opuppet/module-postgresql
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
module-postgresql/examples/postgresql_pg_hba_rule.pp

19 lines
564 B
ObjectPascal
Raw Normal View History

Provide new defined resources for managing pg_hba.conf This patch provides a more advanced way of managing pg_hba rules, by providing a defined resource to manage a pg_hba file, and a defined resource for managing rules within such a file (pg_hba_rule). These new resources are wrappers around ripinaar-concat, and utilise file assemblies instead of a template to compose the pg_hba.conf file. I've provided a function that interprets the old ip4|6acl arrays and converts them to this new format for backwards compatibility as well. I slightly reformatted our documentation to allow for better documentation of defined resources in 'Usage' as well, and provided examples of how to use this new resource. This hopefully should go a long way to solving the PR's related to lack of full functionality for pg_hba.conf. Signed-off-by: Ken Barber <ken@bob.sh>
2013-02-10 01:36:12 +01:00
# Basic remote access
postgresql::pg_hba_rule{ 'allow access to db foo from 2.2.2.0/24 for user foo':
type => 'host',
database => 'foo',
user => 'foo',
address => '2.2.2.0/24',
auth_method => 'md5',
}
# LDAP Integration
postgresql::pg_hba_rule{ 'allow ldap access to db foo from 10.1.1.0/24 for all':
type => 'host',
database => 'foo',
user => 'all',
address => '10.1.1.0/24',
auth_method => 'ldap',
auth_option => 'ldapserver=ldap.example.net ldapprefix="cn=" ldapsuffix=", dc=example, dc=net"',
}
Reference in a new issue Copy permalink