saltstack-formulas/postgres-formula
1
0
Fork 0
mirror of https://github.com/saltstack-formulas/postgres-formula.git synced 2025-04-17 10:10:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge 6f8eb6e527 into 7529300c28

Browse source
This commit is contained in:
John Kristensen 2024-03-27 14:28:41 +00:00 committed by GitHub
commit dad2136c1b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 32 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
pillar.example
View file

@ -68,10 +68,11 @@ postgres:
# databases they can access. Records take one of these forms:
#
# acls:
# - ['local', 'DATABASE', 'USER', 'METHOD']
# - ['host', 'DATABASE', 'USER', 'ADDRESS', 'METHOD']
# - ['hostssl', 'DATABASE', 'USER', 'ADDRESS', 'METHOD']
# - ['hostnossl', 'DATABASE', 'USER', 'ADDRESS', 'METHOD']
# group:
# - ['local', 'DATABASE', 'USER', 'METHOD']
# - ['host', 'DATABASE', 'USER', 'ADDRESS', 'METHOD']
# - ['hostssl', 'DATABASE', 'USER', 'ADDRESS', 'METHOD']
# - ['hostnossl', 'DATABASE', 'USER', 'ADDRESS', 'METHOD']
#
# The uppercase items must be replaced by actual values.
# METHOD could be omitted, 'md5' will be appended by default.
@ -81,10 +82,13 @@ postgres:
# If ``acls`` item value is empty ('', [], null), then the contents of
# ``pg_hba.conf`` file will not be touched at all.
acls:
- ['local', 'db0', 'connuser', 'peer map=users_as_appuser']
- ['local', 'db1', 'localUser']
- ['host', 'db2', 'remoteUser', '192.168.33.0/24']
- ['host', 'all', 'all', '127.0.0.1/32', 'md5']
db1:
- ['local', 'db0', 'connuser', 'peer map=users_as_appuser']
- ['local', 'db1', 'localUser']
db2:
- ['host', 'db2', 'remoteUser', '192.168.33.0/24']
all:
- ['host', 'all', 'all', '127.0.0.1/32', 'md5']
identity_map:
- ['users_as_appuser', 'jdoe', 'connuser']

35
postgres/templates/pg_hba.conf.j2
View file

@ -20,21 +20,26 @@ local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
{% for acl in acls %}
{%- if acl|first() == 'local' %}
{%- if acls is list -%}
{%- set acls = {'_all': acls} %}
{%- endif %}
{%- for _, group in acls|dictsort %}
{%- for acl in group %}
{%- if acl|first() == 'local' %}
{%- if acl|length() == 3 %}
{%- do acl.extend(['', 'md5']) %}
{%- elif acl|length() == 4 %}
{%- do acl.insert(3, '') %}
{%- endif %}
{%- else %}
{%- if acl|length() == 4 %}
{%- do acl.append('md5') %}
{%- endif %}
{%- if acl|length() == 3 %}
{%- do acl.extend(['', 'md5']) %}
{%- elif acl|length() == 4 %}
{%- do acl.insert(3, '') %}
{%- endif %}
{%- else %}
{%- if acl|length() == 4 %}
{%- do acl.append('md5') %}
{%- endif %}
{%- endif %}
{{ '{0:<7} {1:<15} {2:<15} {3:<23} {4}'.format(*acl) }}
{% endfor %}
{%- endfor %}
{%- endfor %}