Revert changes for password authentication removal

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

lib/inspec/resources/postgres.rb

@@ -47,7 +47,7 @@ module Inspec::Resources
         end
       elsif inspec.os.windows?
         dir = "C:\\Program Files\\PostgreSQL"
-        @version = version_from_dir_windows(dir)
+        @version = version_from_psql || version_from_dir_windows(dir)
         unless @version.to_s.empty?
           @data_dir = "#{dir}\\#{@version}\\data\\"
         end
@@ -92,11 +92,16 @@ module Inspec::Resources
     def version_from_psql
       return unless inspec.command("psql").exist?
 
-      version = inspec.command("psql --version | awk '{ print $NF }' | awk -F. '{ print $1\".\"$2 }'").stdout.strip.split(".")
+      if inspec.os.windows?
+        version = inspec.command("psql --version | awk '{ print $NF }'").stdout.strip.split(".")
+      else
+        version = inspec.command("psql --version | awk '{ print $NF }' | awk -F. '{ print $1\".\"$2 }'").stdout.strip.split(".")
+      end
+
       if version.first.to_i >= 10
         version.first
       else
-        version = "#{version[0]}.#{version[1]}"
+        "#{version[0]}.#{version[1]}"
       end
     end
 

lib/inspec/resources/postgres_session.rb

@@ -42,11 +42,10 @@ module Inspec::Resources
 
     def initialize(user, pass = nil, host = nil, port = nil)
       @user = user || "postgres"
-      # passing PGPASSWORD does not work for windows so we are not making password as mandatory. User needs to hand it thorought the .pgpass file or trust authentication
-      # mechanisum of the PostgreSQL database.
       @pass = pass
       @host = host || "localhost"
       @port = port || 5432
+      raise Inspec::Exceptions::ResourceFailed, "Can't run PostgreSQL SQL checks without authentication." if @user.nil? || @pass.nil?
 
       test_connection
     end
@@ -55,8 +54,7 @@ module Inspec::Resources
       raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
 
       psql_cmd = create_psql_cmd(query, db)
-
-      cmd = inspec.command(psql_cmd, redact_regex: /(PGPASSWORD=').+(' psql .*)/)
+      cmd = inspec.command(psql_cmd, redact_regex: %r{(:\/\/[a-z]*:).*(@)})
       out = cmd.stdout + "\n" + cmd.stderr
       if cmd.exit_status != 0 || out =~ /could not connect to .*/ || out.downcase =~ /^error:.*/
         raise Inspec::Exceptions::ResourceFailed, "PostgreSQL query with errors: #{out}"
@@ -76,15 +74,11 @@ module Inspec::Resources
     end
 
     def create_psql_cmd(query, db = [])
-      dbs = db.map { |x| "-d #{x}" }.join(" ")
+      dbs = db.map { |x| "#{x}" }.join(" ")
       if inspec.os.windows?
-        "psql -U #{@user} #{dbs} -h #{@host} -p #{@port} -A -t -c '#{query}'"
+        "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c \"#{query}\""
       else
-        if @pass.nil?
-          "psql -U #{@user} #{dbs} -h #{@host} -p #{@port} -A -t -c #{escaped_query(query)}"
-        else
-          "PGPASSWORD='#{@pass}' psql -U #{@user} #{dbs} -h #{@host} -p #{@port} -A -t -c #{escaped_query(query)}"
-        end
+        "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c #{escaped_query(query)}"
       end
     end
   end

