Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-23 13:13:22 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/docs/resources/postgres_hba_conf.md.erb
Aaron Lippold 224935e9cf New postgres_hba_conf resource (#1964) 
* Created pg_hba_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Created pg_hba_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Corrections

* updated to parse auth-options

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* updated `conf_path` instance var to `conf_file` for consistancy.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* pg_hba_conf - updated the parse_line method
added test and doc files

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated few bugs on pg_hba_conf
updated test files and docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Made updates based on the reccomendations

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* PR commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* PR Commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Update Gemfile.lock

* PR Commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated doc file for postgres_hba_conf resource to use
'cmp' matcher instead of 'eq'

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Made requested changes, except for SimpleConfig - will address that later.

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 20:13:51 +02:00

104 lines
2.5 KiB
Text
Raw Blame History

---
title: About the postgres_hba_conf Resource
---
# postgres_hba_conf
Use the `postgres_hba_conf` InSpec audit resource to test the client authentication data defined in the pg_hba.conf file.
## Syntax
An `postgres_hba_conf` InSpec audit resource block declares client authentication data that should be tested:
describe postgres_hba_conf.where { type == 'local' } do
its('auth_method') { should eq ['peer'] }
end
where
* `'attribute'` is a attribute in the pg hba configuration file
* `'filter_value'` is the value that is to be filtered for
* `'value'` is the value that is to be matched expected
## Matchers
This InSpec audit resource matches any service that is listed in the HBA configuration file:
its('auth_method') { should_not cmp 'peer' }
or:
its('auth_method') { should cmp 'peer' }
For example:
describe postgres_hba_conf.where { type == 'type' } do
its('auth_method') { should cmp 'value' }
its('user') { should cmp 'value' }
end
### be
<%= partial "/shared/matcher_be" %>
### cmp
<%= partial "/shared/matcher_cmp" %>
### eq
<%= partial "/shared/matcher_eq" %>
### include
<%= partial "/shared/matcher_include" %>
### match
<%= partial "/shared/matcher_match" %>
## Supported Properties
'address', 'auth_method', 'auth_params', 'conf_dir' , 'conf_file' , 'database', 'params' ,'type', 'user'
## Property Examples and Return Types
### address([String])
`address` returns a an array of strings that matches the where condition of the filter table
describe postgres_hba_conf.where { type == 'local' } do
its('address') { should cmp 'value' }
end
### auth_method([String])
`auth_method` returns a an array of strings that matches the where condition of the filter table
describe postgres_hba_conf.where { type == 'local' } do
its('auth_method') { should cmp 'value' }
end
### database([String])
`database` returns a an array of strings that matches the where condition of the filter table
describe postgres_hba_conf.where { type == 'local' } do
its('database') { should cmp 'value' }
end
### type([String])
`type` returns a an array of strings that matches the where condition of the filter table
describe postgres_hba_conf.where { database == 'acme_test_db' } do
its('type') { should cmp 'value' }
end
### user([String])
`user` returns a an array of strings that matches the where condition of the filter table
describe postgres_hba_conf.where { database == 'acme_test_db' } do
its('user') { should cmp 'value' }
end
Reference in a new issue View git blame Copy permalink