Merge remote-tracking branch 'origin/3/dev' into soupmod

salt/soc/defaults.yaml

@@ -1523,8 +1523,12 @@ soc:
           saltstackDir: /opt/so/saltstack
           bypassEnabled: false
         postgres:
-          host:
-          password:
+          host: ""
+          port: 5432
+          sslMode: "allow"
+          database: securityonion
+          user: ""
+          password: ""
         salt:
           queueDir: /opt/sensoroni/queue
           timeoutMs: 45000

salt/soc/merged.map.jinja

@@ -20,7 +20,8 @@
 {%   do SOCMERGED.config.server.modules.postgres.update({'host': GLOBALS.manager}) %}
 {% endif %}
 {% if not SOCMERGED.config.server.modules.postgres.password %}
-{%   do SOCMERGED.config.server.modules.postgres.update({'password': salt['pillar.get']('secrets:postgres_pass', '')}) %}
+{%   do SOCMERGED.config.server.modules.postgres.update({'password': salt['pillar.get']('postgres:auth:users:so_postgres_user:pass', '')}) %}
+{%   do SOCMERGED.config.server.modules.postgres.update({'user': salt['pillar.get']('postgres:auth:users:so_postgres_user:user', 'so_postgres')}) %}
 {% endif %}
 
 {# if SOCMERGED.config.server.modules.cases == httpcase details come from the soc pillar #}

salt/soc/soc_soc.yaml

@@ -468,8 +468,24 @@ soc:
             description: Hostname or IP address of the PostgreSQL server used by SOC. Defaults to the manager hostname.
             global: True
             advanced: True
+          port:
+            description: Port of the PostgreSQL server used by SOC.
+            global: True
+            advanced: True
+          sslMode:
+            description: "Use encrypted connections to the PostgreSQL server. Must be one of the following values: disable, allow, prefer, require, verify-ca, verify-full.  Defaults to allow."
+            global: True
+            advanced: True
+          database:
+            description: Database used by SOC to authenticate to the PostgreSQL server.
+            global: True
+            advanced: True
+          user:
+            description: Username used by SOC to authenticate to the PostgreSQL server.
+            global: True
+            advanced: True
           password:
-            description: Password used by SOC to authenticate to the PostgreSQL server. Defaults to the postgres superuser password seeded in the secrets pillar.
+            description: Password used by SOC to authenticate to the PostgreSQL server.
             global: True
             sensitive: True
             advanced: True