postgres_ident_conf

Use the postgres_ident_conf InSpec audit resource to test the client authentication data defined in the pg_hba.conf file.


Syntax

An postgres_ident_conf InSpec audit resource block declares client authentication data that should be tested:

describe postgres_ident_conf.where { pg_username == 'filter_value' } do
  its('attribute') { should eq ['value'] }
end

where

  • 'attribute' is a attribute in the pg ident configuration file
  • 'filter_value' is the value that is to be filtered for
  • 'value' is the value that is to be matched expected


Properties

'conf_file', 'map_name', 'params', 'pg_username', 'system_username'


Property Examples

map_name([String])

address returns a an array of strings that matches the where condition of the filter table

describe pg_hba_conf.where { pg_username == 'name' } do
  its('map_name') { should eq ['value'] }
end

pg_username([String])

pg_username returns a an array of strings that matches the where condition of the filter table

describe pg_hba_conf.where { pg_username == 'name' } do
  its('pg_username') { should eq ['value'] }
end

system_username([String])

system_username returns a an array of strings that matches the where condition of the filter table

describe pg_hba_conf.where { pg_username == 'name' } do
  its('system_username') { should eq ['value'] }
end


Matchers

This InSpec audit resource matches any service that is listed in the pg ident configuration file. For a full list of available matchers, please visit our matchers page.

its('pg_username') { should_not eq ['peer'] }

or:

its('map_name') { should eq ['value'] }

For example:

describe postgres_ident_conf.where { pg_username == 'name' } do
  its('system_username') { should eq ['value'] }
  its('map_name') { should eq ['value'] }
end