Merge pull request #941 from f3nry/master

eputnam · web-flow · commit 0aff30dfbc43 · 2017-12-06T16:36:58.000-08:00
MODULES-6194 - Add scram-sha-256 as a valid pg_hba_rule auth method
diff --git a/manifests/server/pg_hba_rule.pp b/manifests/server/pg_hba_rule.pp
@@ -33,6 +33,7 @@
     }
 
     $allowed_auth_methods = $postgresql_version ? {
+      '10'  => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'],
       '9.6' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'],
       '9.5' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
       '9.4' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
@@ -44,7 +45,7 @@
       '8.3' => ['trust', 'reject', 'md5', 'crypt', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'pam'],
       '8.2' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'ldap', 'pam'],
       '8.1' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'pam'],
-      default => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt', 'bsd']
+      default => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt', 'bsd']
     }
 
     assert_type(Enum[$allowed_auth_methods], $auth_method)
diff --git a/spec/unit/defines/server/pg_hba_rule_spec.rb b/spec/unit/defines/server/pg_hba_rule_spec.rb
@@ -122,5 +122,35 @@ class { 'postgresql::server': }
       end
     end
 
+    context 'allows scram-sha-256 on postgres 10' do
+      let :pre_condition do
+        <<-EOS
+          class { 'postgresql::globals':
+            version => '10',
+          }
+          class { 'postgresql::server': }
+        EOS
+      end
+
+      let :params do
+        {
+          :type => 'local',
+          :database => 'all',
+          :user => 'all',
+          :address => '0.0.0.0/0',
+          :auth_method => 'scram-sha-256',
+          :target => target,
+        }
+      end
+
+      it do
+        is_expected.to contain_concat__fragment('pg_hba_rule_test').with(
+          {
+           :content => /local\s+all\s+all\s+0\.0\.0\.0\/0\s+scram-sha-256/
+          }
+        )
+      end
+    end
+
   end
 end

Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,7 @@`
`33`	`33`	`}`
`34`	`34`
`35`	`35`	`$allowed_auth_methods = $postgresql_version ? {`
	`36`	`+ '10' => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'],`
`36`	`37`	`'9.6' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'],`
`37`	`38`	`'9.5' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],`
`38`	`39`	`'9.4' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],`
`@@ -44,7 +45,7 @@`
`44`	`45`	`'8.3' => ['trust', 'reject', 'md5', 'crypt', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'pam'],`
`45`	`46`	`'8.2' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'ldap', 'pam'],`
`46`	`47`	`'8.1' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'pam'],`
`47`		`- default => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt', 'bsd']`
	`48`	`+ default => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt', 'bsd']`
`48`	`49`	`}`
`49`	`50`
`50`	`51`	`assert_type(Enum[$allowed_auth_methods], $auth_method)`