mirror of
https://github.com/inspec/inspec
synced 2024-11-14 00:47:10 +00:00
Merge pull request #5937 from inspec/vasundhara/fix-postgres-session-resource
CFINSPEC-154: postgres_session resource allow query errors to be treat as failures.
This commit is contained in:
commit
a15280fcc5
6 changed files with 97 additions and 8 deletions
|
@ -55,8 +55,10 @@ module Inspec::Resources
|
||||||
psql_cmd = create_psql_cmd(query, db)
|
psql_cmd = create_psql_cmd(query, db)
|
||||||
cmd = inspec.command(psql_cmd, redact_regex: %r{(:\/\/[a-z]*:).*(@)})
|
cmd = inspec.command(psql_cmd, redact_regex: %r{(:\/\/[a-z]*:).*(@)})
|
||||||
out = cmd.stdout + "\n" + cmd.stderr
|
out = cmd.stdout + "\n" + cmd.stderr
|
||||||
if cmd.exit_status != 0 || out =~ /could not connect to .*/ || out.downcase =~ /^error:.*/
|
if cmd.exit_status != 0 && ( out =~ /could not connect to/ || out =~ /password authentication failed/ ) && out.downcase =~ /error:/
|
||||||
raise Inspec::Exceptions::ResourceFailed, "PostgreSQL query with errors: #{out}"
|
raise Inspec::Exceptions::ResourceFailed, "PostgreSQL connection error: #{out}"
|
||||||
|
elsif cmd.exit_status != 0 && out.downcase =~ /error:/
|
||||||
|
Lines.new(out, "PostgreSQL query with error: #{query}")
|
||||||
else
|
else
|
||||||
Lines.new(cmd.stdout.strip, "PostgreSQL query: #{query}")
|
Lines.new(cmd.stdout.strip, "PostgreSQL query: #{query}")
|
||||||
end
|
end
|
||||||
|
|
1
test/fixtures/cmd/psql-connection-error
vendored
Normal file
1
test/fixtures/cmd/psql-connection-error
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
psql: error: could not connect to server: Connection refused\n\tIs the server running on host \"127.0.0.1\" and accepting\n\tTCP/IP connections on port 5432?\n
|
1
test/fixtures/cmd/psql-password-authentication-error
vendored
Normal file
1
test/fixtures/cmd/psql-password-authentication-error
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
psql: error: FATAL: password authentication failed for user "postgres"\nFATAL: password authentication failed for user
|
1
test/fixtures/cmd/psql-query-error
vendored
Normal file
1
test/fixtures/cmd/psql-query-error
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ERROR: must be owner of table accounts\n
|
|
@ -50,7 +50,8 @@ module Fake
|
||||||
stdout = stdout_path ? File.read(stdout_path) : ""
|
stdout = stdout_path ? File.read(stdout_path) : ""
|
||||||
stderr = stderr_path ? File.read(stderr_path) : ""
|
stderr = stderr_path ? File.read(stderr_path) : ""
|
||||||
|
|
||||||
::Fake::Command.new(stdout, stderr, 0)
|
exit_code = exit || 0
|
||||||
|
::Fake::Command.new(stdout, stderr, exit_code)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -33,13 +33,96 @@ describe "Inspec::Resources::PostgresSession" do
|
||||||
_(resource.resource_failed?).must_equal true
|
_(resource.resource_failed?).must_equal true
|
||||||
_(resource.resource_exception_message).must_equal "Can't run PostgreSQL SQL checks without authentication."
|
_(resource.resource_exception_message).must_equal "Can't run PostgreSQL SQL checks without authentication."
|
||||||
end
|
end
|
||||||
it "fails when no connection established" do
|
|
||||||
resource = load_resource("postgres_session", "postgres", "postgres", "localhost", 5432)
|
|
||||||
_(proc { resource.send(:query, "Select 5;", ["mydatabase"]) }).must_raise Inspec::Exceptions::ResourceFailed
|
|
||||||
end
|
|
||||||
|
|
||||||
it "verify postgres_session create_psql_cmd in socket connection" do
|
it "verify postgres_session create_psql_cmd in socket connection" do
|
||||||
resource = load_resource("postgres_session", "myuser", "mypass", "127.0.0.1", 5432, "/var/run/postgresql")
|
resource = load_resource("postgres_session", "myuser", "mypass", "127.0.0.1", 5432, "/var/run/postgresql")
|
||||||
_(resource.send(:create_psql_cmd, "SELECT * FROM STUDENTS;", ["testdb"])).must_equal "psql -d postgresql://myuser:mypass@/testdb?host=/var/run/postgresql -A -t -w -c SELECT\\ \\*\\ FROM\\ STUDENTS\\;"
|
_(resource.send(:create_psql_cmd, "SELECT * FROM STUDENTS;", ["testdb"])).must_equal "psql -d postgresql://myuser:mypass@/testdb?host=/var/run/postgresql -A -t -w -c SELECT\\ \\*\\ FROM\\ STUDENTS\\;"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "fails when no connection established in linux" do
|
||||||
|
resource = quick_resource(:postgres_session, :linux, "postgres", "postgres", "localhost", 5432) do |cmd, opts|
|
||||||
|
cmd.strip!
