Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-24 05:33:17 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/docs/resources/postgres_hba_conf.md.erb

105 lines
2.5 KiB
Text
Raw Normal View History

New postgres_hba_conf resource (#1964) * Created pg_hba_conf resource Signed-off-by: Rony Xavier <rx294@nyu.edu> * Created pg_hba_conf resource Signed-off-by: Rony Xavier <rx294@nyu.edu> * Corrections * updated to parse auth-options Signed-off-by: Aaron Lippold <lippold@gmail.com> * updated `conf_path` instance var to `conf_file` for consistancy. Signed-off-by: Aaron Lippold <lippold@gmail.com> * pg_hba_conf - updated the parse_line method added test and doc files Signed-off-by: Rony Xavier <rx294@nyu.edu> * Updated few bugs on pg_hba_conf updated test files and docs Signed-off-by: Rony Xavier <rx294@nyu.edu> * Updated docs Signed-off-by: Rony Xavier <rx294@nyu.edu> * Made updates based on the reccomendations Signed-off-by: Rony Xavier <rx294@nyu.edu> * PR commit Signed-off-by: Rony Xavier <rx294@nyu.edu> * PR Commit Signed-off-by: Rony Xavier <rx294@nyu.edu> * Update Gemfile.lock * PR Commit Signed-off-by: Rony Xavier <rx294@nyu.edu> * Updated doc file for postgres_hba_conf resource to use 'cmp' matcher instead of 'eq' Signed-off-by: Rony Xavier <rx294@nyu.edu> * Made requested changes, except for SimpleConfig - will address that later. Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 18:13:51 +00:00
---
title: About the postgres_hba_conf Resource
---
# postgres_hba_conf
Use the `postgres_hba_conf` InSpec audit resource to test the client authentication data defined in the pg_hba.conf file.
## Syntax
An `postgres_hba_conf` InSpec audit resource block declares client authentication data that should be tested:
describe postgres_hba_conf.where { type == 'local' } do
its('auth_method') { should eq ['peer'] }
end
where
* `'attribute'` is a attribute in the pg hba configuration file
* `'filter_value'` is the value that is to be filtered for
* `'value'` is the value that is to be matched expected
## Matchers
This InSpec audit resource matches any service that is listed in the HBA configuration file:
its('auth_method') { should_not cmp 'peer' }
or:
its('auth_method') { should cmp 'peer' }
For example:
describe postgres_hba_conf.where { type == 'type' } do
its('auth_method') { should cmp 'value' }
its('user') { should cmp 'value' }
end
### be
<%= partial "/shared/matcher_be" %>
### cmp
<%= partial "/shared/matcher_cmp" %>
### eq
<%= partial "/shared/matcher_eq" %>
### include
<%= partial "/shared/matcher_include" %>
### match
<%= partial "/shared/matcher_match" %>
## Supported Properties
'address', 'auth_method', 'auth_params', 'conf_dir' , 'conf_file' , 'database', 'params' ,'type', 'user'
## Property Examples and Return Types
### address([String])
`address` returns a an array of strings that matches the where condition of the filter table
describe postgres_hba_conf.where { type == 'local' } do
its('address') { should cmp 'value' }
end
### auth_method([String])
`auth_method` returns a an array of strings that matches the where condition of the filter table
describe postgres_hba_conf.where { type == 'local' } do
its('auth_method') { should cmp 'value' }
end
### database([String])
`database` returns a an array of strings that matches the where condition of the filter table
describe postgres_hba_conf.where { type == 'local' } do
its('database') { should cmp 'value' }
end
### type([String])
`type` returns a an array of strings that matches the where condition of the filter table
describe postgres_hba_conf.where { database == 'acme_test_db' } do
its('type') { should cmp 'value' }
end
### user([String])
`user` returns a an array of strings that matches the where condition of the filter table
describe postgres_hba_conf.where { database == 'acme_test_db' } do
its('user') { should cmp 'value' }
end
Reference in a new issue Copy permalink