2014-01-22 01:45:58 +01:00
|
|
|
require 'spec_helper_acceptance'
|
2013-08-27 22:43:47 +02:00
|
|
|
|
|
|
|
describe 'postgresql::server::pg_hba_rule:' do
|
|
|
|
after :all do
|
|
|
|
# Cleanup after tests have ran
|
2014-01-22 01:45:58 +01:00
|
|
|
apply_manifest("class { 'postgresql::server': ensure => absent }", :catch_failures => true)
|
2013-08-27 22:43:47 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'should create a ruleset in pg_hba.conf' do
|
2013-09-18 23:25:51 +02:00
|
|
|
pp = <<-EOS.unindent
|
2013-08-27 22:43:47 +02:00
|
|
|
class { 'postgresql::server': }
|
|
|
|
postgresql::server::pg_hba_rule { "allow application network to access app database":
|
|
|
|
type => "host",
|
|
|
|
database => "app",
|
|
|
|
user => "app",
|
|
|
|
address => "200.1.2.0/24",
|
|
|
|
auth_method => md5,
|
|
|
|
}
|
|
|
|
EOS
|
|
|
|
|
2014-01-22 01:45:58 +01:00
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
|
apply_manifest(pp, :catch_failures => true)
|
2013-08-27 22:43:47 +02:00
|
|
|
|
2014-01-22 01:45:58 +01:00
|
|
|
shell("grep '200.1.2.0/24' /etc/postgresql/*/*/pg_hba.conf || grep '200.1.2.0/24' /var/lib/pgsql/data/pg_hba.conf")
|
2013-08-27 22:43:47 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'should create a ruleset in pg_hba.conf that denies db access to db test1' do
|
2013-09-18 23:25:51 +02:00
|
|
|
pp = <<-EOS.unindent
|
2013-08-27 22:43:47 +02:00
|
|
|
class { 'postgresql::server': }
|
|
|
|
|
|
|
|
postgresql::server::db { "test1":
|
|
|
|
user => "test1",
|
|
|
|
password => postgresql_password('test1', 'test1'),
|
|
|
|
grant => "all",
|
|
|
|
}
|
|
|
|
|
|
|
|
postgresql::server::pg_hba_rule { "allow anyone to have access to db test1":
|
|
|
|
type => "local",
|
|
|
|
database => "test1",
|
|
|
|
user => "test1",
|
|
|
|
auth_method => reject,
|
|
|
|
order => '001',
|
|
|
|
}
|
|
|
|
|
|
|
|
user { "test1":
|
|
|
|
shell => "/bin/bash",
|
|
|
|
managehome => true,
|
|
|
|
}
|
|
|
|
EOS
|
|
|
|
|
2014-01-22 01:45:58 +01:00
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
|
|
|
|
|
shell('su - test1 -c \'psql -U test1 -c "\q" test1\'', :acceptable_exit_codes => [2])
|
2013-08-27 22:43:47 +02:00
|
|
|
end
|
2013-10-02 14:43:21 +02:00
|
|
|
|
|
|
|
it 'should fail catalogue if postgresql::server::manage_pga_conf is disabled' do
|
|
|
|
pp = <<-EOS.unindent
|
|
|
|
class { 'postgresql::server':
|
|
|
|
manage_pg_hba_conf => false,
|
|
|
|
}
|
|
|
|
postgresql::server::pg_hba_rule { 'foo':
|
|
|
|
type => "local",
|
|
|
|
database => "test1",
|
|
|
|
user => "test1",
|
|
|
|
auth_method => reject,
|
|
|
|
order => '001',
|
|
|
|
}
|
|
|
|
EOS
|
2014-01-22 01:45:58 +01:00
|
|
|
|
|
|
|
apply_manifest(pp, :expect_failures => true)
|
2013-10-02 14:43:21 +02:00
|
|
|
end
|
2013-08-27 22:43:47 +02:00
|
|
|
end
|