|
||||||
|
case cmd
|
||||||
|
when ("psql -d postgresql://postgres:postgres@localhost:5432/mydatabase -A -t -w -c Select\\ 5\\;") then
|
||||||
|
result(nil, "test/fixtures/cmd/psql-connection-error", 1)
|
||||||
|
else
|
||||||
|
raise cmd.inspect
|
||||||
|
end
|
||||||
|
end
|
||||||
|
ex = assert_raises(Inspec::Exceptions::ResourceFailed) { resource.query("Select 5;", ["mydatabase"]) }
|
||||||
|
_(ex.message).must_include("PostgreSQL connection error")
|
||||||
|
end
|
||||||
|
|
||||||
|
it "fails when no password authentication fails" do
|
||||||
|
resource = quick_resource(:postgres_session, :linux, "postgres", "wrongpassword", "localhost", 5432) do |cmd, opts|
|
||||||
|
cmd.strip!
|
||||||
|
case cmd
|
||||||
|
when ("psql -d postgresql://postgres:wrongpassword@localhost:5432/mydatabase -A -t -w -c Select\\ 5\\;") then
|
||||||
|
result(nil, "test/fixtures/cmd/psql-password-authentication-error", 1)
|
||||||
|
else
|
||||||
|
raise cmd.inspect
|
||||||
|
end
|
||||||
|
end
|
||||||
|
ex = assert_raises(Inspec::Exceptions::ResourceFailed) { resource.query("Select 5;", ["mydatabase"]) }
|
||||||
|
_(ex.message).must_include("PostgreSQL connection error")
|
||||||
|
end
|
||||||
|
|
||||||
|
it "returns stderr as output if there is error in the query." do
|
||||||
|
resource = quick_resource(:postgres_session, :linux, "postgres", "postgres", "localhost", 5432) do |cmd, opts|
|
||||||
|
cmd.strip!
|
||||||
|
case cmd
|
||||||
|
when ("psql -d postgresql://postgres:postgres@localhost:5432/mydatabase -A -t -w -c DROP\\ TABLE\\ accounts\\;") then
|
||||||
|
result(nil, "test/fixtures/cmd/psql-query-error", 1)
|
||||||
|
else
|
||||||
|
raise cmd.inspect
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
_(resource.resource_failed?).must_equal false
|
||||||
|
query = resource.query("DROP TABLE accounts;", ["mydatabase"])
|
||||||
|
_(query.output).must_match(/must be owner of table accounts/)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "fails when no connection established on Windows" do
|
||||||
|
resource = quick_resource(:postgres_session, :windows, "postgres", "postgres", "localhost", 5432) do |cmd, opts|
|
||||||
|
cmd.strip!
|
||||||
|
case cmd
|
||||||
|
when ("psql -d postgresql://postgres:postgres@localhost:5432/mydatabase -A -t -w -c \"Select 5;\"") then
|
||||||
|
result(nil, "test/fixtures/cmd/psql-connection-error", 1)
|
||||||
|
else
|
||||||
|
raise cmd.inspect
|
||||||
|
end
|
||||||
|
end
|
||||||
|
ex = assert_raises(Inspec::Exceptions::ResourceFailed) { resource.query("Select 5;", ["mydatabase"]) }
|
||||||
|
_(ex.message).must_include("PostgreSQL connection error")
|
||||||
|
end
|
||||||
|
|
||||||
|
it "fails when no password authentication fails on Windows" do
|
||||||
|
resource = quick_resource(:postgres_session, :windows, "postgres", "wrongpassword", "localhost", 5432) do |cmd, opts|
|
||||||
|
cmd.strip!
|
||||||
|
case cmd
|
||||||
|
when ("psql -d postgresql://postgres:wrongpassword@localhost:5432/mydatabase -A -t -w -c \"Select 5;\"") then
|
||||||
|
result(nil, "test/fixtures/cmd/psql-password-authentication-error", 1)
|
||||||
|
else
|
||||||
|
raise cmd.inspect
|
||||||
|
end
|
||||||
|
end
|
||||||
|
ex = assert_raises(Inspec::Exceptions::ResourceFailed) { resource.query("Select 5;", ["mydatabase"]) }
|
||||||
|
_(ex.message).must_include("PostgreSQL connection error")
|
||||||
|
end
|
||||||
|
|
||||||
|
it "returns stderr as output if there is error in the query on Windows." do
|
||||||
|
resource = quick_resource(:postgres_session, :windows, "postgres", "postgres", "localhost", 5432) do |cmd, opts|
|
||||||
|
cmd.strip!
|
||||||
|
case cmd
|
||||||
|
when ("psql -d postgresql://postgres:postgres@localhost:5432/mydatabase -A -t -w -c \"DROP TABLE accounts;\"") then
|
||||||
|
result(nil, "test/fixtures/cmd/psql-query-error", 1)
|
||||||
|
else
|
||||||
|
raise cmd.inspect
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
_(resource.resource_failed?).must_equal false
|
||||||
|
query = resource.query("DROP TABLE accounts;", ["mydatabase"])
|
||||||
|
_(query.output).must_match(/must be owner of table accounts/)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue