Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-14 00:47:10 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'upstream/master' into firewalld_update

Browse source 
Signed-off-by: Will Dower <wdower@mitre.org>
This commit is contained in:
Will Dower 2021-07-09 15:03:44 -04:00
commit bdd01b3220
17 changed files with 182 additions and 138 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

171
.expeditor/config.yml
View file

@ -70,7 +70,8 @@ github:
minor_bump_labels:
- "Expeditor: Bump Minor Version"
version_tag_format: v{{version}}
release_branch:
release_branches:
- master:
version_constraint: 4.*
- 1-stable:
@ -90,88 +91,88 @@ changelog:
- "Type: Enhancement": "Enhancements"
- "Type: Bug": "Bug Fixes"
merge_actions:
- built_in:bump_version:
ignore_labels:
- "Expeditor: Skip All"
- "Expeditor: Skip Version Bump"
only_if_modified:
- .expeditor/*
- docs-chef-io/*
- etc/*
- habitat/*
- inspec-bin/*
- lib/*
- omnibus/*
- support/*
- tasks/*
- test/*
- Gemfile*
- LICENSE
- "*.gemspec"
- "*.md"
- bash:.expeditor/update_version.sh:
only_if: built_in:bump_version
- built_in:update_changelog:
ignore_labels:
- "Expeditor: Skip All"
- "Expeditor: Skip Changelog"
- trigger_pipeline:omnibus/adhoc:
not_if: built_in:bump_version
ignore_labels:
- "Expeditor: Skip Omnibus"
- "Expeditor: Skip All"
- trigger_pipeline:artifact/habitat:
only_if: built_in:bump_version
ignore_labels:
- "Expeditor: Skip Habitat"
- "Expeditor: Skip All"
- trigger_pipeline:omnibus/release:
only_if: built_in:bump_version
ignore_labels:
- "Expeditor: Skip Omnibus"
- "Expeditor: Skip All"
- trigger_pipeline:habitat/build:
only_if: built_in:bump_version
ignore_labels:
- "Expeditor: Skip Habitat"
- "Expeditor: Skip All"
- built_in:build_gem:
only_if:
- built_in:bump_version
subscriptions:
- workload: artifact_published:unstable:inspec:{{version_constraint}}
actions:
- trigger_pipeline:docker/build
- bash:.expeditor/buildkite/wwwrelease.sh:
post_commit: true
- workload: artifact_published:current:inspec:{{version_constraint}}
actions:
- built_in:promote_docker_images
- built_in:promote_habitat_packages
- workload: artifact_published:stable:inspec:{{version_constraint}}
actions:
- bash:.expeditor/update_dockerfile.sh
- built_in:rollover_changelog
- built_in:publish_rubygems
- built_in:create_github_release
- built_in:promote_docker_images
- built_in:promote_habitat_packages
- bash:.expeditor/publish-release-notes.sh:
post_commit: true
- purge_packages_chef_io_fastly:{{target_channel}}/inspec/latest:
post_commit: true
- bash:.expeditor/announce-release.sh:
post_commit: true
