Merge pull request #3 from antiplagiat/change-user-privileges-behaviour

Able to set user role attributes while creating
antiplagiat · Aug 22, 2019 · ee766aa · ee766aa
2 parents 090ed40 + 6e48c47
commit ee766aa
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -101,9 +101,9 @@ postgresql_database_schemas:
 # List of user privileges to be applied (optional)
 postgresql_user_privileges:
   - name: baz                   # user name
-    db: foobar                  # database
-    priv: "ALL"                 # privilege string format: example: INSERT,UPDATE/table:SELECT/anothertable:ALL
-    role_attr_flags: "CREATEDB" # role attribute flags
+    schema: foobar              # schema
+    objs: ALL_IN_SCHEMA         # objects to be applied for
+    privs: "SELECT"             # privileges
 ```
 
 There's a lot more knobs and bolts to set, which you can find in the [defaults/main.yml](./defaults/main.yml)
@@ -112,6 +112,20 @@ There's a lot more knobs and bolts to set, which you can find in the [defaults/m
 #### Fork additions
 
 - Add pg_stat_statements variables, if pg_stat_statement in preload libraries;
+- Add role_attr_flags to postgresql_users for create users with some attrs e.g. SUPERUSER;
+- Add postgresql_all_databases_schema variable to create one schema in all databases from postgresql_databases;
+- Updating user privileges now using postgresql_privs ansible module. Example:
+```yaml
+postgresql_user_privileges:
+  - name: readonly_user
+    type: schema
+    objs: dbo
+    privs: "USAGE"
+  - name: readonly_user
+    schema: dbo
+    objs: ALL_IN_SCHEMA
+    privs: "SELECT"
+```
 
 
 #### Testing

diff --git a/tasks/users.yml b/tasks/users.yml
@@ -13,6 +13,7 @@
     port: "{{postgresql_port}}"
     state: present
     login_user: "{{postgresql_admin_user}}"
+    role_attr_flags: "{{ item.role_attr_flags | default(omit )}}"
   no_log: true
   become: yes
   become_user: "{{postgresql_admin_user}}"

diff --git a/tasks/users_privileges.yml b/tasks/users_privileges.yml
@@ -1,16 +1,17 @@
 # file: postgresql/tasks/users_privileges.yml
 
 - name: PostgreSQL | Update the user privileges
-  postgresql_user:
-    name: "{{item.name}}"
-    db: "{{item.db | default(omit)}}"
-    port: "{{postgresql_port}}"
-    priv: "{{item.priv | default(omit)}}"
+  postgresql_privs:
+    database: "{{item[0].name}}"
     state: present
+    type: "{{item[1].type | default(omit)}}"
+    objs: "{{item[1].objs | default(omit)}}"
+    schema: "{{item[1].schema | default(omit)}}"
+    roles: "{{item[1].name}}"
+    privs: "{{item[1].privs}}"
+    port: "{{postgresql_port}}"
     login_host: "{{item.host | default(omit)}}"
     login_user: "{{postgresql_admin_user}}"
-    role_attr_flags: "{{item.role_attr_flags | default(omit)}}"
-  become: yes
-  become_user: "{{postgresql_admin_user}}"
-  with_items: "{{postgresql_user_privileges}}"
-  when: postgresql_users|length > 0
+  with_nested:
+    - "{{ postgresql_databases }}"
+    - "{{ postgresql_user_privileges }}"