--- /dev/null
+# This resource manages an individual rule that applies to the file defined in
+# $target.
+define postgresql::pg_hba_rule(
+ $type,
+ $database,
+ $user,
+ $auth_method,
+ $address = undef,
+ $description = 'none',
+ $auth_option = undef,
+ $target = $postgresql::params::pg_hba_conf_path,
+ $order = '150'
+) {
+ include postgresql::params
+
+ validate_re($type, '^(local|host|hostssl|hostnossl)$',
+ "The type you specified [${type}] must be one of: local, host, hostssl, hostnosssl")
+ validate_re($auth_method, '^(trust|reject|md5|crypt|password|gss|sspi|krb5|ident|peer|ldap|radius|cert|pam)$',
+ "The auth_method you specified [${auth_method}] must be one of: trust, reject, md5, crypt, password, krb5, ident, ldap, pam")
+
+ if($type =~ /^host/ and $address == undef) {
+ fail('You must specify an address property when type is host based')
+ }
+
+ # This is required to make sure concat::setup is initialized first. This
+ # probably points to a bug inside ripienaar-concat.
+ include concat::setup
+
+ # Create a rule fragment
+ $fragname = "pg_hba_rule_${name}"
+ concat::fragment { $fragname:
+ target => $target,
+ content => template('postgresql/pg_hba_rule.conf'),
+ order => $order,
+ owner => $::id,
+ mode => '0600',
+ }
+
+ Class['concat::setup']->
+ Concat::Fragment[$fragname]
+}