X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=3rdparty%2Fmodules%2Fpostgresql%2Fmanifests%2Fpg_hba_rule.pp;fp=3rdparty%2Fmodules%2Fpostgresql%2Fmanifests%2Fpg_hba_rule.pp;h=5abb8855e2db8b3611d3f76c3523b3e18c274667;hb=a29c0d1b4d2420aeb3ef6acf66feb00709dd2652;hp=0000000000000000000000000000000000000000;hpb=d98d8ae49a60547132c555f3669f3b9ae6a666bd;p=mirror%2Fdsa-puppet.git

diff --git a/3rdparty/modules/postgresql/manifests/pg_hba_rule.pp b/3rdparty/modules/postgresql/manifests/pg_hba_rule.pp
new file mode 100644
index 000000000..5abb8855e
--- /dev/null
+++ b/3rdparty/modules/postgresql/manifests/pg_hba_rule.pp
@@ -0,0 +1,41 @@
+# This resource manages an individual rule that applies to the file defined in
+# $target.
+define postgresql::pg_hba_rule(
+  $type,
+  $database,
+  $user,
+  $auth_method,
+  $address = undef,
+  $description = 'none',
+  $auth_option = undef,
+  $target = $postgresql::params::pg_hba_conf_path,
+  $order = '150'
+) {
+  include postgresql::params
+
+  validate_re($type, '^(local|host|hostssl|hostnossl)$',
+    "The type you specified [${type}] must be one of: local, host, hostssl, hostnosssl")
+  validate_re($auth_method, '^(trust|reject|md5|crypt|password|gss|sspi|krb5|ident|peer|ldap|radius|cert|pam)$',
+    "The auth_method you specified [${auth_method}] must be one of: trust, reject, md5, crypt, password, krb5, ident, ldap, pam")
+
+  if($type =~ /^host/ and $address == undef) {
+    fail('You must specify an address property when type is host based')
+  }
+
+  # This is required to make sure concat::setup is initialized first. This
+  # probably points to a bug inside ripienaar-concat.
+  include concat::setup
+
+  # Create a rule fragment
+  $fragname = "pg_hba_rule_${name}"
+  concat::fragment { $fragname:
+    target  => $target,
+    content => template('postgresql/pg_hba_rule.conf'),
+    order   => $order,
+    owner   => $::id,
+    mode    => '0600',
+  }
+
+  Class['concat::setup']->
+    Concat::Fragment[$fragname]
+}