fix crowdsecurity#1742 : Allow QueryCAPIStatus to return as well enro…

…llment status (crowdsecurity#3159) * fix crowdsecurity#1742 : Allow QueryCAPIStatus to return as well enrollment status --------- Co-authored-by: marco <marco@crowdsec.net>
mmetc · Aug 5, 2024 · 6bd4096 · 6bd4096
1 parent 136dba6
commit 6bd4096
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 20 deletions.
diff --git a/cmd/crowdsec-cli/capi.go b/cmd/crowdsec-cli/capi.go
@@ -148,28 +148,53 @@ func (cli *cliCapi) newRegisterCmd() *cobra.Command {
 	return cmd
 }
 
-// QueryCAPIStatus checks if the Local API is reachable, and if the credentials are correct
-func QueryCAPIStatus(hub *cwhub.Hub, credURL string, login string, password string) error {
+// QueryCAPIStatus checks if the Local API is reachable, and if the credentials are correct. It then checks if the instance is enrolle in the console.
+func QueryCAPIStatus(hub *cwhub.Hub, credURL string, login string, password string) (bool, bool, error) {
+
 	apiURL, err := url.Parse(credURL)
 	if err != nil {
-		return fmt.Errorf("parsing api url: %w", err)
+		return false, false, fmt.Errorf("parsing api url: %w", err)
 	}
 
 	scenarios, err := hub.GetInstalledNamesByType(cwhub.SCENARIOS)
 	if err != nil {
-		return fmt.Errorf("failed to get scenarios: %w", err)
+		return false, false, fmt.Errorf("failed to get scenarios: %w", err)
 	}
 
 	if len(scenarios) == 0 {
-		return errors.New("no scenarios installed, abort")
+		return false, false, errors.New("no scenarios installed, abort")
 	}
 
-	client, err := apiclient.NewDefaultClient(apiURL,
-		CAPIURLPrefix,
-		cwversion.UserAgent(),
-		nil)
+	passwd := strfmt.Password(password)
+
+	client, err := apiclient.NewClient(&apiclient.Config{
+		MachineID: login,
+		Password:  passwd,
+		Scenarios: scenarios,
+		UserAgent: cwversion.UserAgent(),
+		URL:       apiURL,
+		//I don't believe papi is neede to check enrollement
+		//PapiURL:       papiURL,
+		VersionPrefix: "v3",
+		UpdateScenario: func() ([]string, error) {
+			l_scenarios, err := hub.GetInstalledNamesByType(cwhub.SCENARIOS)
+			if err != nil {
+				return nil, err
+			}
+			appsecRules, err := hub.GetInstalledNamesByType(cwhub.APPSEC_RULES)
+			if err != nil {
+				return nil, err
+			}
+			ret := make([]string, 0, len(l_scenarios)+len(appsecRules))
+			ret = append(ret, l_scenarios...)
+			ret = append(ret, appsecRules...)
+
+			return ret, nil
+		},
+	})
+
 	if err != nil {
-		return fmt.Errorf("init default client: %w", err)
+		return false, false, fmt.Errorf("new client api: %w", err)
 	}
 
 	pw := strfmt.Password(password)
@@ -180,12 +205,18 @@ func QueryCAPIStatus(hub *cwhub.Hub, credURL string, login string, password stri
 		Scenarios: scenarios,
 	}
 
-	_, _, err = client.Auth.AuthenticateWatcher(context.Background(), t)
+	authResp, _, err := client.Auth.AuthenticateWatcher(context.Background(), t)
 	if err != nil {
-		return err
+		return false, false, err
 	}
 
-	return nil
+	client.GetClient().Transport.(*apiclient.JWTTransport).Token = authResp.Token
+
+	if client.IsEnrolled() {
+		return true, true, nil
+	}
+	return true, false, nil
+
 }
 
 func (cli *cliCapi) status() error {
@@ -205,12 +236,17 @@ func (cli *cliCapi) status() error {
 	log.Infof("Loaded credentials from %s", cfg.API.Server.OnlineClient.CredentialsFilePath)
 	log.Infof("Trying to authenticate with username %s on %s", cred.Login, cred.URL)
 
-	if err := QueryCAPIStatus(hub, cred.URL, cred.Login, cred.Password); err != nil {
-		return fmt.Errorf("failed to authenticate to Central API (CAPI): %w", err)
-	}
-
-	log.Info("You can successfully interact with Central API (CAPI)")
+	auth, enrolled, err := QueryCAPIStatus(hub, cred.URL, cred.Login, cred.Password)
 
+	if err != nil {
+		return fmt.Errorf("CAPI: failed to authenticate to Central API (CAPI): %s", err)
+	}
+	if auth {
+		log.Info("You can successfully interact with Central API (CAPI)")
+	}
+	if enrolled {
+		log.Info("Your instance is enrolled in the console")
+	}
 	return nil
 }
 

diff --git a/cmd/crowdsec-cli/support.go b/cmd/crowdsec-cli/support.go
@@ -260,11 +260,17 @@ func (cli *cliSupport) dumpCAPIStatus(zw *zip.Writer, hub *cwhub.Hub) error {
 	fmt.Fprintf(out, "CAPI URL: %s\n", cred.URL)
 	fmt.Fprintf(out, "CAPI username: %s\n", cred.Login)
 
-	if err := QueryCAPIStatus(hub, cred.URL, cred.Login, cred.Password); err != nil {
+	auth, enrolled, err := QueryCAPIStatus(hub, cred.URL, cred.Login, cred.Password)
+	if err != nil {
 		return fmt.Errorf("could not authenticate to Central API (CAPI): %w", err)
 	}
+	if auth {
+		fmt.Fprintln(out, "You can successfully interact with Central API (CAPI)")
+	}
 
-	fmt.Fprintln(out, "You can successfully interact with Central API (CAPI)")
+	if enrolled {
+		fmt.Fprintln(out, "Your instance is enrolled in the console")
+	}
 
 	cli.writeToZip(zw, SUPPORT_CAPI_STATUS_PATH, time.Now(), out)