Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update natefoo.postgresql_objects role
- Loading branch information
Showing
5 changed files
with
130 additions
and
100 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
{install_date: 'Wed Sep 3 21:18:00 2014', version: master} | ||
{install_date: 'Thu Mar 26 17:31:58 2015', version: '1.0'} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,127 +1,121 @@ | ||
--- | ||
# tasks file for natefoo.postgresql-objects | ||
|
||
# Some duplicated tasks here due to the inability to omit missing params, | ||
# should be fixed eventually: | ||
# https://github.com/ansible/ansible/pull/8323 | ||
|
||
# Revoke privs first so later user drop can succeed | ||
- name: Revoke extra privileges (grant_option set) | ||
postgresql_privs: database={{ item.database }} | ||
roles={{ item.roles }} | ||
type={{ item.type | default( 'table' ) }} | ||
objs={{ item.objs | default( '' ) }} | ||
privs={{ item.privs | default( '' ) }} | ||
schema={{ item.schema | default( '' ) }} | ||
grant_option={{ item.grant_option }} | ||
state={{ item.state | default( 'present' ) }} | ||
login_host={{ postgresql_objects_login_host }} | ||
login_user={{ postgresql_objects_login_user }} | ||
login_password={{ postgresql_objects_login_password }} | ||
port={{ postgresql_objects_port }} | ||
with_items: postgresql_objects_privileges | ||
register: revoke | ||
failed_when: "postgresql_objects_ignore_revoke_failure and revoke.failed is defined and ((revoke.failed and 'does not exist' not in revoke.msg) or (revoke.failed and ',' in item.roles))" | ||
when: item.state is defined and item.state == 'absent' and item.grant_option is defined | ||
|
||
- name: Revoke extra privileges | ||
postgresql_privs: database={{ item.database }} | ||
roles={{ item.roles }} | ||
type={{ item.type | default( 'table' ) }} | ||
objs={{ item.objs | default( '' ) }} | ||
privs={{ item.privs | default( '' ) }} | ||
schema={{ item.schema | default( '' ) }} | ||
state={{ item.state | default( 'present' ) }} | ||
login_host={{ postgresql_objects_login_host }} | ||
login_user={{ postgresql_objects_login_user }} | ||
login_password={{ postgresql_objects_login_password }} | ||
port={{ postgresql_objects_port }} | ||
type={{ item.type | default( omit ) }} | ||
objs={{ item.objs | default( omit ) }} | ||
privs={{ item.privs | default( omit ) }} | ||
schema={{ item.schema | default( omit ) }} | ||
grant_option={{ item.grant_option | default(omit) }} | ||
state={{ item.state | default( omit ) }} | ||
login_host={{ postgresql_objects_login_host | default( omit ) }} | ||
login_user={{ postgresql_objects_login_user | default( omit ) }} | ||
login_password={{ postgresql_objects_login_password | default( omit ) }} | ||
port={{ postgresql_objects_port | default( omit ) }} | ||
with_items: postgresql_objects_privileges | ||
register: revoke | ||
failed_when: "postgresql_objects_ignore_revoke_failure and revoke.failed is defined and ((revoke.failed and 'does not exist' not in revoke.msg) or (revoke.failed and ',' in item.roles))" | ||
when: item.state is defined and item.state == 'absent' and item.grant_option is not defined | ||
when: item.state is defined and item.state == 'absent' | ||
|
||
# Drop databases first so later user drop can succeed | ||
- name: Drop databases | ||
postgresql_db: name={{ item.name }} | ||
owner={{ item.owner | default( '' ) }} | ||
template={{ item.template | default( '' ) }} | ||
encoding={{ item.encoding | default( '' ) }} | ||
lc_collate={{ item.lc_collate | default( '' ) }} | ||
lc_ctype={{ item.lc_ctype | default( '' ) }} | ||
owner={{ item.owner | default( omit ) }} | ||
template={{ item.template | default( omit ) }} | ||
encoding={{ item.encoding | default( omit ) }} | ||
lc_collate={{ item.lc_collate | default( omit ) }} | ||
lc_ctype={{ item.lc_ctype | default( omit ) }} | ||
state={{ item.state }} | ||
