Reorder pg_hba rules

author Ismaël Bouya <ismael.bouya@normalesup.org>

Tue, 13 Mar 2018 14:00:26 +0000 (15:00 +0100)

committer Ismaël Bouya <ismael.bouya@normalesup.org>

Tue, 13 Mar 2018 21:52:09 +0000 (22:52 +0100)
author Ismaël Bouya <ismael.bouya@normalesup.org>
Tue, 13 Mar 2018 14:00:26 +0000 (15:00 +0100)
committer Ismaël Bouya <ismael.bouya@normalesup.org>
Tue, 13 Mar 2018 21:52:09 +0000 (22:52 +0100)
diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp

index 9d875c98de23feeff9b1468773c372cd37a0d42b..2cd1bcc652052beaf6e3e2fa121b50acd45a3c62 100644 (file)
--- a/modules/profile/manifests/postgresql.pp
+++ b/modules/profile/manifests/postgresql.pp
@@ -32,7 +32,7 @@ class profile::postgresql {
      database    => 'all',
      user        => $pg_user,
      auth_method => 'ident',
      database    => 'all',
      user        => $pg_user,
      auth_method => 'ident',
-    order       => "a1",
+    order       => "00-01",
    }
    postgresql::server::pg_hba_rule { 'localhost access as postgres user':
      description => 'Allow localhost access to postgres user',
    }
    postgresql::server::pg_hba_rule { 'localhost access as postgres user':
      description => 'Allow localhost access to postgres user',
@@ -41,7 +41,7 @@ class profile::postgresql {
      user        => $pg_user,
      address     => "127.0.0.1/32",
      auth_method => 'md5',
      user        => $pg_user,
      address     => "127.0.0.1/32",
      auth_method => 'md5',
-    order       => "a2",
+    order       => "00-02",
    }
    postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user':
      description => 'Allow localhost access to postgres user',
    }
    postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user':
      description => 'Allow localhost access to postgres user',
@@ -50,7 +50,7 @@ class profile::postgresql {
      user        => $pg_user,
      address     => "::1/128",
      auth_method => 'md5',
      user        => $pg_user,
      address     => "::1/128",
      auth_method => 'md5',
-    order       => "a3",
+    order       => "00-03",
    }
    postgresql::server::pg_hba_rule { 'deny access to postgresql user':
      description => 'Deny remote access to postgres user',
    }
    postgresql::server::pg_hba_rule { 'deny access to postgresql user':
      description => 'Deny remote access to postgres user',
@@ -59,7 +59,7 @@ class profile::postgresql {
      user        => $pg_user,
      address     => "0.0.0.0/0",
      auth_method => 'reject',
      user        => $pg_user,
      address     => "0.0.0.0/0",
      auth_method => 'reject',
-    order       => "a4",
+    order       => "00-04",
    }
  
    postgresql::server::pg_hba_rule { 'local access':
    }
  
    postgresql::server::pg_hba_rule { 'local access':
@@ -68,7 +68,7 @@ class profile::postgresql {
      database    => 'all',
      user        => 'all',
      auth_method => 'md5',
      database    => 'all',
      user        => 'all',
      auth_method => 'md5',
-    order       => "b1",
+    order       => "10-01",
    }
  
    postgresql::server::pg_hba_rule { 'local access with same name':
    }
  
    postgresql::server::pg_hba_rule { 'local access with same name':
@@ -77,7 +77,7 @@ class profile::postgresql {
      database    => 'all',
      user        => 'all',
      auth_method => 'ident',
      database    => 'all',
      user        => 'all',
      auth_method => 'ident',
-    order       => "b2",
+    order       => "10-02",
    }
  
  }
    }
  
  }
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp

index 5b6478787e7a552f22a4b4efb6f97e51a9616202..503620b755edd54060028647451af4e4e1531257 100644 (file)
--- a/modules/role/manifests/cryptoportfolio.pp
+++ b/modules/role/manifests/cryptoportfolio.pp
@@ -136,7 +136,7 @@ class role::cryptoportfolio (
      user        => $pg_user,
      address     => '127.0.0.1/32',
      auth_method => 'md5',
      user        => $pg_user,
      address     => '127.0.0.1/32',
      auth_method => 'md5',
-    order       => "b0",
+    order       => "05-01",
    }
    postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user':
      type        => 'host',
    }
    postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user':
      type        => 'host',
@@ -144,7 +144,7 @@ class role::cryptoportfolio (
      user        => $pg_user,
      address     => '::1/128',
      auth_method => 'md5',
      user        => $pg_user,
      address     => '::1/128',
      auth_method => 'md5',
-    order       => "b0",
+    order       => "05-01",
    }
  
    postgresql::server::pg_hba_rule { 'allow TCP access to replication user from immae.eu':
    }
  
    postgresql::server::pg_hba_rule { 'allow TCP access to replication user from immae.eu':
@@ -153,7 +153,7 @@ class role::cryptoportfolio (
      user        => $pg_user_replication,
      address     => 'immae.eu',
      auth_method => 'md5',
      user        => $pg_user_replication,
      address     => 'immae.eu',
      auth_method => 'md5',
-    order       => "b0",
+    order       => "05-01",
    }
  
    class { 'apache::mod::headers': }
    }
  
    class { 'apache::mod::headers': }
author	Ismaël Bouya <ismael.bouya@normalesup.org>
	Tue, 13 Mar 2018 14:00:26 +0000 (15:00 +0100)
committer	Ismaël Bouya <ismael.bouya@normalesup.org>
	Tue, 13 Mar 2018 21:52:09 +0000 (22:52 +0100)
modules/profile/manifests/postgresql.pp		patch \| blob \| blame \| history
modules/role/manifests/cryptoportfolio.pp		patch \| blob \| blame \| history