From b816d95a59454471d9b117109e25d64e9082978f Mon Sep 17 00:00:00 2001
From: Matt Zagrabelny <mzagrabe@d.umn.edu>
Date: Sun, 6 Oct 2024 08:42:43 -0500
Subject: [PATCH] Remove upstream-breaking REVOKE CONNECT * FROM public

The default installation of Pg allows public to connect - given proper pg_hba entries. The REVOKE subltely breaks expected usage.
---
 manifests/server/database.pp | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/manifests/server/database.pp b/manifests/server/database.pp
index 48cd44103b..379a9cdddc 100644
--- a/manifests/server/database.pp
+++ b/manifests/server/database.pp
@@ -52,7 +52,6 @@
     undef   => '',
     default => "LC_COLLATE = '${locale}' LC_CTYPE = '${locale}'",
   }
-  $public_revoke_privilege = 'CONNECT'
 
   $template_option = $template ? {
     undef   => '',
@@ -75,12 +74,6 @@
     require => Postgresql::Server::Instance::Service[$instance],
   }
 
-  # This will prevent users from connecting to the database unless they've been
-  #  granted privileges.
-  ~> postgresql_psql { "REVOKE ${public_revoke_privilege} ON DATABASE \"${dbname}\" FROM public":
-    refreshonly => true,
-  }
-
   Postgresql_psql["CREATE DATABASE \"${dbname}\""]
   -> postgresql_psql { "UPDATE pg_database SET datistemplate = ${istemplate} WHERE datname = '${dbname}'":
     unless => "SELECT 1 FROM pg_database WHERE datname = '${dbname}' AND datistemplate = ${istemplate}",