<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
  <services>
    <service name="postgresqlclient" target="risotto" engine="creole">
      <file mode="400">/secrets/postgresql.pass</file>
      <file>/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt</file>
      <file>/etc/pki/tls/certs/postgresql.crt</file>
      <file owner_type="variable" owner="pg_client_key_owner" mode="400">/etc/pki/tls/private/postgresql.key</file>
      <file filelist="postgresql_debian" engine="none" source="sysuser-postgresql-client.conf">/sysusers.d/0postgresqlclient.conf</file>
    </service>
  </services>
  <variables>
    <family name="postgresql" description="PostgreSQL">
      <variable name="pg_client_server_domainname" type="domainname" description="Nom de domaine du serveur PostgreSQL" mandatory="True" supplier="Postgresql"/>
      <variable name="pg_client_username" description="Client username" mandatory="True" hidden="True"/>
      <variable name="pg_client_password" type="password" description="Client password" mandatory="True" hidden="True" supplier="Postgresql:password"/>
      <variable name="pg_client_database" description="Client database" mandatory="True" hidden="True"/>
      <variable name="pg_client_key_owner" type="unix_user" description="Key owner" mandatory="True">
        <value>apache</value>
      </variable>
    </family>
  </variables>
  <constraints>
    <fill name="normalize_family">
      <param type="variable">domain_name_eth0</param>
      <target>pg_client_username</target>
    </fill>
    <!--fill name="get_provider_name">
      <param type="variable">zone_name_eth0</param>
      <param>Postgresql</param>
      <target>pg_client_server_domainname</target>
    </fill-->
    <fill name="get_password">
      <param name="server_name" type="variable">pg_client_server_domainname</param>
      <param name="username" type="variable">domain_name_eth0</param>
      <param name="description">remote</param>
      <param name="type">cleartext</param>
      <param name="hide" type="variable">hide_secret</param>
      <target>pg_client_password</target>
    </fill>
    <fill name="calc_value">
      <param type="variable">pg_client_username</param>
      <target>pg_client_database</target>
    </fill>
    <condition name="disabled_if_not_in" source="os_name">
      <param>Debian</param>
      <target type="filelist">postgresql_debian</target>
    </condition>
  </constraints>
</rougail>