- built_in:notify_chefio_slack_channels
- workload: pull_request_opened:{{agent_id}}:*
actions:
- post_github_comment:.expeditor/templates/pull_request.mustache:
ignore_team_members:
- inspec/owners
- inspec/inspec-core-team
- built_in:github_auto_assign_author:
only_if_team_member:
- inspec/owners
- inspec/inspec-core-team
- workload: pull_request_merged:{{github_repo}}:{{release_branch}}:*
actions:
- built_in:bump_version:
ignore_labels:
- "Expeditor: Skip All"
- "Expeditor: Skip Version Bump"
only_if_modified:
- .expeditor/*
- docs-chef-io/*
- etc/*
- habitat/*
- inspec-bin/*
- lib/*
- omnibus/*
- support/*
- tasks/*
- test/*
- Gemfile*
- LICENSE
- "*.gemspec"
- "*.md"
- bash:.expeditor/update_version.sh:
only_if: built_in:bump_version
- built_in:update_changelog:
ignore_labels:
- "Expeditor: Skip All"
- "Expeditor: Skip Changelog"
- trigger_pipeline:omnibus/adhoc:
not_if: built_in:bump_version
ignore_labels:
- "Expeditor: Skip Omnibus"
- "Expeditor: Skip All"
- trigger_pipeline:artifact/habitat:
only_if: built_in:bump_version
ignore_labels:
- "Expeditor: Skip Habitat"
- "Expeditor: Skip All"
- trigger_pipeline:omnibus/release:
only_if: built_in:bump_version
ignore_labels:
- "Expeditor: Skip Omnibus"
- "Expeditor: Skip All"
- trigger_pipeline:habitat/build:
only_if: built_in:bump_version
ignore_labels:
- "Expeditor: Skip Habitat"
- "Expeditor: Skip All"
- built_in:build_gem:
only_if:
- built_in:bump_version
- workload: artifact_published:unstable:inspec:{{version_constraint}}
actions:
- trigger_pipeline:docker/build
- bash:.expeditor/buildkite/wwwrelease.sh:
post_commit: true
- workload: artifact_published:current:inspec:{{version_constraint}}
actions:
- built_in:promote_docker_images
- built_in:promote_habitat_packages
- workload: artifact_published:stable:inspec:{{version_constraint}}
actions:
- bash:.expeditor/update_dockerfile.sh
- built_in:rollover_changelog
- built_in:publish_rubygems
- built_in:create_github_release
- built_in:promote_docker_images
- built_in:promote_habitat_packages
- bash:.expeditor/publish-release-notes.sh:
post_commit: true
- purge_packages_chef_io_fastly:{{target_channel}}/inspec/latest:
post_commit: true
- bash:.expeditor/announce-release.sh:
post_commit: true
- built_in:notify_chefio_slack_channels
- workload: pull_request_opened:{{github_repo}}:{{release_branch}}:*
actions:
- post_github_comment:.expeditor/templates/pull_request.mustache:
ignore_team_members:
- inspec/owners
- inspec/inspec-core-team
- built_in:github_auto_assign_author:
only_if_team_member:
- inspec/owners
- inspec/inspec-core-team

