From e36478bcd6cd18bd8552dc8d07608773490f46a5 Mon Sep 17 00:00:00 2001
From: Tim Goodaire <tgoodaire@gmail.com>
Date: Fri, 20 May 2016 12:12:40 -0500
Subject: [PATCH] Convert hard-coded postgres user and group to variables,
 enforce ownership of conf dir, don't create pg_hba.conf unless initdb has
 succeeded

---
 postgres/defaults.yaml |  2 ++
 postgres/init.sls      | 15 +++++++++------
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/postgres/defaults.yaml b/postgres/defaults.yaml
index 2d0013a..25a32a2 100644
--- a/postgres/defaults.yaml
+++ b/postgres/defaults.yaml
@@ -20,3 +20,5 @@ postgres:
   pg_hba.conf: salt://postgres/pg_hba.conf
   commands:
     initdb: service postgresql initdb
+  postgres_user: postgres
+  postgres_group: postgres
diff --git a/postgres/init.sls b/postgres/init.sls
index 74d44e9..4831ee1 100644
--- a/postgres/init.sls
+++ b/postgres/init.sls
@@ -7,6 +7,8 @@ include:
 
 {{ postgres.conf_dir }}:
   file.directory:
+    - user: {{ postgres.postgres_user }}
+    - group: {{ postgres.postgres_group }}
     - makedirs: True
 
 install-postgresql:
@@ -71,11 +73,12 @@ pg_hba.conf:
     - name: {{ postgres.conf_dir }}/pg_hba.conf
     - source: {{ postgres['pg_hba.conf'] }}
     - template: jinja
-    - user: postgres
-    - group: postgres
+    - user: {{ postgres.postgres_user }}
+    - group: {{ postgres.postgres_group }}
     - mode: 644
     - require:
       - pkg: install-postgresql
+    - onlyif: test -f {{ postgres.conf_dir }}/postgresql.conf
     - watch_in:
       - service: run-postgresql
 
@@ -90,14 +93,14 @@ postgres-user-{{ name }}:
     - inherit: {{ user.get('inherit', True) }}
     - replication: {{ user.get('replication', False) }}
     - password: {{ user.get('password', 'changethis') }}
-    - user: {{ user.get('runas', 'postgres') }}
+    - user: {{ user.get('runas', postgres.postgres_user) }}
     - superuser: {{ user.get('superuser', False) }}
     - require:
       - service: run-postgresql
 {% else %}
   postgres_user.absent:
     - name: {{ name }}
-    - user: {{ user.get('runas', 'postgres') }}
+    - user: {{ user.get('runas', postgres.postgres_user) }}
     - require:
       - service: run-postgresql
 {% endif %}
@@ -114,7 +117,7 @@ postgres-db-{{ name }}:
     {% if db.get('owner') %}
     - owner: {{ db.get('owner') }}
     {% endif %}
-    - user: {{ db.get('runas', 'postgres') }}
+    - user: {{ db.get('runas', postgres.postgres_user) }}
     - require:
         - service: run-postgresql
     {% if db.get('user') %}
@@ -140,7 +143,7 @@ postgres-schema-{{ schema }}-for-db-{{ name }}:
 postgres-ext-{{ ext }}-for-db-{{ name }}:
   postgres_extension.present:
     - name: {{ ext }}
-    - user: {{ db.get('runas', 'postgres') }}
+    - user: {{ db.get('runas', postgres.postgres_user) }}
     - maintenance_db: {{ name }}
 {% if ext_args is not none %}
 {% for arg, value in ext_args.items() %}