Add ibmdb2_conf and ibmdb2_session resource

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

docs-chef-io/content/inspec/resources/ibmdb2_conf.md

@@ -0,0 +1,53 @@
++++
+title = "ibmdb2_conf resource"
+draft = false
+gh_repo = "inspec"
+platform = "os"
+
+[menu]
+  [menu.inspec]
+    title = "ibmdb2_conf"
+    identifier = "inspec/resources/os/ibmdb2_conf.md ibmdb2_conf resource"
+    parent = "inspec/resources/os"
++++
+
+Use the `ibmdb2_conf` Chef InSpec audit resource to test the configuration settings.
+Make sure you are using the database instance user credentials to run the InSpec test.
+
+## Availability
+
+### Installation
+
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
+
+## Syntax
+
+A `ibmdb2_conf` resource block declares db2_executable_file_path, db_instance to connect and then runs command to get the configuration values and compares it to the value stated in the test:
+
+    describe ibmdb2_conf(db2_executable_file_path: "/opt/ibm/db2/V11.5/bin/db2", db_instance: "db2inst1") do
+      its("output") { should_not be_empty }
+      its("output") { should include("Audit buffer size (4KB) (AUDIT_BUF_SZ) = 0")}
+    end
+
+where
+
+- `ibmdb2_session` declares a db2_executable_file_path, db_instance and db_name to connect.
+- `db2_executable_file_path` is the path of the db2 binary file.
+- `db_instance` is the name of the database instance.
+- `its("output") { should include("expected_settings")}` compares the results of the output against the expected result in the test.
+
+## Examples
+
+The following examples show how to use this Chef InSpec audit resource.
+
+### Test the audit buffer size configuration settings of IBM Db2 database
+
+    describe ibmdb2_conf(db2_executable_file_path: "/opt/ibm/db2/V11.5/bin/db2", db_instance: "db2inst1") do
+      its("output") { should_not be_empty }
+      its("output") { should include("Audit buffer size (4KB) (AUDIT_BUF_SZ) = 1000")}
+    end
+
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).

docs-chef-io/content/inspec/resources/ibmdb2_session.md

@@ -0,0 +1,58 @@
++++
+title = "ibmdb2_session resource"
+draft = false
+gh_repo = "inspec"
+platform = "os"
+
+[menu]
+  [menu.inspec]
+    title = "ibmdb2_session"
+    identifier = "inspec/resources/os/ibmdb2_session.md ibmdb2_session resource"
+    parent = "inspec/resources/os"
++++
+
+Use the `ibmdb2_session` Chef InSpec audit resource to test SQL commands run against an IBM Db2 database.
+Make sure you are using the database instance user credentials to run the InSpec test.
+
+## Availability
+
+### Installation
+
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
+
+## Syntax
+
+A `ibmdb2_session` resource block declares the db2_executable_file_path, db_instance and db_name to use for the session, and then the query to be run:
+
+    describe ibmdb2_session(db2_executable_file_path: "/opt/ibm/db2/V11.5/bin/db2", db_instance: "db2inst1", db_name: "sample").query("select rolename from syscat.roleauth") do
+      its("output") { should match(/SYSTS_MGR/) }
+    end
+
+where
+
+- `ibmdb2_session` declares a db2_executable_file_path, db_instance and db_name to connect.
+- `db2_executable_file_path` is the path of the db2 binary file.
+- `db_instance` is the name of the database instance.
+- `db_name` is the name of the database to query on.
+- `query('QUERY')` contains the query to be run.
+- `its('output') { should eq(/expected-result/) }` compares the results of the query against the expected result in the test.
+
+## Examples
+
+The following examples show how to use this Chef InSpec audit resource.
+
+### Test for matching role name
+
+    describe ibmdb2_session(db2_executable_file_path: "/opt/ibm/db2/V11.5/bin/db2", db_instance: "db2inst1", db_name: "sample").query("select rolename from syscat.roleauth") do
+      its("output") { should match(/SYSTS_MGR/) }
+    end
+
+### Test for matching database
+
+    describe ibmdb2_session(db2_executable_file_path: "/opt/ibm/db2/V11.5/bin/db2", db_instance: "db2inst1", db_name: "sample").query("list database directory") do
+      its("output") { should match(/SAMPLE/) }
+    end
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).

