fix(lab-05): align database lab with runtime behavior

2026-04-10 14:10:22 +00:00
parent 4b6777f600
commit 92c11d524f
7 changed files with 231 additions and 205 deletions
@@ -4,12 +4,19 @@ Deploy PostgreSQL in rete privata con persistenza dati.
 ## Avvio del Laboratorio
 Leggi prima i tutorial nell'ordine indicato sotto. Il flusso principale del lab usa `docker-compose.yml`; il `Dockerfile` e solo un riferimento per client e strumenti, non un prerequisito di avvio.
 ```bash
 cd labs/lab-05-database
 docker build .
 docker compose up -d
 ```
 ## Ordine Consigliato
 1. `tutorial/01-deploy-rds-database.md`
 2. `tutorial/02-data-persistence.md`
 3. `tutorial/03-security-compliance.md`
 ## Verifica Completamento
 ```bash
@@ -21,4 +28,4 @@ bash tests/99-final-verification.sh
 - [Tutorial](tutorial/) - Guida passo-passo
 - [How-to Guides](how-to-guides/) - Procedure specifiche
 - [Reference](reference/) - Documentazione tecnica
- [Explanation](explanation/) - Paralleli cloud
+- [Explanation](explanation/) - Paralleli cloud
@@ -5,7 +5,10 @@
 ### Da container nella stessa rete
 ```bash
-docker exec lab05-app psql -h db -U lab05_user -d lab05_db
+docker run --rm --network lab05-vpc-private \
  -e PGPASSWORD=lab05_password \
  postgres:16-alpine \
  psql -h db -U lab05_user -d lab05_db
 ```
 ### Dall'host con port forwarding (non recommended)
@@ -43,13 +46,15 @@ postgresql://lab05_user:lab05_password@127.0.0.1:5432/lab05_db
 Il database è in rete privata. Devi connetterti da container nella stessa rete:
 ```bash
-# Prima entra in un container
+# Client temporaneo nella rete privata
-docker exec -it lab05-app sh
+docker run --rm -it --network lab05-vpc-private \
-
+  -e PGPASSWORD=lab05_password \
-# Poi connettiti
+  postgres:16-alpine \
-psql -h db -U lab05_user -d lab05_db
+  psql -h db -U lab05_user -d lab05_db
 ```
 Nota: il servizio `lab05-app` usa `nginx:alpine` e non include `psql`.
 ### Password authentication failed
 Verifica le credenziali in docker-compose.yml:
@@ -8,8 +8,11 @@
 # Connessione base
 docker exec lab05-db psql -U lab05_user -d lab05_db
-# Connessione con host specificato
+# Connessione da client nella rete privata
-docker exec lab05-app psql -h db -U lab05_user -d lab05_db
+docker run --rm --network lab05-vpc-private \
  -e PGPASSWORD=lab05_password \
  postgres:16-alpine \
  psql -h db -U lab05_user -d lab05_db
 # Esegui comando singolo
 docker exec lab05-db psql -U lab05_user -d lab05_db -c "SELECT version();"
@@ -1,27 +1,49 @@
 #!/bin/bash
 # Lab 05 - Database & RDS
 # Test 99: Final Verification (Double Check)
 # Verifica finale end-to-end per studenti
 set -euo pipefail
 # Colori per output
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 BLUE='\033[0;34m'
 NC='\033[0m'
-# Contatori
+TEST_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 LAB_DIR="$(cd "$TEST_DIR/.." && pwd)"
 pass_count=0
 fail_count=0
 skip_count=0
 # Funzioni helper
 inc_pass() { ((pass_count++)) || true; }
 inc_fail() { ((fail_count++)) || true; }
