# @param address hosts that match
# @param method auth method
# @param order ordering of this entry in pg_hba.conf
+# @param firewall also add a firewall rule
define postgres::cluster::hba_entry (
Optional[Integer] $pg_port = undef,
Optional[String] $pg_cluster = undef,
Optional[String] $pg_version = undef,
- Enum['local', 'hostssl'] $connection_type = 'hostssl',
+ Enum['local', 'host', 'hostssl'] $connection_type = 'hostssl',
Variant[String,Array[String]] $database = 'sameuser',
Variant[String,Array[String]] $user = 'all',
Optional[Variant[Stdlib::IP::Address, Array[Stdlib::IP::Address]]] $address = undef,
Enum['md5', 'trust'] $method = 'md5',
String $order = '50',
+ Boolean $firewall = true,
) {
- $address_methods = ['md5']
+ $address_methods = ['md5', 'trust']
if $method in $address_methods {
if !$address {
fail("Authentication method ${method} needs an address")
}
}
+ # get remaining cluster info and verify consistency
+ ###
$clusters = $facts['postgresql_clusters']
if $pg_port {
$filtered = $clusters.filter |$cluster| { $cluster['port'] == $pg_port }
if $pg_cluster and $pg_cluster != $real_cluster {
fail("Inconsisten cluster name information: ${pg_cluster} != ${real_cluster}")
}
+ ###
- if ($address) {
+ if ($address and $firewall) {
ferm::rule::simple { "postgres::cluster::hba_entry::${name}":
description => "allow access to pg${real_version}/${real_cluster}: ${name}",
saddr => $address,
projects / mirror / dsa-puppet.git / blobdiff