postgres-formula/postgres/templates/pg_hba.conf.j2

{%- from "postgres/map.jinja" import postgres with context -%}

######################################################################
# ATTENTION! Managed by SaltStack.                                   #
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN! #
######################################################################
#
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# Refer to the "Client Authentication" section in the PostgreSQL
# documentation for a complete description of this file.

# DO NOT DISABLE!
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).

# Database administrative login by Unix domain socket
local   all             postgres                                peer

# TYPE  DATABASE        USER            ADDRESS                 METHOD

{%- for acl in postgres.acls %}
  {%- if acl|first() == 'local' %}

    {%- if acl|length() == 3 %}
      {%- do acl.extend(['', 'md5']) %}
    {%- elif acl|length() == 4 %}
      {%- do acl.insert(3, '') %}
    {%- endif %}

  {%- else %}

    {%- if acl|length() == 4 %}
      {%- do acl.append('md5') %}
    {%- endif %}

  {%- endif %}
{{ '{:<8}{:<16}{:<16}{:<24}{}'.format(*acl) -}}
{% endfor %}
Better ACL handling in the `pg_hba.conf` file 2016-09-06 12:34:17 +03:00			`{%- from "postgres/map.jinja" import postgres with context -%}`

			`######################################################################`
			`# ATTENTION! Managed by SaltStack. #`
			`# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN! #`
			`######################################################################`
			`#`
			`# PostgreSQL Client Authentication Configuration File`
			`# ===================================================`
			`#`
			`# Refer to the "Client Authentication" section in the PostgreSQL`
			`# documentation for a complete description of this file.`

			`# DO NOT DISABLE!`
			`# If you change this first entry you will need to make sure that the`
			`# database superuser can access the database using some other method.`
			`# Noninteractive access to all databases is required during automatic`
			`# maintenance (custom daily cronjobs, replication, and similar tasks).`

			`# Database administrative login by Unix domain socket`
			`local all postgres peer`

			`# TYPE DATABASE USER ADDRESS METHOD`

			`{%- for acl in postgres.acls %}`
			`{%- if acl\|first() == 'local' %}`

			`{%- if acl\|length() == 3 %}`
			`{%- do acl.extend(['', 'md5']) %}`
			`{%- elif acl\|length() == 4 %}`
			`{%- do acl.insert(3, '') %}`
			`{%- endif %}`

			`{%- else %}`

			`{%- if acl\|length() == 4 %}`
			`{%- do acl.append('md5') %}`
			`{%- endif %}`

			`{%- endif %}`
			`{{ '{:<8}{:<16}{:<16}{:<24}{}'.format(*acl) -}}`
			`{% endfor %}`