CFINSPEC-154: Updates postgres_session resource to raise exception only in case of connection and authentication error and allow any errors in query to be fetched using output property(keeping earlier behaviour).

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
2024-09-20 06:21:56 +00:00 · 2022-03-22 13:07:28 +05:30 · 2022-03-22 13:07:28 +05:30 · 2d0d972d65
commit 2d0d972d65
parent 14203c6243
6 changed files with 97 additions and 8 deletions
--- a/lib/inspec/resources/postgres_session.rb
+++ b/lib/inspec/resources/postgres_session.rb
@ -55,8 +55,10 @@ module Inspec::Resources
      psql_cmd = create_psql_cmd(query, db)
      cmd = inspec.command(psql_cmd, redact_regex: %r{(:\/\/[a-z]*:).*(@)})
      out = cmd.stdout + "\n" + cmd.stderr
-      if cmd.exit_status != 0 || out =~ /could not connect to .*/ || out.downcase =~ /^error:.*/
-        raise Inspec::Exceptions::ResourceFailed, "PostgreSQL query with errors: #{out}"
+      if cmd.exit_status != 0 && ( out =~ /could not connect to/ || out =~ /password authentication failed/ ) && out.downcase =~ /error:/
+        raise Inspec::Exceptions::ResourceFailed, "PostgreSQL connection error: #{out}"
+      elsif cmd.exit_status != 0 && out.downcase =~ /error:/
+        Lines.new(out, "PostgreSQL query with error: #{query}")
      else
        Lines.new(cmd.stdout.strip, "PostgreSQL query: #{query}")
      end
--- a/test/fixtures/cmd/psql-connection-error
+++ b/test/fixtures/cmd/psql-connection-error
@ -0,0 +1 @@
+psql: error: could not connect to server: Connection refused\n\tIs the server running on host \"127.0.0.1\" and accepting\n\tTCP/IP connections on port 5432?\n
--- a/test/fixtures/cmd/psql-password-authentication-error
+++ b/test/fixtures/cmd/psql-password-authentication-error
@ -0,0 +1 @@
+psql: error: FATAL:  password authentication failed for user "postgres"\nFATAL:  password authentication failed for user
--- a/test/fixtures/cmd/psql-query-error
+++ b/test/fixtures/cmd/psql-query-error
@ -0,0 +1 @@
+ERROR:  must be owner of table accounts\n
--- a/test/helpers/resources.rb
+++ b/test/helpers/resources.rb
@ -50,7 +50,8 @@ module Fake
      stdout = stdout_path ? File.read(stdout_path) : ""
      stderr = stderr_path ? File.read(stderr_path) : ""

-      ::Fake::Command.new(stdout, stderr, 0)
+      exit_code = exit || 0
+      ::Fake::Command.new(stdout, stderr, exit_code)
    end
  end

