inspec-mongodb-resources 7.1.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: f936269f07ea1c3b9a47bd6c48579da4107636e51aa4d3c6f310f3b3fbf0b159
+  data.tar.gz: 5aeb283297dc475839c9e18e5def998d3627126d24e962c08bb18be780c156c5
+SHA512:
+  metadata.gz: 17074ba489dbabf65b1de2dca80ece3ba66864062e72e2ae29dc1262821f010b62f82892b558a29637fcb9aac640d25e9a7ff42f2bd93aea061d0ca0503eb066
+  data.tar.gz: 4de2696aff1ac731995ae081e5011ac747a19bd0f6d4b0dc53fdba941c14ec405f6a302220eaf58d0fd42b63fe12d06d1ec7d5a6c9c4a10b42e6c914c81a17e5

data/Gemfile

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+gem "inspec", git: "https://github.com/inspec/inspec", branch: "inspec-7"
+gem "inspec-bin", git: "https://github.com/inspec/inspec", branch: "inspec-7"
+
+gemspec
+
+group :test do
+  gem "byebug"
+  gem "chefstyle"
+  gem "minitest"
+  gem "m"
+  gem "mocha"
+  gem "rake"
+  gem "simplecov"
+  gem "simplecov_json_formatter"
+end

data/README.md

@@ -0,0 +1,16 @@
+# inspec-mongodb-resources
+
+Mongodb InSpec Resources in a Gem
+
+This repository contains the InSpec Mongodb resources, formerly contained in InSpec Core. In InSpec 7+, these resources are available in a gem, `inspec-mongodb-resources`.
+
+## Usage
+
+To use this resource pack, add this dependency to your inspec.yml :
+
+```yaml
+depends:
+ - name: inspec-mongodb-resources
+    gem: inspec-mongodb-resources
+```
+

data/inspec-mongodb-resources.gemspec

@@ -0,0 +1,46 @@
+# As plugins are usually packaged and distributed as a RubyGem,
+# we have to provide a .gemspec file, which controls the gembuild
+# and publish process.  This is a fairly generic gemspec.
+
+# It is traditional in a gemspec to dynamically load the current version
+# from a file in the source tree.  The next three lines make that happen.
+lib = File.expand_path("lib", __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "inspec-mongodb-resources/version"
+
+Gem::Specification.new do |spec|
+  # Importantly, all InSpec plugins must be prefixed with `inspec-` (most
+  # plugins) or `train-` (plugins which add new connectivity features).
+  spec.name          = "inspec-mongodb-resources"
+
+  # It is polite to namespace your plugin under InspecPlugins::YourPluginInCamelCase
+  spec.version       = InspecPlugins::MongodbResources::VERSION
+  spec.authors       = ["InSpec Core Maintainers"]
+  spec.email         = ["inspec@progress.com"]
+  spec.summary       = "InSpec mongodb Resources in a Gem"
+  spec.description   = "Contains InSpec 7.0+ resources fo interacting with Mongodb Resources."
+  spec.homepage      = "https://github.com/inspec/inspec-mongodb-resources"
+  spec.license       = "Apache-2.0"
+
+  # Though complicated-looking, this is pretty standard for a gemspec.
+  # It just filters what will actually be packaged in the gem (leaving
+  # out tests, etc)
+  spec.files = %w{
+    README.md inspec-mongodb-resources.gemspec Gemfile inspec.yml
+  } + Dir.glob(
+    "lib/**/*", File::FNM_DOTMATCH
+  ).reject { |f| File.directory?(f) }
+  spec.require_paths = ["lib"]
+
+  spec.required_ruby_version = ">= 3.1.0"
+
+  # If you rely on any other gems, list them here with any constraints.
+  # This is how `inspec plugin install` is able to manage your dependencies.
+  # For example, perhaps you are writing a thing that talks to AWS, and you
+  # want to ensure you have `aws-sdk` in a certain version.
+
+  # This plugin uses InSpec 7 Resource Pack Plugins
+  spec.add_dependency "inspec-core", ">= 7.0"
+
+  spec.add_dependency "mongo", "= 2.21.3" # 2.14 introduces a broken symlink in mongo-2.14.0/spec/support/ocsp
+end

