From 0ce0c47c97f49bf1100351f69b7bbd4d6cc39f91 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Wed, 23 Oct 2019 09:44:56 +0200
Subject: [PATCH] remove pg_hba template and switch to module

---
 defaults/main.yml                        | 23 ++++++++++++++++++++---
 tasks/config.yml                         | 13 ++++++++++---
 templates/postgresql/data/pg_hba.conf.j2 | 10 ----------
 3 files changed, 30 insertions(+), 16 deletions(-)
 delete mode 100644 templates/postgresql/data/pg_hba.conf.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index 4e550f9..42f5329 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -48,6 +48,23 @@ postgres_users: []
 # @end
 
 postgres_hba_entries:
-  - {type: local, database: all, user: all, auth_method: peer}
-  - {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5}
-  - {type: host, database: all, user: all, address: '::1/128', auth_method: md5}
+  - contype: local
+    databases:
+      - all
+    users:
+      - all
+    auth_method: peer
+  - contype: host
+    databases:
+      - all
+    users:
+      - all
+    address: "127.0.0.1/32"
+    auth_method: md5
+  - contype: host
+    databases:
+      - all
+    users:
+      - all
+    address: '::1/128'
+    auth_method: md5
diff --git a/tasks/config.yml b/tasks/config.yml
index 5d7ac37..b53c3e0 100644
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -17,10 +17,17 @@
       when: item.pam_user | default(False)
 
     - name: Setup client authentication
-      template:
-        src: postgresql/data/pg_hba.conf.j2
+      postgresql_pg_hba:
         dest: "{{ __postgres_config_path }}/pg_hba.conf"
-        mode: 0600
+        contype: "{{ item.contype | default('local') }}"
+        users: "{{ item.users | default(['all'])) | join(',') }}"
+        address: "{{ item.address | default('samehost') }}"
+        databases: "{{ item.databases | default(['all'])) | join(',') }}"
+        method: "{{ item.auth_method | default('md5') }}"
+        state: "{{ item.state | default('present') }}"
+      loop: "{{ postgres_hba_entries }}"
+      loop_control:
+        label: "{{ item.address | default('samehost') }}:{{ item.databases | default(['all'])) | join(',') }}:{{ item.users | default(['all'])) | join(',') }}"
       notify: __postgres_restart
 
     - name: Open ports in iptables
diff --git a/templates/postgresql/data/pg_hba.conf.j2 b/templates/postgresql/data/pg_hba.conf.j2
deleted file mode 100644
index 3cb1dc7..0000000
--- a/templates/postgresql/data/pg_hba.conf.j2
+++ /dev/null
@@ -1,10 +0,0 @@
-{{ ansible_managed | comment }}
-# PostgreSQL Client Authentication Configuration File
-# ===================================================
-#
-# See: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
-
-# TYPE  DATABASE        USER            ADDRESS                 METHOD
-{% for client in postgres_hba_entries %}
-{{ client.type }} {{ client.database }} {{ client.user }} {{ client.address|default('') }} {{ client.ip_address|default('') }} {{ client.ip_mask|default('') }} {{ client.auth_method }} {{ client.auth_options|default("") }}
-{% endfor %}