41 lines
1.3 KiB
Puppet
41 lines
1.3 KiB
Puppet
# This resource manages an individual rule that applies to the file defined in
|
|
# $target.
|
|
define postgresql::pg_hba_rule(
|
|
$type,
|
|
$database,
|
|
$user,
|
|
$auth_method,
|
|
$address = undef,
|
|
$description = 'none',
|
|
$auth_option = undef,
|
|
$target = $postgresql::params::pg_hba_conf_path,
|
|
$order = '150'
|
|
) {
|
|
include postgresql::params
|
|
|
|
validate_re($type, ['^local$', '^host$', '^hostssl$', '^hostnossl$'],
|
|
"The type you specified [${type}] must be one of: local, host, hostssl, hostnosssl")
|
|
validate_re($auth_method, '^(trust|reject|md5|crypt|password|gss|sspi|krb5|ident|peer|ldap|radius|cert|pam)$',
|
|
"The auth_method you specified [${auth_method}] must be one of: trust, reject, md5, crypt, password, krb5, ident, ldap, pam")
|
|
|
|
if($type =~ /^host/ and $address == undef) {
|
|
fail('You must specify an address property when type is host based')
|
|
}
|
|
|
|
# This is required to make sure concat::setup is initialized first. This
|
|
# probably points to a bug inside ripienaar-concat.
|
|
include concat::setup
|
|
|
|
# Create a rule fragment
|
|
$fragname = "pg_hba_rule_${name}"
|
|
concat::fragment { $fragname:
|
|
target => $target,
|
|
content => template('postgresql/pg_hba_rule.conf'),
|
|
order => $order,
|
|
owner => $::id,
|
|
mode => '0600',
|
|
}
|
|
|
|
Class['concat::setup']->
|
|
Concat::Fragment[$fragname]
|
|
}
|