From 2c1dc3f8adffea3de0879c9b23e73e0f56f74447 Mon Sep 17 00:00:00 2001
From: Simon Hoenscheid <simon@hoenscheid-itconsulting.com>
Date: Mon, 3 Jul 2023 16:27:21 +0200
Subject: [PATCH] unique pg_hba roles for postgres instances

---
 manifests/server/instance/config.pp | 12 ++++++------
 spec/classes/server/config_spec.rb  |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/manifests/server/instance/config.pp b/manifests/server/instance/config.pp
index c8b17c356e..e05c55e14d 100644
--- a/manifests/server/instance/config.pp
+++ b/manifests/server/instance/config.pp
@@ -86,40 +86,40 @@
       }
 
       postgresql::server::pg_hba_rule {
-        'local access as postgres user':
+        "local access as postgres user for instance ${name}":
           type        => 'local',
           user        => $user,
           auth_method => 'ident',
           auth_option => $local_auth_option,
           order       => 1;
 
-        'local access to database with same name':
+        "local access to database with same name for instance ${name}":
           type        => 'local',
           auth_method => 'ident',
           auth_option => $local_auth_option,
           order       => 2;
 
-        'allow localhost TCP access to postgresql user':
+        "allow localhost TCP access to postgresql user for instance ${name}":
           type        => 'host',
           user        => $user,
           address     => '127.0.0.1/32',
           auth_method => 'md5',
           order       => 3;
 
-        'deny access to postgresql user':
+        "deny access to postgresql user for instance ${name}":
           type        => 'host',
           user        => $user,
           address     => $ip_mask_deny_postgres_user,
           auth_method => 'reject',
           order       => 4;
 
-        'allow access to all users':
+        "allow access to all users for instance ${name}":
           type        => 'host',
           address     => $ip_mask_allow_all_users,
           auth_method => 'md5',
           order       => 100;
 
-        'allow access to ipv6 localhost':
+        "allow access to ipv6 localhost for instance ${name}":
           type        => 'host',
           address     => '::1/128',
           auth_method => 'md5',
diff --git a/spec/classes/server/config_spec.rb b/spec/classes/server/config_spec.rb
index 8242e76e07..a44e4f107e 100644
--- a/spec/classes/server/config_spec.rb
+++ b/spec/classes/server/config_spec.rb
@@ -173,7 +173,7 @@ class { 'postgresql::server':
     end
 
     it 'has hba rule default' do
-      expect(subject).to contain_postgresql__server__pg_hba_rule('local access as postgres user')
+      expect(subject).to contain_postgresql__server__pg_hba_rule('local access as postgres user for instance main')
     end
 
     it 'has hba rule ipv4acls' do