W3cubDocs

/Chef 18

postgres_conf resource

[edit on GitHub]

Use the postgres_conf Chef InSpec audit resource to test the contents of the configuration file for PostgreSQL, typically located at /etc/postgresql/<version>/main/postgresql.conf or /var/lib/postgres/data/postgresql.conf, depending on the platform.

Availability

Installation

This resource is distributed along with Chef InSpec itself. You can use it automatically.

Version

This resource first became available in v1.0.0 of InSpec.

Syntax

A postgres_conf resource block declares one (or more) settings in the postgresql.conf file, and then compares the setting in the configuration file to the value stated in the test:

describe postgres_conf('path') do
  its('setting') { should eq 'value' }
end

where

  • 'setting' specifies a setting in the postgresql.conf file
  • ('path') is the non-default path to the postgresql.conf file (optional)
  • should eq 'value' is the value that is expected

Properties

This resource supports any of the settings listed in an postgresql.conf file as properties for e.g. max_connections

its('max_connections') { should eq '5' }

Examples

The following examples show how to use this Chef InSpec audit resource.

Test the maximum number of allowed client connections

describe postgres_conf do
  its('max_connections') { should eq '5' }
end

Test system logging

describe postgres_conf do
  its('logging_collector') { should eq 'on' }
  its('log_connections') { should eq 'on' }
  its('log_disconnections') { should eq 'on' }
  its('log_duration') { should eq 'on' }
  its('log_hostname') { should eq 'on' }
  its('log_line_prefix') { should eq '%t %u %d %h' }
  its(['pgaudit.log_parameter']) { should cmp 'on' }
end

Test the port on which PostgreSQL listens

describe postgres_conf do
  its('port') { should eq '5432' }
end

Test the Unix socket settings

describe postgres_conf do
  its('unix_socket_directories') { should eq '.s.PGSQL.5432' }
  its('unix_socket_group') { should eq nil }
  its('unix_socket_permissions') { should eq '0770' }
end

where unix_socket_group is set to the PostgreSQL default setting (the group to which the server user belongs).

Matchers

For a full list of available matchers, please visit our matchers page.

© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
https://docs.chef.io/inspec/resources/postgres_conf/