31
CHANGELOG.md
View file

@ -1,24 +1,34 @@
# Change Log
<!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
<!-- latest_release 4.38.4 -->
## [v4.38.4](https://github.com/inspec/inspec/tree/v4.38.4) (2021-06-29)
<!-- latest_release 4.38.7 -->
## [v4.38.7](https://github.com/inspec/inspec/tree/v4.38.7) (2021-07-08)
#### Merged Pull Requests
- Oracle Session Exception Handling [#5567](https://github.com/inspec/inspec/pull/5567) ([Nik08](https://github.com/Nik08))
#### Enhancements
- Update postgresql resources to normalize it for platform supports [#5576](https://github.com/inspec/inspec/pull/5576) ([Vasu1105](https://github.com/Vasu1105))
<!-- latest_release -->
<!-- release_rollup since=4.37.30 -->
### Changes since 4.37.30 release
<!-- release_rollup since=4.38.3 -->
### Changes since 4.38.3 release
#### Enhancements
- Update postgresql resources to normalize it for platform supports [#5576](https://github.com/inspec/inspec/pull/5576) ([Vasu1105](https://github.com/Vasu1105)) <!-- 4.38.7 -->
- Remove default port for mssql_session, allowing named connections [#5584](https://github.com/inspec/inspec/pull/5584) ([Nik08](https://github.com/Nik08)) <!-- 4.38.6 -->
#### Merged Pull Requests
- Waiver file expiration dates misinterpretation fix [#5586](https://github.com/inspec/inspec/pull/5586) ([Nik08](https://github.com/Nik08)) <!-- 4.38.5 -->
- Oracle Session Exception Handling [#5567](https://github.com/inspec/inspec/pull/5567) ([Nik08](https://github.com/Nik08)) <!-- 4.38.4 -->
- Misc updates to the README [#5526](https://github.com/inspec/inspec/pull/5526) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 4.38.3 -->
- Fix relative links [#5556](https://github.com/inspec/inspec/pull/5556) ([IanMadd](https://github.com/IanMadd)) <!-- 4.38.2 -->
- Fix AWS secret key environment variable name in docs [#5566](https://github.com/inspec/inspec/pull/5566) ([sandratiffin](https://github.com/sandratiffin)) <!-- 4.38.1 -->
- Add support for mongodb_conf resource in InSpec [#5562](https://github.com/inspec/inspec/pull/5562) ([Vasu1105](https://github.com/Vasu1105)) <!-- 4.38.0 -->
<!-- release_rollup -->
<!-- latest_stable_release -->
## [v4.38.3](https://github.com/inspec/inspec/tree/v4.38.3) (2021-07-02)
#### Merged Pull Requests
- Add support for mongodb_conf resource in InSpec [#5562](https://github.com/inspec/inspec/pull/5562) ([Vasu1105](https://github.com/Vasu1105))
- Fix AWS secret key environment variable name in docs [#5566](https://github.com/inspec/inspec/pull/5566) ([sandratiffin](https://github.com/sandratiffin))
- Fix relative links [#5556](https://github.com/inspec/inspec/pull/5556) ([IanMadd](https://github.com/IanMadd))
- Misc updates to the README [#5526](https://github.com/inspec/inspec/pull/5526) ([clintoncwolfe](https://github.com/clintoncwolfe))
<!-- latest_stable_release -->
## [v4.37.30](https://github.com/inspec/inspec/tree/v4.37.30) (2021-06-16)
#### Bug Fixes
@ -29,7 +39,6 @@
- Fix mysql_session resource to raise exception if there is a error in connection or in query [#5551](https://github.com/inspec/inspec/pull/5551) ([Vasu1105](https://github.com/Vasu1105))
- Fix postgres_session resource to raise exception if there is a error in connection or in query [#5553](https://github.com/inspec/inspec/pull/5553) ([Vasu1105](https://github.com/Vasu1105))
- Restrict x25519 gem to x86 architectures [#5564](https://github.com/inspec/inspec/pull/5564) ([clintoncwolfe](https://github.com/clintoncwolfe))
<!-- latest_stable_release -->
## [v4.37.25](https://github.com/inspec/inspec/tree/v4.37.25) (2021-06-10)

2
Dockerfile
View file

@ -1,7 +1,7 @@
FROM ubuntu:18.04
LABEL maintainer="Chef Software, Inc. <docker@chef.io>"
ARG VERSION=4.37.30
ARG VERSION=4.38.3
ARG CHANNEL=stable
ENV PATH=/opt/inspec/bin:/opt/inspec/embedded/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

2
VERSION
View file

@ -1 +1 @@
4.38.4
4.38.7

2
inspec-bin/lib/inspec-bin/version.rb
View file

@ -1,5 +1,5 @@
# This file managed by automation - do not edit manually
module InspecBin
INSPECBIN_ROOT = File.expand_path("..", __dir__)
VERSION = "4.38.4".freeze
VERSION = "4.38.7".freeze
end

6
lib/inspec/resources/mssql_session.rb
View file

@ -42,11 +42,7 @@ module Inspec::Resources
@local_mode = opts[:local_mode]
unless local_mode?
@host = opts[:host] || "localhost"
if opts.key?(:port)
@port = opts[:port]
else
@port = "1433"
end
@port = opts[:port]
end
@instance = opts[:instance]
@db_name = opts[:db_name]

