inspec-core 2.2.34 → 2.2.35

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6bf2d60a9d79b27af5eb0b5d1d490f3912def9ab18ffc0dd8218243ae9bc9045
4
- data.tar.gz: c2bbc3231ece1ecd74c3d258767fce943c0998c1173465e3803ed8edf816f4a2
3
+ metadata.gz: da1f9a4f568dc803f6bd8820468b7eda7fe38cdc2f8edd06d6d702036304a697
4
+ data.tar.gz: f74b2863a6a78d3dbe62b760b959f9b23a1b4e48c1a7142d1a70fdc3e4280423
5
5
  SHA512:
6
- metadata.gz: 05c378d057cb713d3c0bdaf4ac0db3dc45ea5d3c4bf550c838580cff5cd6227c3cc7ccff82cfbe03c3bcd2a840e3695f76da3ac24443c63fc69ba3bf5b102fd7
7
- data.tar.gz: b94f0b4f767a910ac98765fbae736ee38caa9d41cc3a2740907e74e919f3b138a99f8ee8def2b577f4f5f81cfb518792e3b6cbdd2887cff1edd21d84dce3347a
6
+ metadata.gz: '039debeadd4d1203117055e34dec6ea68b227aa0597cbfe045cbaedc7e1870f463cf60770c9db03f720b606f2b10969f65e3a291c5ba751bccd5877df66cf7df'
7
+ data.tar.gz: 2639e167eeb1d8687e9d500acba9bbae0b5572ddcf2fe4a1918b47c73590f6c86a247766c28691b0e8c5e0d1f51ad81a11be50164fbfc4119eff01d227c9f6d6
data/CHANGELOG.md CHANGED
@@ -1,32 +1,38 @@
1
1
  # Change Log
2
2
  <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
3
- <!-- latest_release 2.2.34 -->
4
- ## [v2.2.34](https://github.com/inspec/inspec/tree/v2.2.34) (2018-07-05)
3
+ <!-- latest_release 2.2.35 -->
4
+ ## [v2.2.35](https://github.com/inspec/inspec/tree/v2.2.35) (2018-07-09)
5
5
 
6
- #### Bug Fixes
7
- - fix for apache_conf to handle quoted Includes [#3193](https://github.com/inspec/inspec/pull/3193) ([voroniys](https://github.com/voroniys))
6
+ #### New Features
7
+ - A number of bug fixes and new features for oracledb_session resource [#3170](https://github.com/inspec/inspec/pull/3170) ([voroniys](https://github.com/voroniys))
8
8
  <!-- latest_release -->
9
9
 
10
- <!-- release_rollup since=2.2.27 -->
11
- ### Changes since 2.2.27 release
10
+ <!-- release_rollup since=2.2.34 -->
11
+ ### Changes since 2.2.34 release
12
12
 
13
13
  #### New Features
14
- - cli: Add `--insecure` option for `exec` and `shell` [#3195](https://github.com/inspec/inspec/pull/3195) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.2.31 -->
14
+ - A number of bug fixes and new features for oracledb_session resource [#3170](https://github.com/inspec/inspec/pull/3170) ([voroniys](https://github.com/voroniys)) <!-- 2.2.35 -->
15
+ <!-- release_rollup -->
15
16
 
16
- #### Bug Fixes
17
- - fix for apache_conf to handle quoted Includes [#3193](https://github.com/inspec/inspec/pull/3193) ([voroniys](https://github.com/voroniys)) <!-- 2.2.34 -->
18
- - Fix some issues with the vendor functional tests [#3196](https://github.com/inspec/inspec/pull/3196) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.2.30 -->
17
+ <!-- latest_stable_release -->
18
+ ## [v2.2.34](https://github.com/inspec/inspec/tree/v2.2.34) (2018-07-05)
19
19
 
20
- #### Merged Pull Requests
21
- - Prevent Slashes in profile names [#3175](https://github.com/inspec/inspec/pull/3175) ([miah](https://github.com/miah)) <!-- 2.2.32 -->
22
- - Fix vendor functional test to not validate a repo hash that can change. [#3198](https://github.com/inspec/inspec/pull/3198) ([miah](https://github.com/miah)) <!-- 2.2.29 -->
20
+ #### New Features
21
+ - cli: Add `--insecure` option for `exec` and `shell` [#3195](https://github.com/inspec/inspec/pull/3195) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
23
22
 
