inspec/docs/resources/mssql_session.md.erb

80 lines
2 KiB
Text
Raw Normal View History

---
title: About the mssql_session Resource
---
# mssql_session
Use the `mssql_session` InSpec audit resource to test SQL commands run against a Microsoft SQL database.
## Syntax
A `mssql_session` resource block declares the username and password to use for the session, and then the command to be run:
describe mssql_session(user: 'username', pass: 'password').query('QUERY') do
its('output') { should eq('') }
end
where
* `mssql_session` declares a username and password with permission to run the query. Omitting the username or password parameters results in the use of Windows authentication as the user InSpec is executing as. You may also optionally pass a host and instance name. If omitted, they will default to host: localhost and the default instance.
* `query('QUERY')` contains the query to be run
* `its('output') { should eq('') }` compares the results of the query against the expected result in the test
## Matchers
This InSpec audit resource has the following matchers:
### be
<%= partial "/shared/matcher_be" %>
### cmp
<%= partial "/shared/matcher_cmp" %>
### eq
<%= partial "/shared/matcher_eq" %>
### include
<%= partial "/shared/matcher_include" %>
### match
<%= partial "/shared/matcher_match" %>
### output
The `output` matcher tests the results of the query:
its('output') { should eq(/^0/) }
## Examples
The following examples show how to use this InSpec audit resource.
### Test for matching databases
sql = mssql_session(user: 'my_user', pass: 'password')
describe sql.query('show databases like \'test\';') do
its('stdout') { should_not match(/test/) }
end
### Test using Windows authentication
sql = mssql_session
describe sql.query('show databases like \'test\';') do
its('stdout') { should_not match(/test/) }
end
### Test a specific host and instance
sql = mssql_session(user: 'my_user', pass: 'password', host: 'mssqlserver', instance: 'foo')
describe sql.query('show databases like \'test\';') do
its('stdout') { should_not match(/test/) }
end