diff options
Diffstat (limited to '')
| -rw-r--r-- | ansible/roles/postgres/tasks/main.yml | 12 | 
1 files changed, 9 insertions, 3 deletions
| diff --git a/ansible/roles/postgres/tasks/main.yml b/ansible/roles/postgres/tasks/main.yml index 1fb54e3..6ba787d 100644 --- a/ansible/roles/postgres/tasks/main.yml +++ b/ansible/roles/postgres/tasks/main.yml @@ -24,7 +24,7 @@    community.postgresql.postgresql_user:      name: "{{ item.name }}"      password: "{{ item.password }}" -    role_attr_flags: "{{ item['role_attr_flags'] | default('') }}" +    role_attr_flags: "{{ item.role_attr_flags | default('') }}"      state: present    loop_control:      label: "{{ item.name }}" @@ -51,8 +51,14 @@      insertafter: "# Put your actual configuration here"      marker: "# {mark} ANSIBLE MANAGED HBA CONF BLOCK"      block: | +      # Manually configured HBA rules        {% for rule in postgres_hba_rules %} -      {{ rule.conn_type }}    {{ rule.database }}    {{ rule.user }}    {{ rule.address }}    {{ rule.method }}   {{ rule['options'] | default('') }} +      {{ rule.conn_type }}    {{ rule.database }}    {{ rule.user }}    {{ rule.address }}    {{ rule.method }}   {{ rule.options | default('') }} +      {% endfor %} + +      # Automatically configured mTLS HBA rules +      {% for user in postgres_users if user.name != 'devops' %} +      hostssl {{ user.name }} {{ user.name }} all cert map=mtls_cn_map        {% endfor %}    loop: "{{ postgres_hba_rules }}"    notify: @@ -114,4 +120,4 @@    tags:      - role::postgres    notify: -    - Restart the postgres service +    - Reload the postgres service | 
