QA Audit Report: CrowdSec Console Enrollment CAPI Fix

Date: December 11, 2025 Auditor: GitHub Copilot

Summary

A QA audit was performed on the changes to ensure CAPI registration before CrowdSec console enrollment. The changes involved adding a check for online_api_credentials.yaml and running cscli capi register if it's missing.

Scope

backend/internal/crowdsec/console_enroll.go
backend/internal/crowdsec/console_enroll_test.go

Verification Steps

1. Code Review

File: backend/internal/crowdsec/console_enroll.go
- Verified ensureCAPIRegistered method checks for online_api_credentials.yaml.
- Verified ensureCAPIRegistered runs cscli capi register with correct arguments if file is missing.
- Verified Enroll calls ensureCAPIRegistered before enrollment.
File: backend/internal/crowdsec/console_enroll_test.go
- Verified stubEnvExecutor updated to handle multiple calls and return different responses.
- Verified TestConsoleEnrollSuccess asserts capi register is called.
- Verified TestConsoleEnrollIdempotentWhenAlreadyEnrolled asserts correct behavior.
- Verified TestConsoleEnrollFailureRedactsSecret asserts correct behavior with mocked responses.

2. Automated Checks

Tests: Ran go test ./internal/crowdsec/... -v.
- Result: Passed.

Conclusion

The changes have been verified and all tests pass. The implementation correctly ensures CAPI is registered before attempting console enrollment, addressing the reported issue.

1.5 KiB Raw Blame History