lib/inspec/resources.rb

@@ -58,6 +58,8 @@ require "inspec/resources/groups"
 require "inspec/resources/grub_conf"
 require "inspec/resources/host"
 require "inspec/resources/http"
+require "inspec/resources/ibmdb2_conf"
+require "inspec/resources/ibmdb2_session"
 require "inspec/resources/iis_app"
 require "inspec/resources/iis_app_pool"
 require "inspec/resources/iis_site"

lib/inspec/resources/ibmdb2_conf.rb

@@ -0,0 +1,48 @@
+require "inspec/resources/ibmdb2_conf"
+
+module Inspec::Resources
+  class Ibmdb2Conf < Inspec.resource(1)
+    name "ibmdb2_conf"
+
+    supports platform: "unix"
+
+    desc "Use the ibmdb2_conf InSpec audit resource to test the configuration values of IBM Db2 database."
+    example <<~EXAMPLE
+      describe ibmdb2_conf(db2_executable_file_path: "path_to_db2_binary", db_instance: "db2inst1") do
+        its("output") { should_not be_empty }
+        its("output") { should include("Audit buffer size (4KB) (AUDIT_BUF_SZ) = 0")}
+      end
+    EXAMPLE
+
+    attr_reader :output
+
+    def initialize(opts = {})
+      @db2_executable_file_path = opts[:db2_executable_file_path]
+      @db_instance =  opts[:db_instance]
+      raise Inspec::Exceptions::ResourceFailed, "Can't connect to IBM DB2 without db2_executable_file_path, db_instance options provided." if @db2_executable_file_path.nil? || @db_instance.nil?
+      @output = run_command
+    end
+
+    def to_s
+      "IBM Db2 Conf"
+    end
+
+    private
+
+    def run_command
+      cmd = inspec.command("#{@db2_executable_file_path} attach to #{@db_instance}\;")
+      out = cmd.stdout + "\n" + cmd.stderr
+      if cmd.exit_status != 0 || out =~ /Can't connect to IBM Db2 instance/ || out.downcase =~ /^error:.*/
+        raise Inspec::Exceptions::ResourceFailed, "IBM Db2 connection error: #{out}"
+      end
+
+      cmd = inspec.command("#{@db2_executable_file_path} get database manager configuration")
+      out = cmd.stdout + "\n" + cmd.stderr
+      if cmd.exit_status != 0 || out =~ /Can't connect to IBM Db2 server/ || out.downcase =~ /^error:.*/
+        raise Inspec::Exceptions::ResourceFailed, "IBM Db2 query with error: #{out}"
+      else
+        cmd.stdout.gsub(/\n/, ",").split(",").reject { |n| n.nil? || n.empty? }.map { |n| n.strip.gsub!(/\s+/, ' ') }
+      end
+    end
+  end
+end

