give access to the PG ddtp cluster to the ddtp role

diff --git a/data/common.yaml b/data/common.yaml
index ed9fdc2..cee2ca0 100644 (file)
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -55,6 +55,9 @@ roles::buildd_master::params::db_port: 5436
 roles::buildd_master::qa_buildlogchecks_db_address: bmdb1.debian.org
 roles::buildd_master::qa_buildlogchecks_db_port: 5435
 
+roles::ddtp::db_address: danzi.debian.org
+roles::ddtp::db_port: 5437
+
 roles::debconf_wafer::db_address: danzi.debian.org
 roles::debconf_wafer::db_port: 5434
 

diff --git a/modules/roles/manifests/ddtp.pp b/modules/roles/manifests/ddtp.pp
index e18f4e3..6398d2a 100644 (file)
--- a/modules/roles/manifests/ddtp.pp
+++ b/modules/roles/manifests/ddtp.pp
@@ -1,6 +1,11 @@
 # ddtp.debian.org service
 #
-class roles::ddtp {
+# @param db_address     hostname of the postgres server for this service
+# @param db_port        port of the postgres server for this service
+class roles::ddtp (
+  String  $db_address,
+  Integer $db_port,
+) {
   include apache2
 
   ssl::service { 'ddtp.debian.org':
@@ -8,4 +13,12 @@ class roles::ddtp {
     key    => true,
   }
   onion::service { 'ddtp.debian.org': port => 80, target_address => 'ddtp.debian.org', target_port => 80, direct => true }
+
+  @@postgres::cluster::hba_entry { "ddtp-${::fqdn}":
+    tag      => "postgres::cluster::${db_port}::hba::${db_address}",
+    pg_port  => $db_port,
+    database => ['ddtp'],
+    user     => 'ddtp',
+    address  => $base::public_addresses,
+  }
 }