inspec-core 2.2.34 → 2.2.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +22 -17
- data/docs/resources/oracledb_session.md.erb +41 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/resources/oracledb_session.rb +19 -7
- data/lib/utils/database_helpers.rb +12 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: da1f9a4f568dc803f6bd8820468b7eda7fe38cdc2f8edd06d6d702036304a697
|
|
4
|
+
data.tar.gz: f74b2863a6a78d3dbe62b760b959f9b23a1b4e48c1a7142d1a70fdc3e4280423
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: '039debeadd4d1203117055e34dec6ea68b227aa0597cbfe045cbaedc7e1870f463cf60770c9db03f720b606f2b10969f65e3a291c5ba751bccd5877df66cf7df'
|
|
7
|
+
data.tar.gz: 2639e167eeb1d8687e9d500acba9bbae0b5572ddcf2fe4a1918b47c73590f6c86a247766c28691b0e8c5e0d1f51ad81a11be50164fbfc4119eff01d227c9f6d6
|
data/CHANGELOG.md
CHANGED
|
@@ -1,32 +1,38 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
<!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
|
|
3
|
-
<!-- latest_release 2.2.
|
|
4
|
-
## [v2.2.
|
|
3
|
+
<!-- latest_release 2.2.35 -->
|
|
4
|
+
## [v2.2.35](https://github.com/inspec/inspec/tree/v2.2.35) (2018-07-09)
|
|
5
5
|
|
|
6
|
-
####
|
|
7
|
-
-
|
|
6
|
+
#### New Features
|
|
7
|
+
- A number of bug fixes and new features for oracledb_session resource [#3170](https://github.com/inspec/inspec/pull/3170) ([voroniys](https://github.com/voroniys))
|
|
8
8
|
<!-- latest_release -->
|
|
9
9
|
|
|
10
|
-
<!-- release_rollup since=2.2.
|
|
11
|
-
### Changes since 2.2.
|
|
10
|
+
<!-- release_rollup since=2.2.34 -->
|
|
11
|
+
### Changes since 2.2.34 release
|
|
12
12
|
|
|
13
13
|
#### New Features
|
|
14
|
-
-
|
|
14
|
+
- A number of bug fixes and new features for oracledb_session resource [#3170](https://github.com/inspec/inspec/pull/3170) ([voroniys](https://github.com/voroniys)) <!-- 2.2.35 -->
|
|
15
|
+
<!-- release_rollup -->
|
|
15
16
|
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
- Fix some issues with the vendor functional tests [#3196](https://github.com/inspec/inspec/pull/3196) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.2.30 -->
|
|
17
|
+
<!-- latest_stable_release -->
|
|
18
|
+
## [v2.2.34](https://github.com/inspec/inspec/tree/v2.2.34) (2018-07-05)
|
|
19
19
|
|
|
20
|
-
####
|
|
21
|
-
-
|
|
22
|
-
- Fix vendor functional test to not validate a repo hash that can change. [#3198](https://github.com/inspec/inspec/pull/3198) ([miah](https://github.com/miah)) <!-- 2.2.29 -->
|
|
20
|
+
#### New Features
|
|
21
|
+
- cli: Add `--insecure` option for `exec` and `shell` [#3195](https://github.com/inspec/inspec/pull/3195) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
|
23
22
|
|
|
24
23
|
#### Enhancements
|
|
25
|
-
-
|
|
26
|
-
-
|
|
27
|
-
|
|
24
|
+
- Update the node platform issues to warn severity [#3186](https://github.com/inspec/inspec/pull/3186) ([jquick](https://github.com/jquick))
|
|
25
|
+
- Accept regexes for --controls option to inspec exec [#3179](https://github.com/inspec/inspec/pull/3179) ([clintoncwolfe](https://github.com/clintoncwolfe))
|
|
26
|
+
|
|
27
|
+
#### Bug Fixes
|
|
28
|
+
- Fix some issues with the vendor functional tests [#3196](https://github.com/inspec/inspec/pull/3196) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
|
29
|
+
- fix for apache_conf to handle quoted Includes [#3193](https://github.com/inspec/inspec/pull/3193) ([voroniys](https://github.com/voroniys))
|
|
28
30
|
|
|
31
|
+
#### Merged Pull Requests
|
|
32
|
+
- Fix vendor functional test to not validate a repo hash that can change. [#3198](https://github.com/inspec/inspec/pull/3198) ([miah](https://github.com/miah))
|
|
33
|
+
- Prevent Slashes in profile names [#3175](https://github.com/inspec/inspec/pull/3175) ([miah](https://github.com/miah))
|
|
29
34
|
<!-- latest_stable_release -->
|
|
35
|
+
|
|
30
36
|
## [v2.2.27](https://github.com/inspec/inspec/tree/v2.2.27) (2018-06-29)
|
|
31
37
|
|
|
32
38
|
#### New Features
|
|
@@ -43,7 +49,6 @@
|
|
|
43
49
|
|
|
44
50
|
#### Merged Pull Requests
|
|
45
51
|
- Add functional tests for nested attributes [#3157](https://github.com/inspec/inspec/pull/3157) ([clintoncwolfe](https://github.com/clintoncwolfe))
|
|
46
|
-
<!-- latest_stable_release -->
|
|
47
52
|
|
|
48
53
|
## [v2.2.20](https://github.com/inspec/inspec/tree/v2.2.20) (2018-06-21)
|
|
49
54
|
|
|
@@ -20,11 +20,17 @@ A `oracledb_session` resource block declares the username and password to use fo
|
|
|
20
20
|
where
|
|
21
21
|
|
|
22
22
|
* `oracledb_session` declares a username and password with permission to run the query (required), and an optional parameters for host (default: `localhost`), SID (default: `nil`, which uses the default SID, and path to the sqlplus binary (default: `sqlplus`).
