From d0ceee6c7358bbef91ecf689795be43356e37b24 Mon Sep 17 00:00:00 2001
From: ArmiT <armit@twinscom.ru>
Date: Tue, 22 Dec 2015 18:09:13 +0300
Subject: [PATCH 1/3] Added support for postgresql_privs

---
 README.md            |  7 +++++++
 defaults/main.yml    |  3 +++
 tasks/main.yml       |  3 +++
 tasks/privileges.yml | 24 ++++++++++++++++++++++++
 4 files changed, 37 insertions(+)
 create mode 100644 tasks/privileges.yml

diff --git a/README.md b/README.md
index d283d0924..84ea31e1e 100644
--- a/README.md
+++ b/README.md
@@ -60,6 +60,13 @@ postgresql_user_privileges:
     db: foobar                  # database
     priv: "ALL"                 # privilege string format: example: INSERT,UPDATE/table:SELECT/anothertable:ALL
     role_attr_flags: "CREATEDB" # role attribute flags
+    
+# List of privileges to be applied (optional)
+postgresql_privileges:
+  - db: foobar                  # database
+    roles: baz                  # roles for grant or revoke privileges
+    objs: "ALL_IN_SCHEMA"       # Comma separated list of database objects to set privileges on  
+    grant: yes
 ```
 
 There's a lot more knobs and bolts to set, which you can find in the defaults/main.yml
diff --git a/defaults/main.yml b/defaults/main.yml
index fda3adc35..c7fbb72c3 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -38,6 +38,9 @@ postgresql_users: []
 # List of user privileges to be applied (optional)
 postgresql_user_privileges: []
 
+# List of privileges to be applied (optional)
+postgresql_privileges: []
+
 # pg_hba.conf
 postgresql_pg_hba_default:
   - { type: local, database: all, user: '{{ postgresql_admin_user }}', address: '', method: '{{ postgresql_default_auth_method }}', comment: '' }
diff --git a/tasks/main.yml b/tasks/main.yml
index 58e3e3d89..aa474cec9 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -29,6 +29,9 @@
 - include: users_privileges.yml
   tags: [postgresql, postgresql-users]
 
+- include: privileges.yml
+  tags: [postgresql, postgresql-privileges]
+
 - include: monit.yml
   when: monit_protection is defined and monit_protection == true
   tags: [postgresql, postgresql-monit]
diff --git a/tasks/privileges.yml b/tasks/privileges.yml
new file mode 100644
index 000000000..1edde142f
--- /dev/null
+++ b/tasks/privileges.yml
@@ -0,0 +1,24 @@
+# file: postgresql/tasks/privileges.yml
+
+- name: PostgreSQL | Ensure PostgreSQL is running
+  service:
+    name: "{{ postgresql_service_name }}"
+    state: started
+
+- name: PostgreSQL | Make sure the PostgreSQL privileges are present
+  postgresql_privs:
+    database: "{{ item.db }}"
+    grant_option: "{{ item.grant | default(no) }}"
+    host: "{{ item.host | default(\"127.0.0.1\") }}"
+    login: "{{ item.login | default(postgresql_admin_user) }}"
+    objs: "{{ item.objs | default(\"ALL_IN_SCHEMA\") }}"
+    password: "{{ item.password | default(\"\") }}"
+    privs: "{{ item.privs | default(\"ALL\") }}"
+    roles: "{{ item.roles | default(\"PUBLIC\") }}"
+    schema: "{{ item.schema | default(\"public\") }}"
+    state: "{{ item.state | default(\"present\") }}"
+    type: "{{ item.type | default(\"table\") }}"
+  sudo: yes
+  sudo_user: "{{postgresql_admin_user}}"
+  with_items: postgresql_privileges
+  when: postgresql_privileges | length > 0
\ No newline at end of file

From a5118ff1f98c9118129acfa14349dde565bd5e68 Mon Sep 17 00:00:00 2001
From: ArmiT <armit@twinscom.ru>
Date: Thu, 24 Dec 2015 11:30:10 +0300
Subject: [PATCH 2/3] Added omit for several parameters.

