# This resource manages an individual rule that applies to the file defined in # $target. define postgresql::pg_hba_rule( $type, $database, $user, $auth_method, $address = undef, $description = 'none', $auth_option = undef, $target = $postgresql::params::pg_hba_conf_path, $order = '150' ) { include postgresql::params validate_re($type, '^(local|host|hostssl|hostnossl)$', "The type you specified [${type}] must be one of: local, host, hostssl, hostnosssl") validate_re($auth_method, '^(trust|reject|md5|crypt|password|gss|sspi|krb5|ident|peer|ldap|radius|cert|pam)$', "The auth_method you specified [${auth_method}] must be one of: trust, reject, md5, crypt, password, krb5, ident, ldap, pam") if($type =~ /^host/ and $address == undef) { fail('You must specify an address property when type is host based') } # This is required to make sure concat::setup is initialized first. This # probably points to a bug inside ripienaar-concat. include concat::setup # Create a rule fragment $fragname = "pg_hba_rule_${name}" concat::fragment { $fragname: target => $target, content => template('postgresql/pg_hba_rule.conf'), order => $order, owner => $::id, mode => '0600', } Class['concat::setup']-> Concat::Fragment[$fragname] }