86a0453f2f
This patch provides a more advanced way of managing pg_hba rules, by providing a defined resource to manage a pg_hba file, and a defined resource for managing rules within such a file (pg_hba_rule). These new resources are wrappers around ripinaar-concat, and utilise file assemblies instead of a template to compose the pg_hba.conf file. I've provided a function that interprets the old ip4|6acl arrays and converts them to this new format for backwards compatibility as well. I slightly reformatted our documentation to allow for better documentation of defined resources in 'Usage' as well, and provided examples of how to use this new resource. This hopefully should go a long way to solving the PR's related to lack of full functionality for pg_hba.conf. Signed-off-by: Ken Barber <ken@bob.sh>
18 lines
564 B
Puppet
18 lines
564 B
Puppet
# Basic remote access
|
|
postgresql::pg_hba_rule{ 'allow access to db foo from 2.2.2.0/24 for user foo':
|
|
type => 'host',
|
|
database => 'foo',
|
|
user => 'foo',
|
|
address => '2.2.2.0/24',
|
|
auth_method => 'md5',
|
|
}
|
|
|
|
# LDAP Integration
|
|
postgresql::pg_hba_rule{ 'allow ldap access to db foo from 10.1.1.0/24 for all':
|
|
type => 'host',
|
|
database => 'foo',
|
|
user => 'all',
|
|
address => '10.1.1.0/24',
|
|
auth_method => 'ldap',
|
|
auth_option => 'ldapserver=ldap.example.net ldapprefix="cn=" ldapsuffix=", dc=example, dc=net"',
|
|
}
|