diff options
| -rw-r--r-- | ansible/roles/postgres/tasks/main.yml | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/ansible/roles/postgres/tasks/main.yml b/ansible/roles/postgres/tasks/main.yml index 1fb54e3..6ba787d 100644 --- a/ansible/roles/postgres/tasks/main.yml +++ b/ansible/roles/postgres/tasks/main.yml @@ -24,7 +24,7 @@ community.postgresql.postgresql_user: name: "{{ item.name }}" password: "{{ item.password }}" - role_attr_flags: "{{ item['role_attr_flags'] | default('') }}" + role_attr_flags: "{{ item.role_attr_flags | default('') }}" state: present loop_control: label: "{{ item.name }}" @@ -51,8 +51,14 @@ insertafter: "# Put your actual configuration here" marker: "# {mark} ANSIBLE MANAGED HBA CONF BLOCK" block: | + # Manually configured HBA rules {% for rule in postgres_hba_rules %} - {{ rule.conn_type }} {{ rule.database }} {{ rule.user }} {{ rule.address }} {{ rule.method }} {{ rule['options'] | default('') }} + {{ rule.conn_type }} {{ rule.database }} {{ rule.user }} {{ rule.address }} {{ rule.method }} {{ rule.options | default('') }} + {% endfor %} + + # Automatically configured mTLS HBA rules + {% for user in postgres_users if user.name != 'devops' %} + hostssl {{ user.name }} {{ user.name }} all cert map=mtls_cn_map {% endfor %} loop: "{{ postgres_hba_rules }}" notify: @@ -114,4 +120,4 @@ tags: - role::postgres notify: - - Restart the postgres service + - Reload the postgres service |