From 8ceda248119bc9ea79e46b0dbe7832063f16f0db Mon Sep 17 00:00:00 2001
From: Sven Ketelsen <sven.ketelsen@arxes-tolina.de>
Date: Fri, 22 Oct 2021 07:34:33 +0200
Subject: [PATCH] bugfix: remove-database is bow idempotent

---
 roles/postgres/tasks/_postgres-acls.yml | 74 +++++++++++--------------
 1 file changed, 33 insertions(+), 41 deletions(-)

diff --git a/roles/postgres/tasks/_postgres-acls.yml b/roles/postgres/tasks/_postgres-acls.yml
index f41cd7b..7055f7f 100644
--- a/roles/postgres/tasks/_postgres-acls.yml
+++ b/roles/postgres/tasks/_postgres-acls.yml
@@ -6,54 +6,45 @@
 ###     - password
 ###     - trusted_cidr_entry [shared_service_network]
 
-- name: "Add/Remove pg_hba.conf entries for users/nodes/schemas"
+- name: "Updating pg_hba.conf entries for users/nodes/schemas"
   lineinfile:
     state: '{{ database_state }}'
     regex: '^host[ ]+{{ item.name }}[ ]+{{ item.name }}'
     line: 'host    {{ item.name }}    {{ item.name }}    {{ item.trusted_cidr_entry | default(shared_service_network) }} md5'
     path: /etc/postgresql/{{ default_postgres_version }}/main/pg_hba.conf
-  notify: pg_reload_conf
   with_items: "{{ postgres_acls }}"
+  notify: pg_reload_conf
 
-- name: "Check roles exist"
-  become: yes
-  become_user: postgres
+- name: "Checking roles exist"
   shell: "/usr/bin/psql -Atc \"SELECT count(rolname) FROM pg_roles where rolname='{{ item.name }}'\""
   with_items: "{{ postgres_acls }}"
   register: role_check
   changed_when: "role_check.stdout == '0'"
-  when:
-    - database_state == 'present'
-
-- debug:
-    msg: "DEBUGGING: database_state: {{ database_state }}"
-  when:
-   - debug
+  become_user: postgres
+  become: yes
 
-- name: "Check roles exist result"
+- name: "Checking roles exist"
   debug:
     msg: "{{ role_check }}"
   when:
    - debug
 
-- name: "Create roles if necessary"
-  become: yes
-  become_user: postgres
+- name: "Creating roles if necessary"
   shell: "/usr/bin/psql -c 'CREATE ROLE {{ item.item.name }} LOGIN;'"
+  with_items: "{{ role_check.results }}"
+  become_user: postgres
+  become: yes
   when:
     - database_state == 'present'
     - item.stdout == '0'
-  with_items: "{{ role_check.results }}"
 
-- name: "Check database exist"
-  become: yes
-  become_user: postgres
+- name: "Checking database exist"
   shell: "/usr/bin/psql -Atc \"SELECT count(*) FROM pg_database WHERE datname = '{{ item.name }}'\""
   with_items: "{{ postgres_acls }}"
   register: database_check
   changed_when: "database_check.stdout == '0'"
-  when:
-    - database_state == 'present'
+  become_user: postgres
+  become: yes
 
 - name: "Check databases exist result"
   debug:
@@ -61,44 +52,45 @@
   when:
    - debug
 
-- name: "Create Databases if necessary"
-  become: yes
-  become_user: postgres
+- name: "Creating Databases if necessary"
   shell: "/usr/bin/psql -c \"CREATE DATABASE {{ item.item.name }};\""
+  with_items: "{{ database_check.results }}"
+  become_user: postgres
+  become: yes
   when:
     - database_state == 'present'
     - item.stdout == '0'
-  with_items: "{{ database_check.results }}"
 
-- name: "DROP Databases if necessary"
-  become: yes
-  become_user: postgres
+- name: "Deleting Databases if necessary"
   shell: '/usr/bin/psql -c "DROP DATABASE {{ item.item.name }} WITH (FORCE);"'
+  with_items: "{{ database_check.results }}"
+  become_user: postgres
+  become: yes
   when: 
     - database_state == 'absent'
-  with_items: "{{ database_check.results }}"
+    - item.stdout == '1'
 
-- name: "DROP roles if necessary"
-  become: yes
-  become_user: postgres
+- name: "Deleting roles if necessary"
   shell: '/usr/bin/psql -c "DROP ROLE {{ item.item.name }};"'
+  with_items: "{{ role_check.results }}"
+  become_user: postgres
+  become: yes
   when:
     - database_state == 'absent'
-  with_items: "{{ role_check.results }}"
+    - item.stdout == '1'
 
-
-- name: "Change password with scram-sha-256! for users and set password"
-  become: yes
-  become_user: postgres
+- name: "Changing password with scram-sha-256! for users and set password"
   shell: "/usr/bin/psql -c \"set password_encryption = 'scram-sha-256';ALTER ROLE {{ item.name }} WITH PASSWORD '{{ item.password }}';\""
   with_items: "{{ postgres_acls }}"
+  become_user: postgres
+  become: yes
   when:
     - database_state == 'present'
 
-- name: "Change owners for databases"
-  become: yes
-  become_user: postgres
+- name: "Changing owners for databases"
   shell: "/usr/bin/psql -c \"ALTER DATABASE {{ item.name }} OWNER TO {{ item.name }};\""
   with_items: "{{ postgres_acls }}"
+  become_user: postgres
+  become: yes
   when:
     - database_state == 'present'