This commit fixes up the `postgres_default_version` fact so that
it doesn't use apt/yum (slow), and instead just has a hard-coded
list of default postgres versions for various OS versions. We
will need to add new OS versions to this fact over time, but that
seems preferable to the previous implementation which was causing
slower puppet runs on all nodes (regardless of whether they were
actually using postgres or not).
Nan showed me a trick that will let us keep all of that param stuff
inside of params.pp, make it a parameterized class, and still support
the ability for users to specify a custom (non-system-default) pg
version. This commit takes the first step towards that pattern by
consolidating platform.pp and params.pp. (Everything old is new again!)
This will allow characters such as '-' in database role
names. Additionally, escaping of '"' characters now applies to all '"'
characters, not just the first in a sql command.
This commit adds a postgresql::db type for convenience;
it mirrors the 'db' type from the mysql module, which
allows you to create a database instance and user plus
grant privileges to that user all in one succint
resource.
This commit also improves security in the following ways:
* Revoke "CONNECT" privilege from the 'public' role for
newly created databases; without this, any database
created via this module will allow connections from
any database user, and will allow them to do things
like create tables.
* Change to a 'reject'-based policy for dealing with
remote connections by the postgres user in pg_hba.conf.
Prior to this commit, if you tried to restrict access
to the postgres user by IP, the rule would simply not
match for disallowed IPs; then it would fall through
to the rule for "all" users, which could still match
and thus allow the postgres user to connect remotely.
Renamed a few files and made some tweaks to try to get
database_grant, database_user, and database types into
a state where they work very similarly to the ones in
the mysql module. Also introduced a "postgresql_password"
function that can be used to generate an md5 password
hash for a postgres user.
