pgsectest

module

v0.1.1 Latest Latest Go to latest Published: Oct 5, 2023 License: GPL-3.0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/mannemsolutions/pgsectest

Links

Open Source Insights

README ¶

pgsectest

A tool to run security checks against postgres and return a score

The origin

While writing postgres software that manages objects in Postgres (like pgfga), we needed a tool for easy integration testing. As an integration test we just wanted to create an environment with Postgres, the tool, (and other components as required), run the tool and check the outcome in postgres. We decided to build a tool which can run defined queries against Postgres, and check for expected results. And thus pgsectest was born.

Downloading pgsectest

The most straight forward way is to download pgsectest directly from the github release page. But there are other options, like

using the container image from dockerhub
direct build from source (if you feel you must)

Please refer to our download instructions for more details on all options.

Usage

After downloading the binary to a folder in your path, you can run pgsectest with a command like:

pgsectest ./mytest*.yml ./andonemoretest.yml

Or using stdin:

cat ./mytests*.yml | pgsectest

Defining your tests

A more detailed description can be found in our test definition guide.

TLDR; you can define one or more test chapters as yaml documents (separated by the '---' yaml doc separator). Each test chapter can have the following information defined:

a dsn, whith all connection details to connect to postgres.
- Note that instead of configuring in this chapter, the libpq environment variables can also be used, but options configured in this chapter take precedence.
You can set the number of retries, delay and debugging options
Each test can define
- a name (defaults to the query when not set),
- the query
- the expected result (a list of key/value pairs)
- the option to reverse the outcome (Ok results are counted as errors and vice versa)

An example test definition could be:

---
dsn:
  host: postgres
  port: 5432
  user: postgres
  password: pgsectest

retries: 60
delay: 1s
debug: false

tests:
- name: After initialization you normally have 3 databases
  query: "select count(*) total from pg_database"
  results:
  - total: 3
- name: After initialization you normally have the databases postgres, template0 and template1
  query: "select datname from pg_database order by 1"
  results:
  - datname: postgres
  - datname: template0
  - datname: template1
# This test is named "select datname from pg_databases"
- query: "select datname from pg_databases"
  results: []
  reverse: true

1812968 (pgsectest)

Directories ¶

Path	Synopsis
cmd
pgsectest command
internal
pkg
pg

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL