Skip to content

Commit 5fbf301

Browse files
sdarwinsdarwin
committed
Read db permissions for additional users
1 parent 73cf6d9 commit 5fbf301

File tree

2 files changed

+37
-2
lines changed

2 files changed

+37
-2
lines changed

defaults/main.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -399,6 +399,8 @@ __mailman3_system_dependency_packages:
399399
- libmemcached-dev
400400
- zlib1g-dev
401401
- redis
402+
- net-tools
403+
- locate
402404
redhat-7:
403405
- rh-python38 # requires EL7+ and CentOS SCL
404406
redhat-8:

tasks/database/postgres.yml

Lines changed: 35 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,7 @@
8585
password: "{{ item.password }}"
8686
state: present
8787

88-
- name: Multiple databases GRANT ALL PRIVILEGES ON DATABASE to user
88+
- name: Multiple databases GRANT ALL PRIVILEGES ON DATABASE TO user
8989
with_items: "{{ mailman3_database_list }}"
9090
become: true
9191
become_user: postgres
@@ -97,7 +97,7 @@
9797
type: database
9898
role: "{{ item.username }}"
9999

100-
- name: Multiple databases GRANT ALL PRIVILEGES ON SCHEMA public to user
100+
- name: Multiple databases GRANT ALL PRIVILEGES ON SCHEMA public TO user
101101
with_items: "{{ mailman3_database_list }}"
102102
become: true
103103
become_user: postgres
@@ -110,6 +110,39 @@
110110
objs: public
111111
role: "{{ item.username }}"
112112

113+
# item.additional_readonly_users should be in the form of a comma-separated string
114+
- name: Multiple databases GRANT SELECT ON ALL TABLES IN SCHEMA public TO additional users
115+
with_items: "{{ mailman3_database_list }}"
116+
become: true
117+
become_user: postgres
118+
vars:
119+
ansible_ssh_pipelining: true
120+
community.postgresql.postgresql_privs:
121+
db: "{{ item.name }}"
122+
privs: SELECT
123+
type: table
124+
schema: public
125+
objs: ALL_IN_SCHEMA
126+
role: "{{ item.additional_readonly_users }}"
127+
when: item.additional_readonly_users is defined
128+
129+
# item.additional_readonly_users should be in the form of a comma-separated string
130+
- name: Multiple databases ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO additional users
131+
with_items: "{{ mailman3_database_list }}"
132+
become: true
133+
become_user: postgres
134+
vars:
135+
ansible_ssh_pipelining: true
136+
community.postgresql.postgresql_privs:
137+
db: "{{ item.name }}"
138+
privs: SELECT
139+
type: default_privs
140+
schema: public
141+
objs: TABLES
142+
role: "{{ item.additional_readonly_users }}"
143+
when: item.additional_readonly_users is defined
144+
145+
113146
- name: Multiple databases configure pg_hba
114147
with_items: "{{ mailman3_database_list }}"
115148
ansible.builtin.lineinfile:

0 commit comments

Comments
 (0)