 inc_skip() { ((skip_count++)) || true; }
 check_pass() {
  echo -e "${GREEN}OK${NC}"
  inc_pass
 }
 check_fail() {
  echo -e "${RED}FAIL${NC}"
  inc_fail
 }
 check_warn() {
  echo -e "${YELLOW}WARN${NC} $1"
  inc_skip
 }
 cleanup() {
  docker compose down >/dev/null 2>&1 || true
 }
 trap cleanup EXIT
 cd "$LAB_DIR"
 echo "=========================================="
 echo "Lab 05 - Final Verification (Double Check)"
 echo "=========================================="
@@ -30,219 +52,204 @@ echo "Verifica completa: Lab 05 - Database & RDS"
 echo "Parallelo: PostgreSQL in Docker ↔ RDS in AWS VPC"
 echo ""
 # Verifica file docker-compose.yml
 echo -n "[CHECK] Verifica docker-compose.yml esista... "
-if [ -f "docker-compose.yml" ]; then
+if [ -f docker-compose.yml ]; then
-    echo -e "${GREEN}OK${NC}"
+  check_pass
    inc_pass
 else
-    echo -e "${RED}FAIL${NC}"
+  check_fail
-    inc_fail
+  exit 1
-    echo "ERRORE: docker-compose.yml non trovato"
+fi
-    exit 1
+
 echo -n "[CHECK] Sintassi docker compose valida... "
 if docker compose config >/dev/null 2>&1; then
  check_pass
 else
  check_fail
  exit 1
 fi
 echo ""
 echo "=== VERIFICA CONFIGURAZIONE ==="
-# Verifica servizio database
+echo -n "[CHECK] Servizio 'db' definito... "
-echo -n "[CHECK] Servizio 'database' definito... "
+if grep -q '^  db:$' <(docker compose config); then
-if grep -q "database:" docker-compose.yml; then
+  check_pass
    echo -e "${GREEN}OK${NC}"
    inc_pass
 else
-    echo -e "${RED}FAIL${NC}"
+  check_fail
    inc_fail
 fi
 # Verifica immagine PostgreSQL
 echo -n "[CHECK] Immagine PostgreSQL... "
-if grep -q "image: postgres" docker-compose.yml; then
+if grep -q 'image: postgres:16-alpine' docker-compose.yml; then
-    echo -e "${GREEN}OK${NC}"
+  check_pass
    inc_pass
 else
-    echo -e "${RED}FAIL${NC}"
+  check_fail
    inc_fail
 fi
 # Verifica credenziali
 echo -n "[CHECK] Credenziali PostgreSQL configurate... "
-if grep -q "POSTGRES_DB:" docker-compose.yml && \
+if grep -q 'POSTGRES_DB:' docker-compose.yml && \
-   grep -q "POSTGRES_USER:" docker-compose.yml && \
+   grep -q 'POSTGRES_USER:' docker-compose.yml && \
-   grep -q "POSTGRES_PASSWORD:" docker-compose.yml; then
+   grep -q 'POSTGRES_PASSWORD:' docker-compose.yml; then
-    echo -e "${GREEN}OK${NC}"
+  check_pass
    inc_pass
 else
-    echo -e "${RED}FAIL${NC}"
+  check_fail
    inc_fail
 fi
 # Verifica volume
 echo -n "[CHECK] Volume 'db-data' configurato... "
-if grep -q "db-data:" docker-compose.yml; then
+if grep -q '^  db-data:$' <(docker compose config); then
-    echo -e "${GREEN}OK${NC}"
+  check_pass
    inc_pass
 else
-    echo -e "${RED}FAIL${NC}"
+  check_fail
    inc_fail
 fi
 # Verifica rete privata
 echo -n "[CHECK] Database in rete 'vpc-private'... "
-if grep -A 20 "database:" docker-compose.yml | grep -q "vpc-private"; then
+if docker compose config | grep -A 30 '^  db:$' | grep -q 'vpc-private'; then
-    echo -e "${GREEN}OK${NC}"
+  check_pass
    inc_pass
 else
-    echo -e "${RED}FAIL${NC}"
+  check_fail