data/inspec.yml

@@ -0,0 +1,10 @@
+name: inspec-mongodb-resources
+title: Inspec Mongodb Resources
+maintainer: InSpec Core Maintainers
+copyright: Progress Software Corporation
+copyright_email: inspec@progress.com
+license: Apache-2.0
+summary: Inspec Mongodb Resources in a Gem
+version: 7.1.2
+supports:
+  platform: os

data/lib/inspec-mongodb-resources/plugin.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+# Plugin Definition file
+# The purpose of this file is to declare to InSpec what plugin_types (capabilities)
+# are included in this plugin, and provide activator that will load them as needed.
+
+# It is important that this file load successfully and *quickly*.
+# Your plugin's functionality may never be used on this InSpec run; so we keep things
+# fast and light by only loading heavy things when they are needed.
+
+# Presumably this is light
+require "inspec-mongodb-resources/version"
+
+# The InspecPlugins namespace is where all plugins should declare themselves.
+# The "Inspec" capitalization is used throughout the InSpec source code; yes, it's
+# strange.
+module InspecPlugins
+  # Pick a reasonable namespace here for your plugin. A reasonable choice
+  # would be the CamelCase version of your plugin gem name.
+  # inspec-test-resources => TestResources
+  module MongodbResources
+    # This simple class handles the plugin definition, so calling it simply Plugin is OK.
+    #   Inspec.plugin returns various Classes, intended to be superclasses for various
+    # plugin components. Here, the one-arg form gives you the Plugin Definition superclass,
+    # which mainly gives you access to the activator / plugin_type DSL.
+    #   The number '2' says you are asking for version 2 of the plugin API. If there are
+    # future versions, InSpec promises plugin API v2 will work for at least two more InSpec
+    # major versions.
+    class Plugin < ::Inspec.plugin(2)
+      # Internal machine name of the plugin. InSpec will use this in errors, etc.
+      plugin_name :"inspec-mongodb-resources"
+
+      # Define a new Resource Pack.
+      resource_pack :"inspec-mongodb-resources" do
+        # This file will load the resources implicitly via the superclass
+        require "inspec-mongodb-resources/resource_pack"
+
+        # Having loaded our functionality, return a class that represents the plugin.
+        # Reserved for future use.
+        InspecPlugins::MongodbResources::ResourcePack
+      end
+    end
+  end
+end

data/lib/inspec-mongodb-resources/resource_pack.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+require "inspec/resource"
+
+module InspecPlugins::MongodbResources
+  # This class will provide the actual CLI implementation.
+  # Its superclass is provided by another call to Inspec.plugin,
+  # this time with two args.  The first arg specifies we are requesting
+  # version 2 of the Plugins API.  The second says we are making a Resource
+  # Pack plugin component, so please make available any DSL needed
+  # for that.
+  class ResourcePack < Inspec.plugin(2, :resource_pack)
+    # TBD
+    # load_timing :early  <-- isn't that implicit in the rewuire statements
+    # train relationship declarations?  <-- that should be in the gemspec
+  end
+end

data/lib/inspec-mongodb-resources/resources/mongodb.rb

@@ -0,0 +1,67 @@
+class Mongodb < Inspec.resource(1)
+  name "mongodb"
+  supports platform: "unix"
+  supports platform: "windows"
+
+  desc "The 'mongodb' resource is a helper for the 'mongodb_conf' & 'mongodb_session' resources.  Please use those instead."
+
+  attr_reader :conf_path
+
+  def initialize
+    case inspec.os[:family]
+    when "debian", "fedora", "redhat", "linux", "suse"
+      init_linux
+    when "darwin"
+      init_macos
+    when "windows"
+      init_windows
+    end
+  end
+
+  def resource_id
+    @conf_path
+  end
+
+  def to_s
+    "MongoDB"
+  end
+
+  private
+
+  def init_linux
+    @conf_path = "/etc/mongod.conf"
+  end
+
+  def init_macos
+    @conf_path = "/usr/local/etc/mongod.conf"
+  end
+
+  def init_windows
+    dir = "C:\\Program Files\\MongoDB\\Server"
+    @version = version_from_dir(dir)
+    unless @version.to_s.empty?
+      @conf_path = "#{dir}\\#{@version}\\bin\\mongod.cfg"
+    end
+  end
+
+  def version_from_dir(dir)
+    dirs = inspec.command("Get-ChildItem -Path \"#{dir}\" -Name").stdout
+    entries = dirs.lines.count
+    case entries
+    when 0
+      warn "Could not determine version of installed MongoDB by inspecting #{dir}"
+      nil
+    when 1
+      dir_to_version(dirs)
+    else
+      warn "Multiple versions of MongoDB installed or incorrect base dir #{dir}"
+      first = dir_to_version(dirs.lines.first)
+      warn "Using the first version found: #{first}"
+      first
+    end
+  end
+
+  def dir_to_version(dir)
+    dir.chomp.split("/").last
+  end
+end

