Refactor cryptoportfolio postgresql

[perso/Immae/Projets/Puppet.git] / modules / profile / manifests / postgresql.pp

diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp
index 2cd1bcc652052beaf6e3e2fa121b50acd45a3c62..97ce57291b6bbf4abf9de7c2e04932b5dbe04435 100644 (file)
--- a/modules/profile/manifests/postgresql.pp
+++ b/modules/profile/manifests/postgresql.pp
@@ -1,4 +1,7 @@
-class profile::postgresql {
+class profile::postgresql (
+  Optional[String] $pg_user  = "postgres",
+  Optional[String] $pg_group = "postgres",
+) {
   $password_seed = lookup("base_installation::puppet_pass_seed")
 
   class { '::postgresql::globals':
@@ -7,16 +10,13 @@ class profile::postgresql {
     pg_hba_conf_defaults => false,
   }
 
-  # FIXME: get it from the postgresql module?
-  $pg_user = "postgres"
-
   class { '::postgresql::client': }
 
   # FIXME: postgresql module is buggy and doesn't create dir?
   file { "/var/lib/postgres":
     ensure  => directory,
     owner   => $pg_user,
-    group   => $pg_user,
+    group   => $pg_group,
     before  => File["/var/lib/postgres/data"],
     require => Package["postgresql-server"],
   }
@@ -26,59 +26,7 @@ class profile::postgresql {
     listen_addresses  => "*",
   }
 
-  postgresql::server::pg_hba_rule { 'local access as postgres user':
-    description => 'Allow local access to postgres user',
-    type        => 'local',
-    database    => 'all',
-    user        => $pg_user,
-    auth_method => 'ident',
-    order       => "00-01",
-  }
-  postgresql::server::pg_hba_rule { 'localhost access as postgres user':
-    description => 'Allow localhost access to postgres user',
-    type        => 'host',
-    database    => 'all',
-    user        => $pg_user,
-    address     => "127.0.0.1/32",
-    auth_method => 'md5',
-    order       => "00-02",
-  }
-  postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user':
-    description => 'Allow localhost access to postgres user',
-    type        => 'host',
-    database    => 'all',
-    user        => $pg_user,
-    address     => "::1/128",
-    auth_method => 'md5',
-    order       => "00-03",
-  }
-  postgresql::server::pg_hba_rule { 'deny access to postgresql user':
-    description => 'Deny remote access to postgres user',
-    type        => 'host',
-    database    => 'all',
-    user        => $pg_user,
-    address     => "0.0.0.0/0",
-    auth_method => 'reject',
-    order       => "00-04",
-  }
-
-  postgresql::server::pg_hba_rule { 'local access':
-    description => 'Allow local access with password',
-    type        => 'local',
-    database    => 'all',
-    user        => 'all',
-    auth_method => 'md5',
-    order       => "10-01",
-  }
-
-  postgresql::server::pg_hba_rule { 'local access with same name':
-    description => 'Allow local access with same name',
-    type        => 'local',
-    database    => 'all',
-    user        => 'all',
-    auth_method => 'ident',
-    order       => "10-02",
-  }
+  profile::postgresql::base_pg_hba_rules { "default": }
 
 }