57
lib/inspec/resources/postgres.rb
View file

@ -4,6 +4,8 @@ module Inspec::Resources
class Postgres < Inspec.resource(1)
name "postgres"
supports platform: "unix"
supports platform: "windows"
desc "The 'postgres' resource is a helper for the 'postgres_conf', 'postgres_hba_conf', 'postgres_ident_conf' & 'postgres_session' resources. Please use those instead."
attr_reader :service, :data_dir, :conf_dir, :conf_path, :version, :cluster
@ -43,11 +45,17 @@ module Inspec::Resources
@conf_dir = "/etc/postgresql/#{@version}/#{@cluster}"
@data_dir = "/var/lib/postgresql/#{@version}/#{@cluster}"
end
elsif inspec.os.windows?
dir = "C:\\Program Files\\PostgreSQL"
@version = version_from_psql || version_from_dir_windows(dir)
unless @version.to_s.empty?
@data_dir = "#{dir}\\#{@version}\\data\\"
end
else
@version = version_from_psql
if @version.to_s.empty?
if inspec.directory("/var/lib/pgsql/data").exist?
warn "Unable to determine PostgreSQL version: psql did not return" \
Inspec::Log.warn "Unable to determine PostgreSQL version: psql did not return" \
"a version number and unversioned data directories were found."
else
@version = version_from_dir("/var/lib/pgsql")
@ -69,13 +77,13 @@ module Inspec::Resources
def verify_dirs
unless inspec.directory(@conf_dir).exist?
warn "Default postgresql configuration directory: #{@conf_dir} does not exist. " \
Inspec::Log.warn "Default postgresql configuration directory: #{@conf_dir} does not exist. " \
"Postgresql may not be installed or we've misidentified the configuration " \
"directory."
end
unless inspec.directory(@data_dir).exist?
warn "Default postgresql data directory: #{@data_dir} does not exist. " \
Inspec::Log.warn "Default postgresql data directory: #{@data_dir} does not exist. " \
"Postgresql may not be installed or we've misidentified the data " \
"directory."
end
@ -84,7 +92,15 @@ module Inspec::Resources
def version_from_psql
return unless inspec.command("psql").exist?
inspec.command("psql --version | awk '{ print $NF }' | awk -F. '{ print $1\".\"$2 }'").stdout.strip
version = inspec.command("psql --version").stdout.strip.split(" ")[2].split(".")
unless version.empty?
if version.first.to_i >= 10
version.first
else
"#{version[0]}.#{version[1]}"
end
end
end
def locate_data_dir_location_by_version(ver = @version)
@ -100,7 +116,7 @@ module Inspec::Resources
data_dir_loc = dir_list.detect { |i| inspec.directory(i).exist? }
if data_dir_loc.nil?
warn 'Unable to find the PostgreSQL data_dir in expected location(s), please
Inspec::Log.warn 'Unable to find the PostgreSQL data_dir in expected location(s), please
execute "psql -t -A -p <port> -h <host> -c "show hba_file";" as the PostgreSQL
DBA to find the non-standard data_dir location.'
end
@ -112,15 +128,32 @@ module Inspec::Resources
entries = dirs.lines.count
case entries
when 0
warn "Could not determine version of installed postgresql by inspecting #{dir}"
Inspec::Log.warn "Could not determine version of installed postgresql by inspecting #{dir}"
nil
when 1
warn "Using #{dirs}: #{dir_to_version(dirs)}"
Inspec::Log.warn "Using #{dirs}: #{dir_to_version(dirs)}"
dir_to_version(dirs)
else
warn "Multiple versions of postgresql installed or incorrect base dir #{dir}"
Inspec::Log.warn "Multiple versions of postgresql installed or incorrect base dir #{dir}"
first = dir_to_version(dirs.lines.first)
warn "Using the first version found: #{first}"
Inspec::Log.warn "Using the first version found: #{first}"
first
end
end
def version_from_dir_windows(dir)
dirs = inspec.command("Get-ChildItem -Path \"#{dir}\" -Name").stdout
entries = dirs.lines.count
case entries
when 0
Inspec::Log.warn "Could not determine version of installed PostgreSQL by inspecting #{dir}"
nil
when 1
dir_to_version(dirs)
else
Inspec::Log.warn "Multiple versions of PostgreSQL installed or incorrect base dir #{dir}"
first = dir_to_version(dirs.lines.first)
Inspec::Log.warn "Using the first version found: #{first}"
first
end
end
@ -137,13 +170,13 @@ module Inspec::Resources
else
dirs = inspec.command("ls -d #{dir}/*/").stdout.lines
if dirs.empty?
warn "No postgresql clusters configured or incorrect base dir #{dir}"
Inspec::Log.warn "No postgresql clusters configured or incorrect base dir #{dir}"
return nil
end
first = dirs.first.chomp.split("/").last
if dirs.count > 1
warn "Multiple postgresql clusters configured or incorrect base dir #{dir}"
warn "Using the first directory found: #{first}"
Inspec::Log.warn "Multiple postgresql clusters configured or incorrect base dir #{dir}"
Inspec::Log.warn "Using the first directory found: #{first}"
end
first
end