    inc_fail
 fi
-# Verifica nessuna porta esposta
+echo -n "[CHECK] NESSUNA porta esposta sul database (INF-02)... "
-echo -n "[CHECK] NESSUNA porta esposta (INF-02)... "
+if docker compose config | grep -A 30 '^  db:$' | grep -q 'ports:'; then
-if grep -A 30 "database:" docker-compose.yml | grep -q "ports:"; then
+  check_fail
    echo -e "${YELLOW}WARN${NC} (porte configurate - RDS non espone porte)"
    inc_skip
 else
-    echo -e "${GREEN}OK${NC}"
+  check_pass
    inc_pass
 fi
-# Verifica limiti risorse
+echo -n "[CHECK] Limiti risorse configurati sul database (INF-03)... "
-echo -n "[CHECK] Limiti risorse configurati (INF-03)... "
+if docker compose config | grep -A 30 '^  db:$' | grep -q 'cpus:' && \
-if grep -A 30 "database:" docker-compose.yml | grep -q "cpus:" && \
+   docker compose config | grep -A 30 '^  db:$' | grep -q 'memory:'; then
-   grep -A 30 "database:" docker-compose.yml | grep -q "memory:"; then
+  check_pass
    echo -e "${GREEN}OK${NC}"
    inc_pass
 else
-    echo -e "${RED}FAIL${NC}"
+  check_fail
    inc_fail
 fi
 echo ""
 echo "=== VERIFICA ESECUZIONE ==="
-# Verifica container in esecuzione
+docker compose down >/dev/null 2>&1 || true
 docker compose up -d >/dev/null
 sleep 10
 echo -n "[CHECK] Container 'lab05-db' in esecuzione... "
-if docker ps --format '{{{{Names}}}}' | grep -q "^lab05-db$"; then
+if docker ps --format '{{.Names}}' | grep -q '^lab05-db$'; then
-    echo -e "${GREEN}OK${NC}"
+  check_pass
    inc_pass
 else
-    echo -e "${RED}FAIL${NC}"
+  check_fail
-    inc_fail
+  echo "Avviare i container: docker compose up -d"
-    echo "Avviare i container: docker compose up -d"
+  exit 1
    echo ""
    echo "Risultato: $pass_count PASS, $fail_count FAIL, $skip_count SKIP"
    exit 1
 fi
-# Verifica healthcheck
+echo -n "[CHECK] Healthcheck database... "
-echo -n "[CHECK] Healthcheck configurato... "
+health_status=$(docker inspect lab05-db --format '{{.State.Health.Status}}' 2>/dev/null || echo unknown)
-health_status=$(docker inspect lab05-db --format '{{.State.Health.Status}}' 2>/dev/null || echo "unknown")
+if [ "$health_status" = "healthy" ]; then
-if [ "$health_status" != "unknown" ]; then
+  check_pass
-    echo -e "${GREEN}OK${NC} ($health_status)"
+elif [ "$health_status" = "starting" ]; then
-    inc_pass
+  check_warn "(database ancora in avvio)"
 else
-    echo -e "${YELLOW}WARN${NC} (nessun healthcheck)"
+  check_fail
    inc_skip
 fi
 # Verifica pg_isready
 echo -n "[CHECK] PostgreSQL pronto (pg_isready)... "
-if docker exec lab05-db pg_isready &>/dev/null; then
+if docker exec lab05-db pg_isready -U lab05_user >/dev/null 2>&1; then
-    echo -e "${GREEN}OK${NC}"
+  check_pass
    inc_pass
 else
-    echo -e "${YELLOW}WARN${NC} (PostgreSQL non ancora pronto)"
+  check_fail
    inc_skip
 fi
 echo ""
 echo "=== VERIFICA SICUREZZA ==="
-# INF-01: Non-root
+echo -n "[CHECK] Processo principale NON gira come root (INF-01)... "
-echo -n "[CHECK] Container NON gira come root (INF-01)... "
