inspec/docs/resources/postgres_session.md.erb

---
title: About the postgres_session Resource
---

# postgres_session

Use the `postgres_session` InSpec audit resource to test SQL commands run against a PostgreSQL database.

## Syntax

A `postgres_session` resource block declares the username and password to use for the session, and then the command to be run:

    # Create a PostgreSQL session:
    sql = postgres_session('username', 'password', 'host')

    # default values:
    #   username: 'postgres'
    #   host: 'localhost'

    # Run an SQL query with an optional database to execute
    sql.query('sql_query', ['database_name'])`

A full example is:

    sql = postgres_session('username', 'password', 'host')
    describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;') do
      its('output') { should eq '' }
    end

where `its('output') { should eq '' }` compares the results of the query against the expected result in the test

## Matchers

This InSpec audit resource has the following matchers:

### be

<%= partial "/shared/matcher_be" %>

### cmp

<%= partial "/shared/matcher_cmp" %>

### eq

<%= partial "/shared/matcher_eq" %>

### include

<%= partial "/shared/matcher_include" %>

### match

<%= partial "/shared/matcher_match" %>

### output

The `output` matcher tests the results of the query:

    its('output') { should eq(/^0/) }

## Examples

The following examples show how to use this InSpec audit resource.

### Test the PostgreSQL shadow password

    sql = postgres_session('my_user', 'password', '192.168.1.2')

    describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;', ['testdb']) do
      its('output') { should eq('') }
    end

### Test for risky database entries

    describe postgres_session('my_user', 'password').query('SELECT count (*)
                  FROM pg_language
                  WHERE lanpltrusted = \'f\'
                  AND lanname!=\'internal\'
                  AND lanname!=\'c\';', ['postgres']) do
      its('output') { should eq '0' }
    end
add all partials for resources 2016-09-22 12:43:57 +00:00			`---`
			`title: About the postgres_session Resource`
			`---`

			`# postgres_session`

			Use the `postgres_session` InSpec audit resource to test SQL commands run against a PostgreSQL database.

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`## Syntax`
add all partials for resources 2016-09-22 12:43:57 +00:00
			A `postgres_session` resource block declares the username and password to use for the session, and then the command to be run:

psql doesn't print headers + extra output + cconfigurable host + docs Signed-off-by: Aaron Lippold <lippold@gmail.com> 2017-04-25 23:33:10 +00:00			`# Create a PostgreSQL session:`
			`sql = postgres_session('username', 'password', 'host')`
add all partials for resources 2016-09-22 12:43:57 +00:00
psql doesn't print headers + extra output + cconfigurable host + docs Signed-off-by: Aaron Lippold <lippold@gmail.com> 2017-04-25 23:33:10 +00:00			`# default values:`
			`# username: 'postgres'`
			`# host: 'localhost'`

			`# Run an SQL query with an optional database to execute`
			sql.query('sql_query', ['database_name'])`

			`A full example is:`

			`sql = postgres_session('username', 'password', 'host')`
add all partials for resources 2016-09-22 12:43:57 +00:00			`describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;') do`
psql doesn't print headers + extra output + cconfigurable host + docs Signed-off-by: Aaron Lippold <lippold@gmail.com> 2017-04-25 23:33:10 +00:00			`its('output') { should eq '' }`
add all partials for resources 2016-09-22 12:43:57 +00:00			`end`

psql doesn't print headers + extra output + cconfigurable host + docs Signed-off-by: Aaron Lippold <lippold@gmail.com> 2017-04-25 23:33:10 +00:00			where `its('output') { should eq '' }` compares the results of the query against the expected result in the test
add all partials for resources 2016-09-22 12:43:57 +00:00
Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`## Matchers`
add all partials for resources 2016-09-22 12:43:57 +00:00
			`This InSpec audit resource has the following matchers:`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### be`
add all partials for resources 2016-09-22 12:43:57 +00:00
			`<%= partial "/shared/matcher_be" %>`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### cmp`
add all partials for resources 2016-09-22 12:43:57 +00:00
			`<%= partial "/shared/matcher_cmp" %>`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### eq`
add all partials for resources 2016-09-22 12:43:57 +00:00
			`<%= partial "/shared/matcher_eq" %>`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### include`
add all partials for resources 2016-09-22 12:43:57 +00:00
			`<%= partial "/shared/matcher_include" %>`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### match`
add all partials for resources 2016-09-22 12:43:57 +00:00
			`<%= partial "/shared/matcher_match" %>`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### output`
add all partials for resources 2016-09-22 12:43:57 +00:00
			The `output` matcher tests the results of the query:

			`its('output') { should eq(/^0/) }`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`## Examples`
add all partials for resources 2016-09-22 12:43:57 +00:00
			`The following examples show how to use this InSpec audit resource.`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### Test the PostgreSQL shadow password`
add all partials for resources 2016-09-22 12:43:57 +00:00
psql doesn't print headers + extra output + cconfigurable host + docs Signed-off-by: Aaron Lippold <lippold@gmail.com> 2017-04-25 23:33:10 +00:00			`sql = postgres_session('my_user', 'password', '192.168.1.2')`
add all partials for resources 2016-09-22 12:43:57 +00:00
psql doesn't print headers + extra output + cconfigurable host + docs Signed-off-by: Aaron Lippold <lippold@gmail.com> 2017-04-25 23:33:10 +00:00			`describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;', ['testdb']) do`
add all partials for resources 2016-09-22 12:43:57 +00:00			`its('output') { should eq('') }`
			`end`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### Test for risky database entries`
add all partials for resources 2016-09-22 12:43:57 +00:00
			`describe postgres_session('my_user', 'password').query('SELECT count (*)`
			`FROM pg_language`
			`WHERE lanpltrusted = \'f\'`
			`AND lanname!=\'internal\'`
psql doesn't print headers + extra output + cconfigurable host + docs Signed-off-by: Aaron Lippold <lippold@gmail.com> 2017-04-25 23:33:10 +00:00			`AND lanname!=\'c\';', ['postgres']) do`
add all partials for resources 2016-09-22 12:43:57 +00:00			`its('output') { should eq '0' }`
			`end`