puppetlabs · eputnam · Dec 7, 2017 · Nov 30, 2017
diff --git a/manifests/server/pg_hba_rule.pp b/manifests/server/pg_hba_rule.pp
@@ -33,6 +33,7 @@
     }
 
     $allowed_auth_methods = $postgresql_version ? {
+      '10'  => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'],
       '9.6' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'],
       '9.5' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
       '9.4' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
@@ -44,7 +45,7 @@
       '8.3' => ['trust', 'reject', 'md5', 'crypt', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'pam'],
       '8.2' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'ldap', 'pam'],
       '8.1' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'pam'],
-      default => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt', 'bsd']
+      default => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt', 'bsd']
     }
 
     assert_type(Enum[$allowed_auth_methods], $auth_method)

diff --git a/spec/unit/defines/server/pg_hba_rule_spec.rb b/spec/unit/defines/server/pg_hba_rule_spec.rb
@@ -122,5 +122,35 @@ class { 'postgresql::server': }
       end
     end
 
+    context 'allows scram-sha-256 on postgres 10' do
+      let :pre_condition do
+        <<-EOS
+          class { 'postgresql::globals':
+            version => '10',
+          }
+          class { 'postgresql::server': }
+        EOS
+      end
+
+      let :params do
+        {
+          :type => 'local',
+          :database => 'all',
+          :user => 'all',
+          :address => '0.0.0.0/0',
+          :auth_method => 'scram-sha-256',
+          :target => target,
+        }
+      end
+
+      it do
+        is_expected.to contain_concat__fragment('pg_hba_rule_test').with(
+          {
+           :content => /local\s+all\s+all\s+0\.0\.0\.0\/0\s+scram-sha-256/
+          }
+        )
+      end
+    end
+
   end
 end