---
 tasks/privileges.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tasks/privileges.yml b/tasks/privileges.yml
index 1edde142f..e363e72ef 100644
--- a/tasks/privileges.yml
+++ b/tasks/privileges.yml
@@ -11,11 +11,11 @@
     grant_option: "{{ item.grant | default(no) }}"
     host: "{{ item.host | default(\"127.0.0.1\") }}"
     login: "{{ item.login | default(postgresql_admin_user) }}"
-    objs: "{{ item.objs | default(\"ALL_IN_SCHEMA\") }}"
+    objs: "{{ item.objs | default(omit) }}"
     password: "{{ item.password | default(\"\") }}"
     privs: "{{ item.privs | default(\"ALL\") }}"
     roles: "{{ item.roles | default(\"PUBLIC\") }}"
-    schema: "{{ item.schema | default(\"public\") }}"
+    schema: "{{ item.schema | default(omit) }}"
     state: "{{ item.state | default(\"present\") }}"
     type: "{{ item.type | default(\"table\") }}"
   sudo: yes

From c3a7de7ac6498a69751e6e51852bdeac228e490d Mon Sep 17 00:00:00 2001
From: ArmiT <armit@twinscom.ru>
Date: Wed, 13 Jan 2016 12:47:12 +0300
Subject: [PATCH 3/3] - Renamed "postgresql_priveleges" to the
 "postgresql_db_priveleges" - Merged together privileges.yml and
 users_privileges.yml - Removed related include and tag from main.yml - Added
 data for test - Changed description

---
 README.md                  |  4 ++--
 defaults/main.yml          |  4 ++--
 tasks/main.yml             |  3 ---
 tasks/privileges.yml       | 17 +++++++++++++++--
 tasks/users_privileges.yml | 16 ----------------
 tests/vars.yml             |  8 ++++++++
 6 files changed, 27 insertions(+), 25 deletions(-)
 delete mode 100644 tasks/users_privileges.yml

diff --git a/README.md b/README.md
index 84ea31e1e..363c34c21 100644
--- a/README.md
+++ b/README.md
@@ -61,8 +61,8 @@ postgresql_user_privileges:
     priv: "ALL"                 # privilege string format: example: INSERT,UPDATE/table:SELECT/anothertable:ALL
     role_attr_flags: "CREATEDB" # role attribute flags
     
-# List of privileges to be applied (optional)
-postgresql_privileges:
+# List of database privileges to be applied (optional)
+postgresql_db_privileges:
   - db: foobar                  # database
     roles: baz                  # roles for grant or revoke privileges
     objs: "ALL_IN_SCHEMA"       # Comma separated list of database objects to set privileges on  
diff --git a/defaults/main.yml b/defaults/main.yml
index c7fbb72c3..7620d8b26 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -38,8 +38,8 @@ postgresql_users: []
 # List of user privileges to be applied (optional)
 postgresql_user_privileges: []
 
-# List of privileges to be applied (optional)
-postgresql_privileges: []
+# List of database privileges to be applied (optional)
+postgresql_db_priveleges: []
 
 # pg_hba.conf
 postgresql_pg_hba_default:
diff --git a/tasks/main.yml b/tasks/main.yml
index aa474cec9..adca2bcda 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -26,9 +26,6 @@
 - include: databases.yml
   tags: [postgresql, postgresql-databases]
 
-- include: users_privileges.yml
-  tags: [postgresql, postgresql-users]
-
 - include: privileges.yml
   tags: [postgresql, postgresql-privileges]
 
diff --git a/tasks/privileges.yml b/tasks/privileges.yml
index e363e72ef..7017cdabc 100644
--- a/tasks/privileges.yml
+++ b/tasks/privileges.yml
@@ -5,6 +5,20 @@
     name: "{{ postgresql_service_name }}"
     state: started
 
+- name: PostgreSQL | Update the user privileges
+  postgresql_user:
+    name: "{{item.name}}"
+    db: "{{item.db | default(omit)}}"
+    port: "{{postgresql_port}}"
+    priv: "{{item.priv | default(omit)}}"
+    state: present
+    login_host: "{{item.host | default(omit)}}"
+    login_user: "{{postgresql_admin_user}}"
+    role_attr_flags: "{{item.role_attr_flags | default(omit)}}"
+  sudo: yes
+  sudo_user: "{{postgresql_admin_user}}"
+  with_items: postgresql_user_privileges
+
 - name: PostgreSQL | Make sure the PostgreSQL privileges are present
   postgresql_privs:
     database: "{{ item.db }}"
@@ -20,5 +34,4 @@
     type: "{{ item.type | default(\"table\") }}"
   sudo: yes
   sudo_user: "{{postgresql_admin_user}}"
-  with_items: postgresql_privileges
-  when: postgresql_privileges | length > 0
\ No newline at end of file
+  with_items: postgresql_db_priveleges
\ No newline at end of file
diff --git a/tasks/users_privileges.yml b/tasks/users_privileges.yml
deleted file mode 100644
index 6d5905fee..000000000
--- a/tasks/users_privileges.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-# file: postgresql/tasks/users_privileges.yml
-
-- name: PostgreSQL | Update the user privileges
-  postgresql_user:
-    name: "{{item.name}}"
-    db: "{{item.db | default(omit)}}"
-    port: "{{postgresql_port}}"
-    priv: "{{item.priv | default(omit)}}"
-    state: present
-    login_host: "{{item.host | default(omit)}}"
-    login_user: "{{postgresql_admin_user}}"
-    role_attr_flags: "{{item.role_attr_flags | default(omit)}}"
-  sudo: yes
-  sudo_user: "{{postgresql_admin_user}}"
-  with_items: postgresql_user_privileges
-  when: postgresql_users|length > 0
diff --git a/tests/vars.yml b/tests/vars.yml
index dd10f663a..85545e9ac 100644
--- a/tests/vars.yml
+++ b/tests/vars.yml
@@ -17,3 +17,11 @@ postgresql_users:
 postgresql_user_privileges:
   - name: baz
     db: foobar
+
+postgresql_db_priveleges:
+  - db: foobar
+    objs: "ALL_IN_SCHEMA"
+    schema: "public"
+    state: present
+    roles: baz
+    grant: yes