Add mongodb_session resource and docs.

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

Gemfile

@@ -20,6 +20,8 @@ end
 # but our runtime dep is still 3.9+
 gem "rspec", ">= 3.10"
 
+gem "mongo"
+
 def probably_x86?
   # We don't currently build on ARM windows, so assume x86 there
   return true if RUBY_PLATFORM =~ /windows|mswin|msys|mingw|cygwin/

docs-chef-io/content/inspec/resources/mongodb_conf.md

@@ -60,10 +60,3 @@ The following examples show how to use this Chef InSpec audit resource.
 
 For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
 
-### setting
-
-The `setting` matcher tests specific, named settings in the `mongod.conf` file:
-
-    its(['setting') { should eq 'value' }
-
-Use a `setting` matcher for each setting to be tested.

docs-chef-io/content/inspec/resources/mongodb_session.md

@@ -0,0 +1,92 @@
++++
+title = "mongodb_session resource"
+draft = false
+gh_repo = "inspec"
+platform = "os"
+
+[menu]
+  [menu.inspec]
+    title = "mongodb_session"
+    identifier = "inspec/resources/os/mongodb_session.md mongodb_session resource"
+    parent = "inspec/resources/os"
++++
+
+Use the `mongodb_session` Chef InSpec audit resource to run MongoDB command against a MongoDB Database.
+
+## Availability
+
+### Installation
+
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
+
+## Syntax
+
+A `mongodb_session` resource block declares the `user`, `password`, 'database' to use for the session, and then the command to be run:
+
+  describe mongodb_session(user: "username", password: "password").query(key: value) do
+    its("params") { should match(/expected-result/) }
+  end
+
+where
+
+- `mongodb_session` declares a user and password, connecting locally, with permission to run the query
+- `query` contains the query to be run.
+- `its("params") { should eq(/expected-result/) }` compares the results of the query against the expected result in the test
+
+### Optional Parameters
+
+`mongodb_session` InSpec resource accepts `user`, `password`, `host`, `port`, `auth_source`, `auth_mech`, `ssl`, `ssl_cert`, `ssl_ca_cert`, `auth_mech_properties`.
+
+In Particular:
+
+#### `host`
+
+Defaults to `127.0.0.1`
+
+#### `port`
+
+Defaults to `27017`
+
+#### `auth_mech`
+
+Defaults to `:scram`
+
+#### `auth_source`
+
+Defaults to given database name.
+
+### MongodDB query reference docs
+
+This resource is using mongo ruby driver to fetch the data.
+[MongoDB Ruby Driver authentication](https://docs.mongodb.com/ruby-driver/master/tutorials/ruby-driver-authentication/)
+
+## Examples
+
+The following examples show how to use this Chef InSpec audit resource.
+
+### Test the roles information using rolesInfo command of MongoDB
+
+    describe mongodb_session(user: "foo", password: "bar", database: "test").query(rolesInfo: "dbAdmin").params["roles"].first do
+      its(["role"]) { should eq "dbAdmin" }
+    end
+
+### Test the MongoDB user role.
+
+    describe mongodb_session(user: "foo", password: "bar", database: "test").query(usersInfo: "foo").params["users"].first["roles"].first do
+      its(["role"]) { should eq "readWrite" }
+    end
+
+### Test the params
+
+    describe mongodb_session(user: "foo", password: "bar", database: "test").query(rolesInfo: "dbAdmin") do
+      its("params") { should_not be_empty }
+      its("params") { should include "roles" }
+    end
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
+
+### params
+
+The `params` contains all the query data.

lib/inspec/resources.rb

@@ -73,6 +73,7 @@ require "inspec/resources/limits_conf"
 require "inspec/resources/login_defs"
 require "inspec/resources/mongodb"
 require "inspec/resources/mongodb_conf"
+require "inspec/resources/mongodb_session"
 require "inspec/resources/mount"
 require "inspec/resources/mssql_session"
 require "inspec/resources/mysql"

lib/inspec/resources/mongodb_session.rb

@@ -0,0 +1,75 @@
+require "mongo"
+
+module Inspec::Resources
+  class Lines
+    attr_reader :params
+
+    def initialize(raw, desc)
+      @params = raw
+      @desc = desc
+    end
+
+    def to_s
+      @desc
+    end
+  end
+
+  class MongodbSession < Inspec.resource(1)
+    name "mongodb_session"
+    supports platform: "unix"
+    supports platform: "windows"
+
+    desc "Use the mongodb_session InSpec audit resource to run database commands using MongoDB ruby client against a given database."
+
+    attr_reader :user, :host, :port, :database, :params
+
+    def initialize(opts = {})
+      @user = opts[:user] || nil
+      @password = opts[:password] || nil
+      @host = opts[:host] || "127.0.0.1"
+      @port = opts[:port] || "27017"
+      @database = opts[:database] || nil
+      @auth_mech = opts[:auth_mech] || :scram
+      @auth_source = opts[:auth_source] || @database
+      @ssl = opts[:ssl] || false
+      @ssl_cert = opts[:ssl_cert] || nil
+      @ssl_key = opts[:ssl_key] || nil
+      @ssl_ca_cert = opts[:ssl_ca_cert] || nil
+      @auth_mech_properties = opts[:auth_mech_properties] || {}
+      @client = nil
+
+      fail_resource "Can't run MongoDB checks without authentication" unless user && @password
+      fail_resource "You must provide a database name for the session" unless database
+
+      create_session
+    end
+
+    def query(command)
+      raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
+      Lines.new(@client.command(command).documents.first, "MongoDB query: #{command}")
+    rescue => e
+      raise Inspec::Exceptions::ResourceFailed, "Can't run MongoDB command Error: #{e.message}"
+    end
+
+    private
+
+    def create_session
+      options = { user: "#{user}",
+        password: "#{@password}",
+        database: "#{database}",
+        auth_source: "#{@auth_source}",
+        auth_mech: @auth_mech,
+        }
+      options[:auth_mech_properties] = @auth_mech_properties unless @auth_mech_properties.empty?
+      options[:ssl] = @ssl
+      opitons[:ssl_key] = @ssl_key unless @ssl_key.nil?
+      options[:ssl_cert] = @ssl_cert unless @ssl_cert.nil?
+      options[:ssl_ca_cert] = @ssl_ca_cert unless @ssl_ca_cert.nil?
+
+      @client = Mongo::Client.new([ "#{host}:#{port}" ], options)
+
+    rescue => e
+      raise Inspec::Exceptions::ResourceFailed, "Can't run MongoDB command Error: #{e.message}"
+    end
+  end
+end