#319 allow configurable Postgres authentication, correct local auth t…

…o peer
gdcc · Sep 15, 2023 · 7ec8179 · 7ec8179
1 parent 0cd9110
commit 7ec8179
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 3 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -267,6 +267,7 @@ db:
     enabled: true
     auth: scram-sha-256
     adminpass: DVn33dsth1s
+    adminuser: postgres
     name: dvndb
     host: localhost
     user: dvnuser

diff --git a/tasks/postgres.yml b/tasks/postgres.yml
@@ -109,14 +109,20 @@
 - meta: flush_handlers
 
 - name: dataverse python installer wants to be a postgres admin
-  postgresql_user:
-    name: postgres
+  community.postgresql.postgresql_user:
+    db: postgres
+    login_user: '{{ db.postgres.adminuser }}'
+    name: '{{ db.postgres.adminuser }}'
     password: '{{ db.postgres.adminpass }}'
+  become: true
+  become_user: postgres
   when: db.use_rds == false
 
 - name: create dataverse postgres database
   postgresql_db:
     name: '{{ db.postgres.name }}'
+  become: true
+  become_user: postgres
   when: db.use_rds == false
 
 - name: create dataverse postgres user, set permissions
@@ -125,6 +131,8 @@
     name: '{{ db.postgres.user }}'
     password: '{{ db.postgres.pass }}'
     role_attr_flags: 'NOSUPERUSER,CREATEDB,CREATEROLE,INHERIT,LOGIN'
+  become: true
+  become_user: postgres
   when: db.use_rds == false
 
 - name: postgresql 15 requires explicit permissions on public schema
@@ -134,6 +142,9 @@
     type: schema
     objs: public
     role: '{{ db.postgres.user }}'
+  become: true
+  become_user: postgres
+  when: db.use_rds == false
 
 - ansible.builtin.import_tasks: postgres_sequential_identifiers.yml
   when: dataverse.api.test_suite == true
diff --git a/tests/group_vars/jenkins.yml b/tests/group_vars/jenkins.yml
@@ -256,6 +256,7 @@ db:
   postgres:
     enabled: true
     adminpass: DVn33dsth1s
+    adminuser: postgres
     auth: scram-sha-256
     name: dvndb
     host: localhost

diff --git a/tests/group_vars/memorytests.yml b/tests/group_vars/memorytests.yml
@@ -258,6 +258,7 @@ db:
   postgres:
     enabled: true
     adminpass: DVn33dsth1s
+    adminuser: postgres
     auth: scram-sha-256
     name: dvndb
     host: localhost

diff --git a/tests/group_vars/vagrant.yml b/tests/group_vars/vagrant.yml
@@ -260,7 +260,8 @@ build_guides: false
 db:
   postgres:
     enabled: true
-    auth: trust
+    auth: scram-sha-256
+    adminuser: postgres
     adminpass: DVn33dsth1s
     name: vagrantdb
     host: localhost