No OneTemporary
Actions

Size

7 KB

Subscribers

None

View Options

	diff --git a/manifests/server/pg_hba_rule.pp b/manifests/server/pg_hba_rule.pp
	index 3abd6c8..dce58a0 100644
	--- a/manifests/server/pg_hba_rule.pp
	+++ b/manifests/server/pg_hba_rule.pp
	@@ -1,60 +1,61 @@
	# This resource manages an individual rule that applies to the file defined in
	# $target. See README.md for more details.
	define postgresql::server::pg_hba_rule(
	Enum['local', 'host', 'hostssl', 'hostnossl'] $type,
	String $database,
	String $user,
	String $auth_method,
	Optional[String] $address = undef,
	String $description = 'none',
	Optional[String] $auth_option = undef,
	Variant[String, Integer] $order = 150,

	# Needed for testing primarily, support for multiple files is not really
	# working.
	Stdlib::Absolutepath $target = $postgresql::server::pg_hba_conf_path,
	String $postgresql_version = $postgresql::server::_version
	) {

	#Allow users to manage pg_hba.conf even if they are not managing the whole PostgreSQL instance
	if !defined( 'postgresql::server' ) {
	$manage_pg_hba_conf = true
	}
	else {
	$manage_pg_hba_conf = $postgresql::server::manage_pg_hba_conf
	}

	if $manage_pg_hba_conf == false {
	fail('postgresql::server::manage_pg_hba_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests')
	} else {

	if($type =~ /^host/ and $address == undef) {
	fail('You must specify an address property when type is host based')
	}

	$allowed_auth_methods = $postgresql_version ? {
	+ '10' => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'],
	'9.6' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'],
	'9.5' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
	'9.4' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
	'9.3' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
	'9.2' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
	'9.1' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
	'9.0' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'radius', 'cert', 'pam'],
	'8.4' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'cert', 'pam'],
	'8.3' => ['trust', 'reject', 'md5', 'crypt', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'pam'],
	'8.2' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'ldap', 'pam'],
	'8.1' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'pam'],
	- default => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt', 'bsd']
	+ default => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt', 'bsd']
	}

	assert_type(Enum[$allowed_auth_methods], $auth_method)

	# Create a rule fragment
	$fragname = "pg_hba_rule_${name}"
	concat::fragment { $fragname:
	target => $target,
	content => template('postgresql/pg_hba_rule.conf'),
	order => $order,
	}
	}
	}
	diff --git a/spec/unit/defines/server/pg_hba_rule_spec.rb b/spec/unit/defines/server/pg_hba_rule_spec.rb
	index f657589..24ead07 100644
	--- a/spec/unit/defines/server/pg_hba_rule_spec.rb
	+++ b/spec/unit/defines/server/pg_hba_rule_spec.rb
	@@ -1,126 +1,156 @@
	require 'spec_helper'

	describe 'postgresql::server::pg_hba_rule', :type => :define do
	let :facts do
	{
	:osfamily => 'Debian',
	:operatingsystem => 'Debian',
	:operatingsystemrelease => '6.0',
	:kernel => 'Linux',
	:concat_basedir => tmpfilename('pg_hba'),
	:id => 'root',
	:path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
	}
	end
	let :title do
	'test'
	end
	let :target do
	tmpfilename('pg_hba_rule')
	end

	context 'test template 1' do
	let :pre_condition do
	<<-EOS
	class { 'postgresql::server': }
	EOS
	end

	let :params do
	{
	:type => 'host',
	:database => 'all',
	:user => 'all',
	:address => '1.1.1.1/24',
	:auth_method => 'md5',
	:target => target,
	}
	end
	it do
	is_expected.to contain_concat__fragment('pg_hba_rule_test').with({
	:content => /host\s+all\s+all\s+1\.1\.1\.1\/24\s+md5/
	})
	end
	end

	context 'test template 2' do
	let :pre_condition do
	<<-EOS
	class { 'postgresql::server': }
	EOS
	end

	let :params do
	{
	:type => 'local',
	:database => 'all',
	:user => 'all',
	:auth_method => 'ident',
	:target => target,
	}
	end
	it do
	is_expected.to contain_concat__fragment('pg_hba_rule_test').with({
	:content => /local\s+all\s+all\s+ident/
	})
	end
	end

	context 'test template 3' do
	let :pre_condition do
	<<-EOS
	class { 'postgresql::server': }
	EOS
	end

	let :params do
	{
	:type => 'host',
	:database => 'all',
	:user => 'all',
	:address => '0.0.0.0/0',
	:auth_method => 'ldap',
	:auth_option => 'foo=bar',
	:target => target,
	}
	end
	it do
	is_expected.to contain_concat__fragment('pg_hba_rule_test').with({
	:content => /host\s+all\s+all\s+0\.0\.0\.0\/0\s+ldap\s+foo=bar/
	})
	end
	end

	context 'validation' do
	context 'validate supported auth_method' do
	let :pre_condition do
	<<-EOS
	class { 'postgresql::globals':
	version => '9.2',
	}
	class { 'postgresql::server': }
	EOS
	end

	let :params do
	{
	:type => 'local',
	:database => 'all',
	:user => 'all',
	:address => '0.0.0.0/0',
	:auth_method => 'peer',
	:target => target,
	}
	end

	it do
	is_expected.to contain_concat__fragment('pg_hba_rule_test').with(
	{
	:content => /local\s+all\s+all\s+0\.0\.0\.0\/0\s+peer/
	}
	)
	end
	end

	+ context 'allows scram-sha-256 on postgres 10' do
	+ let :pre_condition do
	+ <<-EOS
	+ class { 'postgresql::globals':
	+ version => '10',
	+ }
	+ class { 'postgresql::server': }
	+ EOS
	+ end
	+
	+ let :params do
	+ {
	+ :type => 'local',
	+ :database => 'all',
	+ :user => 'all',
	+ :address => '0.0.0.0/0',
	+ :auth_method => 'scram-sha-256',
	+ :target => target,
	+ }
	+ end
	+
	+ it do
	+ is_expected.to contain_concat__fragment('pg_hba_rule_test').with(
	+ {
	+ :content => /local\s+all\s+all\s+0\.0\.0\.0\/0\s+scram-sha-256/
	+ }
	+ )
	+ end
	+ end
	+
	end
	end

File Metadata

Mime Type: text/x-diff
Expires: Mon, Aug 18, 10:36 PM (4 d, 23 h ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 3253802

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions