Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server hba_configuration not overwritable #49

Open
j15e opened this issue Apr 3, 2019 · 1 comment
Open

Server hba_configuration not overwritable #49

j15e opened this issue Apr 3, 2019 · 1 comment

Comments

@j15e
Copy link

j15e commented Apr 3, 2019

The README states :

Server attributes are starting from ["postgresql"]["defaults"] and used as default attributes for postgresql provider. You should not override this defaults, you can pass your settings to provider instead.

Okay fine for config flags - but I think there is a problem with the hba configurations if we follow that thinking. We can't overwrite defaults hba permissions the recipe provide.

The hba_configuration configuration is merged with the defaults, not overwritten :

postgresql_lwrp/resources/default.rb

Lines 53 to 54 in 6b8d583

hba_configuration = node['postgresql']['defaults']['server']['hba_configuration'] | new_resource.hba_configuration
ident_configuration = node['postgresql']['defaults']['server']['ident_configuration'] | new_resource.ident_configuration

So you can't actually remove or replace any of the defaults entries from pg_hba.conf. I think theses configurations setup should be a || not | with the resource specific config.

In the examples where it looks to me like the provided hba_configuration inside the postgresql 'main' do block should be the ending result :

  hba_configuration(
    [
      { type: 'host', database: 'all', user: 'all', address: '192.168.0.0/24', method: 'md5' },
      { type: 'host', database: 'replication', user: 'postgres', address: '192.168.0.2/32', method: 'trust' }
    ]
  )

But I end up with that config plus all the defaults :

postgresql_lwrp/attributes/server.rb

Lines 55 to 60 in 6b8d583

default['postgresql']['defaults']['server']['hba_configuration'] = [
{ type: 'local', database: 'all', user: 'postgres', address: '', method: 'peer' },
{ type: 'local', database: 'all', user: 'all', address: '', method: 'peer' },
{ type: 'host', database: 'all', user: 'all', address: '127.0.0.1/32', method: 'md5' },
{ type: 'host', database: 'all', user: 'all', address: '::1/128', method: 'md5' },
]

@dragonsmith
Copy link
Collaborator

Hey @j15e

Thanks for pointing that out! I'll take a look at the problem during the next week! Will post an update or questions here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@j15e @dragonsmith