/jorisroovers/gitlint
-  rev: 'v0.17.0'
+  rev: 'v0.19.1'
   hooks:
   - id: gitlint
 - repo: local
@@ -56,14 +50,6 @@ repos:
     entry: flake8
     types: [python]
 - repo: https://github.com/Lucas-C/pre-commit-hooks-safety
-  rev: 'v1.3.0'
+  rev: 'v1.3.3'
   hooks:
   - id: python-safety-dependencies-check
-- repo: https://github.com/PyCQA/bandit
-  rev: '1.7.4'
-  hooks:
-  - id: bandit
-- repo: https://github.com/petalmd/dockerfile-pre-commit
-  rev: 'v1.0'
-  hooks:
-  - id: dockerlint
diff --git a/Makefile b/Makefile
@@ -0,0 +1,13 @@
+.PHONY: help
+help: ## Help for usage
+	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
+
+run-local-dev: ## Run Wazuh cluster with prometheus and exporter.
+	docker compose -f tests/single-node/generate-indexer-certs.yml run --rm generator
+	docker compose -f docker-compose.yml up -d --build
+
+destroy: ## Destroy docker compose stack and cleanup
+	docker compose down --remove-orphans --rmi local -v
+	rm -rf tests/single-node/config/wazuh_indexer_ssl_certs/*
+test: ## Run unit tests
+	pytest  -v  --cov=. --cov-report xml --cov-report html -n auto --capture=sys -x --tb=long
diff --git a/README.md b/README.md
@@ -48,4 +48,3 @@ kubectl apply -f deployment.yaml -n wazuh
 ## Support project
 
 <a href="https://www.buymeacoffee.com/pyToshka" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png" alt="Buy Me A Coffee" style="height: 60px !important;width: 217px !important;" ></a>
-
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,154 @@
+# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+version: '3.9'  # optional since Compose v1.27.0
+services:
+  prometheus:
+    container_name: prometheus
+    image: prom/prometheus
+    user: "65534"
+    ports:
+      - "9090:9090"
+    depends_on:
+      - exporter
+    volumes:
+      - prometheus:/prometheus
+      - ./tests/config/prometheus/:/etc/prometheus/
+  exporter:
+    build:
+      context: .
+    image: exporter
+    restart: always
+    environment:
+        - WAZUH_API_HOST=wazuh.manager
+        - WAZUH_API_PORT=55000
+        - WAZUH_API_USERNAME=wazuh-wui
+        - WAZUH_API_PASSWORD=MyS3cr37P450r.*-
+    ports:
+      - 5000:5000
+  wazuh-minideb-agent:
+    image: opennix/wazuh-agent:${AGENT_VERSION:-4.7.1}
+    hostname: wazuh-agent
+    restart: always
+    environment:
+      - JOIN_MANAGER_MASTER_HOST=wazuh.manager
+      - JOIN_MANAGER_WORKER_HOST=wazuh.manager
+      - JOIN_MANAGER_USER=wazuh-wui
+      - JOIN_MANAGER_PASSWORD=MyS3cr37P450r.*-
+    depends_on:
+       wazuh.manager:
+         condition: service_healthy
+  wazuh.manager:
+    image: wazuh/wazuh-manager:${WAZUH_CLUSTER_VERSION:-4.7.0}
+    hostname: wazuh.manager
+    restart: always
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 655360
+        hard: 655360
+    ports:
+      - "1514:1514"
+      - "1515:1515"
+      - "514:514/udp"
+      - "55000:55000"
+    environment:
+      - INDEXER_URL=https://wazuh.indexer:9200
+      - INDEXER_USERNAME=admin
+      - INDEXER_PASSWORD=SecretPassword
+      - FILEBEAT_SSL_VERIFICATION_MODE=full
+      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
+      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
+      - SSL_KEY=/etc/ssl/filebeat.key
+      - API_USERNAME=wazuh-wui
+      - API_PASSWORD=MyS3cr37P450r.*-
+    volumes:
+      - wazuh_api_configuration:/var/ossec/api/configuration
+      - wazuh_etc:/var/ossec/etc
+      - wazuh_logs:/var/ossec/logs
+      - wazuh_queue:/var/ossec/queue
+      - wazuh_var_multigroups:/var/ossec/var/multigroups
+      - wazuh_integrations:/var/ossec/integrations
+      - wazuh_active_response:/var/ossec/active-response/bin
+      - wazuh_agentless:/var/ossec/agentless
+      - wazuh_wodles:/var/ossec/wodles
+      - filebeat_etc:/etc/filebeat
+      - filebeat_var:/var/lib/filebeat
+      - ./tests/single-node/config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
+      - ./tests/single-node/config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
+      - ./tests/single-node/config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
+      - ./tests/single-node/config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
+    healthcheck:
+      test: curl -k --silent https://wazuh.indexer:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
+      interval: 30s
+      timeout: 10s
+      retries: 10
+  wazuh.indexer:
+    image: wazuh/wazuh-indexer:${WAZUH_CLUSTER_VERSION:-4.7.0}
+    hostname: wazuh.indexer
+    restart: always
+    ports:
+      - "9200:9200"
+    environment:
+      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    volumes:
+      - wazuh-indexer-data:/var/lib/wazuh-indexer
+      - ./tests/single-node/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
+      - ./tests/single-node/config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key
+      - ./tests/single-node/config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
+      - ./tests/single-node/config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
+      - ./tests/single-node/config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
+      - ./tests/single-node/config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      - ./tests/single-node/config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+
+  wazuh.dashboard:
+    image: wazuh/wazuh-dashboard:${WAZUH_CLUSTER_VERSION:-4.7.0}
+    hostname: wazuh.dashboard
+    restart: always
+    ports:
+      - 443:5601
+    environment:
+      - INDEXER_USERNAME=admin
+      - INDEXER_PASSWORD=SecretPassword
+      - WAZUH_API_URL=https://wazuh.manager
+      - DASHBOARD_USERNAME=kibanaserver
+      - DASHBOARD_PASSWORD=kibanaserver
+      - API_USERNAME=wazuh-wui
+      - API_PASSWORD=MyS3cr37P450r.*-
+    volumes:
+      - ./tests/single-node/config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
+      - ./tests/single-node/config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
+      - ./tests/single-node/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
+      - ./tests/single-node/config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+      - ./tests/single-node/config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
+      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
+    depends_on:
+      - wazuh.indexer
+    links:
+      - wazuh.indexer:wazuh.indexer
+      - wazuh.manager:wazuh.manager
+
+volumes:
+  wazuh_api_configuration:
+  wazuh_etc:
+  wazuh_logs:
+  wazuh_queue:
+  wazuh_var_multigroups:
+  wazuh_integrations:
+  wazuh_active_response:
+  wazuh_agentless:
+  wazuh_wodles:
+  filebeat_etc:
+  filebeat_var:
+  wazuh-indexer-data:
+  wazuh-dashboard-config:
+  wazuh-dashboard-custom:
+  prometheus: