From 561ae8423deb8518e85ab70045b36ad5aa431df2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Thu, 5 Sep 2013 17:23:58 +0000
Subject: [PATCH] Separate DB user privileges from creation

(race condition)
---
 playbooks/groups/mailman.yml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/playbooks/groups/mailman.yml b/playbooks/groups/mailman.yml
index dfddebb96d..bec2f8b68b 100644
--- a/playbooks/groups/mailman.yml
+++ b/playbooks/groups/mailman.yml
@@ -70,17 +70,14 @@
       postgresql_user: name=hyperkittyadmin password=$mailman_hk_admin_db_pass
     - name: hyperkitty DB user
       postgresql_user: name=hyperkittyapp password=$mailman_hk_db_pass
-                       db=hyperkitty priv=SELECT,INSERT,UPDATE,DELETE
     - name: kittystore DB admin user
       postgresql_user: name=kittystoreadmin password=$mailman_ks_admin_db_pass
     - name: kittystore DB user
       postgresql_user: name=kittystoreapp password=$mailman_ks_db_pass
-                       db=kittystore priv=SELECT,INSERT,UPDATE,DELETE
     - name: postorius DB admin user
       postgresql_user: name=postoriusadmin password=$mailman_ps_admin_db_pass
     - name: postorius DB user
       postgresql_user: name=postoriusapp password=$mailman_ps_db_pass
-                       db=postorius priv=SELECT,INSERT,UPDATE,DELETE
     - name: databases creation
       postgresql_db: name=$item owner=${item}admin encoding=UTF-8
       with_items:
@@ -88,6 +85,13 @@
         - hyperkitty
         - kittystore
         - postorius
+    - name: database users permissions
+      postgresql_privs: database=$item role=${item}app
+                        priv=SELECT,INSERT,UPDATE,DELETE
+      with_items:
+        - hyperkitty
+        - kittystore
+        - postorius
 
 
 # Real MM/HK-specific work