|
|
23
|
+
* it is possible to run queries as sysdba/sysoper by using `as_db_role option`, see examples
|
|
23
24
|
* `query('QUERY')` contains the query to be run
|
|
24
25
|
* `its('value') { should eq('') }` compares the results of the query against the expected result in the test
|
|
25
26
|
|
|
26
27
|
<br>
|
|
27
28
|
|
|
29
|
+
## oracledb_session(...).query method Properties
|
|
30
|
+
* rows the query result as array of hashes
|
|
31
|
+
* row(number) selected row from query result, where number is just a row number in the query result
|
|
32
|
+
* column(name) array with values from selected column
|
|
33
|
+
|
|
28
34
|
## Examples
|
|
29
35
|
|
|
30
36
|
The following examples show how to use this InSpec audit resource.
|
|
@@ -45,6 +51,41 @@ The following examples show how to use this InSpec audit resource.
|
|
|
45
51
|
its('value') { should cmp 'ORCL' }
|
|
46
52
|
end
|
|
47
53
|
|
|
54
|
+
### Test for table contains a specified value in any row for the given column name
|
|
55
|
+
|
|
56
|
+
sql = oracledb_session(user: 'my_user', pass: 'password', service: 'MYSID')
|
|
57
|
+
|
|
58
|
+
describe sql.query('SELECT * FROM my_table;').column('my_column') do
|
|
59
|
+
it { should include 'my_value' }
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
### Test tablespace exists as sysdba
|
|
63
|
+
The check will change user (with su) to specified user and run 'sqlplus / as sysdba' (sysoper, sysasm)
|
|
64
|
+
|
|
65
|
+
sql = oracledb_session(as_os_user: 'oracle', as_db_role: 'sysdba', service: 'MYSID')
|
|
66
|
+
|
|
67
|
+
describe sql.query('SELECT tablespace_name AS name FROM dba_tablespaces;').column('name') do
|
|
68
|
+
it { should include 'MYTABLESPACE' }
|
|
69
|
+
end
|
|
70
|
+
NOTE: option `as_os_user` available only on unix-like systems and not supported on Windows. Also this option requires that you are running inspec as `root` or with `--sudo`
|
|
71
|
+
|
|
72
|
+
### Test number of rows in the query result
|
|
73
|
+
|
|
74
|
+
sql = oracledb_session(user: 'my_user', pass: 'password')
|
|
75
|
+
|
|
76
|
+
describe sql.query('SELECT * FROM my_table;').rows do
|
|
77
|
+
its('count') { should eq 20 }
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
### Use data out of (remote) DB query to build other tests
|
|
81
|
+
|
|
82
|
+
sql = oracledb_session(user: 'my_user', pass: 'password', host: 'my.remote.db', service: 'MYSID')
|
|
83
|
+
|
|
84
|
+
sql.query('SELECT * FROM files;').rows.each do |file_row|
|
|
85
|
+
describe file(file_row['path']) do
|
|
86
|
+
its('owner') { should eq file_row['owner']}
|
|
87
|
+
end
|
|
88
|
+
end
|
|
48
89
|
<br>
|
|
49
90
|
|
|
50
91
|
## Matchers
|
data/lib/inspec/version.rb
CHANGED
|
@@ -22,7 +22,8 @@ module Inspec::Resources
|
|
|
22
22
|
end
|
|
23
23
|
"
|
|
24
24
|
|
|
25
|
-
attr_reader :user, :password, :host, :service
|
|
25
|
+
attr_reader :user, :password, :host, :service, :as_os_user, :as_db_role
|
|
26
|
+
# rubocop:disable Metrics/PerceivedComplexity,Metrics/CyclomaticComplexity
|
|
26
27
|
def initialize(opts = {})
|
|
27
28
|
@user = opts[:user]
|
|
28
29
|
@password = opts[:password] || opts[:pass]
|
|
@@ -34,12 +35,17 @@ module Inspec::Resources
|
|
|
34
35
|
@port = opts[:port] || '1521'
|
|
35
36
|
@service = opts[:service]
|
|
36
37
|
|
|
38
|
+
# connection as sysdba stuff
|
|
39
|
+
return skip_resource "Option 'as_os_user' not available in Windows" if inspec.os.windows? && opts[:as_os_user]
|
|
40
|
+
@su_user = opts[:as_os_user]
|
|
41
|
+
@db_role = opts[:as_db_role]
|
|
42
|
+
|
|
37
43
|
# we prefer sqlci although it is way slower than sqlplus, but it understands csv properly
|
|
38
|
-
@sqlcl_bin = 'sql'
|
|
44
|
+
@sqlcl_bin = 'sql' unless opts.key?(:sqlplus_bin) # don't use it if user specified sqlplus_bin option
|
|
39
45
|
@sqlplus_bin = opts[:sqlplus_bin] || 'sqlplus'
|
|
40
46
|
|
|
41
|
-
return
|
|
42
|
-
return
|
|
47
|
+
return fail_resource "Can't run Oracle checks without authentication" if @su_user.nil? && (@user.nil? || @password.nil?)
