Add support for configure pg_ident.conf

EvaSDK · EvaSDK · commit 9e07e14dcd31 · 2018-01-16T19:17:44.000+01:00
diff --git a/postgres/server/init.sls b/postgres/server/init.sls
@@ -118,6 +118,33 @@ postgresql-pg_hba:
     - require:
       - file: postgresql-config-dir
 
+{%- set pg_ident_path = salt['file.join'](postgres.conf_dir, 'pg_ident.conf') %}
+
+postgresql-pg_ident:
+  file.managed:
+    - name: {{ pg_ident_path }}
+    - user: {{ postgres.user }}
+    - group: {{ postgres.group }}
+    - mode: 600
+{%- if postgres.identity_map %}
+    - source: {{ postgres['pg_ident.conf'] }}
+    - template: jinja
+    - defaults:
+        mappings: {{ postgres.ident }}
+  {%- if postgres.config_backup %}
+    # Create the empty file before managing to overcome the limitation of check_cmd
+    - onlyif: test -f {{ pg_ident_path }} || touch {{ pg_ident_path }}
+    # Make a local backup before the file modification
+    - check_cmd: >-
+        salt-call --local file.copy
+        {{ pg_ident_path }} {{ pg_ident_path ~ postgres.config_backup }} remove_existing=true
+  {%- endif %}
+{%- else %}
+    - replace: False
+{%- endif %}
+    - require:
+      - file: postgresql-config-dir
+
 {%- for name, tblspace in postgres.tablespaces|dictsort() %}
 
 postgresql-tablespace-dir-{{ name }}:
@@ -146,5 +173,6 @@ postgresql-running:
     - reload: True
     - watch:
       - file: postgresql-pg_hba
+      - file: postgresql-pg_ident
 
 {%- endif %}
diff --git a/postgres/templates/pg_ident.conf.j2 b/postgres/templates/pg_ident.conf.j2
@@ -0,0 +1,51 @@
+######################################################################
+# ATTENTION! Managed by SaltStack.                                   #
+# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN! #
+######################################################################
+#
+# PostgreSQL User Name Maps
+# =========================
+#
+# Refer to the PostgreSQL documentation, chapter "Client
+# Authentication" for a complete description.  A short synopsis
+# follows.
+#
+# This file controls PostgreSQL user name mapping.  It maps external
+# user names to their corresponding PostgreSQL user names.  Records
+# are of the form:
+#
+# MAPNAME  SYSTEM-USERNAME  PG-USERNAME
+#
+# (The uppercase quantities must be replaced by actual values.)
+#
+# MAPNAME is the (otherwise freely chosen) map name that was used in
+# pg_hba.conf.  SYSTEM-USERNAME is the detected user name of the
+# client.  PG-USERNAME is the requested PostgreSQL user name.  The
+# existence of a record specifies that SYSTEM-USERNAME may connect as
+# PG-USERNAME.
+#
+# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a
+# regular expression.  Optionally this can contain a capture (a
+# parenthesized subexpression).  The substring matching the capture
+# will be substituted for \1 (backslash-one) if present in
+# PG-USERNAME.
+#
+# Multiple maps may be specified in this file and used by pg_hba.conf.
+#
+# No map names are defined in the default configuration.  If all
+# system user names and PostgreSQL user names are the same, you don't
+# need anything in this file.
+#
+# This file is read on server startup and when the postmaster receives
+# a SIGHUP signal.  If you edit the file on a running system, you have
+# to SIGHUP the postmaster for the changes to take effect.  You can
+# use "pg_ctl reload" to do that.
+
+# Put your actual configuration here
+# ----------------------------------
+
+# MAPNAME       SYSTEM-USERNAME         PG-USERNAME
+
+{%- for mapping in mappings %}
+{{ '{0:<15} {1:<22} {2}'.format(acl) -}}
+{% endfor %}
