# @param address hosts that match
# @param method auth method
# @param order ordering of this entry in pg_hba.conf
+# @param firewall also add a firewall rule
define postgres::cluster::hba_entry (
Optional[Integer] $pg_port = undef,
Optional[String] $pg_cluster = undef,
Optional[String] $pg_version = undef,
- Enum['local', 'hostssl'] $connection_type = 'hostssl',
+ Enum['local', 'host', 'hostssl'] $connection_type = 'hostssl',
Variant[String,Array[String]] $database = 'sameuser',
Variant[String,Array[String]] $user = 'all',
Optional[Variant[Stdlib::IP::Address, Array[Stdlib::IP::Address]]] $address = undef,
Enum['md5', 'trust'] $method = 'md5',
String $order = '50',
+ Boolean $firewall = true,
) {
- $address_methods = ['md5']
+ $address_methods = ['md5', 'trust']
if $method in $address_methods {
if !$address {
fail("Authentication method ${method} needs an address")
}
###
- if ($address) {
+ if ($address and $firewall) {
ferm::rule::simple { "postgres::cluster::hba_entry::${name}":
description => "allow access to pg${real_version}/${real_cluster}: ${name}",
saddr => $address,