From df9708f142f2a5664d2e257ab1f7498d6d0058b6 Mon Sep 17 00:00:00 2001
From: Amrou Bellalouna <amrbellalouna@gmail.com>
Date: Sat, 1 Jun 2024 01:23:56 +0200
Subject: Make issuing pg grants configurable (#327)

* add a task to issue pg grants for specific roles

* document the postgres role
---
 ansible/roles/postgres/tasks/main.yml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'ansible/roles/postgres/tasks')

diff --git a/ansible/roles/postgres/tasks/main.yml b/ansible/roles/postgres/tasks/main.yml
index fb026c1..8a210be 100644
--- a/ansible/roles/postgres/tasks/main.yml
+++ b/ansible/roles/postgres/tasks/main.yml
@@ -72,6 +72,23 @@
   tags:
     - role::postgres
 
+- name: Grant specified grants to particular roles
+  community.postgresql.postgresql_privs:
+    database: "{{ grant.database }}"
+    state: "{{ grant.state }}"
+    privs: "{{ grant.privs }}"
+    objs: "{{ grant.objs }}"
+    roles: "{{ grant.roles }}"
+  when: postgres_grants is defined
+  loop: "{{ postgres_grants }}"
+  loop_control:
+    loop_var: grant
+    label: "{{ grant.privs }} --> {{ grant.roles }}"
+  become: true
+  become_user: "{{ postgres_user }}"
+  tags:
+    - role::postgres
+
 - name: Import postgresql.conf
   copy:
     src: postgresql.conf
-- 
cgit v1.2.3