24
23
  #### Enhancements
25
- - Accept regexes for --controls option to inspec exec [#3179](https://github.com/inspec/inspec/pull/3179) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 2.2.33 -->
26
- - Update the node platform issues to warn severity [#3186](https://github.com/inspec/inspec/pull/3186) ([jquick](https://github.com/jquick)) <!-- 2.2.28 -->
27
- <!-- release_rollup -->
24
+ - Update the node platform issues to warn severity [#3186](https://github.com/inspec/inspec/pull/3186) ([jquick](https://github.com/jquick))
25
+ - Accept regexes for --controls option to inspec exec [#3179](https://github.com/inspec/inspec/pull/3179) ([clintoncwolfe](https://github.com/clintoncwolfe))
26
+
27
+ #### Bug Fixes
28
+ - Fix some issues with the vendor functional tests [#3196](https://github.com/inspec/inspec/pull/3196) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
29
+ - fix for apache_conf to handle quoted Includes [#3193](https://github.com/inspec/inspec/pull/3193) ([voroniys](https://github.com/voroniys))
28
30
 
31
+ #### Merged Pull Requests
32
+ - Fix vendor functional test to not validate a repo hash that can change. [#3198](https://github.com/inspec/inspec/pull/3198) ([miah](https://github.com/miah))
33
+ - Prevent Slashes in profile names [#3175](https://github.com/inspec/inspec/pull/3175) ([miah](https://github.com/miah))
29
34
  <!-- latest_stable_release -->
35
+
30
36
  ## [v2.2.27](https://github.com/inspec/inspec/tree/v2.2.27) (2018-06-29)
31
37
 
32
38
  #### New Features
@@ -43,7 +49,6 @@
43
49
 
44
50
  #### Merged Pull Requests
45
51
  - Add functional tests for nested attributes [#3157](https://github.com/inspec/inspec/pull/3157) ([clintoncwolfe](https://github.com/clintoncwolfe))
46
- <!-- latest_stable_release -->
47
52
 
48
53
  ## [v2.2.20](https://github.com/inspec/inspec/tree/v2.2.20) (2018-06-21)
49
54
 
@@ -20,11 +20,17 @@ A `oracledb_session` resource block declares the username and password to use fo
20
20
  where
21
21
 
22
22
  * `oracledb_session` declares a username and password with permission to run the query (required), and an optional parameters for host (default: `localhost`), SID (default: `nil`, which uses the default SID, and path to the sqlplus binary (default: `sqlplus`).
23
+ * it is possible to run queries as sysdba/sysoper by using `as_db_role option`, see examples
23
24
  * `query('QUERY')` contains the query to be run
24
25
  * `its('value') { should eq('') }` compares the results of the query against the expected result in the test
25
26
 
26
27
  <br>
27
28
 
29
+ ## oracledb_session(...).query method Properties
30
+ * rows the query result as array of hashes
31
+ * row(number) selected row from query result, where number is just a row number in the query result
32
+ * column(name) array with values from selected column
33
+
28
34
  ## Examples
29
35
 
30
36
  The following examples show how to use this InSpec audit resource.
@@ -45,6 +51,41 @@ The following examples show how to use this InSpec audit resource.
45
51
  its('value') { should cmp 'ORCL' }
46
52
  end
47
53
 
54
+ ### Test for table contains a specified value in any row for the given column name
55
+
56
+ sql = oracledb_session(user: 'my_user', pass: 'password', service: 'MYSID')
57
+
58
+ describe sql.query('SELECT * FROM my_table;').column('my_column') do
59
+ it { should include 'my_value' }
60
+ end
61
+
62
+ ### Test tablespace exists as sysdba
63
+ The check will change user (with su) to specified user and run 'sqlplus / as sysdba' (sysoper, sysasm)
64
+
65
+ sql = oracledb_session(as_os_user: 'oracle', as_db_role: 'sysdba', service: 'MYSID')
66
+
67
+ describe sql.query('SELECT tablespace_name AS name FROM dba_tablespaces;').column('name') do
68
+ it { should include 'MYTABLESPACE' }
69
+ end
70
+ NOTE: option `as_os_user` available only on unix-like systems and not supported on Windows. Also this option requires that you are running inspec as `root` or with `--sudo`
71
+
72
+ ### Test number of rows in the query result
73
+
74
+ sql = oracledb_session(user: 'my_user', pass: 'password')
75
+
76
+ describe sql.query('SELECT * FROM my_table;').rows do
77
+ its('count') { should eq 20 }
78
+ end
79
+
80
+ ### Use data out of (remote) DB query to build other tests
81
+
82
+ sql = oracledb_session(user: 'my_user', pass: 'password', host: 'my.remote.db', service: 'MYSID')
83
+
84
+ sql.query('SELECT * FROM files;').rows.each do |file_row|
85
+ describe file(file_row['path']) do
86
+ its('owner') { should eq file_row['owner']}
87
+ end
88
+ end
48
89
  <br>
49
90
 