login_host={{ postgresql_objects_login_host }} | ||
login_user={{ postgresql_objects_login_user }} | ||
login_password={{ postgresql_objects_login_password }} | ||
port={{ postgresql_objects_port }} | ||
login_host={{ postgresql_objects_login_host | default( omit ) }} | ||
login_user={{ postgresql_objects_login_user | default( omit ) }} | ||
login_password={{ postgresql_objects_login_password | default( omit ) }} | ||
port={{ postgresql_objects_port | default( omit ) }} | ||
with_items: postgresql_objects_databases | ||
when: item.state is defined and item.state == 'absent' | ||
|
||
- name: Create and drop users | ||
postgresql_user: name={{ item.name }} | ||
password={{ item.password | default( 'NULL' ) }} | ||
role_attr_flags={{ item.role_attr_flags | default( '' ) }} | ||
encrypted={{ item.encrypted | default( 'no' ) }} | ||
state={{ item.state | default( 'present' ) }} | ||
login_host={{ postgresql_objects_login_host }} | ||
login_user={{ postgresql_objects_login_user }} | ||
login_password={{ postgresql_objects_login_password }} | ||
port={{ postgresql_objects_port }} | ||
password={{ item.password | default( omit ) }} | ||
role_attr_flags={{ item.role_attr_flags | default( omit ) }} | ||
encrypted={{ item.encrypted | default( omit ) }} | ||
state={{ item.state | default( omit ) }} | ||
login_host={{ postgresql_objects_login_host | default( omit ) }} | ||
login_user={{ postgresql_objects_login_user | default( omit ) }} | ||
login_password={{ postgresql_objects_login_password | default( omit ) }} | ||
port={{ postgresql_objects_port | default( omit ) }} | ||
with_items: postgresql_objects_users | ||
|
||
- name: Create groups | ||
postgresql_user: name={{ item.name }} | ||
password={{ item.password | default( omit ) }} | ||
role_attr_flags={{ item.role_attr_flags | default( omit ) }} | ||
encrypted={{ item.encrypted | default( omit ) }} | ||
login_host={{ postgresql_objects_login_host | default( omit ) }} | ||
login_user={{ postgresql_objects_login_user | default( omit ) }} | ||
login_password={{ postgresql_objects_login_password | default( omit ) }} | ||
port={{ postgresql_objects_port | default( omit ) }} | ||
with_items: postgresql_objects_groups | ||
when: item.state is not defined or (item.state is defined and item.state == 'present') | ||
|
||
- name: Add or remove users from groups | ||
shell: echo {{ 'REVOKE' if item.1.state is defined and item.1.state == 'absent' else 'GRANT' }} '{{ item.0.name }}' {{ 'FROM' if item.1.state is defined and item.1.state == 'absent' else 'TO' }} '{{ item.1.name }}' | psql -w {{ '-h ' ~ postgresql_objects_login_host if postgresql_objects_login_host is defined else '' }} {{ '-U ' ~ postgresql_objects_login_user if postgresql_objects_login_user is defined else '' }} {{ '-p ' ~ postgresql_objects_port if postgresql_objects_port is defined else '' }} postgres | ||
register: psql | ||
failed_when: psql.stderr.startswith( 'ERROR:' ) | ||
changed_when: psql.stderr == '' | ||
with_subelements: | ||
- postgresql_objects_groups | ||
- users | ||
|
||
- name: Drop groups | ||
postgresql_user: name={{ item.name }} | ||
state={{ item.state }} | ||
login_host={{ postgresql_objects_login_host | default( omit ) }} | ||
login_user={{ postgresql_objects_login_user | default( omit ) }} | ||
login_password={{ postgresql_objects_login_password | default( omit ) }} | ||
port={{ postgresql_objects_port | default( omit ) }} | ||
with_items: postgresql_objects_groups | ||
when: item.state is defined and item.state == 'absent' | ||
|
||
- name: Create databases | ||
postgresql_db: name={{ item.name }} | ||
owner={{ item.owner | default( '' ) }} | ||
template={{ item.template | default( '' ) }} | ||
encoding={{ item.encoding | default( '' ) }} | ||
lc_collate={{ item.lc_collate | default( '' ) }} | ||
lc_ctype={{ item.lc_ctype | default( '' ) }} | ||
state={{ item.state | default( 'present' ) }} | ||
login_host={{ postgresql_objects_login_host }} | ||