--- a/test/unit/resources/postgres_session_test.rb
+++ b/test/unit/resources/postgres_session_test.rb
@ -33,13 +33,96 @@ describe "Inspec::Resources::PostgresSession" do
    _(resource.resource_failed?).must_equal true
    _(resource.resource_exception_message).must_equal "Can't run PostgreSQL SQL checks without authentication."
  end
-  it "fails when no connection established" do
-    resource = load_resource("postgres_session", "postgres", "postgres", "localhost", 5432)
-    _(proc { resource.send(:query, "Select 5;", ["mydatabase"]) }).must_raise Inspec::Exceptions::ResourceFailed
-  end
-
  it "verify postgres_session create_psql_cmd in socket connection" do
    resource = load_resource("postgres_session", "myuser", "mypass", "127.0.0.1", 5432, "/var/run/postgresql")
    _(resource.send(:create_psql_cmd, "SELECT * FROM STUDENTS;", ["testdb"])).must_equal "psql -d postgresql://myuser:mypass@/testdb?host=/var/run/postgresql -A -t -w -c SELECT\\ \\*\\ FROM\\ STUDENTS\\;"
  end
+
+  it "fails when no connection established in linux" do
+    resource = quick_resource(:postgres_session, :linux, "postgres", "postgres", "localhost", 5432) do |cmd, opts|
+      cmd.strip!
+      case cmd
+      when ("psql -d postgresql://postgres:postgres@localhost:5432/mydatabase -A -t -w -c Select\\ 5\\;") then
+        result(nil, "test/fixtures/cmd/psql-connection-error", 1)
+      else
+        raise cmd.inspect
+      end
+    end
+    ex = assert_raises(Inspec::Exceptions::ResourceFailed) { resource.query("Select 5;", ["mydatabase"]) }
+    _(ex.message).must_include("PostgreSQL connection error")
+  end
+
+  it "fails when no password authentication fails" do
+    resource = quick_resource(:postgres_session, :linux, "postgres", "wrongpassword", "localhost", 5432) do |cmd, opts|
+      cmd.strip!
+      case cmd
+      when ("psql -d postgresql://postgres:wrongpassword@localhost:5432/mydatabase -A -t -w -c Select\\ 5\\;") then
+        result(nil, "test/fixtures/cmd/psql-password-authentication-error", 1)
+      else
+        raise cmd.inspect
+      end
+    end
+    ex = assert_raises(Inspec::Exceptions::ResourceFailed) { resource.query("Select 5;", ["mydatabase"]) }
+    _(ex.message).must_include("PostgreSQL connection error")
+  end
+
+  it "returns stderr as output if there is error in the query." do
+    resource = quick_resource(:postgres_session, :linux, "postgres", "postgres", "localhost", 5432) do |cmd, opts|
+      cmd.strip!
+      case cmd
+      when ("psql -d postgresql://postgres:postgres@localhost:5432/mydatabase -A -t -w -c DROP\\ TABLE\\ accounts\\;") then
+        result(nil, "test/fixtures/cmd/psql-query-error", 1)
+      else
+        raise cmd.inspect
+      end
+    end
+
+    _(resource.resource_failed?).must_equal false
+    query = resource.query("DROP TABLE accounts;", ["mydatabase"])
+    _(query.output).must_match(/must be owner of table accounts/)
+  end
+
+  it "fails when no connection established on Windows" do
+    resource = quick_resource(:postgres_session, :windows, "postgres", "postgres", "localhost", 5432) do |cmd, opts|
+      cmd.strip!
+      case cmd
+      when ("psql -d postgresql://postgres:postgres@localhost:5432/mydatabase -A -t -w -c \"Select 5;\"") then
+        result(nil, "test/fixtures/cmd/psql-connection-error", 1)
+      else
+        raise cmd.inspect
+      end
+    end
+    ex = assert_raises(Inspec::Exceptions::ResourceFailed) { resource.query("Select 5;", ["mydatabase"]) }
+    _(ex.message).must_include("PostgreSQL connection error")
+  end
+
+  it "fails when no password authentication fails on Windows" do
+    resource = quick_resource(:postgres_session, :windows, "postgres", "wrongpassword", "localhost", 5432) do |cmd, opts|
+      cmd.strip!
+      case cmd
+      when ("psql -d postgresql://postgres:wrongpassword@localhost:5432/mydatabase -A -t -w -c \"Select 5;\"") then
+        result(nil, "test/fixtures/cmd/psql-password-authentication-error", 1)
+      else
+        raise cmd.inspect
+      end
+    end
+    ex = assert_raises(Inspec::Exceptions::ResourceFailed) { resource.query("Select 5;", ["mydatabase"]) }
+    _(ex.message).must_include("PostgreSQL connection error")
+  end
+
+  it "returns stderr as output if there is error in the query on Windows." do
+    resource = quick_resource(:postgres_session, :windows, "postgres", "postgres", "localhost", 5432) do |cmd, opts|
+      cmd.strip!
+      case cmd
+      when ("psql -d postgresql://postgres:postgres@localhost:5432/mydatabase -A -t -w -c \"DROP TABLE accounts;\"") then
+        result(nil, "test/fixtures/cmd/psql-query-error", 1)
+      else
+        raise cmd.inspect
+      end
+    end
+
+    _(resource.resource_failed?).must_equal false
+    query = resource.query("DROP TABLE accounts;", ["mydatabase"])
+    _(query.output).must_match(/must be owner of table accounts/)
+  end
 end
				`@ -0,0 +1 @@`
				`psql: error: could not connect to server: Connection refused\n\tIs the server running on host \"127.0.0.1\" and accepting\n\tTCP/IP connections on port 5432?\n`
				`@ -0,0 +1 @@`
				`psql: error: FATAL: password authentication failed for user "postgres"\nFATAL: password authentication failed for user`