Puppet Plan: complyadm::validate::database

Defined in:
plans/validate/database.pp

Overview

Validates we can log into the database on the database target as the comply and query users with their passwords over TCP

Parameters:

  • config (Complyadm::Config) (defaults to: complyadm::config())

    Complyadm::Config object with all config options

Returns:

  • Hash returns pass/fail results from check



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'plans/validate/database.pp', line 9

plan complyadm::validate::database (
  Complyadm::Config $config = complyadm::config(),
) {
  $runtime = $config['runtime']
  # TODO: When we add support for multiple database targets, we'll need to run against the right one
  $target = $config['roles']['database']['targets'][0]

  $sql_command = '\d'
  # Can the comply user be accessed over TCP using the password
  $comply_password = $config['roles']['database']['services']['comply_postgres']['comply_db_password']
  $comply_username = $config['roles']['database']['services']['comply_postgres']['comply_db_username']
  $comply_subcommand = "PGPASSWORD=${comply_password} psql postgresql://comply_postgres:5432/comply?sslmode=disable -U ${comply_username} -c \\\"${sql_command}\\\""
  $comply_command = "${runtime} exec comply_postgres bash -c \"${comply_subcommand}\""

  $comply_connect_results = run_command(
    $comply_command,
    $target,
    { '_run_as' => 'root', '_catch_errors' => true, },
  )

  # Can the identity user be accessed over TCP using the password
  $identity_password = $config['roles']['database']['services']['comply_postgres']['identity_db_password']
  $identity_username = $config['roles']['database']['services']['comply_postgres']['identity_db_username']
  $identity_subcommand = "PGPASSWORD=${identity_password} psql postgresql://comply_postgres:5432/keycloak?sslmode=disable -U ${identity_username} -c \\\"${sql_command}\\\""
  $identity_command = "${runtime} exec comply_postgres bash -c \"${identity_subcommand}\""

  $identity_connect_results = run_command(
    $identity_command,
    $target,
    { '_run_as' => 'root', '_catch_errors' => true, },
  )

  $results = [$comply_connect_results, $identity_connect_results].reduce({ 'failed' => [], 'passed' => [] }) |$memo, $connect_results| {
    if($connect_results[0].ok) {
      $passed_targets = ["${target.name} : Database connections successful"] + $memo['passed']
      $failed_targets = $memo['failed']
    } else {
      $passed_targets = $memo['passed']
      $failed_targets = ["${target.name} : ${connect_results[0].value['merged_output']}"] + $memo['failed']
    }

    $memo + { 'passed' => $passed_targets.unique, 'failed' => $failed_targets.unique }
  }

  return $results
}