2
lib/inspec/resources/postgres_conf.rb
View file

@ -22,6 +22,8 @@ module Inspec::Resources
include FileReader
include ObjectTraverser
attr_accessor :conf_path
def initialize(conf_path = nil)
@conf_path = conf_path || inspec.postgres.conf_path
if @conf_path.nil?

3
lib/inspec/resources/postgres_hba_conf.rb
View file

@ -5,6 +5,7 @@ module Inspec::Resources
class PostgresHbaConf < Inspec.resource(1)
name "postgres_hba_conf"
supports platform: "unix"
supports platform: "windows"
desc 'Use the `postgres_hba_conf` InSpec audit resource to test the client
authentication data defined in the pg_hba.conf file.'
example <<~EXAMPLE
@ -19,7 +20,7 @@ module Inspec::Resources
# @todo add checks to ensure that we have data in our file
def initialize(hba_conf_path = nil)
@conf_file = hba_conf_path || File.expand_path("pg_hba.conf", inspec.postgres.conf_dir)
@conf_file = hba_conf_path || File.join(inspec.postgres.conf_dir, "pg_hba.conf")
@content = ""
@params = {}
read_content

3
lib/inspec/resources/postgres_ident_conf.rb
View file

@ -5,6 +5,7 @@ module Inspec::Resources
class PostgresIdentConf < Inspec.resource(1)
name "postgres_ident_conf"
supports platform: "unix"
supports platform: "windows"
desc 'Use the postgres_ident_conf InSpec audit resource to test the client
authentication data is controlled by a pg_ident.conf file.'
example <<~EXAMPLE
@ -18,7 +19,7 @@ module Inspec::Resources
attr_reader :params, :conf_file
def initialize(ident_conf_path = nil)
@conf_file = ident_conf_path || File.expand_path("pg_ident.conf", inspec.postgres.conf_dir)
@conf_file = ident_conf_path || File.join(inspec.postgres.conf_dir, "pg_ident.conf")
@content = nil
@params = nil
read_content

14
lib/inspec/resources/postgres_session.rb
View file

@ -12,7 +12,7 @@ module Inspec::Resources
end
def lines
output.split("\n")
output.split("\n").map(&:strip)
end
def to_s
@ -54,7 +54,7 @@ module Inspec::Resources
raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
psql_cmd = create_psql_cmd(query, db)
cmd = inspec.command(psql_cmd, redact_regex: /(PGPASSWORD=').+(' psql .*)/)
cmd = inspec.command(psql_cmd, redact_regex: %r{(:\/\/[a-z]*:).*(@)})
out = cmd.stdout + "\n" + cmd.stderr
if cmd.exit_status != 0 || out =~ /could not connect to .*/ || out.downcase =~ /^error:.*/
raise Inspec::Exceptions::ResourceFailed, "PostgreSQL query with errors: #{out}"
@ -66,7 +66,7 @@ module Inspec::Resources
private
def test_connection
query("select now()")
query("select now()\;")
end
def escaped_query(query)
@ -74,8 +74,12 @@ module Inspec::Resources
end
def create_psql_cmd(query, db = [])
dbs = db.map { |x| "-d #{x}" }.join(" ")
"PGPASSWORD='#{@pass}' psql -U #{@user} #{dbs} -h #{@host} -p #{@port} -A -t -c #{escaped_query(query)}"
dbs = db.map { |x| "#{x}" }.join(" ")
if inspec.os.windows?
"psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c \"#{query}\""
else
"psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c #{escaped_query(query)}"
end
end
end
end

2
lib/inspec/rule.rb
View file

@ -360,7 +360,7 @@ module Inspec
# A string that does not represent a valid time results in the date 0000-01-01.
if [Date, Time].include?(expiry.class) || (expiry.is_a?(String) && Time.new(expiry).year != 0)
expiry = expiry.to_time if expiry.is_a? Date
expiry = Time.new(expiry) if expiry.is_a? String
expiry = Time.parse(expiry) if expiry.is_a? String
if expiry < Time.now # If the waiver expired, return - no skip applied
__waiver_data["message"] = "Waiver expired on #{expiry}, evaluating control normally"
return

2
lib/inspec/version.rb
View file

@ -1,3 +1,3 @@
module Inspec
VERSION = "4.38.4".freeze
VERSION = "4.38.7".freeze
end

2
test/helpers/mock_loader.rb
View file

@ -153,7 +153,7 @@ class MockLoader
"database.xml" => mockfile.call("database.xml"),
"/test/path/to/postgres/pg_hba.conf" => mockfile.call("pg_hba.conf"),
"/etc/postgresql/9.5/main/pg_ident.conf" => mockfile.call("pg_ident.conf"),
"C:/etc/postgresql/9.5/main/pg_ident.conf" => mockfile.call("pg_ident.conf"),
"C:/Program Files/PostgreSQL/9.5/main/pg_ident.conf" => mockfile.call("pg_ident.conf"),
"/etc/postgresql/9.5/main" => mockfile.call("9.5.main"),
"/var/lib/postgresql/9.5/main" => mockfile.call("var.9.5.main"),
"/etc/hosts" => mockfile.call("hosts"),

5
test/unit/resources/mssql_session_test.rb
View file

@ -8,7 +8,6 @@ describe "Inspec::Resources::MssqlSession" do
_(resource.user).must_equal "sa"
_(resource.password).must_equal "yourStrong(!)Password"
_(resource.host).must_equal "localhost"
_(resource.port).must_equal "1433"
end
it "verify mssql_session configuration with custom hostname" do
@ -16,7 +15,6 @@ describe "Inspec::Resources::MssqlSession" do
_(resource.user).must_equal "sa"
_(resource.password).must_equal "yourStrong(!)Password"
_(resource.host).must_equal "inspec.domain.tld"
_(resource.port).must_equal "1433"
end
it "verify mssql_session configuration with custom instance" do
@ -24,7 +22,6 @@ describe "Inspec::Resources::MssqlSession" do
_(resource.user).must_equal "sa"
_(resource.password).must_equal "yourStrong(!)Password"
_(resource.host).must_equal "localhost"
_(resource.port).must_equal "1433"
_(resource.instance).must_equal "SQL2012INSPEC"
end
@ -63,7 +60,7 @@ describe "Inspec::Resources::MssqlSession" do
end
it "run a SQL query" do
resource = load_resource("mssql_session", user: "sa", password: "yourStrong(!)Password", host: "localhost")
resource = load_resource("mssql_session", user: "sa", password: "yourStrong(!)Password", host: "localhost", port: "1433")
query = resource.query("SELECT SERVERPROPERTY('ProductVersion') as result")
_(query.size).must_equal 1
_(query.row(0).column("result").value).must_equal "14.0.600.250"

2
test/unit/resources/postgres_ident_conf_test.rb
View file

@ -5,7 +5,7 @@ require "inspec/resources/directory"
describe "Inspec::Resources::PGIdentConf" do
describe "PGIdentConf Paramaters" do
resource = load_resource("postgres_ident_conf")
resource = load_resource("postgres_ident_conf", "C:/Program Files/PostgreSQL/9.5/main/pg_ident.conf")
it "Verify postgres_ident_conf filtering by `system_username`" do
entries = resource.where { system_username == "bryanh" }
_(entries.map_name).must_equal ["omicron"]

