I don't see any problem with this. While clients should not be trusted, this doesn't seem to increase risk.
Update the interface to request a list of CIDRs be given access.
Update the PostgreSQL charm to grant access in pg_hba.conf to the ranges.
pgbouncer does not need to be updated, as it doesn't do IP level access controllers and can just ignore the setting if the interface requests it.
I don't see any problem with this. While clients should not be trusted, this doesn't seem to increase risk.
Update the interface to request a list of CIDRs be given access.
Update the PostgreSQL charm to grant access in pg_hba.conf to the ranges.
pgbouncer does not need to be updated, as it doesn't do IP level access controllers and can just ignore the setting if the interface requests it.