Update postgresql resources to normalize it for platform supports

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
This commit is contained in:
Vasu1105 2021-06-24 18:51:40 +05:30
parent f88cde6425
commit 3b9a5c8956
4 changed files with 42 additions and 5 deletions

View file

@ -4,6 +4,8 @@ module Inspec::Resources
class Postgres < Inspec.resource(1)
name "postgres"
supports platform: "unix"
supports platform: "windows"
desc "The 'postgres' resource is a helper for the 'postgres_conf', 'postgres_hba_conf', 'postgres_ident_conf' & 'postgres_session' resources. Please use those instead."
attr_reader :service, :data_dir, :conf_dir, :conf_path, :version, :cluster
@ -43,6 +45,12 @@ module Inspec::Resources
@conf_dir = "/etc/postgresql/#{@version}/#{@cluster}"
@data_dir = "/var/lib/postgresql/#{@version}/#{@cluster}"
end
elsif inspec.os.windows?
dir = "C:\\Program Files\\PostgreSQL"
@version = version_from_dir_windows(dir)
unless @version.to_s.empty?
@data_dir = "#{dir}\\#{@version}\\data\\"
end
else
@version = version_from_psql
if @version.to_s.empty?
@ -84,7 +92,12 @@ module Inspec::Resources
def version_from_psql
return unless inspec.command("psql").exist?
inspec.command("psql --version | awk '{ print $NF }' | awk -F. '{ print $1\".\"$2 }'").stdout.strip
version = inspec.command("psql --version | awk '{ print $NF }' | awk -F. '{ print $1\".\"$2 }'").stdout.strip.split(".")
if version.first.to_i >= 10
version.first
else
version = "#{version[0]}.#{version[1]}"
end
end
def locate_data_dir_location_by_version(ver = @version)
@ -125,6 +138,23 @@ module Inspec::Resources
end
end
def version_from_dir_windows(dir)
dirs = inspec.command("Get-ChildItem -Path \"#{dir}\" -Name").stdout
entries = dirs.lines.count
case entries
when 0
warn "Could not determine version of installed PostgreSQL by inspecting #{dir}"
nil
when 1
dir_to_version(dirs)
else
warn "Multiple versions of PostgreSQL installed or incorrect base dir #{dir}"
first = dir_to_version(dirs.lines.first)
warn "Using the first version found: #{first}"
first
end
end
def dir_to_version(dir)
dir.chomp.split("/").last
end

View file

@ -5,6 +5,7 @@ module Inspec::Resources
class PostgresHbaConf < Inspec.resource(1)
name "postgres_hba_conf"
supports platform: "unix"
supports platform: "windows"
desc 'Use the `postgres_hba_conf` InSpec audit resource to test the client
authentication data defined in the pg_hba.conf file.'
example <<~EXAMPLE
@ -19,7 +20,7 @@ module Inspec::Resources
# @todo add checks to ensure that we have data in our file
def initialize(hba_conf_path = nil)
@conf_file = hba_conf_path || File.expand_path("pg_hba.conf", inspec.postgres.conf_dir)
@conf_file = hba_conf_path || File.join(inspec.postgres.conf_dir, "pg_hba.conf")
@content = ""
@params = {}
read_content

View file

@ -5,6 +5,7 @@ module Inspec::Resources
class PostgresIdentConf < Inspec.resource(1)
name "postgres_ident_conf"
supports platform: "unix"
supports platform: "windows"
desc 'Use the postgres_ident_conf InSpec audit resource to test the client
authentication data is controlled by a pg_ident.conf file.'
example <<~EXAMPLE
@ -18,7 +19,7 @@ module Inspec::Resources
attr_reader :params, :conf_file
def initialize(ident_conf_path = nil)
@conf_file = ident_conf_path || File.expand_path("pg_ident.conf", inspec.postgres.conf_dir)
@conf_file = ident_conf_path || File.join(inspec.postgres.conf_dir, "pg_ident.conf")
@content = nil
@params = nil
read_content

View file

@ -54,6 +54,7 @@ module Inspec::Resources
raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
psql_cmd = create_psql_cmd(query, db)
cmd = inspec.command(psql_cmd, redact_regex: /(PGPASSWORD=').+(' psql .*)/)
out = cmd.stdout + "\n" + cmd.stderr
if cmd.exit_status != 0 || out =~ /could not connect to .*/ || out.downcase =~ /^error:.*/
@ -66,7 +67,7 @@ module Inspec::Resources
private
def test_connection
query("select now()")
query("select now()\;")
end
def escaped_query(query)
@ -75,7 +76,11 @@ module Inspec::Resources
def create_psql_cmd(query, db = [])
dbs = db.map { |x| "-d #{x}" }.join(" ")
"PGPASSWORD='#{@pass}' psql -U #{@user} #{dbs} -h #{@host} -p #{@port} -A -t -c #{escaped_query(query)}"
if inspec.os.windows?
"psql -U #{@user} #{dbs} -h #{@host} -p #{@port} -A -t -c '#{query}'"
else
"PGPASSWORD='#{@pass}' psql -U #{@user} #{dbs} -h #{@host} -p #{@port} -A -t -c #{escaped_query(query)}"
end
end
end
end