mirror of
https://github.com/inspec/inspec
synced 2024-11-27 07:00:39 +00:00
9cfc86d2ab
Light formatting changes, change order of example and matchers, slight color changes Signed-off-by: hannah-radish <hmaddy@chef.io>
75 lines
2 KiB
Text
75 lines
2 KiB
Text
---
|
|
title: About the postgres_ident_conf Resource
|
|
---
|
|
|
|
# postgres_ident_conf
|
|
|
|
Use the `postgres_ident_conf` InSpec audit resource to test the client authentication data defined in the pg_hba.conf file.
|
|
|
|
<br>
|
|
|
|
## Syntax
|
|
|
|
An `postgres_ident_conf` InSpec audit resource block declares client authentication data that should be tested:
|
|
|
|
describe postgres_ident_conf.where { pg_username == 'filter_value' } do
|
|
its('attribute') { should eq ['value'] }
|
|
end
|
|
|
|
where
|
|
|
|
* `'attribute'` is a attribute in the pg ident configuration file
|
|
* `'filter_value'` is the value that is to be filtered for
|
|
* `'value'` is the value that is to be matched expected
|
|
|
|
<br>
|
|
|
|
## Supported Properties
|
|
|
|
'conf_file', 'map_name', 'params', 'pg_username', 'system_username'
|
|
|
|
<br>
|
|
|
|
## Property Examples and Return Types
|
|
|
|
### map_name([String])
|
|
|
|
`address` returns a an array of strings that matches the where condition of the filter table
|
|
|
|
describe pg_hba_conf.where { pg_username == 'name' } do
|
|
its('map_name') { should eq ['value'] }
|
|
end
|
|
### pg_username([String])
|
|
|
|
`pg_username` returns a an array of strings that matches the where condition of the filter table
|
|
|
|
describe pg_hba_conf.where { pg_username == 'name' } do
|
|
its('pg_username') { should eq ['value'] }
|
|
end
|
|
|
|
### system_username([String])
|
|
|
|
`system_username` returns a an array of strings that matches the where condition of the filter table
|
|
|
|
describe pg_hba_conf.where { pg_username == 'name' } do
|
|
its('system_username') { should eq ['value'] }
|
|
end
|
|
|
|
<br>
|
|
|
|
## Matchers
|
|
|
|
This InSpec audit resource matches any service that is listed in the pg ident configuration file. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
|
|
its('pg_username') { should_not eq ['peer'] }
|
|
|
|
or:
|
|
|
|
its('map_name') { should eq ['value'] }
|
|
|
|
For example:
|
|
|
|
describe postgres_ident_conf.where { pg_username == 'name' } do
|
|
its('system_username') { should eq ['value'] }
|
|
its('map_name') { should eq ['value'] }
|
|
end
|