data/lib/inspec-mongodb-resources/resources/mongodb_conf.rb

@@ -0,0 +1,42 @@
+require "inspec/resources/json"
+require "inspec-mongodb-resources/resources/mongodb"
+
+class MongodbConf < ::Inspec::Resources::JsonConfig
+  name "mongodb_conf"
+  supports platform: "unix"
+  supports platform: "windows"
+  desc "Use the mongodb_conf InSpec audit resource to test the contents of the configuration file for MongoDB, typically located at `/etc/mongod.conf` or `C:\\Program Files\\MongoDB\\Server\\<version>\\bin\\mongod.cfg`, depending on the platform."
+  example <<~EXAMPLE
+    describe mongodb_conf do
+      its(["storage", "dbPath"]) { should eq "/var/lib/mongodb" }
+      its(["net", "port"]) { should eq 27017 }
+    end
+  EXAMPLE
+
+  def initialize(conf_path = nil)
+    @conf_path = conf_path || inspec.mongodb.conf_path
+
+    if @conf_path.nil?
+      return skip_resource "MongoDB conf path is not set."
+    end
+
+    super(@conf_path)
+  end
+
+  # set resource_id to "" if system is not able to determine the @conf_path
+  def resource_id
+    @conf_path || "mongodb_conf"
+  end
+
+  private
+
+  def parse(content)
+    YAML.load(content)
+  rescue => e
+    raise Inspec::Exceptions::ResourceFailed, "Unable to parse `mongod.conf` or `mongod.cfg` file: #{e.message}"
+  end
+
+  def resource_base_name
+    "MongoDB Configuration"
+  end
+end

