Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Add support for an ACL before the default ones.

In some cases, you may want to put entires such as:

    local   all     all     md5

in the ACL files. This would need to go *before* any other entries
specifying the 'ident' mechanism.

Closes: #16
  • Loading branch information...
commit 993ac6f8613bbd966f1bba35400197df8bf2da05 1 parent 8ef9435
@akumria authored
Showing with 8 additions and 2 deletions.
  1. +3 −2 README.md
  2. +1 −0  manifests/server.pp
  3. +4 −0 templates/pg_hba.conf.erb
View
5 README.md
@@ -44,11 +44,12 @@ on the Internet.
class {'postgresql::server':
listen => ['192.168.0.1', ],
port => 5432,
- acl => ['host all all 192.168.0.2/32 md5', ],
+ acl => ['host all all 192.168.0.2/32 md5', ],
}
Refer to the [pg_hba.conf docs](http://www.postgresql.org/docs/devel/static/auth-pg-hba-conf.html) for
-the specifics of what each possible ACL field can be set to.
+the specifics of what each possible ACL field can be set to. In some situations you made need to insert
+the ACL in front of any existing one. The variable `preacl` exists for this purpose.
To create a database owned by a user
View
1  manifests/server.pp
@@ -9,6 +9,7 @@
$ssl_cert_file = $postgresql::params::ssl_cert_file,
$ssl_crl_file = $postgresql::params::ssl_crl_file,
$ssl_key_file = $postgresql::params::ssl_key_file,
+ $preacl = [],
$acl = []
) inherits postgresql::params {
View
4 templates/pg_hba.conf.erb
@@ -85,6 +85,10 @@
local all postgres ident
# TYPE DATABASE USER ADDRESS METHOD
+# site-specific pre access control list
+<% preacl.each do |entry| -%>
+<%= entry %>
+<% end -%>
# "local" is for Unix domain socket connections only
local all all ident
Please sign in to comment.
Something went wrong with that request. Please try again.