inspec/lib/resources/postgres.rb

# encoding: utf-8
# copyright: 2015, Vulcano Security GmbH
# author: Dominik Richter
# author: Christoph Hartmann
# license: All rights reserved

module Inspec::Resources
  class Postgres < Inspec.resource(1)
    name 'postgres'

    attr_reader :service, :data_dir, :conf_dir, :conf_path
    def initialize
      os = inspec.os
      if os.debian?
        #
        # https://wiki.debian.org/PostgreSql
        #
        # Debian allows multiple versions of postgresql to be
        # installed as well as multiple "clusters" to be configured.
        #
        version = version_from_dir('/etc/postgresql')
        cluster = cluster_from_dir("/etc/postgresql/#{version}")
        @conf_dir = "/etc/postgresql/#{version}/#{cluster}"
        @data_dir = "/var/lib/postgresql/#{version}/#{cluster}"
      elsif os.redhat?
        #
        # /var/lib/pgsql/data is the default data directory on RHEL6
        # and RHEL7. However, PR #824 explicitly added version-based
        # directories. Thus, we call #version_from_dir unless it looks
        # like we are using unversioned directories.
        #
        # TODO(ssd): This has the potential to be noisy because of the
        # warning in version_from_dir. We should determine which case
        # is more common and only warn in the less common case.
        #
        version = if inspec.directory('/var/lib/pgsql/data').exist?
                    warn 'Found /var/lib/pgsql/data. Assuming postgresql install uses un-versioned directories.'
                    nil
                  else
                    version_from_dir('/var/lib/pgsql/')
                  end

        @data_dir = File.join('/var/lib/pgsql/', version.to_s, 'data')
      elsif os[:name] == 'arch'
        #
        # https://wiki.archlinux.org/index.php/PostgreSQL
        #
        # The archlinux wiki points to /var/lib/postgresql/data as the
        # main data directory.
        #
        @data_dir = '/var/lib/postgres/data'
      else
        #
        # According to https://www.postgresql.org/docs/9.5/static/creating-cluster.html
        #
        # > There is no default, although locations such as
        # > /usr/local/pgsql/data or /var/lib/pgsql/data are popular.
        #
        @data_dir = '/var/lib/pgsql/data'
      end

      @service = 'postgresql'
      @conf_dir ||= @data_dir
      verify_dirs
      @conf_path = File.join @conf_dir, 'postgresql.conf'
    end

    def to_s
      'PostgreSQL'
    end

    private

    def verify_dirs
      if !inspec.directory(@conf_dir).exist?
        warn "Default postgresql configuration directory: #{@conf_dir} does not exist. Postgresql may not be installed or we've misidentified the configuration directory."
      end

      if !inspec.directory(@data_dir).exist?
        warn "Default postgresql data directory: #{@data_dir} does not exist. Postgresql may not be installed or we've misidentified the data directory."
      end
    end

    def version_from_dir(dir)
      dirs = inspec.command("ls -d #{dir}/*/").stdout
      entries = dirs.lines.count
      case entries
      when 0
        warn "Could not determine version of installed postgresql by inspecting #{dir}"
        nil
      when 1
        warn "Using #{dirs}: #{dir_to_version(dirs)}"
        dir_to_version(dirs)
      else
        warn "Multiple versions of postgresql installed or incorrect base dir #{dir}"
        first = dir_to_version(dirs.lines.first)
        warn "Using the first version found: #{first}"
        first
      end
    end

    def dir_to_version(dir)
      dir.chomp.split('/').last
    end

    def cluster_from_dir(dir)
      # Main is the default cluster name on debian use it if it
      # exists.
      if inspec.directory("#{dir}/main").exist?
        'main'
      else
        dirs = inspec.command("ls -d #{dir}/*/").stdout.lines
        first = dirs.first.chomp.split('/').last
        if dirs.count > 1
          warn "Multiple postgresql clusters configured or incorrect base dir #{dir}"
          warn "Using the first directory found: #{first}"
        end
        first
      end
    end
  end
end
feature: postgres information based on OS Signed-off-by: Dominik Richter <dominik@vulcanosec.com> 2015-08-01 07:21:32 +00:00			`# encoding: utf-8`
			`# copyright: 2015, Vulcano Security GmbH`
add author header 2015-10-06 16:55:44 +00:00			`# author: Dominik Richter`
			`# author: Christoph Hartmann`
feature: postgres information based on OS Signed-off-by: Dominik Richter <dominik@vulcanosec.com> 2015-08-01 07:21:32 +00:00			`# license: All rights reserved`

Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`module Inspec::Resources`
			`class Postgres < Inspec.resource(1)`
			`name 'postgres'`
migrated all postgres resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-28 19:37:03 +00:00
Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`attr_reader :service, :data_dir, :conf_dir, :conf_path`
			`def initialize`
Update inspec for os[:family] change in Train Signed-off-by: Steven Danna <steve@chef.io> 2016-08-03 17:18:24 +00:00			`os = inspec.os`
			`if os.debian?`
Improve detection of postgresql conf dir and data dir Redhat conf_dir detection was regressed in 57d7275 which inadvertently removed the setting of @conf_dir. Any attempt to use the postgres resource on RHEL would rain an exception: inspec> postgres.data_dir TypeError: no implicit conversion of nil into String Further, the redhat detection code appears to assume that RHEL always uses versioned data directories. This however, does not appear to be the case: $ cat /etc/redhat-release CentOS release 6.7 (Final) $ sudo ls /var/lib/pgsql/ backups data pgstartup.log The code now can handle both versioned and un-versioned directory formats on RHEL. Further, it provides diagnostic warnings about uncertainty in the discovered data directories and configuration directories. Signed-off-by: Steven Danna <steve@chef.io> 2016-08-10 11:25:03 +00:00			`#`
			`# https://wiki.debian.org/PostgreSql`
			`#`
			`# Debian allows multiple versions of postgresql to be`
			`# installed as well as multiple "clusters" to be configured.`
			`#`
			`version = version_from_dir('/etc/postgresql')`
			`cluster = cluster_from_dir("/etc/postgresql/#{version}")`
			`@conf_dir = "/etc/postgresql/#{version}/#{cluster}"`
			`@data_dir = "/var/lib/postgresql/#{version}/#{cluster}"`
Update inspec for os[:family] change in Train Signed-off-by: Steven Danna <steve@chef.io> 2016-08-03 17:18:24 +00:00			`elsif os.redhat?`
Improve detection of postgresql conf dir and data dir Redhat conf_dir detection was regressed in 57d7275 which inadvertently removed the setting of @conf_dir. Any attempt to use the postgres resource on RHEL would rain an exception: inspec> postgres.data_dir TypeError: no implicit conversion of nil into String Further, the redhat detection code appears to assume that RHEL always uses versioned data directories. This however, does not appear to be the case: $ cat /etc/redhat-release CentOS release 6.7 (Final) $ sudo ls /var/lib/pgsql/ backups data pgstartup.log The code now can handle both versioned and un-versioned directory formats on RHEL. Further, it provides diagnostic warnings about uncertainty in the discovered data directories and configuration directories. Signed-off-by: Steven Danna <steve@chef.io> 2016-08-10 11:25:03 +00:00			`#`
			`# /var/lib/pgsql/data is the default data directory on RHEL6`
			`# and RHEL7. However, PR #824 explicitly added version-based`
			`# directories. Thus, we call #version_from_dir unless it looks`
			`# like we are using unversioned directories.`
			`#`
			`# TODO(ssd): This has the potential to be noisy because of the`
			`# warning in version_from_dir. We should determine which case`
			`# is more common and only warn in the less common case.`
			`#`
			`version = if inspec.directory('/var/lib/pgsql/data').exist?`
			`warn 'Found /var/lib/pgsql/data. Assuming postgresql install uses un-versioned directories.'`
			`nil`
			`else`
			`version_from_dir('/var/lib/pgsql/')`
			`end`