14
test/unit/resources/postgres_session_test.rb
View file

@ -6,27 +6,27 @@ require "inspec/resources/command"
describe "Inspec::Resources::PostgresSession" do
it "verify postgres_session create_psql_cmd with a basic query" do
resource = load_resource("postgres_session", "myuser", "mypass", "127.0.0.1", 5432)
_(resource.send(:create_psql_cmd, "SELECT * FROM STUDENTS;", ["testdb"])).must_equal "PGPASSWORD='mypass' psql -U myuser -d testdb -h 127.0.0.1 -p 5432 -A -t -c SELECT\\ \\*\\ FROM\\ STUDENTS\\;"
_(resource.send(:create_psql_cmd, "SELECT * FROM STUDENTS;", ["testdb"])).must_equal "psql -d postgresql://myuser:mypass@127.0.0.1:5432/testdb -A -t -w -c SELECT\\ \\*\\ FROM\\ STUDENTS\\;"
end
it "verify postgres_session escaped_query with a complex query" do
resource = load_resource("postgres_session", "myuser", "mypass", "127.0.0.1", 5432)
_(resource.send(:create_psql_cmd, "SELECT current_setting('client_min_messages')", ["testdb"])).must_equal "PGPASSWORD='mypass' psql -U myuser -d testdb -h 127.0.0.1 -p 5432 -A -t -c SELECT\\ current_setting\\(\\'client_min_messages\\'\\)"
_(resource.send(:create_psql_cmd, "SELECT current_setting('client_min_messages')", ["testdb"])).must_equal "psql -d postgresql://myuser:mypass@127.0.0.1:5432/testdb -A -t -w -c SELECT\\ current_setting\\(\\'client_min_messages\\'\\)"
end
it "verify postgres_session redacts output" do
cmd = %q{PGPASSWORD='mypass' psql -U myuser -d testdb -h 127.0.0.1 -p 5432 -A -t -c "SELECT current_setting('client_min_messages')"}
options = { redact_regex: /(PGPASSWORD=').+(' psql .*)/ }
cmd = %q{psql -d postgresql://myuser:mypass@127.0.0.1:5432/testdb -A -t -w -c "SELECT current_setting('client_min_messages')"}
options = { redact_regex: %r{(:\/\/[a-z]*:).*(@)} }
resource = load_resource("command", cmd, options)
expected_to_s = %q{Command: `PGPASSWORD='REDACTED' psql -U myuser -d testdb -h 127.0.0.1 -p 5432 -A -t -c "SELECT current_setting('client_min_messages')"`}
expected_to_s = %q{Command: `psql -d postgresql://myuser:REDACTED@127.0.0.1:5432/testdb -A -t -w -c "SELECT current_setting('client_min_messages')"`}
_(resource.to_s).must_equal(expected_to_s)
end
it "verify postgres_session works with empty port value" do
resource = load_resource("postgres_session", "myuser", "mypass", "127.0.0.1")
_(resource.send(:create_psql_cmd, "SELECT * FROM STUDENTS;", ["testdb"])).must_equal "PGPASSWORD='mypass' psql -U myuser -d testdb -h 127.0.0.1 -p 5432 -A -t -c SELECT\\ \\*\\ FROM\\ STUDENTS\\;"
_(resource.send(:create_psql_cmd, "SELECT * FROM STUDENTS;", ["testdb"])).must_equal "psql -d postgresql://myuser:mypass@127.0.0.1:5432/testdb -A -t -w -c SELECT\\ \\*\\ FROM\\ STUDENTS\\;"
end
it "verify postgres_session works with empty host and port value" do
resource = load_resource("postgres_session", "myuser", "mypass")
_(resource.send(:create_psql_cmd, "SELECT * FROM STUDENTS;", ["testdb"])).must_equal "PGPASSWORD='mypass' psql -U myuser -d testdb -h localhost -p 5432 -A -t -c SELECT\\ \\*\\ FROM\\ STUDENTS\\;"
_(resource.send(:create_psql_cmd, "SELECT * FROM STUDENTS;", ["testdb"])).must_equal "psql -d postgresql://myuser:mypass@localhost:5432/testdb -A -t -w -c SELECT\\ \\*\\ FROM\\ STUDENTS\\;"
end
it "fails when no user, password" do
resource = load_resource("postgres_session", nil, nil, "localhost", 5432)