+++ /dev/null
-# This resource manages an individual rule that applies to the file defined in
-# $target.
-define postgresql::pg_hba_rule(
- $type,
- $database,
- $user,
- $auth_method,
- $address = undef,
- $description = 'none',
- $auth_option = undef,
- $target = $postgresql::params::pg_hba_conf_path,
- $order = '150'
-) {
- include postgresql::params
-
- validate_re($type, '^(local|host|hostssl|hostnossl)$',
- "The type you specified [${type}] must be one of: local, host, hostssl, hostnosssl")
- validate_re($auth_method, '^(trust|reject|md5|crypt|password|gss|sspi|krb5|ident|peer|ldap|radius|cert|pam)$',
- "The auth_method you specified [${auth_method}] must be one of: trust, reject, md5, crypt, password, krb5, ident, ldap, pam")
-
- if($type =~ /^host/ and $address == undef) {
- fail('You must specify an address property when type is host based')
- }
-
- # This is required to make sure concat::setup is initialized first. This
- # probably points to a bug inside ripienaar-concat.
- include concat::setup
-
- # Create a rule fragment
- $fragname = "pg_hba_rule_${name}"
- concat::fragment { $fragname:
- target => $target,
- content => template('postgresql/pg_hba_rule.conf'),
- order => $order,
- owner => $::id,
- mode => '0600',
- }
-
- Class['concat::setup']->
- Concat::Fragment[$fragname]
-}