Merge pull request #1751 from nsdavidson/add-oracle-session

Add an oracle_session resource
This commit is contained in:
Dominik Richter 2017-05-09 13:21:53 +02:00 committed by GitHub
commit 00682eb2d2
4 changed files with 129 additions and 0 deletions

View file

@ -0,0 +1,71 @@
---
title: About the oracledb_session Resource
---
# oracledb_session
Use the `oracledb_session` InSpec audit resource to test SQL commands run against a Oracle database.
## Syntax
A `oracledb_session` resource block declares the username and password to use for the session with an optional service to connect to, and then the command to be run:
describe oracledb_session(user: 'username', pass: 'password').query('QUERY') do
its('output') { should eq('') }
end
where
* `oracledb_session` declares a username and password with permission to run the query (required), and an optional parameters for host (default: `localhost`), SID (default: `nil`, which uses the default SID, and path to the sqlplus binary (default: `sqlplus`).
* `query('QUERY')` contains the query to be run
* `its('output') { should eq('') }` compares the results of the query against the expected result in the test
## Matchers
This InSpec audit resource has the following matchers:
### be
<%= partial "/shared/matcher_be" %>
### cmp
<%= partial "/shared/matcher_cmp" %>
### eq
<%= partial "/shared/matcher_eq" %>
### include
<%= partial "/shared/matcher_include" %>
### match
<%= partial "/shared/matcher_match" %>
### output
The `output` matcher tests the results of the query:
its('output') { should eq(/^0/) }
## Examples
The following examples show how to use this InSpec audit resource.
### Test for matching databases
sql = oracledb_session(user: 'my_user', pass: 'password')
describe sql.query('SELECT NAME FROM v$database;') do
its('stdout') { should_not match(/test/) }
end
### Test for matching databases with custom host, SID and sqlplus binary location
sql = oracledb_session(user: 'my_user', pass: 'password', host: 'oraclehost', sid: 'mysid', sqlplus_bin: '/u01/app/oracle/product/12.1.0/dbhome_1/bin/sqlplus')
describe sql.query('SELECT NAME FROM v$database;') do
its('stdout') { should_not match(/test/) }
end

View file

@ -114,6 +114,7 @@ require 'resources/mysql_session'
require 'resources/npm' require 'resources/npm'
require 'resources/ntp_conf' require 'resources/ntp_conf'
require 'resources/oneget' require 'resources/oneget'
require 'resources/oracledb_session'
require 'resources/os' require 'resources/os'
require 'resources/os_env' require 'resources/os_env'
require 'resources/package' require 'resources/package'

View file

@ -0,0 +1,42 @@
# encoding: utf-8
# author: Nolan Davidson
# license: All rights reserved
module Inspec::Resources
class OracledbSession < Inspec.resource(1)
name 'oracledb_session'
desc 'Use the oracledb_session InSpec resource to test commands against an Oracle database'
example "
sql = oracledb_session(user: 'my_user', pass: 'password')
describe sql.query('SELECT NAME FROM v$database;') do
its('stdout') { should_not match(/test/) }
end
"
attr_reader :user, :pass, :host, :sid, :sqlplus_bin
def initialize(opts = {})
@user = opts[:user]
@pass = opts[:pass]
@host = opts[:host] || 'localhost'
@sid = opts[:sid]
@sqlplus_bin = opts[:sqlplus_bin] || 'sqlplus'
return skip_resource("Can't run Oracle checks without authentication") if @user.nil? or @pass.nil?
end
def query(q)
escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"')
cmd = inspec.command("echo \"#{escaped_query}\" | #{@sqlplus_bin} -s #{@user}/#{@pass}@#{@host}/#{@sid}")
out = cmd.stdout + "\n" + cmd.stderr
if out.downcase =~ /^error/
skip_resource("Can't connect to Oracle instance for SQL checks.")
end
cmd
end
def to_s
'Oracle Session'
end
end
end

View file

@ -0,0 +1,15 @@
# encoding: utf-8
# author: Nolan Davidson
require 'helper'
describe 'Inspec::Resources::OracledbSession' do
it 'verify oracledb_session configuration' do
resource = load_resource('oracledb_session', user: 'myuser', pass: 'mypass', host: 'oraclehost', sid: 'mysid')
_(resource.user).must_equal 'myuser'
_(resource.pass).must_equal 'mypass'
_(resource.host).must_equal 'oraclehost'
_(resource.sid).must_equal 'mysid'
_(resource.sqlplus_bin).must_equal 'sqlplus'
end
end