No OneTemporary
Actions

Size

8 KB

Subscribers

None

View Options

	diff --git a/manifests/server/pg_hba_rule.pp b/manifests/server/pg_hba_rule.pp
	index 77aee0b..92f2e23 100644
	--- a/manifests/server/pg_hba_rule.pp
	+++ b/manifests/server/pg_hba_rule.pp
	@@ -1,52 +1,53 @@
	# This resource manages an individual rule that applies to the file defined in
	# $target. See README.md for more details.
	define postgresql::server::pg_hba_rule(
	$type,
	$database,
	$user,
	$auth_method,
	$address = undef,
	$description = 'none',
	$auth_option = undef,
	$order = '150',

	# Needed for testing primarily, support for multiple files is not really
	# working.
	$target = $postgresql::server::pg_hba_conf_path
	) {

	if $postgresql::server::manage_pg_hba_conf == false {
	fail('postgresql::server::manage_pg_hba_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests')
	} else {
	validate_re($type, '^(local\|host\|hostssl\|hostnossl)$',
	"The type you specified [${type}] must be one of: local, host, hostssl, hostnosssl")

	if($type =~ /^host/ and $address == undef) {
	fail('You must specify an address property when type is host based')
	}

	$allowed_auth_methods = $postgresql::server::_version ? {
	- '9.3' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
	- '9.2' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
	- '9.1' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
	- '9.0' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'radius', 'cert', 'pam'],
	- '8.4' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'cert', 'pam'],
	- '8.3' => ['trust', 'reject', 'md5', 'sha1', 'crypt', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'pam'],
	+ '9.4' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
	+ '9.3' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
	+ '9.2' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
	+ '9.1' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
	+ '9.0' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'radius', 'cert', 'pam'],
	+ '8.4' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'cert', 'pam'],
	+ '8.3' => ['trust', 'reject', 'md5', 'crypt', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'pam'],
	'8.2' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'ldap', 'pam'],
	'8.1' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'pam'],
	default => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt']
	}

	$auth_method_regex = join(['^(', join($allowed_auth_methods, '\|'), ')$'],'')
	validate_re($auth_method, $auth_method_regex,
	join(["The auth_method you specified [${auth_method}] must be one of: ", join($allowed_auth_methods, ', ')],''))

	# Create a rule fragment
	$fragname = "pg_hba_rule_${name}"
	concat::fragment { $fragname:
	target => $target,
	content => template('postgresql/pg_hba_rule.conf'),
	order => $order,
	}
	}
	}
	diff --git a/spec/unit/defines/server/pg_hba_rule_spec.rb b/spec/unit/defines/server/pg_hba_rule_spec.rb
	index aa3a15d..f36d27d 100644
	--- a/spec/unit/defines/server/pg_hba_rule_spec.rb
	+++ b/spec/unit/defines/server/pg_hba_rule_spec.rb
	@@ -1,198 +1,198 @@
	require 'spec_helper'

	describe 'postgresql::server::pg_hba_rule', :type => :define do
	let :facts do
	{
	:osfamily => 'Debian',
	:operatingsystem => 'Debian',
	:operatingsystemrelease => '6.0',
	:kernel => 'Linux',
	:concat_basedir => tmpfilename('pg_hba'),
	:id => 'root',
	:path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
	}
	end
	let :title do
	'test'
	end
	let :target do
	tmpfilename('pg_hba_rule')
	end

	context 'test template 1' do
	let :pre_condition do
	<<-EOS
	class { 'postgresql::server': }
	EOS
	end

	let :params do
	{
	:type => 'host',
	:database => 'all',
	:user => 'all',
	:address => '1.1.1.1/24',
	:auth_method => 'md5',
	:target => target,
	}
	end
	it do
	is_expected.to contain_concat__fragment('pg_hba_rule_test').with({
	:content => /host\s+all\s+all\s+1\.1\.1\.1\/24\s+md5/
	})
	end
	end

	context 'test template 2' do
	let :pre_condition do
	<<-EOS
	class { 'postgresql::server': }
	EOS
	end

	let :params do
	{
	:type => 'local',
	:database => 'all',
	:user => 'all',
	:auth_method => 'ident',
	:target => target,
	}
	end
	it do
	is_expected.to contain_concat__fragment('pg_hba_rule_test').with({
	:content => /local\s+all\s+all\s+ident/
	})
	end
	end

	context 'test template 3' do
	let :pre_condition do
	<<-EOS
	class { 'postgresql::server': }
	EOS
	end

	let :params do
	{
	:type => 'host',
	:database => 'all',
	:user => 'all',
	:address => '0.0.0.0/0',
	:auth_method => 'ldap',
	:auth_option => 'foo=bar',
	:target => target,
	}
	end
	it do
	is_expected.to contain_concat__fragment('pg_hba_rule_test').with({
	:content => /host\s+all\s+all\s+0\.0\.0\.0\/0\s+ldap\s+foo=bar/
	})
	end
	end

	context 'validation' do
	context 'validate type test 1' do
	let :pre_condition do
	<<-EOS
	class { 'postgresql::server': }
	EOS
	end

	let :params do
	{
	:type => 'invalid',
	:database => 'all',
	:user => 'all',
	:address => '0.0.0.0/0',
	:auth_method => 'ldap',
	:target => target,
	}
	end
	it 'should fail parsing when type is not valid' do
	expect { catalogue }.to raise_error(Puppet::Error,
	/The type you specified \[invalid\] must be one of/)
	end
	end

	context 'validate auth_method' do
	let :pre_condition do
	<<-EOS
	class { 'postgresql::server': }
	EOS
	end

	let :params do
	{
	:type => 'local',
	:database => 'all',
	:user => 'all',
	:address => '0.0.0.0/0',
	:auth_method => 'invalid',
	:target => target,
	}
	end

	it 'should fail parsing when auth_method is not valid' do
	expect { catalogue }.to raise_error(Puppet::Error,
	/The auth_method you specified \[invalid\] must be one of/)
	end
	end

	context 'validate unsupported auth_method' do
	let :pre_condition do
	<<-EOS
	class { 'postgresql::globals':
	version => '9.0',
	}
	class { 'postgresql::server': }
	EOS
	end

	let :params do
	{
	:type => 'local',
	:database => 'all',
	:user => 'all',
	:address => '0.0.0.0/0',
	:auth_method => 'peer',
	:target => target,
	}
	end

	it 'should fail parsing when auth_method is not valid' do
	expect { catalogue }.to raise_error(Puppet::Error,
	- /The auth_method you specified \[peer\] must be one of: trust, reject, md5, sha1, password, gss, sspi, krb5, ident, ldap, radius, cert, pam/)
	+ /The auth_method you specified \[peer\] must be one of: trust, reject, md5, password, gss, sspi, krb5, ident, ldap, radius, cert, pam/)
	end
	end

	context 'validate supported auth_method' do
	let :pre_condition do
	<<-EOS
	class { 'postgresql::globals':
	version => '9.2',
	}
	class { 'postgresql::server': }
	EOS
	end

	let :params do
	{
	:type => 'local',
	:database => 'all',
	:user => 'all',
	:address => '0.0.0.0/0',
	:auth_method => 'peer',
	:target => target,
	}
	end

	it do
	is_expected.to contain_concat__fragment('pg_hba_rule_test').with({
	:content => /local\s+all\s+all\s+0\.0\.0\.0\/0\s+peer/
	})
	end
	end

	end
	end

File Metadata

Mime Type: text/x-diff
Expires: Mon, Aug 18, 7:40 PM (6 d, 2 h ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 3335627

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions