---
- name: configure-access | Manage the pg_hba.conf file
  delegate_to: "{{ item.0.db_host }}"
  when: item.0.db_host is defined
  tags: ['postgresql', 'postgres', 'pg_hba', 'pg_db']
  block:
    - name: configure-access | Give access to the remote postgresql client
      community.postgresql.postgresql_pg_hba:
        dest: '{{ psql_conf_dir }}/pg_hba.conf'
        contype: '{% if psql_force_ssl_client_connection %}hostssl{% else %}host{% endif %}'
        users: '{{ item.0.user }}'
        address: '{{ item.1 }}'
        databases: '{{ item.0.name }}'
        # method: 'scram-sha-256'
        method: 'md5'
        owner: root
        group: postgres
        mode: "0640"
        state: "{{ item.0.state | default('present') }}"
      with_subelements:
        - '{{ psql_db_data | default([]) }}'
        - allowed_hosts
      when:
        - psql_db_data is defined
        - item.1 is defined
      notify: Reload postgresql

    - name: configure-access | Flush handlers
      ansible.builtin.meta: flush_handlers