module-postgresql/manifests/pg_hba_rule.pp

42 lines
1.3 KiB
ObjectPascal
Raw Normal View History

# This resource manages an individual rule that applies to the file defined in
# $target.
define postgresql::pg_hba_rule(
$type,
$database,
$user,
$auth_method,
$address = undef,
$description = 'none',
$auth_option = undef,
$target = $postgresql::params::pg_hba_conf_path,
$order = '150'
) {
include postgresql::params
validate_re($type, ['^local$', '^host$', '^hostssl$', '^hostnossl$'],
"The type you specified [${type}] must be one of: local, host, hostssl, hostnosssl")
validate_re($auth_method, '^(trust|reject|md5|crypt|password|gss|sspi|krb5|ident|peer|ldap|radius|cert|pam)$',
"The auth_method you specified [${auth_method}] must be one of: trust, reject, md5, crypt, password, krb5, ident, ldap, pam")
if($type =~ /^host/ and $address == undef) {
fail('You must specify an address property when type is host based')
}
# This is required to make sure concat::setup is initialized first. This
# probably points to a bug inside ripienaar-concat.
include concat::setup
# Create a rule fragment
$fragname = "pg_hba_rule_${name}"
concat::fragment { $fragname:
2013-02-15 11:23:18 +01:00
target => $target,
content => template('postgresql/pg_hba_rule.conf'),
2013-02-15 11:23:18 +01:00
order => $order,
owner => $::id,
mode => '0600',
}
Class['concat::setup']->
Concat::Fragment[$fragname]
}