From a386ce060c4c49d772bd4d03d6586012a266317e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Tue, 13 Mar 2018 15:00:26 +0100
Subject: Reorder pg_hba rules

---
 modules/profile/manifests/postgresql.pp   | 12 ++++++------
 modules/role/manifests/cryptoportfolio.pp |  6 +++---
 2 files changed, 9 insertions(+), 9 deletions(-)

(limited to 'modules')

diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp
index 9d875c9..2cd1bcc 100644
--- a/modules/profile/manifests/postgresql.pp
+++ b/modules/profile/manifests/postgresql.pp
@@ -32,7 +32,7 @@ class profile::postgresql {
     database    => 'all',
     user        => $pg_user,
     auth_method => 'ident',
-    order       => "a1",
+    order       => "00-01",
   }
   postgresql::server::pg_hba_rule { 'localhost access as postgres user':
     description => 'Allow localhost access to postgres user',
@@ -41,7 +41,7 @@ class profile::postgresql {
     user        => $pg_user,
     address     => "127.0.0.1/32",
     auth_method => 'md5',
-    order       => "a2",
+    order       => "00-02",
   }
   postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user':
     description => 'Allow localhost access to postgres user',
@@ -50,7 +50,7 @@ class profile::postgresql {
     user        => $pg_user,
     address     => "::1/128",
     auth_method => 'md5',
-    order       => "a3",
+    order       => "00-03",
   }
   postgresql::server::pg_hba_rule { 'deny access to postgresql user':
     description => 'Deny remote access to postgres user',
@@ -59,7 +59,7 @@ class profile::postgresql {
     user        => $pg_user,
     address     => "0.0.0.0/0",
     auth_method => 'reject',
-    order       => "a4",
+    order       => "00-04",
   }
 
   postgresql::server::pg_hba_rule { 'local access':
@@ -68,7 +68,7 @@ class profile::postgresql {
     database    => 'all',
     user        => 'all',
     auth_method => 'md5',
-    order       => "b1",
+    order       => "10-01",
   }
 
   postgresql::server::pg_hba_rule { 'local access with same name':
@@ -77,7 +77,7 @@ class profile::postgresql {
     database    => 'all',
     user        => 'all',
     auth_method => 'ident',
-    order       => "b2",
+    order       => "10-02",
   }
 
 }
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp
index 5b64787..503620b 100644
--- a/modules/role/manifests/cryptoportfolio.pp
+++ b/modules/role/manifests/cryptoportfolio.pp
@@ -136,7 +136,7 @@ class role::cryptoportfolio (
     user        => $pg_user,
     address     => '127.0.0.1/32',
     auth_method => 'md5',
-    order       => "b0",
+    order       => "05-01",
   }
   postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user':
     type        => 'host',
@@ -144,7 +144,7 @@ class role::cryptoportfolio (
     user        => $pg_user,
     address     => '::1/128',
     auth_method => 'md5',
-    order       => "b0",
+    order       => "05-01",
   }
 
   postgresql::server::pg_hba_rule { 'allow TCP access to replication user from immae.eu':
@@ -153,7 +153,7 @@ class role::cryptoportfolio (
     user        => $pg_user_replication,
     address     => 'immae.eu',
     auth_method => 'md5',
-    order       => "b0",
+    order       => "05-01",
   }
 
   class { 'apache::mod::headers': }
-- 
cgit v1.2.3