From 712ba520ad2ab6146dafa397c58cbbc4e9fc2d80 Mon Sep 17 00:00:00 2001 From: Vern Burton Date: Tue, 16 Jan 2018 16:04:00 -0600 Subject: [PATCH] mssql_session resource: add port parameter (#2429) * adding SQL 2012 SP1 for mssql_session testing Signed-off-by: Vern Burton * updating SHA to match new commands with ports in them Signed-off-by: Vern Burton * adding port, and a default value and moving from skip_resource to resource_fail Signed-off-by: Vern Burton * adding new sha for custom host Signed-off-by: Vern Burton * adding tests for hostname and migrating test that passed port in host to a dedicated port test Signed-off-by: Vern Burton * adding integration test Signed-off-by: Vern Burton * removing services as appveyor does not have integration testing running so it would be a waste of time to enable it Signed-off-by: Vern Burton * mock instance command Signed-off-by: Vern Burton * making instance readable Signed-off-by: Vern Burton * adding instance test Signed-off-by: Vern Burton * moving to ResourceSkipped as ResourceFailed is targeted for a major release Signed-off-by: Vern Burton --- lib/resources/mssql_session.rb | 13 ++++----- test/helper.rb | 6 +++-- .../default/controls/mssql_session_spec.rb | 12 +++++++++ test/unit/resources/mssql_session_test.rb | 27 ++++++++++++++++--- 4 files changed, 46 insertions(+), 12 deletions(-) create mode 100644 test/integration/default/controls/mssql_session_spec.rb diff --git a/lib/resources/mssql_session.rb b/lib/resources/mssql_session.rb index 0262d1a73..9de64d380 100644 --- a/lib/resources/mssql_session.rb +++ b/lib/resources/mssql_session.rb @@ -25,13 +25,13 @@ module Inspec::Resources # Passing no credentials to mssql_session forces it to use Windows authentication sql_windows_auth = mssql_session - describe sql.query(\"SELECT SERVERPROPERTY('IsIntegratedSecurityOnly') as \\\"login_mode\\\";\").row(0).column('login_mode') do + describe sql_windows_auth.query(\"SELECT SERVERPROPERTY('IsIntegratedSecurityOnly') as \\\"login_mode\\\";\").row(0).column('login_mode') do its('value') { should_not be_empty } its('value') { should cmp == 1 } end " - attr_reader :user, :password, :host + attr_reader :user, :password, :host, :port, :instance def initialize(opts = {}) @user = opts[:user] @password = opts[:password] || opts[:pass] @@ -39,12 +39,13 @@ module Inspec::Resources warn '[DEPRECATED] use `password` option to supply password instead of `pass`' end @host = opts[:host] || 'localhost' + @port = opts[:port] || '1433' @instance = opts[:instance] # check if sqlcmd is available - return skip_resource('sqlcmd is missing') if !inspec.command('sqlcmd').exist? + raise Inspec::Exceptions::ResourceSkipped, 'sqlcmd is missing' unless inspec.command('sqlcmd').exist? # check that database is reachable - return skip_resource("Can't connect to the MS SQL Server.") if !test_connection + raise Inspec::Exceptions::ResourceSkipped, "Can't connect to the MS SQL Server." unless test_connection end def query(q) @@ -53,9 +54,9 @@ module Inspec::Resources cmd_string = "sqlcmd -Q \"set nocount on; #{escaped_query}\" -W -w 1024 -s ','" cmd_string += " -U '#{@user}' -P '#{@password}'" unless @user.nil? || @password.nil? if @instance.nil? - cmd_string += " -S '#{@host}'" + cmd_string += " -S '#{@host},#{@port}'" else - cmd_string += " -S '#{@host}\\#{@instance}'" + cmd_string += " -S '#{@host},#{@port}\\#{@instance}'" end cmd = inspec.command(cmd_string) out = cmd.stdout + "\n" + cmd.stderr diff --git a/test/helper.rb b/test/helper.rb index 5e01e8fc5..2d4ec5f50 100644 --- a/test/helper.rb +++ b/test/helper.rb @@ -415,8 +415,10 @@ class MockLoader %q(psql --version | awk '{ print $NF }' | awk -F. '{ print $1"."