From b9f1d480ed5e8a489fe1be17edb9fa8e68be258f Mon Sep 17 00:00:00 2001 From: Silas Peters <69711739+SilasPeters@users.noreply.github.com> Date: Tue, 11 Feb 2025 17:14:49 +0100 Subject: [PATCH] chore: replaced deprecated privilege code (#497) * chore: replaced deprecated privilege code * chore: replaced deprecated privs code for doorgeefluik --------- Co-authored-by: Tobias de Bruijn --- ansible/roles/databases/tasks/main.yml | 16 ++++++++++++++-- ansible/roles/doorgeefluik/tasks/main.yml | 7 ++++--- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/ansible/roles/databases/tasks/main.yml b/ansible/roles/databases/tasks/main.yml index b579d020..5846bda7 100644 --- a/ansible/roles/databases/tasks/main.yml +++ b/ansible/roles/databases/tasks/main.yml @@ -34,15 +34,20 @@ community.postgresql.postgresql_user: db: "koala" name: "koala" - priv: "ALL" role_attr_flags: "CREATEDB,LOGIN" + - name: "ensure koala user has the right privs" + community.postgresql.postgresql_privs: + db: "koala" + role: "koala" + objs: "ALL_IN_SCHEMA" + privs: "ALL" + - name: "ensure dbeaver koala user exists" community.postgresql.postgresql_user: db: "koala" name: "koala_manual" password: "{{ secret_koala_manual.password }}" - priv: "CONNECT" role_attr_flags: "NOSUPERUSER" - name: "ensure dbeaver koala user has the right privs" @@ -51,3 +56,10 @@ role: "koala_manual" objs: "ALL_IN_SCHEMA" privs: "SELECT" + + - name: "ensure dbeaver koala user has the right privs" + community.postgresql.postgresql_privs: + db: "koala" + role: "koala_manual" + type: "database" + privs: "CONNECT" diff --git a/ansible/roles/doorgeefluik/tasks/main.yml b/ansible/roles/doorgeefluik/tasks/main.yml index 9f5bdd83..df7aafaa 100644 --- a/ansible/roles/doorgeefluik/tasks/main.yml +++ b/ansible/roles/doorgeefluik/tasks/main.yml @@ -23,6 +23,7 @@ - name: "ensure database user exists" community.postgresql.postgresql_user: name: "doorgeefluik" + role_attr_flags: "CREATEDB,LOGIN" become_user: "postgres" become: true @@ -34,11 +35,11 @@ become: true - name: "ensure database user has the right privileges" - community.postgresql.postgresql_user: + community.postgresql.postgresql_privs: db: "doorgeefluik" - name: "doorgeefluik" + role: "doorgeefluik" + objs: "ALL_IN_SCHEMA" priv: "ALL" - role_attr_flags: "CREATEDB,LOGIN" become_user: "postgres" become: true ignore_errors: "{{ ansible_check_mode }}"