test/unit/resources/postgres_session_test.rb

@@ -6,27 +6,32 @@ require "inspec/resources/command"
 describe "Inspec::Resources::PostgresSession" do
   it "verify postgres_session create_psql_cmd with a basic query" do
     resource = load_resource("postgres_session", "myuser", "mypass", "127.0.0.1", 5432)
-    _(resource.send(:create_psql_cmd, "SELECT * FROM STUDENTS;", ["testdb"])).must_equal "PGPASSWORD='mypass' psql -U myuser -d testdb -h 127.0.0.1 -p 5432 -A -t -c SELECT\\ \\*\\ FROM\\ STUDENTS\\;"
+    _(resource.send(:create_psql_cmd, "SELECT * FROM STUDENTS;", ["testdb"])).must_equal "psql -d postgresql://myuser:mypass@127.0.0.1:5432/testdb -A -t -w -c SELECT\\ \\*\\ FROM\\ STUDENTS\\;"
   end
   it "verify postgres_session escaped_query with a complex query" do
     resource = load_resource("postgres_session", "myuser", "mypass", "127.0.0.1", 5432)
-    _(resource.send(:create_psql_cmd, "SELECT current_setting('client_min_messages')", ["testdb"])).must_equal "PGPASSWORD='mypass' psql -U myuser -d testdb -h 127.0.0.1 -p 5432 -A -t -c SELECT\\ current_setting\\(\\'client_min_messages\\'\\)"
+    _(resource.send(:create_psql_cmd, "SELECT current_setting('client_min_messages')", ["testdb"])).must_equal "psql -d postgresql://myuser:mypass@127.0.0.1:5432/testdb -A -t -w -c SELECT\\ current_setting\\(\\'client_min_messages\\'\\)"
   end
   it "verify postgres_session redacts output" do
-    cmd = %q{PGPASSWORD='mypass' psql -U myuser -d testdb -h 127.0.0.1 -p 5432 -A -t -c "SELECT current_setting('client_min_messages')"}
-    options = { redact_regex: /(PGPASSWORD=').+(' psql .*)/ }
+    cmd = %q{psql -d postgresql://myuser:mypass@127.0.0.1:5432/testdb -A -t -w -c "SELECT current_setting('client_min_messages')"}
+    options = { redact_regex: %r{(:\/\/[a-z]*:).*(@)} }
     resource = load_resource("command", cmd, options)
 
-    expected_to_s = %q{Command: `PGPASSWORD='REDACTED' psql -U myuser -d testdb -h 127.0.0.1 -p 5432 -A -t -c "SELECT current_setting('client_min_messages')"`}
+    expected_to_s = %q{Command: `psql -d postgresql://myuser:REDACTED@127.0.0.1:5432/testdb -A -t -w -c "SELECT current_setting('client_min_messages')"`}
     _(resource.to_s).must_equal(expected_to_s)
   end
   it "verify postgres_session works with empty port value" do
     resource = load_resource("postgres_session", "myuser", "mypass", "127.0.0.1")
-    _(resource.send(:create_psql_cmd, "SELECT * FROM STUDENTS;", ["testdb"])).must_equal "PGPASSWORD='mypass' psql -U myuser -d testdb -h 127.0.0.1 -p 5432 -A -t -c SELECT\\ \\*\\ FROM\\ STUDENTS\\;"
+    _(resource.send(:create_psql_cmd, "SELECT * FROM STUDENTS;", ["testdb"])).must_equal "psql -d postgresql://myuser:mypass@127.0.0.1:5432/testdb -A -t -w -c SELECT\\ \\*\\ FROM\\ STUDENTS\\;"
   end
   it "verify postgres_session works with empty host and port value" do
     resource = load_resource("postgres_session", "myuser", "mypass")
-    _(resource.send(:create_psql_cmd, "SELECT * FROM STUDENTS;", ["testdb"])).must_equal "PGPASSWORD='mypass' psql -U myuser -d testdb -h localhost -p 5432 -A -t -c SELECT\\ \\*\\ FROM\\ STUDENTS\\;"
+    _(resource.send(:create_psql_cmd, "SELECT * FROM STUDENTS;", ["testdb"])).must_equal "psql -d postgresql://myuser:mypass@localhost:5432/testdb -A -t -w -c SELECT\\ \\*\\ FROM\\ STUDENTS\\;"
+  end
+  it "fails when no user, password" do
+    resource = load_resource("postgres_session", nil, nil, "localhost", 5432)
+    _(resource.resource_failed?).must_equal true
+    _(resource.resource_exception_message).must_equal "Can't run PostgreSQL SQL checks without authentication."
   end
   it "fails when no connection established" do
     resource = load_resource("postgres_session", "postgres", "postgres", "localhost", 5432)