From 23531e0c73f4611f39e46eeee783639c0ddb9c95 Mon Sep 17 00:00:00 2001
From: Benjamin Goldenberg <bgoldenberg@enlitic.com>
Date: Wed, 15 Jun 2016 13:48:48 -0700
Subject: [PATCH] Create new task to manage object permissions using builtin
 postgresql_privs module

---
 tasks/main.yml  |  3 +++
 tasks/privs.yml | 29 +++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 tasks/privs.yml

diff --git a/tasks/main.yml b/tasks/main.yml
index 58e3e3d8..6a722001 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -29,6 +29,9 @@
 - include: users_privileges.yml
   tags: [postgresql, postgresql-users]
 
+- include: privs.yml
+  tags: [postgresql, postgresql-users]
+
 - include: monit.yml
   when: monit_protection is defined and monit_protection == true
   tags: [postgresql, postgresql-monit]
diff --git a/tasks/privs.yml b/tasks/privs.yml
new file mode 100644
index 00000000..88bde408
--- /dev/null
+++ b/tasks/privs.yml
@@ -0,0 +1,29 @@
+# file: postgresql/tasks/privs.yml
+
+- name: PostgreSQL | Ensure PostgreSQL is running
+  service:
+    name: "{{ postgresql_service_name }}"
+    state: started
+
+# Iterate over postgresql_privileges to grant and revoke privileges
+# on objects using the built in module
+# http://docs.ansible.com/ansible/postgresql_privs_module.html
+- name: PostgreSQL | Update the privileges 
+  postgresql_privs:
+    db: "{{item.db}}"
+    login_host: "{{item.host | default(omit)}}"
+    login_user: "{{postgresql_admin_user}}"
+    port: "{{postgresql_port}}"
+
+    grant_option: "{{item.grant_option | default(omit)}}"
+    objs: "{{item.objs | default(omit)}}"
+    privs: "{{item.privs | default(omit)}}"
+    roles: "{{item.roles}}"
+    schema: "{{item.schema | default(omit)}}"
+
+    state: "{{item.state | default(omit)}}"
+    type: "{{item.type | default(omit)}}"
+  become: yes
+  become_user: "{{postgresql_admin_user}}"
+  with_items: "{{postgresql_privileges}}"
+  when: "{{postgresql_privileges|length > 0}}"