add auth_query

postgresql/files/auth_query.sh

+psql ${PSQL_ARGS} <<EOF
+CREATE OR REPLACE FUNCTION pgbouncer.user_lookup(in i_username text, out uname text, out phash text)
+RETURNS record AS \$\$
+BEGIN
+    SELECT usename, passwd FROM pg_catalog.pg_shadow
+    WHERE usename = i_username INTO uname, phash;
+    RETURN;
+END;
+\$\$ LANGUAGE plpgsql SECURITY DEFINER;
+REVOKE ALL ON FUNCTION pgbouncer.user_lookup(text) FROM public, pgbouncer;
+GRANT EXECUTE ON FUNCTION pgbouncer.user_lookup(text) TO pgbouncer;
+EOF

postgresql/server.sls

@@ -179,7 +179,7 @@ postgresql_database_{{ k }}_pgbouncer_schema:
 # Use a non-admin user (pgbouncer) that calls SECURITY DEFINER function.
 postgresql_database_{{ k }}_pgbouncer_lookup:
   cmd.script:
-    - source: salt://pgbouncer/files/auth_query.sh
+    - source: salt://postgresql/files/auth_query.sh
     - runas: {{ pgsql.lookup.user }}
     - env:
       - PSQL_ARGS: --no-psqlrc --no-align --no-readline -d {{ k }}