---

### properties:
###   postgres_acls:
###     - name
###     - user
###     - password
###     - trusted_cidr_entry [default_private_network]

- debug:
    msg: "{{ postgres_acls }}"
  tags:
    - postgres_acls
:1
- name: "Add pg_hba entries for users/nodes/schemas .."
  lineinfile:
    state: present
    regex: '^host[ ]+{{ item.name }}[ ]+{{ item.user }}'
    line: 'host    {{ item.name }}    {{ item.user }}    {{ item.trusted_cidr_entry | default(default_private_network) }} md5'
    path: /etc/postgresql/{{ default_postgres_version }}/main/pg_hba.conf
  with_items: "{{ postgres_acls }}"
  tags:
    - postgres_acls

- name: Check role exists
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql -Atc \"SELECT count(rolname) FROM pg_roles where rolname='{{ item.user }}'\""
  with_items: "{{ postgres_acls }}"
  register: role_check
  changed_when: "role_check.stdout == '0'"
  tags:
    - postgres_acls

- name: Create role if necessary
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql -c 'CREATE ROLE {{ item.item.name }} LOGIN;'"
  when: item.stdout == '0'
  with_items: "{{ role_check.results }}"
  tags:
    - postgres_acls

- name: "check databases exists"
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql -Atc \"SELECT count(*) FROM pg_database WHERE datname = '{{ item.name }}'\""
  with_items: "{{ postgres_acls }}"
  register: database_check
  changed_when: "database_check.stdout == '0'"
  tags:
    - postgres_acls

- name: "Create Databases if necessary"
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql -c \"CREATE DATABASE {{ item.item.name }};\""
  when: item.stdout == '0'
  with_items: "{{ database_check.results }}"
  tags:
    - postgres_acls

- name: Change password with scram-sha-256! for users and set password
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql -c \"set password_encryption = 'scram-sha-256';ALTER ROLE {{ item.user }} WITH PASSWORD '{{ item.password }}';\""
  with_items: "{{ postgres_acls }}"
  register: role_check
  tags:
    - postgres_acls

- name: "Change owners for databases"
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql -c \"ALTER DATABASE {{ item.name }} OWNER TO {{ item.user }};\""
  with_items: "{{ postgres_acls }}"
  register: role_check
  tags:
    - postgres_acls