From 2e652b2d93803058d3ec61a3bbe889e52d637009 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Mon, 30 Sep 2019 08:07:51 +0200
Subject: [PATCH] udd: no ssl needed on localhost

---
 .../buildd_master/db_guest_access.pp          | 25 +++++++++++--------
 modules/roles/manifests/udd.pp                |  5 ++--
 .../roles/manifests/udd/db_guest_access.pp    | 25 +++++++++++--------
 3 files changed, 31 insertions(+), 24 deletions(-)

diff --git a/modules/roles/manifests/buildd_master/db_guest_access.pp b/modules/roles/manifests/buildd_master/db_guest_access.pp
index f2c24a4be..bf77a37c2 100644
--- a/modules/roles/manifests/buildd_master/db_guest_access.pp
+++ b/modules/roles/manifests/buildd_master/db_guest_access.pp
@@ -1,22 +1,25 @@
 # wanna-build guest access to DB
 #
-# @param db_address     hostname of the postgres server for this service
-# @param db_port        port of the postgres server for this service
-# @param database       list of databases to give access to
-# @param address        hosts to give access
+# @param db_address       hostname of the postgres server for this service
+# @param db_port          port of the postgres server for this service
+# @param database         list of databases to give access to
+# @param address          hosts to give access
+# @param connection_type  connection type
 class roles::buildd_master::db_guest_access (
   String  $db_address     = $roles::buildd_master::params::db_address,
   Integer $db_port        = $roles::buildd_master::params::db_port,
   Array[String] $database = ['wanna-build'],
+  Enum['local', 'host', 'hostssl'] $connection_type = 'hostssl',
   Optional[Variant[Stdlib::IP::Address, Array[Stdlib::IP::Address]]] $address = $base::public_addresses,
 ) inherits roles::buildd_master::params {
   @@postgres::cluster::hba_entry { "buildd_master-guest-${::fqdn}":
-    tag      => "postgres::cluster::${db_port}::hba::${db_address}",
-    pg_port  => $db_port,
-    database => $database,
-    user     => 'guest',
-    address  => $address,
-    method   => 'trust',
-    order    => '25',
+    tag             => "postgres::cluster::${db_port}::hba::${db_address}",
+    pg_port         => $db_port,
+    database        => $database,
+    user            => 'guest',
+    address         => $address,
+    connection_type => $connection_type,
+    method          => 'trust',
+    order           => '25',
   }
 }
diff --git a/modules/roles/manifests/udd.pp b/modules/roles/manifests/udd.pp
index 16c8b9f33..7aebd398e 100644
--- a/modules/roles/manifests/udd.pp
+++ b/modules/roles/manifests/udd.pp
@@ -12,7 +12,8 @@ class roles::udd {
   include roles::buildd_master::db_guest_access
 
   class { 'roles::udd::db_guest_access':
-    database => ['udd', 'udd-dev'],
-    address  => ['127.0.0.1', '::1'],
+    database        => ['udd', 'udd-dev'],
+    address         => ['127.0.0.1', '::1'],
+    connection_type => 'host',
   }
 }
diff --git a/modules/roles/manifests/udd/db_guest_access.pp b/modules/roles/manifests/udd/db_guest_access.pp
index 773b5d741..4dc8f02e2 100644
--- a/modules/roles/manifests/udd/db_guest_access.pp
+++ b/modules/roles/manifests/udd/db_guest_access.pp
@@ -1,22 +1,25 @@
 # udd guest access to DB
 #
-# @param db_address     hostname of the postgres server for this service
-# @param db_port        port of the postgres server for this service
-# @param database       list of databases to give access to
-# @param address        hosts to give access
+# @param db_address       hostname of the postgres server for this service
+# @param db_port          port of the postgres server for this service
+# @param database         list of databases to give access to
+# @param address          hosts to give access
+# @param connection_type  connection type
 class roles::udd::db_guest_access (
   String  $db_address     = $roles::udd::params::db_address,
   Integer $db_port        = $roles::udd::params::db_port,
   Array[String] $database = ['udd'],
+  Enum['local', 'host', 'hostssl'] $connection_type = 'hostssl',
   Optional[Variant[Stdlib::IP::Address, Array[Stdlib::IP::Address]]] $address = $base::public_addresses,
 ) inherits roles::udd::params {
   @@postgres::cluster::hba_entry { "udd-guest-${::fqdn}":
-    tag      => "postgres::cluster::${db_port}::hba::${db_address}",
-    pg_port  => $db_port,
-    database => $database,
-    user     => 'guest',
-    address  => $address,
-    method   => 'trust',
-    order    => '25',
+    tag             => "postgres::cluster::${db_port}::hba::${db_address}",
+    pg_port         => $db_port,
+    database        => $database,
+    user            => 'guest',
+    address         => $address,
+    connection_type => $connection_type,
+    method          => 'trust',
+    order           => '25',
   }
 }
-- 
2.20.1