Manage object permissions using builtin postgresql_privs module

tasks/main.yml

@@ -29,6 +29,9 @@
 - include: users_privileges.yml
   tags: [postgresql, postgresql-users]
 
+- include: privs.yml
+  tags: [postgresql, postgresql-users]
+
 - include: monit.yml
   when: monit_protection is defined and monit_protection == true
   tags: [postgresql, postgresql-monit]

tasks/privs.yml

@@ -0,0 +1,29 @@
+# file: postgresql/tasks/privs.yml
+
+- name: PostgreSQL | Ensure PostgreSQL is running
+  service:
+    name: "{{ postgresql_service_name }}"
+    state: started
+
+# Iterate over postgresql_privileges to grant and revoke privileges
+# on objects using the built in module
+# http://docs.ansible.com/ansible/postgresql_privs_module.html
+- name: PostgreSQL | Update the privileges 
+  postgresql_privs:
+    db: "{{item.db}}"
+    login_host: "{{item.host | default(omit)}}"
+    login_user: "{{postgresql_admin_user}}"
+    port: "{{postgresql_port}}"
+
+    grant_option: "{{item.grant_option | default(omit)}}"
+    objs: "{{item.objs | default(omit)}}"
+    privs: "{{item.privs | default(omit)}}"
+    roles: "{{item.roles}}"
+    schema: "{{item.schema | default(omit)}}"
+
+    state: "{{item.state | default(omit)}}"
+    type: "{{item.type | default(omit)}}"
+  become: yes
+  become_user: "{{postgresql_admin_user}}"
+  with_items: "{{postgresql_privileges}}"
+  when: "{{postgresql_privileges|length > 0}}"