Skip to content

Commit 9e07e14

Browse files
committed
Add support for configure pg_ident.conf
1 parent a87ccfb commit 9e07e14

File tree

2 files changed

+79
-0
lines changed

2 files changed

+79
-0
lines changed

postgres/server/init.sls

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -118,6 +118,33 @@ postgresql-pg_hba:
118118
- require:
119119
- file: postgresql-config-dir
120120
121+
{%- set pg_ident_path = salt['file.join'](postgres.conf_dir, 'pg_ident.conf') %}
122+
123+
postgresql-pg_ident:
124+
file.managed:
125+
- name: {{ pg_ident_path }}
126+
- user: {{ postgres.user }}
127+
- group: {{ postgres.group }}
128+
- mode: 600
129+
{%- if postgres.identity_map %}
130+
- source: {{ postgres['pg_ident.conf'] }}
131+
- template: jinja
132+
- defaults:
133+
mappings: {{ postgres.ident }}
134+
{%- if postgres.config_backup %}
135+
# Create the empty file before managing to overcome the limitation of check_cmd
136+
- onlyif: test -f {{ pg_ident_path }} || touch {{ pg_ident_path }}
137+
# Make a local backup before the file modification
138+
- check_cmd: >-
139+
salt-call --local file.copy
140+
{{ pg_ident_path }} {{ pg_ident_path ~ postgres.config_backup }} remove_existing=true
141+
{%- endif %}
142+
{%- else %}
143+
- replace: False
144+
{%- endif %}
145+
- require:
146+
- file: postgresql-config-dir
147+
121148
{%- for name, tblspace in postgres.tablespaces|dictsort() %}
122149
123150
postgresql-tablespace-dir-{{ name }}:
@@ -146,5 +173,6 @@ postgresql-running:
146173
- reload: True
147174
- watch:
148175
- file: postgresql-pg_hba
176+
- file: postgresql-pg_ident
149177
150178
{%- endif %}

postgres/templates/pg_ident.conf.j2

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
######################################################################
2+
# ATTENTION! Managed by SaltStack. #
3+
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN! #
4+
######################################################################
5+
#
6+
# PostgreSQL User Name Maps
7+
# =========================
8+
#
9+
# Refer to the PostgreSQL documentation, chapter "Client
10+
# Authentication" for a complete description. A short synopsis
11+
# follows.
12+
#
13+
# This file controls PostgreSQL user name mapping. It maps external
14+
# user names to their corresponding PostgreSQL user names. Records
15+
# are of the form:
16+
#
17+
# MAPNAME SYSTEM-USERNAME PG-USERNAME
18+
#
19+
# (The uppercase quantities must be replaced by actual values.)
20+
#
21+
# MAPNAME is the (otherwise freely chosen) map name that was used in
22+
# pg_hba.conf. SYSTEM-USERNAME is the detected user name of the
23+
# client. PG-USERNAME is the requested PostgreSQL user name. The
24+
# existence of a record specifies that SYSTEM-USERNAME may connect as
25+
# PG-USERNAME.
26+
#
27+
# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a
28+
# regular expression. Optionally this can contain a capture (a
29+
# parenthesized subexpression). The substring matching the capture
30+
# will be substituted for \1 (backslash-one) if present in
31+
# PG-USERNAME.
32+
#
33+
# Multiple maps may be specified in this file and used by pg_hba.conf.
34+
#
35+
# No map names are defined in the default configuration. If all
36+
# system user names and PostgreSQL user names are the same, you don't
37+
# need anything in this file.
38+
#
39+
# This file is read on server startup and when the postmaster receives
40+
# a SIGHUP signal. If you edit the file on a running system, you have
41+
# to SIGHUP the postmaster for the changes to take effect. You can
42+
# use "pg_ctl reload" to do that.
43+
44+
# Put your actual configuration here
45+
# ----------------------------------
46+
47+
# MAPNAME SYSTEM-USERNAME PG-USERNAME
48+
49+
{%- for mapping in mappings %}
50+
{{ '{0:<15} {1:<22} {2}'.format(acl) -}}
51+
{% endfor %}

0 commit comments

Comments
 (0)