From ae6c2b65082be4946a1707f4a7f2d851f9fe2713 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Kone=C4=8Dn=C3=BD?= <mkonecny@redhat.com>
Date: Thu, 30 Mar 2023 14:10:28 +0200
Subject: [PATCH] [postgresql_server] Grant datanommer_ro access to datanommer2
 db
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The datanommer_ro user was created in the task, but never got privilege to read
from datanommer2 db. This commit is fixing that.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
---
 roles/postgresql_server/tasks/datanommer.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/roles/postgresql_server/tasks/datanommer.yml b/roles/postgresql_server/tasks/datanommer.yml
index 0473853311..9861bb0210 100644
--- a/roles/postgresql_server/tasks/datanommer.yml
+++ b/roles/postgresql_server/tasks/datanommer.yml
@@ -75,6 +75,13 @@
         owner: "{{ datanommerDBUser }}"
         encoding: UTF-8
 
+    - name: grant datanommer_ro read only access to datanommer2
+      postgresql_privs:
+        database: datanommer2
+        privs: SELECT
+        objs: ALL_IN_SCHEMA
+        roles: datanommer_ro
+
     # Enable timescaledb
     - name: enable timescaledb
       postgresql_ext: