Skip to content

Commit 5967df9

Browse files
sdarwinsdarwin
committed
Read db permissions for additional users
1 parent 73cf6d9 commit 5967df9

File tree

2 files changed

+35
-2
lines changed

2 files changed

+35
-2
lines changed

defaults/main.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -399,6 +399,8 @@ __mailman3_system_dependency_packages:
399399
- libmemcached-dev
400400
- zlib1g-dev
401401
- redis
402+
- net-tools
403+
- locate
402404
redhat-7:
403405
- rh-python38 # requires EL7+ and CentOS SCL
404406
redhat-8:

tasks/database/postgres.yml

Lines changed: 33 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,7 @@
8585
password: "{{ item.password }}"
8686
state: present
8787

88-
- name: Multiple databases GRANT ALL PRIVILEGES ON DATABASE to user
88+
- name: Multiple databases GRANT ALL PRIVILEGES ON DATABASE TO user
8989
with_items: "{{ mailman3_database_list }}"
9090
become: true
9191
become_user: postgres
@@ -97,7 +97,7 @@
9797
type: database
9898
role: "{{ item.username }}"
9999

100-
- name: Multiple databases GRANT ALL PRIVILEGES ON SCHEMA public to user
100+
- name: Multiple databases GRANT ALL PRIVILEGES ON SCHEMA public TO user
101101
with_items: "{{ mailman3_database_list }}"
102102
become: true
103103
become_user: postgres
@@ -110,6 +110,37 @@
110110
objs: public
111111
role: "{{ item.username }}"
112112

113+
- name: Multiple databases GRANT SELECT ON ALL TABLES IN SCHEMA public TO additional users
114+
with_items: "{{ mailman3_database_list }}"
115+
become: true
116+
become_user: postgres
117+
vars:
118+
ansible_ssh_pipelining: true
119+
community.postgresql.postgresql_privs:
120+
db: "{{ item.name }}"
121+
privs: SELECT
122+
type: table
123+
schema: public
124+
objs: ALL_IN_SCHEMA
125+
role: "{{ item.additional_readonly_users }}"
126+
when: item.additional_readonly_users is defined
127+
128+
- name: Multiple databases ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO additional users
129+
with_items: "{{ mailman3_database_list }}"
130+
become: true
131+
become_user: postgres
132+
vars:
133+
ansible_ssh_pipelining: true
134+
community.postgresql.postgresql_privs:
135+
db: "{{ item.name }}"
136+
privs: SELECT
137+
type: default_privs
138+
schema: public
139+
objs: TABLES
140+
role: "{{ item.additional_readonly_users }}"
141+
when: item.additional_readonly_users is defined
142+
143+
113144
- name: Multiple databases configure pg_hba
114145
with_items: "{{ mailman3_database_list }}"
115146
ansible.builtin.lineinfile:

0 commit comments

Comments
 (0)