update postgresql.conf with SSL settings

manifests/params.pp

@@ -14,6 +14,10 @@
 # @param [String] pl_listen_address which address should the service listen on
 # @param [String] pl_listen_port which port should the service listen on
 # @param [String] pl_max_conn maximum connections the service will accept
+# @param [Boolean] pl_ssl_enabled whether SSL is enabled (true) or disabled (false)
+# @param [String] pl_server_crt the name of the server cert
+# @param [String] pl_server_key the name of the server key
+# @param [String] pl_ca_crt the name of the CA  crt
 # @summary Class contains all parameters for the postgresql_cd module.
 ##############################################################################
 class postgresql_cd::params (
@@ -35,6 +39,10 @@ class postgresql_cd::params (
   String $pl_listen_address       = '*',
   String $pl_listen_port          = '5432',
   String $pl_max_conn             = '100',
+  Boolean $pl_ssl_enabled         = false,
+  String $pl_server_crt           = 'server.crt',
+  String $pl_server_key           = 'server.key',
+  String $pl_ca_crt               = 'root.crt',
 
 ) {
   $fqdn                     = $facts['networking']['fqdn']

templates/postgresql.conf.erb

@@ -95,11 +95,17 @@ max_connections     = <%= @pl_max_conn %>
 
 # - SSL -
 
-#ssl = off
-#ssl_ca_file = ''
-#ssl_cert_file = 'server.crt'
+<% if @pl_ssl_enabled == true -%>
+ssl 			= on
+ssl_ca_file 	= '<%= @pl_ca_crt -%>'
+ssl_cert_file 	= '<%= @pl_server_crt -%>'
+ssl_key_file 	= '<%= @pl_server_key -%>'
+<% end -%>
+<% if @pl_ssl_enabled != true -%>
+ssl = off
+<% end -%>
+
 #ssl_crl_file = ''
-#ssl_key_file = 'server.key'
 #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
 #ssl_prefer_server_ciphers = on
 #ssl_ecdh_curve = 'prime256v1'