akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity

chore: clean .gitignore cache

Browse Source
This commit is contained in:
GitHub Actions
2026-01-26 19:21:33 +00:00
parent 1b1b3a70b1
commit e5f0fec5db
1483 changed files with 0 additions and 472793 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
docs/reports/qa_crowdsec_startup_test_failure.md
View File

@@ -1,97 +0,0 @@
# QA Report: CrowdSec Startup Integration Test Failure
**Date:** December 15, 2025
**Agent:** QA_Security
**Status:****TEST FAILURE - ROOT CAUSE IDENTIFIED**
**Severity:** Medium (Test configuration issue, not a product defect)
---
## Executive Summary
The CrowdSec startup integration test (`scripts/crowdsec_startup_test.sh`) is **failing by design**, not due to a bug. The test expects CrowdSec LAPI to be available on port 8085, but CrowdSec is intentionally **not auto-started** in the current architecture. The system uses **GUI-controlled lifecycle management** instead of environment variable-based auto-start.
**Test Failure:**
```
✗ FAIL: LAPI health check failed (port 8085 not responding)
```
**Root Cause:** The test script sets `CERBERUS_SECURITY_CROWDSEC_MODE=local`, expecting CrowdSec to auto-start during container initialization. However, this behavior was **intentionally removed** in favor of GUI toggle control.
---
## Root Cause Analysis
### 1. Architecture Change: Environment Variables → GUI Control
**File:** [docker-entrypoint.sh](../../docker-entrypoint.sh#L110-L126)
```bash
# CrowdSec Lifecycle Management:
# CrowdSec configuration is initialized above (symlinks, directories, hub updates)
# However, the CrowdSec agent is NOT auto-started in the entrypoint.
# Instead, CrowdSec lifecycle is managed by the backend handlers via GUI controls.
```
**Design Decision:**
-**Configuration is initialized** during startup
-**Process is NOT started** until GUI toggle is used
- 🎯 **Rationale:** Consistent UX with other security features
### 2. Environment Variable Mismatch
Test uses: `CERBERUS_SECURITY_CROWDSEC_MODE`
Entrypoint checks: `SECURITY_CROWDSEC_MODE`
**Impact:** Hub items not installed during test initialization.
### 3. Reconciliation Function Does Not Auto-Start for Fresh Containers
For a **fresh container** (empty database):
- ❌ No `SecurityConfig` record exists
- ❌ No `Settings` record exists
- 🎯 **Result:** Reconciliation creates default config with `CrowdSecMode = "disabled"`
---
## Summary of Actionable Remediation Steps
### Immediate (Fix Test Failure)
**Priority: P0 (Blocks CI/CD)**
1. **Update Test Environment Variable** (`scripts/crowdsec_startup_test.sh:124`)
```bash
# Change from:
-e CERBERUS_SECURITY_CROWDSEC_MODE=local \
# To:
-e SECURITY_CROWDSEC_MODE=local \
```
2. **Add Database Seeding to Test** (after container start, before checks)
```bash
# Pre-seed database to trigger reconciliation
docker exec ${CONTAINER_NAME} sqlite3 /app/data/charon.db \
"INSERT INTO settings (key, value, category, type) VALUES ('security.crowdsec.enabled', 'true', 'security', 'bool');"
# Restart container to trigger reconciliation
docker restart ${CONTAINER_NAME}
sleep 30 # Wait for CrowdSec to start via reconciliation
```
3. **Fix Bash Integer Comparisons** (lines 152, 221, 247)
```bash
FATAL_ERROR_COUNT=${FATAL_ERROR_COUNT:-0}
if [ "$FATAL_ERROR_COUNT" -ge 1 ] 2>/dev/null; then
```
---
**Report Prepared By:** QA_Security Agent
**Date:** December 15, 2025