1175ea20d6
This commit adds a postgresql::db type for convenience; it mirrors the 'db' type from the mysql module, which allows you to create a database instance and user plus grant privileges to that user all in one succint resource. This commit also improves security in the following ways: * Revoke "CONNECT" privilege from the 'public' role for newly created databases; without this, any database created via this module will allow connections from any database user, and will allow them to do things like create tables. * Change to a 'reject'-based policy for dealing with remote connections by the postgres user in pg_hba.conf. Prior to this commit, if you tried to restrict access to the postgres user by IP, the rule would simply not match for disallowed IPs; then it would fall through to the rule for "all" users, which could still match and thus allow the postgres user to connect remotely. |
||
|---|---|---|
| .. | ||
| pg_hba.conf.erb | ||