ldap enabled

mitre · Apr 17, 2024 · 6c0fafb · 6c0fafb
1 parent c8f0356
commit 6c0fafb
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 2 deletions.
diff --git a/spec/mongo-inspec-profile/controls/SV-252157.rb b/spec/mongo-inspec-profile/controls/SV-252157.rb
@@ -55,4 +55,11 @@
     its('ok') { should cmp 1 }
   end
 
+  describe json({command: run_get_dbs}) do
+    only_if 'LDAP is being used for authenticaion/authorization' do
+      input('ldap_enabled') == true
+    end
+    its('ok') { should cmp 1 }
+  end
+
 end
diff --git a/spec/mongo-inspec-profile/controls/SV-252174.rb b/spec/mongo-inspec-profile/controls/SV-252174.rb
@@ -90,10 +90,11 @@
         user_roles.each do |role|
           run_get_role = "mongosh mongodb://#{input('mongo_dba')}:#{input('mongo_dba_password')}@#{input('mongo_host')}:#{input('mongo_port')}/#{db_name}?authSource=admin --quiet --eval \"EJSON.stringify(db.getRole(#{role}, {showPrivileges: true}))\""
           role_output = json({command: run_get_role}).params
+
           all_actions = role_output["privileges"].map { |privilege| privilege["actions"] } +
               role_output["inheritedPrivileges"].map { |privilege| privilege["actions"] }
           all_actions.flatten!
-          
+
           p "user", user
           p "role", role
           p all_actions

diff --git a/spec/mongo-inspec-profile/inspec.yml b/spec/mongo-inspec-profile/inspec.yml
@@ -141,7 +141,7 @@ inputs:
     required: true
 
   # SV-252157
-  - name: enable_ldap
+  - name: ldap_enabled
     description: "LDAP is used for authentication and authorization"
     type: boolean
     value: false