ANXS / postgresql

Fairly full featured Ansible role for Postgresql.
http://anxs.io/
MIT License
855 stars 576 forks source link

Extensions as correct user #349

Closed gclough closed 6 years ago

gclough commented 6 years ago

In high-security environments, adding extensions fail unless you do it as the correct user.

gclough commented 6 years ago

Extensions still work with this config:

TASK [ANXS.postgresql : PostgreSQL | Add extensions to the databases] **********
changed: [postgresql-9.4] => (item=({u'db': u'foobar'}, u'adminpack'))
changed: [postgresql-10] => (item=({u'db': u'foobar'}, u'adminpack'))
changed: [postgresql-9.6] => (item=({u'db': u'foobar'}, u'adminpack'))
changed: [postgresql-9.5] => (item=({u'db': u'foobar'}, u'adminpack'))
changed: [postgresql-9.3] => (item=({u'db': u'foobar'}, u'adminpack'))
changed: [postgresql-10] => (item=({u'db': u'foobar'}, u'pgcrypto'))
changed: [postgresql-9.4] => (item=({u'db': u'foobar'}, u'pgcrypto'))
changed: [postgresql-9.6] => (item=({u'db': u'foobar'}, u'pgcrypto'))
changed: [postgresql-9.5] => (item=({u'db': u'foobar'}, u'pgcrypto'))
changed: [postgresql-9.3] => (item=({u'db': u'foobar'}, u'pgcrypto'))
changed: [postgresql-10] => (item=({u'db': u'foobar'}, u'unaccent'))
changed: [postgresql-9.6] => (item=({u'db': u'foobar'}, u'unaccent'))
changed: [postgresql-9.3] => (item=({u'db': u'foobar'}, u'unaccent'))
changed: [postgresql-9.5] => (item=({u'db': u'foobar'}, u'unaccent'))
changed: [postgresql-9.4] => (item=({u'db': u'foobar'}, u'unaccent'))

... but they will also now work when root is not allowed to login to PostgreSQL in the pg_hba.conf