[perso/Immae/Projets/Puppet.git] / modules / profile / manifests / postgresql / base_pg_hba_rules.pp

define profile::postgresql::base_pg_hba_rules (
  Optional[String] $pg_path  = undef,
  String           $pg_user  = "postgres",
  String           $pg_group = "postgres",
) {
  unless empty($pg_path) {
    concat { "$pg_path/pg_hba.conf":
      owner   => $pg_user,
      group   => $pg_group,
      mode    => '0640',
      warn    => true,
      require => File[$pg_path],
    }

    Postgresql::Server::Pg_hba_rule {
      target             => "$pg_path/pg_hba.conf",
      postgresql_version => "10",
    }
  }

  postgresql::server::pg_hba_rule { "$title - local access as postgres user":
    description => 'Allow local access to postgres user',
    type        => 'local',
    database    => 'all',
    user        => $pg_user,
    auth_method => 'ident',
    order       => "00-01",
  }
  postgresql::server::pg_hba_rule { "$title - localhost access as postgres user":
    description => 'Allow localhost access to postgres user',
    type        => 'host',
    database    => 'all',
    user        => $pg_user,
    address     => "127.0.0.1/32",
    auth_method => 'md5',
    order       => "00-02",
  }
  postgresql::server::pg_hba_rule { "$title - localhost ip6 access as postgres user":
    description => 'Allow localhost access to postgres user',
    type        => 'host',
    database    => 'all',
    user        => $pg_user,
    address     => "::1/128",
    auth_method => 'md5',
    order       => "00-03",
  }
  postgresql::server::pg_hba_rule { "$title - deny access to postgresql user":
    description => 'Deny remote access to postgres user',
    type        => 'host',
    database    => 'all',
    user        => $pg_user,
    address     => "0.0.0.0/0",
    auth_method => 'reject',
    order       => "00-04",
  }
  postgresql::server::pg_hba_rule { "$title - local access":
    description => 'Allow local access with password',
    type        => 'local',
    database    => 'all',
    user        => 'all',
    auth_method => 'md5',
    order       => "10-01",
  }

  postgresql::server::pg_hba_rule { "$title - local access with same name":
    description => 'Allow local access with same name',
    type        => 'local',
    database    => 'all',
    user        => 'all',
    auth_method => 'ident',
    order       => "10-02",
  }

}
Commit	Line	Data
d2f031ec IB	1	define profile::postgresql::base_pg_hba_rules (
	2	Optional[String] $pg_path = undef,
	3	String $pg_user = "postgres",
	4	String $pg_group = "postgres",
	5	) {
	6	unless empty($pg_path) {
	7	concat { "$pg_path/pg_hba.conf":
	8	owner => $pg_user,
	9	group => $pg_group,
	10	mode => '0640',
	11	warn => true,
	12	require => File[$pg_path],
	13	}
	14
	15	Postgresql::Server::Pg_hba_rule {
	16	target => "$pg_path/pg_hba.conf",
	17	postgresql_version => "10",
	18	}
	19	}
	20
	21	postgresql::server::pg_hba_rule { "$title - local access as postgres user":
	22	description => 'Allow local access to postgres user',
	23	type => 'local',
	24	database => 'all',
	25	user => $pg_user,
	26	auth_method => 'ident',
	27	order => "00-01",
	28	}
	29	postgresql::server::pg_hba_rule { "$title - localhost access as postgres user":
	30	description => 'Allow localhost access to postgres user',
	31	type => 'host',
	32	database => 'all',
	33	user => $pg_user,
	34	address => "127.0.0.1/32",
	35	auth_method => 'md5',
	36	order => "00-02",
	37	}
	38	postgresql::server::pg_hba_rule { "$title - localhost ip6 access as postgres user":
	39	description => 'Allow localhost access to postgres user',
	40	type => 'host',
	41	database => 'all',
	42	user => $pg_user,
	43	address => "::1/128",
	44	auth_method => 'md5',
	45	order => "00-03",
d2f031ec IB	46	}
	47	postgresql::server::pg_hba_rule { "$title - deny access to postgresql user":
	48	description => 'Deny remote access to postgres user',
	49	type => 'host',
	50	database => 'all',
	51	user => $pg_user,
	52	address => "0.0.0.0/0",
	53	auth_method => 'reject',
	54	order => "00-04",
	55	}
	56	postgresql::server::pg_hba_rule { "$title - local access":
	57	description => 'Allow local access with password',
	58	type => 'local',
	59	database => 'all',
	60	user => 'all',
	61	auth_method => 'md5',
	62	order => "10-01",
	63	}
	64
	65	postgresql::server::pg_hba_rule { "$title - local access with same name":
	66	description => 'Allow local access with same name',
	67	type => 'local',
	68	database => 'all',
	69	user => 'all',
	70	auth_method => 'ident',
	71	order => "10-02",
	72	}
	73
	74	}