---
- name: manage_pg_db | Add a user for the postgresql DBs
  become: true
  become_user: postgres
  community.postgresql.postgresql_user:
    user: "{{ item.user }}"
    password: "{{ item.pwd }}"
    role_attr_flags: "{{ item.roles }}"
    port: "{{ psql_db_port }}"
    state: "{{ item.userstate | default('present') }}"
  no_log: true
  loop: '{{ psql_db_data | default([]) }}'
  when: item.roles is defined
  tags: ['postgresql', 'postgres', 'pg_db', 'pg_user']

- name: manage_pg_db | Add the databases with the correct owner. Or remove them, if not used anymore
  become: true
  become_user: postgres
  community.postgresql.postgresql_db:
    db: "{{ item.name }}"
    port: "{{ psql_db_port }}"
    encoding: "{{ item.encoding }}"
    owner: "{{ item.user }}"
    template: template0
    state: "{{ item.state | default('present') }}"
  loop: '{{ psql_db_data | default([]) }}'
  when: item.managedb | default(True)
  tags: ['postgresql', 'postgres', 'pg_db']

- name: manage_pg_db | Manage users privileges
  become: true
  become_user: postgres
  community.postgresql.postgresql_privs:
    db: '{{ item.name }}'
    privs: '{{ item.privs }}'
    # type: database
    objs: "{{ item.objs | default('ALL_IN_SCHEMA') }}"
    roles: '{{ item.roles }}'
    port: '{{ psql_db_port }}'
    state: "{{ item.userstate | default('present') }}"
    grant_option: "{{ item.grant_option | default('yes') }}"
  with_items: '{{ psql_db_privs | default([]) }}'
  tags: ['postgresql', 'postgres', 'pg_db', 'pg_user', 'postgresql_privs']

- name: manage_pg_db | Add postgres extensions to the databases, if any
  become: true
  become_user: postgres
  community.postgresql.postgresql_ext:
    name: "{{ item.1 | default(omit) }}"
    db: "{{ item.0.name }}"
    port: "{{ psql_db_port }}"
  with_subelements:
    - '{{ psql_db_extensions | default([]) }}'
    - extensions
  when: psql_db_extensions is defined
  tags: ['postgresql', 'postgres', 'pg_extensions', 'pg_db']

- name: manage_pg_db | Define a user with password, with no associated DBs
  become: true
  become_user: postgres
  community.postgresql.postgresql_user:
    user: "{{ item.user }}"
    password: "{{ item.pwd }}"
    port: "{{ psql_db_port }}"
  no_log: true
  loop: '{{ psql_db_data | default([]) }}'
  when:
    - item.pwd is defined
    - item.roles is not defined
  tags: ['postgresql', 'postgres', 'pg_db']