module-postgresql/tests/postgresql_database.pp
Chris Price 1175ea20d6 Add postgresql::db convenience type, improve security
This commit adds a postgresql::db type for convenience;
it mirrors the 'db' type from the mysql module, which
allows you to create a database instance and user plus
grant privileges to that user all in one succint
resource.

This commit also improves security in the following ways:

* Revoke "CONNECT" privilege from the 'public' role for
  newly created databases; without this, any database
  created via this module will allow connections from
  any database user, and will allow them to do things
  like create tables.

* Change to a 'reject'-based policy for dealing with
  remote connections by the postgres user in pg_hba.conf.
  Prior to this commit, if you tried to restrict access
  to the postgres user by IP, the rule would simply not
  match for disallowed IPs; then it would fall through
  to the rule for "all" users, which could still match
  and thus allow the postgres user to connect remotely.
2012-06-09 09:23:11 -07:00

22 lines
615 B
Puppet

class { 'postgresql::server':
config_hash => {
'ip_mask_deny_postgres_user' => '0.0.0.0/32',
'ip_mask_allow_all_users' => '0.0.0.0/0',
'listen_addresses' => '*',
'manage_redhat_firewall' => true,
'postgres_password' => 'postgres',
},
}
postgresql::database{ ['test1', 'test2', 'test3']:
# TODO: ensure not yet supported
#ensure => present,
charset => 'utf8',
require => Class['postgresql::server'],
}
postgresql::database{ 'test4':
# TODO: ensure not yet supported
#ensure => present,
charset => 'latin1',
require => Class['postgresql::server'],
}