Use v10+ acls only when applicable

Author: myii

postgres/defaults.yaml

@@ -47,6 +47,7 @@ postgres:
     - ['host', 'all', 'all', '127.0.0.1/32', 'md5']
     # IPv6 local connections:
     - ['host', 'all', 'all', '::1/128', 'md5']
+  acls_v10:
     # Allow replication connections from localhost, by a user with the
     # replication privilege.
     - ['local', 'replication', 'all', 'peer']

postgres/server/init.sls

@@ -107,6 +107,10 @@ postgresql-conf:
 {%- endif %}
 
 {%- set pg_hba_path = salt['file.join'](postgres.conf_dir, 'pg_hba.conf') %}
+{%- set acls = postgres.acls %}
+{%- if postgres.version|to_num >= 10 %}
+  {%- set acls = acls + postgres.acls_v10 %}
+{%- endif %}
 
 postgresql-pg_hba:
   file.managed:
@@ -118,7 +122,7 @@ postgresql-pg_hba:
     - source: {{ postgres['pg_hba.conf'] }}
     - template: jinja
     - defaults:
-        acls: {{ postgres.acls|yaml() }}
+        acls: {{ acls|yaml() }}
   {%- if postgres.config_backup %}
     # Create the empty file before managing to overcome the limitation of check_cmd
     - onlyif: test -f {{ pg_hba_path }} || touch {{ pg_hba_path }}