$2 }') => cmd.call('psql-version'), # mssql tests "bash -c 'type \"sqlcmd\"'" => cmd.call('mssql-sqlcmd'), - "4b550bb227058ac5851aa0bc946be794ee46489610f17842700136cf8bb5a0e9" => cmd.call('mssql-getdate'), - "aeb859a4ae4288df230916075c0de28781a2b215f41d64ed1ea9c3fd633140fa" => cmd.call('mssql-result'), + "cb0efcd12206e9690c21ac631a72be9dd87678aa048e6dae16b8e9353ab6dd64" => cmd.call('mssql-getdate'), + "e8bece33e9d550af1fc81a5bc1c72b647b3810db3e567ee9f30feb81f4e3b700" => cmd.call('mssql-getdate'), + "53d201ff1cfb8867b79200177b8e2e99dedb700c5fbe15e43820011d7e8b941f" => cmd.call('mssql-getdate'), + "7d1a7a0f2bd1e7da9a6904e1f28981146ec01a0323623e12a8579d30a3960a79" => cmd.call('mssql-result'), "5c2bc0f0568d11451d6cf83aff02ee3d47211265b52b6c5d45f8e57290b35082" => cmd.call('mssql-getdate'), # oracle "bash -c 'type \"sqlplus\"'" => cmd.call('oracle-cmd'), diff --git a/test/integration/default/controls/mssql_session_spec.rb b/test/integration/default/controls/mssql_session_spec.rb new file mode 100644 index 000000000..731edd45c --- /dev/null +++ b/test/integration/default/controls/mssql_session_spec.rb @@ -0,0 +1,12 @@ +# encoding: utf-8 + +# the following test will query the MSSQL database for the Server Property of IsIntegratedSecurityOnly which should be +# 0 which means that it is using both Windows Authentication and SQL Server Authentication. +# @see https://docs.microsoft.com/en-us/sql/t-sql/functions/serverproperty-transact-sql +if os.windows? + sql_windows_auth = mssql_session(user: 'sa', pass: 'Password12!', instance: 'SQL2012SP1') + describe sql_windows_auth.query("SELECT SERVERPROPERTY('IsIntegratedSecurityOnly') as \\\"login_mode\\\";").row(0).column('login_mode') do + its('value') { should_not be_empty } + its('value') { should cmp == 1 } + end +end diff --git a/test/unit/resources/mssql_session_test.rb b/test/unit/resources/mssql_session_test.rb index 0f7b3dc2b..6b9dad024 100644 --- a/test/unit/resources/mssql_session_test.rb +++ b/test/unit/resources/mssql_session_test.rb @@ -5,18 +5,37 @@ require 'helper' describe 'Inspec::Resources::MssqlSession' do - it 'verify mssql_session configuration' do - resource = load_resource('mssql_session', user: 'sa', password: 'yourStrong(!)Password', host: 'localhost') + it 'verify default mssql_session configuration' do + resource = load_resource('mssql_session', user: 'sa', password: 'yourStrong(!)Password') _(resource.user).must_equal 'sa' _(resource.password).must_equal 'yourStrong(!)Password' _(resource.host).must_equal 'localhost' + _(resource.port).must_equal '1433' + end + + it 'verify mssql_session configuration with custom hostname' do + resource = load_resource('mssql_session', user: 'sa', password: 'yourStrong(!)Password', host: 'inspec.domain.tld') + _(resource.user).must_equal 'sa' + _(resource.password).must_equal 'yourStrong(!)Password' + _(resource.host).must_equal 'inspec.domain.tld' + _(resource.port).must_equal '1433' + end + + it 'verify mssql_session configuration with custom instance' do + resource = load_resource('mssql_session', user: 'sa', password: 'yourStrong(!)Password', instance: 'SQL2012INSPEC') + _(resource.user).must_equal 'sa' + _(resource.password).must_equal 'yourStrong(!)Password' + _(resource.host).must_equal 'localhost' + _(resource.port).must_equal '1433' + _(resource.instance).must_equal 'SQL2012INSPEC' end it 'verify mssql_session configuration with custom sqlserver port and user in domain' do - resource = load_resource('mssql_session', user: 'DOMAIN\sa', password: 'yourStrong(!)Password', host: 'localhost,1533') + resource = load_resource('mssql_session', user: 'DOMAIN\sa', password: 'yourStrong(!)Password', host: 'localhost', port: '1533') _(resource.user).must_equal 'DOMAIN\sa' _(resource.password).must_equal 'yourStrong(!)Password' - _(resource.host).must_equal 'localhost,1533' + _(resource.host).must_equal 'localhost' + _(resource.port).must_equal '1533' end it 'run a SQL query' do