			`@data_dir = File.join('/var/lib/pgsql/', version.to_s, 'data')`
Update inspec for os[:family] change in Train Signed-off-by: Steven Danna <steve@chef.io> 2016-08-03 17:18:24 +00:00			`elsif os[:name] == 'arch'`
Improve detection of postgresql conf dir and data dir Redhat conf_dir detection was regressed in 57d7275 which inadvertently removed the setting of @conf_dir. Any attempt to use the postgres resource on RHEL would rain an exception: inspec> postgres.data_dir TypeError: no implicit conversion of nil into String Further, the redhat detection code appears to assume that RHEL always uses versioned data directories. This however, does not appear to be the case: $ cat /etc/redhat-release CentOS release 6.7 (Final) $ sudo ls /var/lib/pgsql/ backups data pgstartup.log The code now can handle both versioned and un-versioned directory formats on RHEL. Further, it provides diagnostic warnings about uncertainty in the discovered data directories and configuration directories. Signed-off-by: Steven Danna <steve@chef.io> 2016-08-10 11:25:03 +00:00			`#`
			`# https://wiki.archlinux.org/index.php/PostgreSQL`
			`#`
			`# The archlinux wiki points to /var/lib/postgresql/data as the`
			`# main data directory.`
			`#`
Update inspec for os[:family] change in Train Signed-off-by: Steven Danna <steve@chef.io> 2016-08-03 17:18:24 +00:00			`@data_dir = '/var/lib/postgres/data'`
Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`else`
Improve detection of postgresql conf dir and data dir Redhat conf_dir detection was regressed in 57d7275 which inadvertently removed the setting of @conf_dir. Any attempt to use the postgres resource on RHEL would rain an exception: inspec> postgres.data_dir TypeError: no implicit conversion of nil into String Further, the redhat detection code appears to assume that RHEL always uses versioned data directories. This however, does not appear to be the case: $ cat /etc/redhat-release CentOS release 6.7 (Final) $ sudo ls /var/lib/pgsql/ backups data pgstartup.log The code now can handle both versioned and un-versioned directory formats on RHEL. Further, it provides diagnostic warnings about uncertainty in the discovered data directories and configuration directories. Signed-off-by: Steven Danna <steve@chef.io> 2016-08-10 11:25:03 +00:00			`#`
			`# According to https://www.postgresql.org/docs/9.5/static/creating-cluster.html`
			`#`
			`# > There is no default, although locations such as`
			`# > /usr/local/pgsql/data or /var/lib/pgsql/data are popular.`
			`#`
			`@data_dir = '/var/lib/pgsql/data'`
Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`end`
Update inspec for os[:family] change in Train Signed-off-by: Steven Danna <steve@chef.io> 2016-08-03 17:18:24 +00:00
Improve detection of postgresql conf dir and data dir Redhat conf_dir detection was regressed in 57d7275 which inadvertently removed the setting of @conf_dir. Any attempt to use the postgres resource on RHEL would rain an exception: inspec> postgres.data_dir TypeError: no implicit conversion of nil into String Further, the redhat detection code appears to assume that RHEL always uses versioned data directories. This however, does not appear to be the case: $ cat /etc/redhat-release CentOS release 6.7 (Final) $ sudo ls /var/lib/pgsql/ backups data pgstartup.log The code now can handle both versioned and un-versioned directory formats on RHEL. Further, it provides diagnostic warnings about uncertainty in the discovered data directories and configuration directories. Signed-off-by: Steven Danna <steve@chef.io> 2016-08-10 11:25:03 +00:00			`@service = 'postgresql'`
			`@conf_dir \|\|= @data_dir`
			`verify_dirs`
Update inspec for os[:family] change in Train Signed-off-by: Steven Danna <steve@chef.io> 2016-08-03 17:18:24 +00:00			`@conf_path = File.join @conf_dir, 'postgresql.conf'`
feature: postgres information based on OS Signed-off-by: Dominik Richter <dominik@vulcanosec.com> 2015-08-01 07:21:32 +00:00			`end`
add to_s methods to resources, fixes #98 2015-10-12 11:01:58 +00:00
Placing all resources in the Inspec::Resources namespace Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix. Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes. I strongly recommend viewing this diff with `git diff --ignore-space-change` to see the real changes. :) 2016-03-08 18:06:55 +00:00			`def to_s`
			`'PostgreSQL'`
			`end`
Improve detection of postgresql conf dir and data dir Redhat conf_dir detection was regressed in 57d7275 which inadvertently removed the setting of @conf_dir. Any attempt to use the postgres resource on RHEL would rain an exception: inspec> postgres.data_dir TypeError: no implicit conversion of nil into String Further, the redhat detection code appears to assume that RHEL always uses versioned data directories. This however, does not appear to be the case: $ cat /etc/redhat-release CentOS release 6.7 (Final) $ sudo ls /var/lib/pgsql/ backups data pgstartup.log The code now can handle both versioned and un-versioned directory formats on RHEL. Further, it provides diagnostic warnings about uncertainty in the discovered data directories and configuration directories. Signed-off-by: Steven Danna <steve@chef.io> 2016-08-10 11:25:03 +00:00
			`private`

			`def verify_dirs`
			`if !inspec.directory(@conf_dir).exist?`
			`warn "Default postgresql configuration directory: #{@conf_dir} does not exist. Postgresql may not be installed or we've misidentified the configuration directory."`
			`end`

			`if !inspec.directory(@data_dir).exist?`
			`warn "Default postgresql data directory: #{@data_dir} does not exist. Postgresql may not be installed or we've misidentified the data directory."`
			`end`
			`end`

			`def version_from_dir(dir)`
			`dirs = inspec.command("ls -d #{dir}/*/").stdout`
			`entries = dirs.lines.count`
			`case entries`
			`when 0`
			`warn "Could not determine version of installed postgresql by inspecting #{dir}"`
			`nil`
			`when 1`
			`warn "Using #{dirs}: #{dir_to_version(dirs)}"`
			`dir_to_version(dirs)`
			`else`
			`warn "Multiple versions of postgresql installed or incorrect base dir #{dir}"`
			`first = dir_to_version(dirs.lines.first)`
			`warn "Using the first version found: #{first}"`
			`first`
			`end`
			`end`

			`def dir_to_version(dir)`
			`dir.chomp.split('/').last`
			`end`

			`def cluster_from_dir(dir)`
			`# Main is the default cluster name on debian use it if it`
			`# exists.`
			`if inspec.directory("#{dir}/main").exist?`
			`'main'`
			`else`
			`dirs = inspec.command("ls -d #{dir}/*/").stdout.lines`
			`first = dirs.first.chomp.split('/').last`
			`if dirs.count > 1`
			`warn "Multiple postgresql clusters configured or incorrect base dir #{dir}"`
			`warn "Using the first directory found: #{first}"`
			`end`
			`first`
			`end`
			`end`
add to_s methods to resources, fixes #98 2015-10-12 11:01:58 +00:00			`end`
feature: postgres information based on OS Signed-off-by: Dominik Richter <dominik@vulcanosec.com> 2015-08-01 07:21:32 +00:00			`end`