Using postgres 14 or 15 as a docker container, with a port in the host bind to the 5432 port of the container, with the following configuration in the pg_hba.conf file
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all trust
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
# host all all all scram-sha-256
host all test,prod samenet scram-sha-256
host all read_bi all scram-sha-256
having the postgres container in the same docker network with other two containers, all three of them with their own static ip
I understand that with such configuration i accomplish the following: i put a comment in this line to disable remote connections in general
#host all all all scram-sha-256
i allow the test and prod users to make connections from within the same server, the host holding the containers, to make connections to postgres, such users are used by other containers that use postgres to host its databases those users wouldnt be able to connect from outside the server, by example, i couldnt connect using such users with psql from a remote machine
host all test,prod samenet scram-sha-256
i allow the read_bi user to connect from a remote server to any database, such user only has select permissions over the tables of a particular database
host all read_bi all scram-sha-256
in short, with this configuration, only read_bi would be able to connect from an outside machine, test and prod would be able to connect from within their respective containers in the host server but not from a remote machine and no other user would be able to connect from a remote machine, am i correct?
i came up with the previous configuration in the pg_hba, but im not an expert and would like an expert opinion
