From 6bc7abf963cc3b8dbb2e5e3b00adb3cef7e7470b Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Mon, 18 Dec 2017 18:44:17 +0100
Subject: [PATCH] postgresql: add a task to manage user privileges.

---
 postgresql/tasks/manage_pg_db.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/postgresql/tasks/manage_pg_db.yml b/postgresql/tasks/manage_pg_db.yml
index 3a57ce23..4c24a89b 100644
--- a/postgresql/tasks/manage_pg_db.yml
+++ b/postgresql/tasks/manage_pg_db.yml
@@ -5,7 +5,7 @@
   postgresql_user: user={{ item.user }} password={{ item.pwd }} role_attr_flags={{ item.roles }} port={{ psql_db_port }} state={{ item.userstate | default('present') }}
   with_items: '{{ psql_db_data | default(omit) }}'
   when: item.roles is defined
-  tags: [ 'postgresql', 'postgres', 'pg_db' ]
+  tags: [ 'postgresql', 'postgres', 'pg_db', 'pg_user' ]
 
 - name: Add the databases with the correct owner. Or remove them, if not used anymore
   become: True
@@ -15,6 +15,14 @@
   when: item.managedb | default(True)
   tags: [ 'postgresql', 'postgres', 'pg_db' ]
 
+- name: Manage users privileges
+  become: True
+  become_user: postgres
+  postgresql_privs: db={{ item.name }} privs={{ item.privs }} type=database roles={{ item.roles }} port={{ psql_db_port }} state={{ item.userstate | default('present') }}
+  with_items: '{{ psql_db_privs | default(omit) }}'
+  when: psql_db_privs is defined
+  tags: [ 'postgresql', 'postgres', 'pg_db', 'pg_user' ]
+
 # - name: Add schemas to a database.
 #   become: True
 #   become_user: postgres