module-postgresql/lib/puppet/parser/functions/postgresql_acls_to_resources_hash.rb

module Puppet::Parser::Functions
  newfunction(:postgresql_acls_to_resources_hash, :type => :rvalue, :doc => <<-EOS
    This internal function translates the ipv(4|6)acls format into a resource
    suitable for create_resources. It is not intended to be used outside of the
    postgresql internal classes/defined resources.

    This function accepts an array of strings that are pg_hba.conf rules. It
    will return a hash that can be fed into create_resources to create multiple
    individual pg_hba_rule resources.

    The second parameter is an identifier that will be included in the namevar
    to provide uniqueness. It must be a string.

    The third parameter is an order offset, so you can start the order at an
    arbitrary starting point.
    EOS
  ) do |args|
    func_name = "postgresql_acls_to_resources_hash()"

    raise(Puppet::ParseError, "#{func_name}: Wrong number of arguments " +
      "given (#{args.size} for 3)") if args.size != 3

    acls = args[0]
    raise(Puppet::ParseError, "#{func_name}: first argument must be an array") \
      unless acls.instance_of? Array

    id = args[1]
    raise(Puppet::ParseError, "#{func_name}: second argument must be a string") \
      unless id.instance_of? String

    offset = args[2].to_i
    raise(Puppet::ParseError, "#{func_name}: third argument must be a number") \
      unless offset.instance_of? Fixnum

    resources = {}
    acls.each do |acl|
      index = acls.index(acl)

      parts = acl.split

      raise(Puppet::ParseError, "#{func_name}: acl line #{index} does not " +
        "have enough parts") unless parts.length >= 4

      resource = {
        'type' => parts[0],
        'database' => parts[1],
        'user' => parts[2],
        'order' => format('%03d', offset + index),
      }
      if parts[0] == 'local' then
        resource['auth_method'] = parts[3]
        if parts.length > 4 then
          resource['auth_option'] = parts.last(parts.length - 4).join(" ")
        end
      else
        if parts[4] =~ /^\d/
          resource['address'] = parts[3] + ' ' + parts[4]
          resource['auth_method'] = parts[5]

          if parts.length > 6 then
            resource['auth_option'] = parts.last(parts.length - 6).join(" ")
          end
        else
          resource['address'] = parts[3]
          resource['auth_method'] = parts[4]

          if parts.length > 5 then
            resource['auth_option'] = parts.last(parts.length - 5).join(" ")
          end
        end
      end
      resources["postgresql class generated rule #{id} #{index}"] = resource
    end
    resources
  end
end
Provide new defined resources for managing pg_hba.conf This patch provides a more advanced way of managing pg_hba rules, by providing a defined resource to manage a pg_hba file, and a defined resource for managing rules within such a file (pg_hba_rule). These new resources are wrappers around ripinaar-concat, and utilise file assemblies instead of a template to compose the pg_hba.conf file. I've provided a function that interprets the old ip4\|6acl arrays and converts them to this new format for backwards compatibility as well. I slightly reformatted our documentation to allow for better documentation of defined resources in 'Usage' as well, and provided examples of how to use this new resource. This hopefully should go a long way to solving the PR's related to lack of full functionality for pg_hba.conf. Signed-off-by: Ken Barber <ken@bob.sh> 2013-02-10 01:36:12 +01:00			`module Puppet::Parser::Functions`
			`newfunction(:postgresql_acls_to_resources_hash, :type => :rvalue, :doc => <<-EOS`
			`This internal function translates the ipv(4\|6)acls format into a resource`
			`suitable for create_resources. It is not intended to be used outside of the`
			`postgresql internal classes/defined resources.`

			`This function accepts an array of strings that are pg_hba.conf rules. It`
			`will return a hash that can be fed into create_resources to create multiple`
			`individual pg_hba_rule resources.`

			`The second parameter is an identifier that will be included in the namevar`
			`to provide uniqueness. It must be a string.`

			`The third parameter is an order offset, so you can start the order at an`
			`arbitrary starting point.`
			`EOS`
			`) do \|args\|`
			`func_name = "postgresql_acls_to_resources_hash()"`

			`raise(Puppet::ParseError, "#{func_name}: Wrong number of arguments " +`
			`"given (#{args.size} for 3)") if args.size != 3`

			`acls = args[0]`
			`raise(Puppet::ParseError, "#{func_name}: first argument must be an array") \`
			`unless acls.instance_of? Array`

			`id = args[1]`
			`raise(Puppet::ParseError, "#{func_name}: second argument must be a string") \`
			`unless id.instance_of? String`

			`offset = args[2].to_i`
			`raise(Puppet::ParseError, "#{func_name}: third argument must be a number") \`
			`unless offset.instance_of? Fixnum`

			`resources = {}`
			`acls.each do \|acl\|`
			`index = acls.index(acl)`

			`parts = acl.split`

			`raise(Puppet::ParseError, "#{func_name}: acl line #{index} does not " +`
			`"have enough parts") unless parts.length >= 4`

			`resource = {`
			`'type' => parts[0],`
			`'database' => parts[1],`
			`'user' => parts[2],`
			`'order' => format('%03d', offset + index),`
			`}`
			`if parts[0] == 'local' then`
			`resource['auth_method'] = parts[3]`
			`if parts.length > 4 then`
			`resource['auth_option'] = parts.last(parts.length - 4).join(" ")`
			`end`
			`else`
			`if parts[4] =~ /^\d/`
			`resource['address'] = parts[3] + ' ' + parts[4]`
			`resource['auth_method'] = parts[5]`

			`if parts.length > 6 then`
			`resource['auth_option'] = parts.last(parts.length - 6).join(" ")`
			`end`
			`else`
			`resource['address'] = parts[3]`
			`resource['auth_method'] = parts[4]`

			`if parts.length > 5 then`
			`resource['auth_option'] = parts.last(parts.length - 5).join(" ")`
			`end`
			`end`
			`end`
			`resources["postgresql class generated rule #{id} #{index}"] = resource`
			`end`
			`resources`
			`end`
			`end`