mirror of
https://github.com/inspec/inspec
synced 2024-11-23 21:23:29 +00:00
Merge pull request #1751 from nsdavidson/add-oracle-session
Add an oracle_session resource
This commit is contained in:
commit
00682eb2d2
4 changed files with 129 additions and 0 deletions
71
docs/resources/oracledb_session.md.erb
Normal file
71
docs/resources/oracledb_session.md.erb
Normal file
|
@ -0,0 +1,71 @@
|
||||||
|
---
|
||||||
|
title: About the oracledb_session Resource
|
||||||
|
---
|
||||||
|
|
||||||
|
# oracledb_session
|
||||||
|
|
||||||
|
Use the `oracledb_session` InSpec audit resource to test SQL commands run against a Oracle database.
|
||||||
|
|
||||||
|
## Syntax
|
||||||
|
|
||||||
|
A `oracledb_session` resource block declares the username and password to use for the session with an optional service to connect to, and then the command to be run:
|
||||||
|
|
||||||
|
describe oracledb_session(user: 'username', pass: 'password').query('QUERY') do
|
||||||
|
its('output') { should eq('') }
|
||||||
|
end
|
||||||
|
|
||||||
|
where
|
||||||
|
|
||||||
|
* `oracledb_session` declares a username and password with permission to run the query (required), and an optional parameters for host (default: `localhost`), SID (default: `nil`, which uses the default SID, and path to the sqlplus binary (default: `sqlplus`).
|
||||||
|
* `query('QUERY')` contains the query to be run
|
||||||
|
* `its('output') { should eq('') }` compares the results of the query against the expected result in the test
|
||||||
|
|
||||||
|
## Matchers
|
||||||
|
|
||||||
|
This InSpec audit resource has the following matchers:
|
||||||
|
|
||||||
|
### be
|
||||||
|
|
||||||
|
<%= partial "/shared/matcher_be" %>
|
||||||
|
|
||||||
|
### cmp
|
||||||
|
|
||||||
|
<%= partial "/shared/matcher_cmp" %>
|
||||||
|
|
||||||
|
### eq
|
||||||
|
|
||||||
|
<%= partial "/shared/matcher_eq" %>
|
||||||
|
|
||||||
|
### include
|
||||||
|
|
||||||
|
<%= partial "/shared/matcher_include" %>
|
||||||
|
|
||||||
|
### match
|
||||||
|
|
||||||
|
<%= partial "/shared/matcher_match" %>
|
||||||
|
|
||||||
|
### output
|
||||||
|
|
||||||
|
The `output` matcher tests the results of the query:
|
||||||
|
|
||||||
|
its('output') { should eq(/^0/) }
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
The following examples show how to use this InSpec audit resource.
|
||||||
|
|
||||||
|
### Test for matching databases
|
||||||
|
|
||||||
|
sql = oracledb_session(user: 'my_user', pass: 'password')
|
||||||
|
|
||||||
|
describe sql.query('SELECT NAME FROM v$database;') do
|
||||||
|
its('stdout') { should_not match(/test/) }
|
||||||
|
end
|
||||||
|
|
||||||
|
### Test for matching databases with custom host, SID and sqlplus binary location
|
||||||
|
|
||||||
|
sql = oracledb_session(user: 'my_user', pass: 'password', host: 'oraclehost', sid: 'mysid', sqlplus_bin: '/u01/app/oracle/product/12.1.0/dbhome_1/bin/sqlplus')
|
||||||
|
|
||||||
|
describe sql.query('SELECT NAME FROM v$database;') do
|
||||||
|
its('stdout') { should_not match(/test/) }
|
||||||
|
end
|
|
@ -114,6 +114,7 @@ require 'resources/mysql_session'
|
||||||
require 'resources/npm'
|
require 'resources/npm'
|
||||||
require 'resources/ntp_conf'
|
require 'resources/ntp_conf'
|
||||||
require 'resources/oneget'
|
require 'resources/oneget'
|
||||||
|
require 'resources/oracledb_session'
|
||||||
require 'resources/os'
|
require 'resources/os'
|
||||||
require 'resources/os_env'
|
require 'resources/os_env'
|
||||||
require 'resources/package'
|
require 'resources/package'
|
||||||
|
|
42
lib/resources/oracledb_session.rb
Normal file
42
lib/resources/oracledb_session.rb
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
# encoding: utf-8
|
||||||
|
# author: Nolan Davidson
|
||||||
|
# license: All rights reserved
|
||||||
|
|
||||||
|
module Inspec::Resources
|
||||||
|
class OracledbSession < Inspec.resource(1)
|
||||||
|
name 'oracledb_session'
|
||||||
|
desc 'Use the oracledb_session InSpec resource to test commands against an Oracle database'
|
||||||
|
example "
|
||||||
|
sql = oracledb_session(user: 'my_user', pass: 'password')
|
||||||
|
describe sql.query('SELECT NAME FROM v$database;') do
|
||||||
|
its('stdout') { should_not match(/test/) }
|
||||||
|
end
|
||||||
|
"
|
||||||
|
|
||||||
|
attr_reader :user, :pass, :host, :sid, :sqlplus_bin
|
||||||
|
|
||||||
|
def initialize(opts = {})
|
||||||
|
@user = opts[:user]
|
||||||
|
@pass = opts[:pass]
|
||||||
|
@host = opts[:host] || 'localhost'
|
||||||
|
@sid = opts[:sid]
|
||||||
|
@sqlplus_bin = opts[:sqlplus_bin] || 'sqlplus'
|
||||||
|
return skip_resource("Can't run Oracle checks without authentication") if @user.nil? or @pass.nil?
|
||||||
|
end
|
||||||
|
|
||||||
|
def query(q)
|
||||||
|
escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"')
|
||||||
|
cmd = inspec.command("echo \"#{escaped_query}\" | #{@sqlplus_bin} -s #{@user}/#{@pass}@#{@host}/#{@sid}")
|
||||||
|
out = cmd.stdout + "\n" + cmd.stderr
|
||||||
|
if out.downcase =~ /^error/
|
||||||
|
skip_resource("Can't connect to Oracle instance for SQL checks.")
|
||||||
|
end
|
||||||
|
|
||||||
|
cmd
|
||||||
|
end
|
||||||
|
|
||||||
|
def to_s
|
||||||
|
'Oracle Session'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
15
test/unit/resources/oracledb_session_test.rb
Normal file
15
test/unit/resources/oracledb_session_test.rb
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
# encoding: utf-8
|
||||||
|
# author: Nolan Davidson
|
||||||
|
|
||||||
|
require 'helper'
|
||||||
|
|
||||||
|
describe 'Inspec::Resources::OracledbSession' do
|
||||||
|
it 'verify oracledb_session configuration' do
|
||||||
|
resource = load_resource('oracledb_session', user: 'myuser', pass: 'mypass', host: 'oraclehost', sid: 'mysid')
|
||||||
|
_(resource.user).must_equal 'myuser'
|
||||||
|
_(resource.pass).must_equal 'mypass'
|
||||||
|
_(resource.host).must_equal 'oraclehost'
|
||||||
|
_(resource.sid).must_equal 'mysid'
|
||||||
|
_(resource.sqlplus_bin).must_equal 'sqlplus'
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in a new issue