From d7f3536a1b2df9d640aa927d11b066bff2169684 Mon Sep 17 00:00:00 2001
From: Vitaliy Kukharik <vitabaks@gmail.com>
Date: Thu, 3 Sep 2020 15:42:42 +0300
Subject: [PATCH] Patroni: add pg_ident.conf support

New variable "postgresql_pg_ident";
Added support for map options in the postgresql_pg_hba variable.

#55
---
 roles/patroni/templates/patroni.yml.j2 | 7 +++++++
 roles/patroni/templates/pg_hba.conf.j2 | 2 +-
 vars/main.yml                          | 6 ++++++
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/roles/patroni/templates/patroni.yml.j2 b/roles/patroni/templates/patroni.yml.j2
index b6e6f8a32..f023ca3a9 100644
--- a/roles/patroni/templates/patroni.yml.j2
+++ b/roles/patroni/templates/patroni.yml.j2
@@ -101,6 +101,13 @@ postgresql:
     stats_temp_directory: {{ postgresql_stats_temp_directory_path }}
 {% endif %}
 
+{% if postgresql_pg_ident is defined and postgresql_pg_ident | length > 0 %}
+  pg_ident:
+  {% for ident in postgresql_pg_ident %}
+    - {{ ident.mapname }} {{ ident.system_username }} {{ ident.pg_username }}
+  {% endfor %}
+{% endif %}
+
   remove_data_directory_on_rewind_failure: {{ patroni_remove_data_directory_on_rewind_failure |string |d(false, true) |lower }}
   remove_data_directory_on_diverged_timelines: {{ patroni_remove_data_directory_on_diverged_timelines |string |d(false, true) |lower }}
 
diff --git a/roles/patroni/templates/pg_hba.conf.j2 b/roles/patroni/templates/pg_hba.conf.j2
index bb9b80f70..89a39b13e 100644
--- a/roles/patroni/templates/pg_hba.conf.j2
+++ b/roles/patroni/templates/pg_hba.conf.j2
@@ -85,7 +85,7 @@
 
 # TYPE      DATABASE                 USER                     ADDRESS                  METHOD
 {% for client in postgresql_pg_hba %}
-  {{ client.type.ljust(10) |default('host') }}{{ client.database.ljust(25) |default('all') }}{{ client.user.ljust(25) |default('all') }}{{ client.address.ljust(25) |default('') }}{{ client.method |default('md5') }}
+  {{ client.type.ljust(10) |default('host') }}{{ client.database.ljust(25) |default('all') }}{{ client.user.ljust(25) |default('all') }}{{ client.address.ljust(25) |default('') }}{{ client.method |default('md5') }} {{ client.options |default(None) }}
 {% endfor %}
 {% for patroni in groups['postgres_cluster'] %}
   host      all                      all                      {{ hostvars[patroni]['inventory_hostname'] }}/32         md5
diff --git a/vars/main.yml b/vars/main.yml
index e4d1599e7..56c66faca 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -176,6 +176,12 @@ postgresql_pg_hba:
   - {type: "host", database: "all", user: "all", address: "127.0.0.1/32", method: "md5"}
   - {type: "host", database: "all", user: "all", address: "::1/128", method: "md5"}
 #  - {type: "host", database: "mydatabase", user: "mydb-user", address: "192.168.0.0/24", method: "md5"}
+#  - {type: "host", database: "all", user: "all", address: "192.168.0.0/24", method: "ident", options: "map=main"}  # use pg_ident
+
+# list of lines that Patroni will use to generate pg_ident.conf
+postgresql_pg_ident: []
+#  - {mapname: "main", system_username: "postgres", pg_username: "backup"}
+#  - {mapname: "", system_username: "", pg_username: ""}
 
 
 # PgBouncer parameters