+pid1_user=$(docker exec lab05-db sh -c "ps -o user,pid,args | awk '\$2 == 1 {print \$1}'" 2>/dev/null | tr -d '[:space:]')
-container_user=$(docker exec lab05-db whoami 2>/dev/null || echo "unknown")
+pid1_uid=$(docker exec lab05-db sh -c "awk '/^Uid:/ {print \$2}' /proc/1/status" 2>/dev/null | tr -d '[:space:]')
-if [ "$container_user" = "postgres" ]; then
+if [ -n "$pid1_uid" ] && [ "$pid1_uid" -ne 0 ]; then
-    echo -e "${GREEN}OK${NC} ($container_user)"
+  echo -e "${GREEN}OK${NC} ($pid1_user uid=$pid1_uid)"
-    inc_pass
+  inc_pass
 else
-    echo -e "${RED}FAIL${NC} ($container_user)"
+  check_fail
    inc_fail
 fi
-# INF-02: No host ports
+echo -n "[CHECK] NESSUNA porta host sul DB (INF-02)... "
-echo -n "[CHECK] NESSUNA porta su host (INF-02)... "
+db_port=$(docker port lab05-db 5432 2>/dev/null || true)
 db_port=$(docker port lab05-db 5432 2>/dev/null || echo "")
 if [ -z "$db_port" ]; then
-    echo -e "${GREEN}OK${NC}"
+  check_pass
    inc_pass
 else
-    echo -e "${RED}FAIL${NC} (porta $db_port)"
+  echo -e "${RED}FAIL${NC} ($db_port)"
-    inc_fail
+  inc_fail
 fi
 echo -n "[CHECK] Isolamento rete pubblica -> DB... "
 if docker exec lab05-test-public ping -c 1 db >/dev/null 2>&1; then
  check_fail
 else
  check_pass
 fi
 echo -n "[CHECK] App privata puo raggiungere DB... "
 if docker exec lab05-app ping -c 1 db >/dev/null 2>&1; then
  check_pass
 else
  check_fail
 fi
 # INF-03: Resource limits
 echo -n "[CHECK] Limiti risorsa applicati (INF-03)... "
-if docker inspect lab05-db --format '{{.HostConfig.Memory}}' | grep -q "[1-9]"; then
+db_memory=$(docker inspect lab05-db --format '{{.HostConfig.Memory}}' 2>/dev/null || echo 0)
-    echo -e "${GREEN}OK${NC}"
+db_cpus=$(docker inspect lab05-db --format '{{.HostConfig.NanoCpus}}' 2>/dev/null || echo 0)
-    inc_pass
+if [ "$db_memory" -gt 0 ] && [ "$db_cpus" -gt 0 ]; then
  check_pass
 else
-    echo -e "${RED}FAIL${NC}"
+  check_fail
    inc_fail
 fi
-# INF-04: Volume persistence
+echo -n "[CHECK] Volume persistenza presente (INF-04)... "
-echo -n "[CHECK] Volume persistenza (INF-04)... "
+if docker volume ls --format '{{.Name}}' | grep -q '^lab-05-database_db-data$'; then
-if docker volume ls --format '{{{{.Name}}}}' | grep -q "^lab05_db-data$"; then
+  check_pass
    echo -e "${GREEN}OK${NC}"
    inc_pass
 else
-    echo -e "${RED}FAIL${NC}"
+  check_fail
    inc_fail
 fi
 echo ""
-echo "=== VERIFICA FUNZIONALITÀ ==="
+echo "=== VERIFICA FUNZIONALITA ==="
 # Test connessione database
 echo -n "[CHECK] Connessione database funziona... "
-if docker exec lab05-db psql -U lab05_user -d lab05_db -c "SELECT 1;" &>/dev/null; then
+if docker exec lab05-db psql -U lab05_user -d lab05_db -c 'SELECT 1;' >/dev/null 2>&1; then
-    echo -e "${GREEN}OK${NC}"
+  check_pass
    inc_pass
 else
-    echo -e "${RED}FAIL${NC}"
+  check_fail
    inc_fail
 fi
 # Test creazione tabella
 echo -n "[CHECK] Creazione tabella... "
-if docker exec lab05-db psql -U lab05_user -d lab05_db -c "CREATE TABLE IF NOT EXISTS verify_test (id SERIAL);" &>/dev/null; then