|
|
48
|
+
return fail_resource 'You must provide a service name for the session' if @service.nil?
|
|
43
49
|
end
|
|
44
50
|
|
|
45
51
|
def query(q)
|
|
@@ -49,19 +55,25 @@ module Inspec::Resources
|
|
|
49
55
|
|
|
50
56
|
p = nil
|
|
51
57
|
# use sqlplus if sqlcl is not available
|
|
52
|
-
if inspec.command(@sqlcl_bin).exist?
|
|
58
|
+
if @sqlcl_bin and inspec.command(@sqlcl_bin).exist?
|
|
53
59
|
bin = @sqlcl_bin
|
|
54
60
|
opts = "set sqlformat csv\nSET FEEDBACK OFF"
|
|
55
61
|
p = :parse_csv_result
|
|
56
62
|
else
|
|
57
63
|
bin = @sqlplus_bin
|
|
58
|
-
opts = "SET MARKUP HTML ON\nSET FEEDBACK OFF"
|
|
64
|
+
opts = "SET MARKUP HTML ON\nSET PAGESIZE 32000\nSET FEEDBACK OFF"
|
|
59
65
|
p = :parse_html_result
|
|
60
66
|
end
|
|
61
67
|
|
|
62
68
|
query = verify_query(escaped_query)
|
|
63
69
|
query += ';' unless query.end_with?(';')
|
|
64
|
-
|
|
70
|
+
if @db_role.nil?
|
|
71
|
+
command = %{#{bin} "#{@user}"/"#{@password}"@#{@host}:#{@port}/#{@service} <<EOC\n#{opts}\n#{query}\nEXIT\nEOC}
|
|
72
|
+
elsif @su_user.nil?
|
|
73
|
+
command = %{#{bin} "#{@user}"/"#{@password}"@#{@host}:#{@port}/#{@service} as #{@db_role} <<EOC\n#{opts}\n#{query}\nEXIT\nEOC}
|
|
74
|
+
else
|
|
75
|
+
command = %{su - #{@su_user} -c "env ORACLE_SID=#{@service} #{bin} / as #{@db_role} <<EOC\n#{opts}\n#{query}\nEXIT\nEOC"}
|
|
76
|
+
end
|
|
65
77
|
cmd = inspec.command(command)
|
|
66
78
|
|
|
67
79
|
out = cmd.stdout + "\n" + cmd.stderr
|
|
@@ -48,10 +48,22 @@ module DatabaseHelper
|
|
|
48
48
|
@cmd.exit_status == 0 && @error.nil?
|
|
49
49
|
end
|
|
50
50
|
|
|
51
|
+
def rows
|
|
52
|
+
@results
|
|
53
|
+
end
|
|
54
|
+
|
|
51
55
|
def row(id)
|
|
52
56
|
SQLRow.new(self, @results[id])
|
|
53
57
|
end
|
|
54
58
|
|
|
59
|
+
def column(column)
|
|
60
|
+
result = []
|
|
61
|
+
@results.each do |row|
|
|
62
|
+
result << row[column]
|
|
63
|
+
end
|
|
64
|
+
result
|
|
65
|
+
end
|
|
66
|
+
|
|
55
67
|
def size
|
|
56
68
|
@results.size
|
|
57
69
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec-core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.2.
|
|
4
|
+
version: 2.2.35
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dominik Richter
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-07-
|
|
11
|
+
date: 2018-07-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: train-core
|