lib/inspec/resources/ibmdb2_session.rb

@@ -0,0 +1,61 @@
+require "inspec/resources/ibmdb2_session"
+
+module Inspec::Resources
+  class Lines
+    attr_reader :output, :exit_status
+
+    def initialize(raw, desc, exit_status)
+      @output = raw
+      @desc = desc
+      @exit_status = exit_status
+    end
+
+    def to_s
+      @desc
+    end
+  end
+
+  class Ibmdb2Session < Inspec.resource(1)
+    name "ibmdb2_session"
+
+    supports platform: "unix"
+
+    desc "Use the ibmdb2_session InSpec audit resource to test SQL commands run against a IBM Db2 database."
+    example <<~EXAMPLE
+      describe ibmdb2_session(db2_executable_file_path: "path_to_db2_binary", db_instance: "db2inst1", db_name: "sample").query('list database directory') do
+        its('output') { should_not match(/sample/) }
+      end
+    EXAMPLE
+
+    def initialize(opts = {})
+      @db2_executable_file_path = opts[:db2_executable_file_path]
+      @db_instance =  opts[:db_instance]
+      @db_name = opts[:db_name]
+      raise Inspec::Exceptions::ResourceFailed, "Can't run IBM DB2 queries without db2_executable_file_path, db_instance, db_name options provided." if @db2_executable_file_path.nil? || @db_instance.nil? || @db_name.nil?
+    end
+
+    def query(q)
+      raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
+
+      # connect to the db
+      cmd = inspec.command("#{@db2_executable_file_path} attach to #{@db_instance}\; #{@db2_executable_file_path} connect to #{@db_name}\;")
+      out = cmd.stdout + "\n" + cmd.stderr
+      if cmd.exit_status != 0 || out =~ /Can't connect to IBM Db2 / || out.downcase =~ /^error:.*/
+        raise Inspec::Exceptions::ResourceFailed, "IBM Db2 connection error: #{out}"
+      end
+
+      # query on the database
+      cmd = inspec.command("#{@db2_executable_file_path} #{q}\;")
+      out = cmd.stdout + "\n" + cmd.stderr
+      if cmd.exit_status != 0 || out =~ /Can't connect to IBM Db2 server/ || out.downcase =~ /^error:.*/
+        raise Inspec::Exceptions::ResourceFailed, "IBM Db2 query with error: #{out}"
+      else
+        Lines.new(cmd.stdout.strip, "IBM Db2 Query: #{q}", cmd.exit_status)
+      end
+    end
+
+    def to_s
+      "IBM Db2 Session"
+    end
+  end
+end

test/fixtures/cmd/ibmdb2_conf_output

@@ -0,0 +1,8 @@
+Database Manager Configuration
+
+Node type = Enterprise Server Edition with local and remote clients
+
+Database manager configuration release level            = 0x1500
+
+CPU speed (millisec/instruction)             (CPUSPEED) = 2.952151e-07
+Audit buffer size (4KB)                  (AUDIT_BUF_SZ) = 0

test/fixtures/cmd/ibmdb2_connect_to_instance

@@ -0,0 +1 @@
+"\n   Instance Attachment Information\n\n Instance server        = DB2/LINUXX8664 11.5.6.0\n Authorization ID       = DB2INST1\n Local instance alias   = DB2INST1\n\n"

test/fixtures/cmd/ibmdb2_db_connect_output

@@ -0,0 +1 @@
+"\n   Instance Attachment Information\n\n Instance server        = DB2/LINUXX8664 11.5.6.0\n Authorization ID       = DB2INST1\n Local instance alias   = DB2INST1\n\n\n   Database Connection Information\n\n Database server        = DB2/LINUXX8664 11.5.6.0\n SQL authorization ID   = DB2INST1\n Local database alias   = SAMPLE\n\n"

test/fixtures/cmd/ibmdb2_query_output

@@ -0,0 +1,14 @@
+ROLENAME                                                                                                      --------------------------------------------------------------------------------------------------------------
+
+SYSTS_ADM
+
+SYSTS_MGR
+
+SYSDEBUG
+
+SYSDEBUGPRIVATE
+
+SYSTS_USR
+
+
+5 record(s) selected.\n\n"

test/helpers/mock_loader.rb

@@ -583,6 +583,12 @@ class MockLoader
       "Get-ChildItem -Path \"C:\\Program Files\\MongoDB\\Server\" -Name" => cmd.call("mongodb-version"),
       "opa eval -i 'input.json' -d 'example.rego' 'data.example.allow'" => cmd.call("opa-result"),
       "curl -X POST localhost:8181/v1/data/example/violation -d @v1-data-input.json -H 'Content-Type: application/json'" => cmd.call("opa-api-result"),
+
+      #ibmdb2
+      "/opt/ibm/db2/V11.5/bin/db2 attach to db2inst1;" => cmd.call("ibmdb2_connect_to_instance"),
+      "/opt/ibm/db2/V11.5/bin/db2 get database manager configuration" => cmd.call("ibmdb2_conf_output"),
+      "/opt/ibm/db2/V11.5/bin/db2 attach to db2inst1; /opt/ibm/db2/V11.5/bin/db2 connect to sample;" => cmd.call("ibmdb2_db_connect_output"),
+      "/opt/ibm/db2/V11.5/bin/db2 select rolename from syscat.roleauth;" => cmd.call("ibmdb2_query_output"),
     }
 