+if docker exec lab05-db psql -U lab05_user -d lab05_db -c 'CREATE TABLE IF NOT EXISTS verify_test (id SERIAL PRIMARY KEY, note TEXT);' >/dev/null 2>&1; then
-    echo -e "${GREEN}OK${NC}"
+  check_pass
    inc_pass
 else
-    echo -e "${RED}FAIL${NC}"
+  check_fail
    inc_fail
 fi
 # Test inserimento dati
 echo -n "[CHECK] Inserimento dati... "
-if docker exec lab05-db psql -U lab05_user -d lab05_db -c "INSERT INTO verify_test DEFAULT VALUES;" &>/dev/null; then
+if docker exec lab05-db psql -U lab05_user -d lab05_db -c "INSERT INTO verify_test (note) VALUES ('ok');" >/dev/null 2>&1; then
-    echo -e "${GREEN}OK${NC}"
+  check_pass
    inc_pass
 else
-    echo -e "${RED}FAIL${NC}"
+  check_fail
    inc_fail
 fi
 # Test query dati
 echo -n "[CHECK] Query dati... "
-count=$(docker exec lab05-db psql -U lab05_user -d lab05_db -t -c "SELECT COUNT(*) FROM verify_test;" 2>/dev/null | tr -d ' ')
+count=$(docker exec lab05-db psql -U lab05_user -d lab05_db -tAc "SELECT COUNT(*) FROM verify_test WHERE note='ok';" 2>/dev/null | tr -d '[:space:]')
-if [ -n "$count" ] && [ "$count" -gt 0 ]; then
+if [ -n "$count" ] && [ "$count" -ge 1 ]; then
-    echo -e "${GREEN}OK${NC} ($count righe)"
+  echo -e "${GREEN}OK${NC} ($count righe)"
-    inc_pass
+  inc_pass
 else
-    echo -e "${RED}FAIL${NC}"
+  check_fail
-    inc_fail
+fi
 echo -n "[CHECK] Persistenza dati dopo restart DB... "
 docker compose restart db >/dev/null
 sleep 8
 persist_count=$(docker exec lab05-db psql -U lab05_user -d lab05_db -tAc "SELECT COUNT(*) FROM verify_test WHERE note='ok';" 2>/dev/null | tr -d '[:space:]')
 if [ -n "$persist_count" ] && [ "$persist_count" -ge 1 ]; then
  echo -e "${GREEN}OK${NC} ($persist_count righe)"
  inc_pass
 else
  check_fail
 fi
 echo ""
@@ -253,20 +260,20 @@ echo "  $fail_count FAIL"
 echo "  $skip_count SKIP"
 echo "=========================================="
-if [ $fail_count -eq 0 ]; then
+if [ "$fail_count" -eq 0 ]; then
-    echo ""
+  echo ""
-    echo -e "${GREEN}✓ LAB 05 COMPLETATO CON SUCCESSO${NC}"
+  echo -e "${GREEN}✓ LAB 05 COMPLETATO CON SUCCESSO${NC}"
-    echo ""
+  echo ""
-    echo "Paralleli confermati:"
+  echo "Paralleli confermati:"
-    echo "  PostgreSQL container → RDS Instance"
+  echo "  PostgreSQL container → RDS Instance"
-    echo "  Private network → VPC Private Subnet"
+  echo "  Private network → VPC Private Subnet"
-    echo "  Named volume → EBS Volume"
+  echo "  Named volume → EBS Volume"
-    echo "  Resource limits → DB Instance Class"
+  echo "  Resource limits → DB Instance Class"
-    echo ""
+  echo ""
-    exit 0
+  exit 0
 else
-    echo ""
+  echo ""
-    echo -e "${RED}✗ LAB 05 HA ERRORI - RISOLVERE E RIPETERE${NC}"
+  echo -e "${RED}✗ LAB 05 HA ERRORI - RISOLVERE E RIPETERE${NC}"
-    echo ""
+  echo ""
-    exit 1
+  exit 1
 fi
@@ -16,20 +16,20 @@ Deployare PostgreSQL in Docker private network che simula RDS in VPC privata AWS
 ## Passo 1: Verifica l'ambiente
-Verifica che le reti private siano già state create.
