From 0d2452ba09f70ff452f726ae50a3eafe0695b2dd Mon Sep 17 00:00:00 2001
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Sat, 23 Nov 2019 13:19:37 +0100
Subject: [PATCH] give access to the PG ddtp cluster to the ddtp role

---
 data/common.yaml                |  3 +++
 modules/roles/manifests/ddtp.pp | 15 ++++++++++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/data/common.yaml b/data/common.yaml
index ed9fdc241..cee2ca0fa 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -55,6 +55,9 @@ roles::buildd_master::params::db_port: 5436
 roles::buildd_master::qa_buildlogchecks_db_address: bmdb1.debian.org
 roles::buildd_master::qa_buildlogchecks_db_port: 5435
 
+roles::ddtp::db_address: danzi.debian.org
+roles::ddtp::db_port: 5437
+
 roles::debconf_wafer::db_address: danzi.debian.org
 roles::debconf_wafer::db_port: 5434
 
diff --git a/modules/roles/manifests/ddtp.pp b/modules/roles/manifests/ddtp.pp
index e18f4e3a9..6398d2a75 100644
--- a/modules/roles/manifests/ddtp.pp
+++ b/modules/roles/manifests/ddtp.pp
@@ -1,6 +1,11 @@
 # ddtp.debian.org service
 #
-class roles::ddtp {
+# @param db_address     hostname of the postgres server for this service
+# @param db_port        port of the postgres server for this service
+class roles::ddtp (
+  String  $db_address,
+  Integer $db_port,
+) {
   include apache2
 
   ssl::service { 'ddtp.debian.org':
@@ -8,4 +13,12 @@ class roles::ddtp {
     key    => true,
   }
   onion::service { 'ddtp.debian.org': port => 80, target_address => 'ddtp.debian.org', target_port => 80, direct => true }
+
+  @@postgres::cluster::hba_entry { "ddtp-${::fqdn}":
+    tag      => "postgres::cluster::${db_port}::hba::${db_address}",
+    pg_port  => $db_port,
+    database => ['ddtp'],
+    user     => 'ddtp',
+    address  => $base::public_addresses,
+  }
 }
-- 
2.20.1