confdroid/confdroid_postgresql
3
0
Fork 0
Code Wiki Activity

add pg_hba rules

Browse Source
This commit is contained in:
Arne Teuke
2025-09-28 15:47:55 +02:00
parent 95347b22bf
commit 73214a1128
7 changed files with 123 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
manifests/server/pghba/pg_hba.pp Normal file
View File

@@ -0,0 +1,55 @@
## postgresql_cd::server::pg_hba.pp
# Module name: postgresql_cd
# Author: Arne Teuke (arne_teuke@puppetsoft.com)
# @summary Class manages pg_hba.conf file and line entries through define
# pg_hba_rule.pp
# @example postgresql_cd::server::pghba::pg_hba_rule { 'local access for role postgres':
# psql_auth_type => 'local',
# psql_auth_database => 'all',
# psql_auth_user => 'postgres',
# psql_auth_method => 'trust',
# psql_auth_order => '001',
# psql_auth_option => '',
# }
##############################################################################
class postgresql_cd::server::pghba::pg_hba (
) inherits postgresql_cd::params {
if $fqdn == $pl_server_fqdn {
# create the pg_hba.conf file
concat { $pl_pg_hba_conf:
ensure => present,
owner => 'postgres',
mode => '0640',
notify => Service[$pl_service],
}
# manage file header
concat::fragment { 'header':
target => $pl_pg_hba_conf,
content => template($pl_pg_hba_conf_erb),
order => '000',
}
# manage default rules => should go into external config set
# postgresql_cd::server::pghba::pg_hba_rule { 'local access for role postgres':
# psql_auth_type => 'local',
# psql_auth_database => 'all',
# psql_auth_user => $ql_user_name,
# psql_auth_method => 'trust',
# psql_auth_order => '001',
# psql_auth_option => $ql_auth_option,
# }
# postgresql_cd::server::pghba::pg_hba_rule { 'local access for all roles':
# psql_auth_type => 'local',
# psql_auth_database => 'all',
# psql_auth_user => 'all',
# psql_auth_method => 'trust',
# psql_auth_order => '002',
# psql_auth_option => $pl_auth_option,
# }
}
}

45
manifests/server/pghba/pg_hba_rule.ppp Normal file
View File

@@ -0,0 +1,45 @@
## postgresql_cd::server::pghba::pg_hba_rule
# Module name: postgresql_cd
# Author: Arne Teuke (arne_teuke@puppetsoft.com)
# @summary define manages rule entries for pg_hba configuration file
# @see https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html
# @param [string] pl_auth_type Specify the authentication type, can be
# 'local', 'host', 'hostssl' or 'hostnossl'.
# @param [string] pl_auth_database Specify the database for the connection
# @param [string] pl_auth_user Specify the user for the connection
# @param [string] pl_auth_address SPecify IP address or FQDN for the
# connection, i.e. where to connect FROM.
# @param [string] pl_auth_method Specify the auth method, can be 'trust',
# 'reject', 'md5' , 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap',
# 'radius', 'cert', 'pam','bsd'
# @param [string] pl_auth_option After the auth-method field, there can be
# field(s) of the form name=value that specify options for the authentication
# method.
# @param [string] pl_auth_order Specify the order in which the entry should
# appear on the list. Lower orders are higher on the list.
# @param [string] pl_auth_description Specify a description for the entry.
##############################################################################
define postgresql_cd::server::pghba::pg_hba_rule (
Optional[String] $pl_auth_type = undef,
Optional[String] $pl_auth_database = undef,
Optional[String] $pl_auth_user = undef,
Optional[String] $pl_auth_address = undef,
Optional[String] $pl_auth_method = undef,
Optional[String] $pl_auth_option = undef,
Optional[String] $pl_auth_order = undef,
Optional[String] $pl_auth_description = undef,
) {
$pl_pg_hba_conf = $postgresql_cd::params::pl_pg_hba_conf
$pl_pg_hba_rule_conf = $postgresql_cd::params::pl_pg_hba_rule_conf
$pl_data_dir = $postgresql_cd::params::pl_data_dir
# create rule fragment
concat::fragment { "pl_rule_${name}":
target => $pl_pg_hba_conf,
content => template($pl_pg_hba_rule_conf),
order => $pl_auth_order,
}
}