+Il compose di questo lab crea da solo le reti `lab05-vpc-public` e `lab05-vpc-private`. Lab 02 resta un prerequisito concettuale, non una dipendenza runtime.
 Esegui:
 ```bash
-# Verifica reti esistenti
+# Verifica servizi e reti definiti nel compose
-docker network ls | grep vpc
+docker compose config --services
 docker compose config | grep -A 20 "networks:"
 # Atteso:
-# lab05-vpc-private
+# app
-# lab05-vpc-public
+# db
 # test-public
 ```
 Se le reti non esistono, consulta prima il Lab 02.
 ---
 ## Passo 2: Esamina docker-compose.yml
@@ -109,10 +109,13 @@ Atteso: `healthy` o `accepting connections`
 Puoi connetterti SOLO da container nella stessa rete privata.
-Esegui dal container `app`:
+Esegui da un client PostgreSQL temporaneo collegato alla rete privata:
 ```bash
-# Connettiti dal container app
+# Connettiti da un client nella stessa rete privata
-docker exec lab05-app psql -h db -U lab05_user -d lab05_db
+docker run --rm --network lab05-vpc-private \
  -e PGPASSWORD=lab05_password \
  postgres:16-alpine \
  psql -h db -U lab05_user -d lab05_db
 # Una volta connesso, esegui:
 lab05_db=> SELECT version();
@@ -163,8 +166,7 @@ Esegui lo script di verifica finale.
 Esegui:
 ```bash
-cd tests
+bash tests/99-final-verification.sh
 ./99-final-verification.sh
 ```
 Tutti i test devono PASSARE.
@@ -24,10 +24,10 @@ Esegui:
 docker volume ls | grep db-data
 # Atteso:
-# local     lab05_db-data
+# local     lab-05-database_db-data
 ```
-Il volume è nominativo (`local` driver), quindi i dati sopravvivono.
+Il volume e nominativo (`local` driver), quindi i dati sopravvivono. Nel repository il nome reale include il prefisso del progetto compose: `lab-05-database_db-data`.
 ---
@@ -142,10 +142,10 @@ Esplora il volume per capire come PostgreSQL memorizza i dati.
 Esegui:
 ```bash
 # Trova il mount point del volume
-docker inspect lab05-db --format '{{range .Mounts}}{{if eq .Destination "/var/lib/postgresql/data"}}{{.Source}}{{end}}{{end}}'
+docker volume inspect lab-05-database_db-data --format '{{.Mountpoint}}'
 # Lista file nel volume (come root)
-sudo ls -la /var/lib/docker/volumes/lab05_db-data/_data/
+sudo ls -la $(docker volume inspect lab-05-database_db-data --format '{{.Mountpoint}}')
 ```
 Struttura chiave:
@@ -215,7 +215,7 @@ Tutte le verifiche devono passare.
 ### Dati persi dopo riavvio
 ```bash
 # Verifica che il volume sia nominativo
-docker volume inspect lab05_db-data
+docker volume inspect lab-05-database_db-data
 # Verifica montaggio corretto
 docker inspect lab05-db --format '{{json .Mounts}}' | jq
@@ -226,17 +226,17 @@ docker inspect lab05-db --format '{{json .Mounts}}' | jq
 # Lista tutti i volumi
 docker volume ls
-# Se il volume non esiste, ricrea
+# Se il volume non esiste, ricrealo rialzando il compose
-docker volume create lab05_db-data
+docker compose up -d
 ```
 ### Permesso negato su volume
 ```bash
 # Verifica proprietà volume
-sudo ls -la /var/lib/docker/volumes/lab05_db-data/
+sudo ls -la $(docker volume inspect lab-05-database_db-data --format '{{.Mountpoint}}')
 # PostgreSQL deve poter scrivere
-sudo chown -R 999:999 /var/lib/docker/volumes/lab05_db-data/
+sudo chown -R 999:999 $(docker volume inspect lab-05-database_db-data --format '{{.Mountpoint}}')
 ```
 ---
@@ -19,21 +19,21 @@ PostgreSQL official image NON gira come root.
