inspec · clintoncwolfe · Sep 28, 2021 · Sep 16, 2021 · Sep 27, 2021
@@ -28,24 +28,27 @@ This resource first became available in v1.0.0 of InSpec.
 A `postgres_session` resource block declares the username and password to use for the session, and then the command to be run:
 
     # Create a PostgreSQL session:
-    sql = postgres_session('username', 'password', 'host', 'port')
+    sql = postgres_session('username', 'password', 'host', 'port', 'socketpath')
 
     # default values:
     #   username: 'postgres'
     #   host: 'localhost'
     #   port: 5432
+    #   socketpath (optional): nil
 
     # Run an SQL query with an optional database to execute
     sql.query('sql_query', ['database_name'])`
 
 A full example is:
 
-    sql = postgres_session('username', 'password', 'host', 'port')
+    sql = postgres_session('username', 'password', 'host', 'port', 'socketpath')
     describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;') do
       its('output') { should eq '' }
     end
 
-where `its('output') { should eq '' }` compares the results of the query against the expected result in the test
+where
+  - `its('output') { should eq '' }` compares the results of the query against the expected result in the test
+  - `socketpath` is an optional parameter. Use `socketpath` to establish a socket connection with Postgres by specifying one of the Postgres Unix domain socket paths. Only supported on Unix-based platforms.
 
 ## Examples
 

@@ -40,11 +40,12 @@ class PostgresSession < Inspec.resource(1)
       end
     EXAMPLE
 
-    def initialize(user, pass, host = nil, port = nil)
+    def initialize(user, pass, host = nil, port = nil, socket_path = nil)
       @user = user || "postgres"
       @pass = pass
       @host = host || "localhost"
       @port = port || 5432
+      @socket_path = socket_path
       raise Inspec::Exceptions::ResourceFailed, "Can't run PostgreSQL SQL checks without authentication." if @user.nil? || @pass.nil?
     end
 
@@ -69,10 +70,20 @@ def escaped_query(query)
 
     def create_psql_cmd(query, db = [])
       dbs = db.map { |x| "#{x}" }.join(" ")
-      if inspec.os.windows?
-        "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c \"#{query}\""
+
+      if @socket_path && !inspec.os.windows?
+        # Socket path and empty host in the connection string establishes socket connection
+        # Socket connection only enabled for non-windows platforms
+        # Windows does not support unix domain sockets
+        "psql -d postgresql://#{@user}:#{@pass}@/#{dbs}?host=#{@socket_path} -A -t -w -c #{escaped_query(query)}"
       else
-        "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c #{escaped_query(query)}"
+        # Host in connection string establishes tcp/ip connection
+        if inspec.os.windows?
+          warn "Socket based connection not supported in windows, connecting using host" if @socket_path
+          "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c \"#{query}\""
+        else
+          "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c #{escaped_query(query)}"
+        end
       end
     end
   end

@@ -37,4 +37,9 @@
     resource = load_resource("postgres_session", "postgres", "postgres", "localhost", 5432)
     _(proc { resource.send(:query, "Select 5;", ["mydatabase"]) }).must_raise Inspec::Exceptions::ResourceFailed
   end
+
+  it "verify postgres_session create_psql_cmd in socket connection" do
+    resource = load_resource("postgres_session", "myuser", "mypass", "127.0.0.1", 5432, "/var/run/postgresql")
+    _(resource.send(:create_psql_cmd, "SELECT * FROM STUDENTS;", ["testdb"])).must_equal "psql -d postgresql://myuser:mypass@/testdb?host=/var/run/postgresql -A -t -w -c SELECT\\ \\*\\ FROM\\ STUDENTS\\;"
+  end
 end