Reorder pg_hba rules

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2018-03-13 15:00:26 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2018-03-13 22:52:09 +0100
commit: a386ce060c4c49d772bd4d03d6586012a266317e (patch)
tree: 5342c1ba851c73d5f8406a345b7fdddd8d8ea547 /modules/profile/manifests
parent: a045b9dc12f71c286d4afcb196705f430b6731f5 (diff)
download: Puppet-a386ce060c4c49d772bd4d03d6586012a266317e.tar.gz
Puppet-a386ce060c4c49d772bd4d03d6586012a266317e.tar.zst
Puppet-a386ce060c4c49d772bd4d03d6586012a266317e.zip
1 files changed, 6 insertions, 6 deletions
diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp
index 9d875c9..2cd1bcc 100644
--- a/modules/profile/manifests/postgresql.pp
+++ b/modules/profile/manifests/postgresql.pp
@@ -32,7 +32,7 @@ class profile::postgresql {
    database    => 'all',
    user        => $pg_user,
    auth_method => 'ident',
-    order       => "a1",
+    order       => "00-01",
  }
  postgresql::server::pg_hba_rule { 'localhost access as postgres user':
    description => 'Allow localhost access to postgres user',
@@ -41,7 +41,7 @@ class profile::postgresql {
    user        => $pg_user,
    address     => "127.0.0.1/32",
    auth_method => 'md5',
-    order       => "a2",
+    order       => "00-02",
  }
  postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user':
    description => 'Allow localhost access to postgres user',
@@ -50,7 +50,7 @@ class profile::postgresql {
    user        => $pg_user,
    address     => "::1/128",
    auth_method => 'md5',
-    order       => "a3",
+    order       => "00-03",
  }
  postgresql::server::pg_hba_rule { 'deny access to postgresql user':
    description => 'Deny remote access to postgres user',
@@ -59,7 +59,7 @@ class profile::postgresql {
    user        => $pg_user,
    address     => "0.0.0.0/0",
    auth_method => 'reject',
-    order       => "a4",
+    order       => "00-04",
  }
  postgresql::server::pg_hba_rule { 'local access':
@@ -68,7 +68,7 @@ class profile::postgresql {
    database    => 'all',
    user        => 'all',
    auth_method => 'md5',
-    order       => "b1",
+    order       => "10-01",
  }
  postgresql::server::pg_hba_rule { 'local access with same name':
@@ -77,7 +77,7 @@ class profile::postgresql {
    database    => 'all',
    user        => 'all',
    auth_method => 'ident',
-    order       => "b2",
+    order       => "10-02",
  }
 }
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2018-03-13 15:00:26 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2018-03-13 22:52:09 +0100
commit	a386ce060c4c49d772bd4d03d6586012a266317e (patch)
tree	5342c1ba851c73d5f8406a345b7fdddd8d8ea547 /modules/profile/manifests
parent	a045b9dc12f71c286d4afcb196705f430b6731f5 (diff)
download	Puppet-a386ce060c4c49d772bd4d03d6586012a266317e.tar.gz Puppet-a386ce060c4c49d772bd4d03d6586012a266317e.tar.zst Puppet-a386ce060c4c49d772bd4d03d6586012a266317e.zip

diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp index 9d875c9..2cd1bcc 100644 --- a/modules/profile/manifests/postgresql.pp +++ b/modules/profile/manifests/postgresql.pp
@@ -32,7 +32,7 @@ class profile::postgresql {
32	database => 'all',	32	database => 'all',
33	user => $pg_user,	33	user => $pg_user,
34	auth_method => 'ident',	34	auth_method => 'ident',
35	order => "a1",	35	order => "00-01",
36	}	36	}
37	postgresql::server::pg_hba_rule { 'localhost access as postgres user':	37	postgresql::server::pg_hba_rule { 'localhost access as postgres user':
38	description => 'Allow localhost access to postgres user',	38	description => 'Allow localhost access to postgres user',
@@ -41,7 +41,7 @@ class profile::postgresql {
41	user => $pg_user,	41	user => $pg_user,
42	address => "127.0.0.1/32",	42	address => "127.0.0.1/32",
43	auth_method => 'md5',	43	auth_method => 'md5',
44	order => "a2",	44	order => "00-02",
45	}	45	}
46	postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user':	46	postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user':
47	description => 'Allow localhost access to postgres user',	47	description => 'Allow localhost access to postgres user',
@@ -50,7 +50,7 @@ class profile::postgresql {
50	user => $pg_user,	50	user => $pg_user,
51	address => "::1/128",	51	address => "::1/128",
52	auth_method => 'md5',	52	auth_method => 'md5',
53	order => "a3",	53	order => "00-03",
54	}	54	}
55	postgresql::server::pg_hba_rule { 'deny access to postgresql user':	55	postgresql::server::pg_hba_rule { 'deny access to postgresql user':
56	description => 'Deny remote access to postgres user',	56	description => 'Deny remote access to postgres user',
@@ -59,7 +59,7 @@ class profile::postgresql {
59	user => $pg_user,	59	user => $pg_user,
60	address => "0.0.0.0/0",	60	address => "0.0.0.0/0",
61	auth_method => 'reject',	61	auth_method => 'reject',
62	order => "a4",	62	order => "00-04",
63	}	63	}
64		64
65	postgresql::server::pg_hba_rule { 'local access':	65	postgresql::server::pg_hba_rule { 'local access':
@@ -68,7 +68,7 @@ class profile::postgresql {
68	database => 'all',	68	database => 'all',
69	user => 'all',	69	user => 'all',
70	auth_method => 'md5',	70	auth_method => 'md5',
71	order => "b1",	71	order => "10-01",
72	}	72	}
73		73
74	postgresql::server::pg_hba_rule { 'local access with same name':	74	postgresql::server::pg_hba_rule { 'local access with same name':
@@ -77,7 +77,7 @@ class profile::postgresql {
77	database => 'all',	77	database => 'all',
78	user => 'all',	78	user => 'all',
79	auth_method => 'ident',	79	auth_method => 'ident',
80	order => "b2",	80	order => "10-02",
81	}	81	}
82		82
83	}	83	}