login_user={{ postgresql_objects_login_user }} | ||
login_password={{ postgresql_objects_login_password }} | ||
port={{ postgresql_objects_port }} | ||
owner={{ item.owner | default( omit ) }} | ||
template={{ item.template | default( omit ) }} | ||
encoding={{ item.encoding | default( omit ) }} | ||
lc_collate={{ item.lc_collate | default( omit ) }} | ||
lc_ctype={{ item.lc_ctype | default( omit ) }} | ||
state={{ item.state | default( omit ) }} | ||
login_host={{ postgresql_objects_login_host | default( omit ) }} | ||
login_user={{ postgresql_objects_login_user | default( omit ) }} | ||
login_password={{ postgresql_objects_login_password | default( omit ) }} | ||
port={{ postgresql_objects_port | default( omit ) }} | ||
with_items: postgresql_objects_databases | ||
when: item.state is not defined or (item.state is defined and item.state == 'present') | ||
|
||
- name: Grant user database privileges | ||
postgresql_user: name={{ item.name }} | ||
db={{ item.db }} | ||
priv={{ item.priv }} | ||
login_host={{ postgresql_objects_login_host }} | ||
login_user={{ postgresql_objects_login_user }} | ||
login_password={{ postgresql_objects_login_password }} | ||
port={{ postgresql_objects_port }} | ||
login_host={{ postgresql_objects_login_host | default( omit ) }} | ||
login_user={{ postgresql_objects_login_user | default( omit ) }} | ||
login_password={{ postgresql_objects_login_password | default( omit ) }} | ||
port={{ postgresql_objects_port | default( omit ) }} | ||
with_items: postgresql_objects_users | ||
when: item.db is defined and item.priv is defined and not (item.state is defined and item.state == 'absent') | ||
|
||
- name: Grant extra privileges (grant_option set) | ||
postgresql_privs: database={{ item.database }} | ||
roles={{ item.roles }} | ||
type={{ item.type | default( 'table' ) }} | ||
objs={{ item.objs | default( '' ) }} | ||
privs={{ item.privs | default( '' ) }} | ||
schema={{ item.schema | default( '' ) }} | ||
grant_option={{ item.grant_option }} | ||
state={{ item.state | default( 'present' ) }} | ||
login_host={{ postgresql_objects_login_host }} | ||
login_user={{ postgresql_objects_login_user }} | ||
login_password={{ postgresql_objects_login_password }} | ||
port={{ postgresql_objects_port }} | ||
with_items: postgresql_objects_privileges | ||
when: (item.state is not defined or (item.state is defined and item.state == 'present')) and item.grant_option is defined | ||
|
||
- name: Grant extra privileges | ||
postgresql_privs: database={{ item.database }} | ||
postgresql_privs: database={{ item.database | default( omit ) }} | ||
roles={{ item.roles }} | ||
type={{ item.type | default( 'table' ) }} | ||
objs={{ item.objs | default( '' ) }} | ||
privs={{ item.privs | default( '' ) }} | ||
schema={{ item.schema | default( '' ) }} | ||
state={{ item.state | default( 'present' ) }} | ||
login_host={{ postgresql_objects_login_host }} | ||
login_user={{ postgresql_objects_login_user }} | ||
login_password={{ postgresql_objects_login_password }} | ||
port={{ postgresql_objects_port }} | ||
type={{ item.type | default( omit ) }} | ||
objs={{ item.objs | default( omit ) }} | ||
privs={{ item.privs | default( omit ) }} | ||
schema={{ item.schema | default( omit ) }} | ||
grant_option={{ item.grant_option | default( omit ) }} | ||
state={{ item.state | default( omit ) }} | ||
login_host={{ postgresql_objects_login_host | default( omit ) }} | ||
login_user={{ postgresql_objects_login_user | default( omit ) }} | ||
login_password={{ postgresql_objects_login_password | default( omit ) }} | ||
port={{ postgresql_objects_port | default( omit ) }} | ||
with_items: postgresql_objects_privileges | ||
when: (item.state is not defined or (item.state is defined and item.state == 'present')) and item.grant_option is not defined | ||
when: (item.state is not defined or (item.state is defined and item.state == 'present')) |