     if @platform && (@platform[:name] == "windows" || @platform[:name] == "freebsd")

test/unit/resources/ibmdb2_conf_test.rb

@@ -0,0 +1,29 @@
+require "helper"
+require "inspec/resource"
+require "inspec/resources/ibmdb2_conf"
+
+describe "Inspec::Resources::ibmdb2_conf" do
+  it "fails when no IBM db2 executable path is provided" do
+    resource = load_resource("ibmdb2_conf", db_instance: "db2inst1")
+    _(resource.resource_failed?).must_equal true
+    _(resource.resource_exception_message).must_equal "Can't connect to IBM DB2 without db2_executable_file_path, db_instance options provided."
+  end
+
+  it "fails when no IBM db2 instance name is provided" do
+    resource = load_resource("ibmdb2_conf", db2_executable_file_path: "/opt/ibm/db2/V11.5/bin/db2")
+    _(resource.resource_failed?).must_equal true
+    _(resource.resource_exception_message).must_equal "Can't connect to IBM DB2 without db2_executable_file_path, db_instance options provided."
+  end
+
+  it "return the output in array format" do
+    resource = load_resource("ibmdb2_conf", db2_executable_file_path: "/opt/ibm/db2/V11.5/bin/db2", db_instance: "db2inst1")
+    _(resource.resource_failed?).must_equal false
+    _(resource.output).must_be_kind_of Array
+  end
+
+  it "returns expected result" do
+    resource = load_resource("ibmdb2_conf", db2_executable_file_path: "/opt/ibm/db2/V11.5/bin/db2", db_instance: "db2inst1")
+    _(resource.resource_failed?).must_equal false
+    _(resource.output).must_include "Audit buffer size (4KB) (AUDIT_BUF_SZ) = 0"
+  end
+end

test/unit/resources/ibmdb2_session_test.rb

@@ -0,0 +1,29 @@
+require "helper"
+require "inspec/resource"
+require "inspec/resources/ibmdb2_session"
+
+describe "Inspec::Resources::ibmdb2_session" do
+  it "fails when no IBM db2 instance name is provided" do
+    resource = load_resource("ibmdb2_session", db_instance: "db2inst1", db_name: "sample")
+    _(resource.resource_failed?).must_equal true
+    _(resource.resource_exception_message).must_equal "Can't run IBM DB2 queries without db2_executable_file_path, db_instance, db_name options provided."
+  end
+
+  it "fails when no IBM db2 instance name is provided" do
+    resource = load_resource("ibmdb2_session", db2_executable_file_path: "/opt/ibm/db2/V11.5/bin/db2", db_name: "sample")
+    _(resource.resource_failed?).must_equal true
+    _(resource.resource_exception_message).must_equal "Can't run IBM DB2 queries without db2_executable_file_path, db_instance, db_name options provided."
+  end
+
+  it "fails when no IBM db2 database name is provided" do
+    resource = load_resource("ibmdb2_session", db2_executable_file_path: "/opt/ibm/db2/V11.5/bin/db2", db_instance: "db2inst1")
+    _(resource.resource_failed?).must_equal true
+    _(resource.resource_exception_message).must_equal "Can't run IBM DB2 queries without db2_executable_file_path, db_instance, db_name options provided."
+  end
+
+  it "returns expected result" do
+    resource = load_resource("ibmdb2_session", db2_executable_file_path: "/opt/ibm/db2/V11.5/bin/db2", db_instance: "db2inst1", db_name: "sample")
+    _(resource.resource_failed?).must_equal false
+    _(resource.query("select rolename from syscat.roleauth").output).must_match(/SYSTS_ADM/)
+  end
+end