50
91
  ## Matchers
@@ -4,5 +4,5 @@
4
4
  # author: Christoph Hartmann
5
5
 
6
6
  module Inspec
7
- VERSION = '2.2.34'
7
+ VERSION = '2.2.35'
8
8
  end
@@ -22,7 +22,8 @@ module Inspec::Resources
22
22
  end
23
23
  "
24
24
 
25
- attr_reader :user, :password, :host, :service
25
+ attr_reader :user, :password, :host, :service, :as_os_user, :as_db_role
26
+ # rubocop:disable Metrics/PerceivedComplexity,Metrics/CyclomaticComplexity
26
27
  def initialize(opts = {})
27
28
  @user = opts[:user]
28
29
  @password = opts[:password] || opts[:pass]
@@ -34,12 +35,17 @@ module Inspec::Resources
34
35
  @port = opts[:port] || '1521'
35
36
  @service = opts[:service]
36
37
 
38
+ # connection as sysdba stuff
39
+ return skip_resource "Option 'as_os_user' not available in Windows" if inspec.os.windows? && opts[:as_os_user]
40
+ @su_user = opts[:as_os_user]
41
+ @db_role = opts[:as_db_role]
42
+
37
43
  # we prefer sqlci although it is way slower than sqlplus, but it understands csv properly
38
- @sqlcl_bin = 'sql'
44
+ @sqlcl_bin = 'sql' unless opts.key?(:sqlplus_bin) # don't use it if user specified sqlplus_bin option
39
45
  @sqlplus_bin = opts[:sqlplus_bin] || 'sqlplus'
40
46
 
41
- return skip_resource "Can't run Oracle checks without authentication" if @user.nil? || @password.nil?
42
- return skip_resource 'You must provide a service name for the session' if @service.nil?
47
+ return fail_resource "Can't run Oracle checks without authentication" if @su_user.nil? && (@user.nil? || @password.nil?)
48
+ return fail_resource 'You must provide a service name for the session' if @service.nil?
43
49
  end
44
50
 
45
51
  def query(q)
@@ -49,19 +55,25 @@ module Inspec::Resources
49
55
 
50
56
  p = nil
51
57
  # use sqlplus if sqlcl is not available
52
- if inspec.command(@sqlcl_bin).exist?
58
+ if @sqlcl_bin and inspec.command(@sqlcl_bin).exist?
53
59
  bin = @sqlcl_bin
54
60
  opts = "set sqlformat csv\nSET FEEDBACK OFF"
55
61
  p = :parse_csv_result
56
62
  else
57
63
  bin = @sqlplus_bin
58
- opts = "SET MARKUP HTML ON\nSET FEEDBACK OFF"
64
+ opts = "SET MARKUP HTML ON\nSET PAGESIZE 32000\nSET FEEDBACK OFF"
59
65
  p = :parse_html_result
60
66
  end
61
67
 
62
68
  query = verify_query(escaped_query)
63
69
  query += ';' unless query.end_with?(';')
64
- command = %{echo "#{opts}\n#{query}\nEXIT" | #{bin} "#{@user}"/"#{@password}"@#{@host}:#{@port}/#{@service}}
70
+ if @db_role.nil?
71
+ command = %{#{bin} "#{@user}"/"#{@password}"@#{@host}:#{@port}/#{@service} <<EOC\n#{opts}\n#{query}\nEXIT\nEOC}
72
+ elsif @su_user.nil?
73
+ command = %{#{bin} "#{@user}"/"#{@password}"@#{@host}:#{@port}/#{@service} as #{@db_role} <<EOC\n#{opts}\n#{query}\nEXIT\nEOC}
74
+ else
75
+ command = %{su - #{@su_user} -c "env ORACLE_SID=#{@service} #{bin} / as #{@db_role} <<EOC\n#{opts}\n#{query}\nEXIT\nEOC"}
76
+ end
65
77
  cmd = inspec.command(command)
66
78
 
67
79
  out = cmd.stdout + "\n" + cmd.stderr
@@ -48,10 +48,22 @@ module DatabaseHelper
48
48
  @cmd.exit_status == 0 && @error.nil?
49
49
  end
50
50
 
51
+ def rows
52
+ @results
53
+ end
54
+
51
55
  def row(id)
52
56
  SQLRow.new(self, @results[id])
53
57
  end
54
58
 
59
+ def column(column)
60
+ result = []
61
+ @results.each do |row|
62
+ result << row[column]
63
+ end
64
+ result
65
+ end
66
+
55
67
  def size
56
68
  @results.size
57
69
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.34
4
+ version: 2.2.35
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dominik Richter
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-07-05 00:00:00.000000000 Z
11
+ date: 2018-07-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: train-core