 Esegui:
 ```bash
-# Verifica utente nel container
+# Verifica l'utente del processo principale (PID 1)
-docker exec lab05-db whoami
+docker exec lab05-db sh -c "ps -o user,pid,args | awk '\$2 == 1 {print \$1, \$2, \$3}'"
-# Atteso: postgres
+# Atteso: postgres 1 postgres
 ```
 Verifica UID:
 ```bash
-# Verifica UID != 0
+# Verifica UID del processo principale != 0
-docker exec lab05-db id -u
+docker exec lab05-db sh -c "awk '/^Uid:/ {print \$2}' /proc/1/status"
-# Atteso: 999 (postgres user UID)
+# Atteso: un valore non-zero (nel lab osservato: 70)
 ```
-Se l'utente è `root` o UID `0`, c'è una violazione di sicurezza.
+Nota: `docker exec ... whoami` puo mostrare `root` per la shell di debug lanciata con `exec`, ma non rappresenta il processo principale del database. Per INF-01 devi controllare il processo PID 1.
 ---
@@ -62,8 +62,14 @@ Test isolamento:
 # Prova connessione dall'host (DEVE fallire)
 psql -h localhost -U lab05_user -d lab05_db 2>&1 || echo "Corretto: non accessibile"
-# Prova connessione da container app (DEVE successo)
+# Prova reachability dal container app (DEVE riuscire)
-docker exec lab05-app psql -h db -U lab05_user -d lab05_db -c "SELECT 1;"
+docker exec lab05-app ping -c 2 db
 # Prova query SQL da un client nella rete privata (DEVE riuscire)
 docker run --rm --network lab05-vpc-private \
  -e PGPASSWORD=lab05_password \
  postgres:16-alpine \
  psql -h db -U lab05_user -d lab05_db -c "SELECT 1;"
 ```
 ---
@@ -104,13 +110,13 @@ I dati devono persistere in volume nominativo.
 Esegui:
 ```bash
 # Verifica volume esista
-docker volume ls | grep lab05_db-data
+docker volume ls | grep lab-05-database_db-data
 # Verifica montaggio
 docker inspect lab05-db --format '{{range .Mounts}}{{if eq .Destination "/var/lib/postgresql/data"}}{{.Name}}{{end}}{{end}}'
 ```
-Atteso: `lab05_db-data`
+Atteso: `lab-05-database_db-data`
 ---
@@ -120,11 +126,10 @@ Esegui lo script di verifica sicurezza.
 Esegui:
 ```bash
-cd tests
+bash tests/99-final-verification.sh
 ./04-security-test.sh
 ```
-Tutti i test devono PASSARE.
+Lo script finale copre anche i controlli di sicurezza principali del lab.
 ---
@@ -205,8 +210,7 @@ Esegui la verifica finale completa.
 Esegui:
 ```bash
-cd tests
+bash tests/99-final-verification.sh
 ./99-final-verification.sh
 ```
 Tutti i test devono PASSARE, inclusi:
@@ -249,11 +253,9 @@ Prima di passare al production (simulato):
 ### Container gira come root
 ```bash
-# Verifica image
+# Verifica il processo principale, non la shell lanciata con docker exec
-docker inspect lab05-db --format '{{.Config.User}}'
+docker exec lab05-db sh -c "ps -o user,pid,args | awk '\$2 == 1 {print \$1, \$2, \$3}'"
-
+docker exec lab05-db sh -c "awk '/^Uid:/ {print \$2}' /proc/1/status"
 # PostgreSQL official image deve usare 'postgres'
 # Se root, controlla Dockerfile
 ```
 ### Database accessibile dall'host