ACLs functioning, added examples in README and test, comments in config manifests

README.md

@@ -30,7 +30,7 @@ class { 'postgresql::server':
         'ip_mask_deny_postgres_user' => '0.0.0.0/32',
         'ip_mask_allow_all_users'    => '0.0.0.0/0',
         'listen_addresses'           => '*',
-        'ipv4acls'                   => [ 'hostssl all johndoe 192.168.0.0/24 cert', ]
+        'ipv4acls'                   => [ 'hostssl all johndoe 192.168.0.0/24 cert' ]
         'manage_redhat_firewall'     => true,
         'postgres_password'          => 'TPSrep0rt!',
     },

manifests/config.pp

@@ -9,6 +9,10 @@
 #                                       defaults to '127.0.0.1/32', meaning only allow connections from localhost
 #   [*listen_addresses*]             - what IP address(es) to listen on; comma-separated list of addresses; defaults to
 #                                       'localhost', '*' = all
+#   [*ipv4acls*]                     - list of strings for access control for connection method, users, databases, IPv4
+#                                       addresses; see postgresql documentation about pg_hba.conf for information
+#   [*ipv6acls*]                     - list of strings for access control for connection method, users, databases, IPv6
+#                                       addresses; see postgresql documentation about pg_hba.conf for information
 #   [*pg_hba_conf_path*]             - path to pg_hba.conf file
 #   [*postgresql_conf_path*]         - path to postgresql.conf file
 #   [*manage_redhat_firewall*]       - boolean indicating whether or not the module should open a port in the firewall on

manifests/config/beforeservice.pp

@@ -8,6 +8,10 @@
 #                                       defaults to '127.0.0.1/32', meaning only allow connections from localhost
 #   [*listen_addresses*]        - what IP address(es) to listen on; comma-separated list of addresses; defaults to
 #                                    'localhost', '*' = all
+#   [*ipv4acls*]                - list of strings for access control for connection method, users, databases, IPv4
+#                                    addresses; see postgresql documentation about pg_hba.conf for information
+#   [*ipv6acls*]                - list of strings for access control for connection method, users, databases, IPv6
+#                                    addresses; see postgresql documentation about pg_hba.conf for information
 #   [*pg_hba_conf_path*]        - path to pg_hba.conf file
 #   [*postgresql_conf_path*]    - path to postgresql.conf file
 #   [*manage_redhat_firewall*]  - boolean indicating whether or not the module should open a port in the firewall on

templates/pg_hba.conf.erb

@@ -83,14 +83,12 @@ local   all         all                               ident <%= "sameuser" if @p
 # IPv4 local connections:
 host    all         postgres    <%= @ip_mask_deny_postgres_user + "\t" %>      reject
 host    all         all         <%= @ip_mask_allow_all_users + "\t" %>      md5
-
-<% @ipv4acls.each do |acl| -%>
-	<%= acl %>
+<% @ipv4acls.each do |acl|; parts = acl.split -%>
+<%= parts[0] + "\t" + parts[1] + "\t" + parts[2] + "\t\t" + parts[3] + "\t\t" + parts[4] + "\t" + parts.last(parts.length - 5).join(" ") %>
 <% end -%>
 # IPv6 local connections:
 host    all         all         ::1/128               md5
-
-<% @ipv6acls.each do |acl| -%>
-	<%= acl %>
+<% @ipv6acls.each do |acl|; parts = acl.split -%>
+<%= parts[0] + "\t" + parts[1] + "\t" + parts[2] + "\t\t" + parts[3] + "\t\t" + parts[4] + "\t" + parts.last(parts.length - 5).join(" ") %>
 <% end -%>
 

tests/server.pp

@@ -3,6 +3,7 @@ class { 'postgresql::server':
         'ip_mask_deny_postgres_user' => '0.0.0.0/32',
         'ip_mask_allow_all_users' => '0.0.0.0/0',
         'listen_addresses' => '*',
+        'ipv4acls' => [ 'hostssl all all johndoe 192.168.0.0/24 cert' ],
         'manage_redhat_firewall' => true,
         'postgres_password' => 'postgres',
     },