Commit 8a927ce0 authored by Julien Cigar's avatar Julien Cigar 🤘
Browse files

add auth_query

parent 4107c3ea
psql ${PSQL_ARGS} <<EOF
CREATE OR REPLACE FUNCTION pgbouncer.user_lookup(in i_username text, out uname text, out phash text)
RETURNS record AS \$\$
BEGIN
SELECT usename, passwd FROM pg_catalog.pg_shadow
WHERE usename = i_username INTO uname, phash;
RETURN;
END;
\$\$ LANGUAGE plpgsql SECURITY DEFINER;
REVOKE ALL ON FUNCTION pgbouncer.user_lookup(text) FROM public, pgbouncer;
GRANT EXECUTE ON FUNCTION pgbouncer.user_lookup(text) TO pgbouncer;
EOF
......@@ -179,7 +179,7 @@ postgresql_database_{{ k }}_pgbouncer_schema:
# Use a non-admin user (pgbouncer) that calls SECURITY DEFINER function.
postgresql_database_{{ k }}_pgbouncer_lookup:
cmd.script:
- source: salt://pgbouncer/files/auth_query.sh
- source: salt://postgresql/files/auth_query.sh
- runas: {{ pgsql.lookup.user }}
- env:
- PSQL_ARGS: --no-psqlrc --no-align --no-readline -d {{ k }}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment