1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
define profile::postgresql::base_pg_hba_rules (
Optional[String] $pg_path = undef,
String $pg_user = "postgres",
String $pg_group = "postgres",
) {
unless empty($pg_path) {
concat { "$pg_path/pg_hba.conf":
owner => $pg_user,
group => $pg_group,
mode => '0640',
warn => true,
require => File[$pg_path],
}
Postgresql::Server::Pg_hba_rule {
target => "$pg_path/pg_hba.conf",
postgresql_version => "10",
}
}
postgresql::server::pg_hba_rule { "$title - local access as postgres user":
description => 'Allow local access to postgres user',
type => 'local',
database => 'all',
user => $pg_user,
auth_method => 'ident',
order => "00-01",
}
postgresql::server::pg_hba_rule { "$title - localhost access as postgres user":
description => 'Allow localhost access to postgres user',
type => 'host',
database => 'all',
user => $pg_user,
address => "127.0.0.1/32",
auth_method => 'md5',
order => "00-02",
}
postgresql::server::pg_hba_rule { "$title - localhost ip6 access as postgres user":
description => 'Allow localhost access to postgres user',
type => 'host',
database => 'all',
user => $pg_user,
address => "::1/128",
auth_method => 'md5',
order => "00-03",
target => "$pg_path/pg_hba.conf",
postgresql_version => "10",
}
postgresql::server::pg_hba_rule { "$title - deny access to postgresql user":
description => 'Deny remote access to postgres user',
type => 'host',
database => 'all',
user => $pg_user,
address => "0.0.0.0/0",
auth_method => 'reject',
order => "00-04",
}
postgresql::server::pg_hba_rule { "$title - local access":
description => 'Allow local access with password',
type => 'local',
database => 'all',
user => 'all',
auth_method => 'md5',
order => "10-01",
}
postgresql::server::pg_hba_rule { "$title - local access with same name":
description => 'Allow local access with same name',
type => 'local',
database => 'all',
user => 'all',
auth_method => 'ident',
order => "10-02",
}
}
|