diff --git a/test/falco_test.py b/test/falco_test.py index c9d845a5..a9d4d44e 100644 --- a/test/falco_test.py +++ b/test/falco_test.py @@ -525,7 +525,7 @@ class FalcoTest(Test): if not self.is_grpc_using_unix_socket: self.fail("This test suite supports gRPC with unix socket only") - cmdline = "grpcurl -import-path ../userspace/falco " \ + cmdline = "grpcurl -format text -import-path ../userspace/falco " \ "-proto {} -plaintext -unix {} " \ "{}/{}".format(self.grpc_proto, self.grpc_address, self.grpc_service, self.grpc_method) @@ -554,14 +554,13 @@ class FalcoTest(Test): for exp_result in self.grpc_results: found = False for line in self.grpcurl_res.stdout.decode("utf-8").splitlines(): - match = re.search(exp_result, line) - - if match is not None: + if exp_result in line: found = True + break if found == False: self.fail( - "Could not find a line '{}' in gRPC responses".format(exp_result)) + "Could not find a line with '{}' in gRPC responses (protobuf text".format(exp_result)) def test(self): self.log.info("Trace file %s", self.trace_file) diff --git a/test/falco_tests.yaml b/test/falco_tests.yaml index a1609fbc..0bc41a33 100644 --- a/test/falco_tests.yaml +++ b/test/falco_tests.yaml @@ -706,8 +706,20 @@ trace_files: !mux proto: outputs.proto service: falco.outputs.service method: get + # protobuf text format results: - - "Warning An open was seen" + - "seconds:1470327477 nanos:881781397" + - "priority: WARNING" + - "rule: \"open_from_cat\"" + - "output: \"18:17:57.881781397: Warning An open was seen (command=cat /dev/null)\"" + # output fields + - "key: \"evt.time\"" + - "value: \"18:17:57.881781397\"" + - "key: \"proc.cmdline\"" + - "value: \"cat /dev/null\"" + # For the hostname, since we don't know that beforehand, + # only check the field presence + - "hostname: " detect_counts: detect: True