ANXS · ArmiT · Dec 22, 2015 · Dec 24, 2015 · Jan 13, 2016 · nchudleigh
diff --git a/README.md b/README.md
@@ -60,6 +60,13 @@ postgresql_user_privileges:
     db: foobar                  # database
     priv: "ALL"                 # privilege string format: example: INSERT,UPDATE/table:SELECT/anothertable:ALL
     role_attr_flags: "CREATEDB" # role attribute flags
+
+# List of database privileges to be applied (optional)
+postgresql_db_privileges:
+  - db: foobar                  # database
+    roles: baz                  # roles for grant or revoke privileges
+    objs: "ALL_IN_SCHEMA"       # Comma separated list of database objects to set privileges on  
+    grant: yes
 ```
 
 There's a lot more knobs and bolts to set, which you can find in the defaults/main.yml

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -38,6 +38,9 @@ postgresql_users: []
 # List of user privileges to be applied (optional)
 postgresql_user_privileges: []
 
+# List of database privileges to be applied (optional)
+postgresql_db_priveleges: []
-postgresql_db_priveleges: []
+postgresql_db_privileges: []
-postgresql_db_priveleges: []
+postgresql_db_privileges: []
+
 # pg_hba.conf
 postgresql_pg_hba_default:
   - { type: local, database: all, user: '{{ postgresql_admin_user }}', address: '', method: '{{ postgresql_default_auth_method }}', comment: '' }

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -26,8 +26,8 @@
 - include: databases.yml
   tags: [postgresql, postgresql-databases]
 
-- include: users_privileges.yml
-  tags: [postgresql, postgresql-users]
+- include: privileges.yml
+  tags: [postgresql, postgresql-privileges]
 
 - include: monit.yml
   when: monit_protection is defined and monit_protection == true

diff --git a/tasks/privileges.yml b/tasks/privileges.yml
@@ -0,0 +1,37 @@
+# file: postgresql/tasks/privileges.yml
+
+- name: PostgreSQL | Ensure PostgreSQL is running
+  service:
+    name: "{{ postgresql_service_name }}"
+    state: started
+
+- name: PostgreSQL | Update the user privileges
+  postgresql_user:
+    name: "{{item.name}}"
+    db: "{{item.db | default(omit)}}"
+    port: "{{postgresql_port}}"
+    priv: "{{item.priv | default(omit)}}"
+    state: present
+    login_host: "{{item.host | default(omit)}}"
+    login_user: "{{postgresql_admin_user}}"
+    role_attr_flags: "{{item.role_attr_flags | default(omit)}}"
+  sudo: yes
+  sudo_user: "{{postgresql_admin_user}}"
+  with_items: postgresql_user_privileges
+
+- name: PostgreSQL | Make sure the PostgreSQL privileges are present
+  postgresql_privs:
+    database: "{{ item.db }}"
+    grant_option: "{{ item.grant | default(no) }}"
+    host: "{{ item.host | default(\"127.0.0.1\") }}"
+    login: "{{ item.login | default(postgresql_admin_user) }}"
+    objs: "{{ item.objs | default(omit) }}"
+    password: "{{ item.password | default(\"\") }}"
+    privs: "{{ item.privs | default(\"ALL\") }}"
+    roles: "{{ item.roles | default(\"PUBLIC\") }}"
+    schema: "{{ item.schema | default(omit) }}"
+    state: "{{ item.state | default(\"present\") }}"
+    type: "{{ item.type | default(\"table\") }}"
+  sudo: yes
+  sudo_user: "{{postgresql_admin_user}}"
+  with_items: postgresql_db_priveleges
-  with_items: postgresql_db_priveleges
+  with_items: postgresql_db_privileges
-  with_items: postgresql_db_priveleges
+  with_items: postgresql_db_privileges
diff --git a/tasks/users_privileges.yml b/tasks/users_privileges.yml
diff --git a/tests/vars.yml b/tests/vars.yml
@@ -17,3 +17,11 @@ postgresql_users:
 postgresql_user_privileges:
   - name: baz
     db: foobar
+
+postgresql_db_priveleges:
-postgresql_db_priveleges:
+postgresql_db_privileges:
-postgresql_db_priveleges:
+postgresql_db_privileges:
+  - db: foobar
+    objs: "ALL_IN_SCHEMA"
+    schema: "public"
+    state: present
+    roles: baz
+    grant: yes