Make issuing pg grants configurable (#327)

* add a task to issue pg grants for specific roles * document the postgres role
author: Amrou Bellalouna <[email protected]> 2024-06-01 01:23:56 +0200
committer: GitHub <[email protected]> 2024-06-01 01:23:56 +0200
commit: df9708f142f2a5664d2e257ab1f7498d6d0058b6 (patch)
tree: 65b596dbedc4b373cc2ccfb3d1e7b75eef02e906 /ansible/roles/postgres/tasks/main.yml
parent: whitelist ips of netcup and linode servers (#326) (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/ansible/roles/postgres/tasks/main.yml b/ansible/roles/postgres/tasks/main.yml
index fb026c1..8a210be 100644
--- a/ansible/roles/postgres/tasks/main.yml
+++ b/ansible/roles/postgres/tasks/main.yml
@@ -72,6 +72,23 @@
   tags:
     - role::postgres
 
+- name: Grant specified grants to particular roles
+  community.postgresql.postgresql_privs:
+    database: "{{ grant.database }}"
+    state: "{{ grant.state }}"
+    privs: "{{ grant.privs }}"
+    objs: "{{ grant.objs }}"
+    roles: "{{ grant.roles }}"
+  when: postgres_grants is defined
+  loop: "{{ postgres_grants }}"
+  loop_control:
+    loop_var: grant
+    label: "{{ grant.privs }} --> {{ grant.roles }}"
+  become: true
+  become_user: "{{ postgres_user }}"
+  tags:
+    - role::postgres
+
 - name: Import postgresql.conf
   copy:
     src: postgresql.conf
author	Amrou Bellalouna <[email protected]>	2024-06-01 01:23:56 +0200
committer	GitHub <[email protected]>	2024-06-01 01:23:56 +0200
commit	df9708f142f2a5664d2e257ab1f7498d6d0058b6 (patch)
tree	65b596dbedc4b373cc2ccfb3d1e7b75eef02e906 /ansible/roles/postgres/tasks/main.yml
parent	whitelist ips of netcup and linode servers (#326) (diff)