data/lib/inspec-mongodb-resources/resources/mongodb_session.rb

@@ -0,0 +1,96 @@
+require "mongo"
+
+class Lines
+  attr_reader :params
+
+  def initialize(raw, desc, exit_status = nil)
+    @params = raw
+    @desc = desc
+    @exit_status = exit_status
+  end
+
+  def to_s
+    @desc
+  end
+end
+
+class MongodbSession < Inspec.resource(1)
+  name "mongodb_session"
+  supports platform: "unix"
+  supports platform: "windows"
+
+  desc "Use the mongodb_session InSpec audit resource to run MongoDB command against a MongoDB Database."
+  example <<~EXAMPLE
+    # default values:
+    # host: "127.0.0.1"
+    # port: "27017"
+    # auth_source - default to database name
+    # auth_mech - :scram
+
+    describe mongodb_session(user: "foo", password: "bar", database: "test").query(usersInfo: "ian").params["users"].first["roles"].first do
+      its(["role"]) { should eq "readWrite" }
+    end
+  EXAMPLE
+  attr_reader :user, :host, :port, :database, :params
+
+  def initialize(opts = {})
+    @user = opts[:user] || nil
+    @password = opts[:password] || nil
+    @host = opts[:host] || "127.0.0.1"
+    @port = opts[:port] || "27017"
+    @database = opts[:database] || nil
+    @auth_mech = opts[:auth_mech] || :scram
+    @auth_source = opts[:auth_source] || @database
+    @ssl = opts[:ssl] || false
+    @ssl_cert = opts[:ssl_cert] || nil
+    @ssl_key = opts[:ssl_key] || nil
+    @ssl_ca_cert = opts[:ssl_ca_cert] || nil
+    @auth_mech_properties = opts[:auth_mech_properties] || {}
+    @client = nil
+
+    fail_resource "Can't run MongoDB checks without authentication." unless user && @password
+    fail_resource "You must provide a database name for the session." unless database
+
+    create_session
+  end
+
+  def query(command)
+    raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
+
+    Lines.new(@client.command(command).documents.first, "MongoDB query: #{command}")
+  rescue => e
+    raise Inspec::Exceptions::ResourceFailed, "Can't run MongoDB command Error: #{e.message}"
+  end
+
+  def resource_id
+    "mongodb_session:User:#{@user}:Host:#{@host}:Database:#{@database}"
+  end
+
+  private
+
+  def create_session
+    raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
+
+    options = { user: "#{user}",
+      password: "#{@password}",
+      database: "#{database}",
+      auth_source: "#{@auth_source}",
+      auth_mech: @auth_mech,
+      }
+    options[:auth_mech_properties] = @auth_mech_properties unless @auth_mech_properties.empty?
+    options[:ssl] = @ssl
+    options[:ssl_key] = @ssl_key unless @ssl_key.nil?
+    options[:ssl_cert] = @ssl_cert unless @ssl_cert.nil?
+    options[:ssl_ca_cert] = @ssl_ca_cert unless @ssl_ca_cert.nil?
+
+    # Setting the logger level to INFO as mongo gem version 2.13.2 is using DEBUG as the log level Ref: https://github.com/mongodb/mongo-ruby-driver/blob/v2.13.2/lib/mongo/logger.rb#L79
+    # Latest version of the mongo gem don't have this issue as it set to INFO level Ref: https://github.com/mongodb/mongo-ruby-driver/blob/master/lib/mongo/logger.rb#L82
+    # We pinned the version to 2.13.2 as the latest version of the mongo gem has broken symlink https://jira.mongodb.org/browse/RUBY-2546 which causes omnibus build failure.
+    # Once we get the latest version working we can remove logger level set here.
+    Mongo::Logger.logger.level = Logger::INFO
+    @client = Mongo::Client.new([ "#{host}:#{port}" ], options)
+
+  rescue => e
+    raise Inspec::Exceptions::ResourceFailed, "Can't run MongoDB command. Error: #{e.message}"
+  end
+end

data/lib/inspec-mongodb-resources/version.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+# This file simply makes it easier for CI engines to update
+# the version stamp, and provide a clean way for the gemspec
+# to learn the current version.
+module InspecPlugins
+  module MongodbResources
+    VERSION = "7.1.2"
+  end
+end

data/lib/inspec-mongodb-resources.rb

@@ -0,0 +1,14 @@
+# This file is known as the "entry point."
+# This is the file InSpec will try to load if it
+# thinks your plugin is installed.
+
+# The *only* thing this file should do is setup the
+# load path, then load the plugin definition file.
+
+# Next two lines simply add the path of the gem to the load path.
+# This is not needed when being loaded as a gem; but when doing
+# plugin development, you may need it.  Either way, it's harmless.
+libdir = File.dirname(__FILE__)
+$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
+
+require "inspec-mongodb-resources/plugin"

metadata

@@ -0,0 +1,83 @@
+--- !ruby/object:Gem::Specification
+name: inspec-mongodb-resources
+version: !ruby/object:Gem::Version
+  version: 7.1.2
+platform: ruby
+authors:
+- InSpec Core Maintainers
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2025-10-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: inspec-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.0'
+- !ruby/object:Gem::Dependency
+  name: mongo
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.21.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.21.3
+description: Contains InSpec 7.0+ resources fo interacting with Mongodb Resources.
+email:
+- inspec@progress.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- README.md
+- inspec-mongodb-resources.gemspec
+- inspec.yml
+- lib/inspec-mongodb-resources.rb
+- lib/inspec-mongodb-resources/plugin.rb
+- lib/inspec-mongodb-resources/resource_pack.rb
+- lib/inspec-mongodb-resources/resources/.gitkeep
+- lib/inspec-mongodb-resources/resources/mongodb.rb
+- lib/inspec-mongodb-resources/resources/mongodb_conf.rb
+- lib/inspec-mongodb-resources/resources/mongodb_session.rb
+- lib/inspec-mongodb-resources/version.rb
+homepage: https://github.com/inspec/inspec-mongodb-resources
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.27
+signing_key: 
+specification_version: 4
+summary: InSpec mongodb Resources in a Gem
+test_files: []