postgres_ident_conf

Use the postgres_ident_conf Chef InSpec audit resource to test the client authentication data defined in the pg_ident.conf file.


Availability

Installation

This resource is distributed along with Chef InSpec itself. You can use it automatically.

Version

This resource first became available in v1.31.0 of InSpec.

Syntax

An postgres_ident_conf Chef InSpec audit resource block declares client authentication data that should be tested:

describe postgres_ident_conf.where { pg_username == 'filter_value' } do
  its('attribute') { should eq ['value'] }
end

where

  • 'attribute' is a attribute in the pg ident configuration file
  • 'filter_value' is the value that is to be filtered for
  • 'value' is the value that is to be matched expected


Properties

'conf_file', 'map_name', 'params', 'pg_username', 'system_username'


Property Examples

map_name([String])

address returns a an array of strings that matches the where condition of the filter table

describe pg_ident_conf.where { pg_username == 'name' } do
  its('map_name') { should eq ['value'] }
end

pg_username([String])

pg_username returns a an array of strings that matches the where condition of the filter table

describe pg_ident_conf.where { pg_username == 'name' } do
  its('pg_username') { should eq ['value'] }
end

system_username([String])

system_username returns a an array of strings that matches the where condition of the filter table

describe pg_ident_conf.where { pg_username == 'name' } do
  its('system_username') { should eq ['value'] }
end


Matchers

This Chef InSpec audit resource matches any service that is listed in the pg ident configuration file. For a full list of available matchers, please visit our matchers page.

its('pg_username') { should_not eq ['peer'] }

or:

its('map_name') { should eq ['value'] }

For example:

describe postgres_ident_conf.where { pg_username == 'name' } do
  its('system_username') { should eq ['value'] }
  its('map_name') { should eq ['value'] }
end