diff options
Diffstat (limited to 'modules/profile/manifests/postgresql/base_pg_hba_rules.pp')
-rw-r--r-- | modules/profile/manifests/postgresql/base_pg_hba_rules.pp | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/modules/profile/manifests/postgresql/base_pg_hba_rules.pp b/modules/profile/manifests/postgresql/base_pg_hba_rules.pp new file mode 100644 index 0000000..13ab4ff --- /dev/null +++ b/modules/profile/manifests/postgresql/base_pg_hba_rules.pp | |||
@@ -0,0 +1,76 @@ | |||
1 | define profile::postgresql::base_pg_hba_rules ( | ||
2 | Optional[String] $pg_path = undef, | ||
3 | String $pg_user = "postgres", | ||
4 | String $pg_group = "postgres", | ||
5 | ) { | ||
6 | unless empty($pg_path) { | ||
7 | concat { "$pg_path/pg_hba.conf": | ||
8 | owner => $pg_user, | ||
9 | group => $pg_group, | ||
10 | mode => '0640', | ||
11 | warn => true, | ||
12 | require => File[$pg_path], | ||
13 | } | ||
14 | |||
15 | Postgresql::Server::Pg_hba_rule { | ||
16 | target => "$pg_path/pg_hba.conf", | ||
17 | postgresql_version => "10", | ||
18 | } | ||
19 | } | ||
20 | |||
21 | postgresql::server::pg_hba_rule { "$title - local access as postgres user": | ||
22 | description => 'Allow local access to postgres user', | ||
23 | type => 'local', | ||
24 | database => 'all', | ||
25 | user => $pg_user, | ||
26 | auth_method => 'ident', | ||
27 | order => "00-01", | ||
28 | } | ||
29 | postgresql::server::pg_hba_rule { "$title - localhost access as postgres user": | ||
30 | description => 'Allow localhost access to postgres user', | ||
31 | type => 'host', | ||
32 | database => 'all', | ||
33 | user => $pg_user, | ||
34 | address => "127.0.0.1/32", | ||
35 | auth_method => 'md5', | ||
36 | order => "00-02", | ||
37 | } | ||
38 | postgresql::server::pg_hba_rule { "$title - localhost ip6 access as postgres user": | ||
39 | description => 'Allow localhost access to postgres user', | ||
40 | type => 'host', | ||
41 | database => 'all', | ||
42 | user => $pg_user, | ||
43 | address => "::1/128", | ||
44 | auth_method => 'md5', | ||
45 | order => "00-03", | ||
46 | target => "$pg_path/pg_hba.conf", | ||
47 | postgresql_version => "10", | ||
48 | } | ||
49 | postgresql::server::pg_hba_rule { "$title - deny access to postgresql user": | ||
50 | description => 'Deny remote access to postgres user', | ||
51 | type => 'host', | ||
52 | database => 'all', | ||
53 | user => $pg_user, | ||
54 | address => "0.0.0.0/0", | ||
55 | auth_method => 'reject', | ||
56 | order => "00-04", | ||
57 | } | ||
58 | postgresql::server::pg_hba_rule { "$title - local access": | ||
59 | description => 'Allow local access with password', | ||
60 | type => 'local', | ||
61 | database => 'all', | ||
62 | user => 'all', | ||
63 | auth_method => 'md5', | ||
64 | order => "10-01", | ||
65 | } | ||
66 | |||
67 | postgresql::server::pg_hba_rule { "$title - local access with same name": | ||
68 | description => 'Allow local access with same name', | ||
69 | type => 'local', | ||
70 | database => 'all', | ||
71 | user => 'all', | ||
72 | auth_method => 'ident', | ||
73 | order => "10-02", | ||
74 | } | ||
75 | |||
76 | } | ||