mirror of
https://github.com/inspec/inspec
synced 2024-11-14 00:47:10 +00:00
Update postgresql resources to normalize it for platform supports
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
This commit is contained in:
parent
f88cde6425
commit
3b9a5c8956
4 changed files with 42 additions and 5 deletions
|
@ -4,6 +4,8 @@ module Inspec::Resources
|
|||
class Postgres < Inspec.resource(1)
|
||||
name "postgres"
|
||||
supports platform: "unix"
|
||||
supports platform: "windows"
|
||||
|
||||
desc "The 'postgres' resource is a helper for the 'postgres_conf', 'postgres_hba_conf', 'postgres_ident_conf' & 'postgres_session' resources. Please use those instead."
|
||||
|
||||
attr_reader :service, :data_dir, :conf_dir, :conf_path, :version, :cluster
|
||||
|
@ -43,6 +45,12 @@ module Inspec::Resources
|
|||
@conf_dir = "/etc/postgresql/#{@version}/#{@cluster}"
|
||||
@data_dir = "/var/lib/postgresql/#{@version}/#{@cluster}"
|
||||
end
|
||||
elsif inspec.os.windows?
|
||||
dir = "C:\\Program Files\\PostgreSQL"
|
||||
@version = version_from_dir_windows(dir)
|
||||
unless @version.to_s.empty?
|
||||
@data_dir = "#{dir}\\#{@version}\\data\\"
|
||||
end
|
||||
else
|
||||
@version = version_from_psql
|
||||
if @version.to_s.empty?
|
||||
|
@ -84,7 +92,12 @@ module Inspec::Resources
|
|||
def version_from_psql
|
||||
return unless inspec.command("psql").exist?
|
||||
|
||||
inspec.command("psql --version | awk '{ print $NF }' | awk -F. '{ print $1\".\"$2 }'").stdout.strip
|
||||
version = inspec.command("psql --version | awk '{ print $NF }' | awk -F. '{ print $1\".\"$2 }'").stdout.strip.split(".")
|
||||
if version.first.to_i >= 10
|
||||
version.first
|
||||
else
|
||||
version = "#{version[0]}.#{version[1]}"
|
||||
end
|
||||
end
|
||||
|
||||
def locate_data_dir_location_by_version(ver = @version)
|
||||
|
@ -125,6 +138,23 @@ module Inspec::Resources
|
|||
end
|
||||
end
|
||||
|
||||
def version_from_dir_windows(dir)
|
||||
dirs = inspec.command("Get-ChildItem -Path \"#{dir}\" -Name").stdout
|
||||
entries = dirs.lines.count
|
||||
case entries
|
||||
when 0
|
||||
warn "Could not determine version of installed PostgreSQL by inspecting #{dir}"
|
||||
nil
|
||||
when 1
|
||||
dir_to_version(dirs)
|
||||
else
|
||||
warn "Multiple versions of PostgreSQL installed or incorrect base dir #{dir}"
|
||||
first = dir_to_version(dirs.lines.first)
|
||||
warn "Using the first version found: #{first}"
|
||||
first
|
||||
end
|
||||
end
|
||||
|
||||
def dir_to_version(dir)
|
||||
dir.chomp.split("/").last
|
||||
end
|
||||
|
|
|
@ -5,6 +5,7 @@ module Inspec::Resources
|
|||
class PostgresHbaConf < Inspec.resource(1)
|
||||
name "postgres_hba_conf"
|
||||
supports platform: "unix"
|
||||
supports platform: "windows"
|
||||
desc 'Use the `postgres_hba_conf` InSpec audit resource to test the client
|
||||
authentication data defined in the pg_hba.conf file.'
|
||||
example <<~EXAMPLE
|
||||
|
@ -19,7 +20,7 @@ module Inspec::Resources
|
|||
|
||||
# @todo add checks to ensure that we have data in our file
|
||||
def initialize(hba_conf_path = nil)
|
||||
@conf_file = hba_conf_path || File.expand_path("pg_hba.conf", inspec.postgres.conf_dir)
|
||||
@conf_file = hba_conf_path || File.join(inspec.postgres.conf_dir, "pg_hba.conf")
|
||||
@content = ""
|
||||
@params = {}
|
||||
read_content
|
||||
|
|
|
@ -5,6 +5,7 @@ module Inspec::Resources
|
|||
class PostgresIdentConf < Inspec.resource(1)
|
||||
name "postgres_ident_conf"
|
||||
supports platform: "unix"
|
||||
supports platform: "windows"
|
||||
desc 'Use the postgres_ident_conf InSpec audit resource to test the client
|
||||
authentication data is controlled by a pg_ident.conf file.'
|
||||
example <<~EXAMPLE
|
||||
|
@ -18,7 +19,7 @@ module Inspec::Resources
|
|||
attr_reader :params, :conf_file
|
||||
|
||||
def initialize(ident_conf_path = nil)
|
||||
@conf_file = ident_conf_path || File.expand_path("pg_ident.conf", inspec.postgres.conf_dir)
|
||||
@conf_file = ident_conf_path || File.join(inspec.postgres.conf_dir, "pg_ident.conf")
|
||||
@content = nil
|
||||
@params = nil
|
||||
read_content
|
||||
|
|
|
@ -54,6 +54,7 @@ module Inspec::Resources
|
|||
raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
|
||||
|
||||
psql_cmd = create_psql_cmd(query, db)
|
||||
|
||||
cmd = inspec.command(psql_cmd, redact_regex: /(PGPASSWORD=').+(' psql .*)/)
|
||||
out = cmd.stdout + "\n" + cmd.stderr
|
||||
if cmd.exit_status != 0 || out =~ /could not connect to .*/ || out.downcase =~ /^error:.*/
|
||||
|
@ -66,7 +67,7 @@ module Inspec::Resources
|
|||
private
|
||||
|
||||
def test_connection
|
||||
query("select now()")
|
||||
query("select now()\;")
|
||||
end
|
||||
|
||||
def escaped_query(query)
|
||||
|
@ -75,7 +76,11 @@ module Inspec::Resources
|
|||
|
||||
def create_psql_cmd(query, db = [])
|
||||
dbs = db.map { |x| "-d #{x}" }.join(" ")
|
||||
"PGPASSWORD='#{@pass}' psql -U #{@user} #{dbs} -h #{@host} -p #{@port} -A -t -c #{escaped_query(query)}"
|
||||
if inspec.os.windows?
|
||||
"psql -U #{@user} #{dbs} -h #{@host} -p #{@port} -A -t -c '#{query}'"
|
||||
else
|
||||
"PGPASSWORD='#{@pass}' psql -U #{@user} #{dbs} -h #{@host} -p #{@port} -A -t -c #{escaped_query(query)}"
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue