commit 04576810ded40f12524cceab01bed16a5c1a652f parent d234577c4ba2ff7cdee0a70aa72c0272db7dbe8d Author: Christian Grothoff <christian@grothoff.org> Date: Mon, 7 Apr 2025 20:08:55 +0200 fix auditor access Diffstat:
| M | roles/auditor/tasks/main.yml | | | 25 | +++++++++++++++---------- |
1 file changed, 15 insertions(+), 10 deletions(-)
diff --git a/roles/auditor/tasks/main.yml b/roles/auditor/tasks/main.yml @@ -116,42 +116,47 @@ group: root mode: "0400" -- name: Grant access to exchange database +- name: Grant usage to exchange and _v schema community.postgresql.postgresql_privs: database: taler-exchange state: present - privs: SELECT - schema: exchange - objs: ALL_IN_SCHEMA + privs: USAGE + objs: exchange,_v + type: schema role: taler-auditor-httpd grant_option: false become: true become_user: postgres -- name: Grant access to exchange database versioning +- name: Grant access to exchange database community.postgresql.postgresql_privs: database: taler-exchange state: present privs: SELECT - schema: _v + schema: exchange objs: ALL_IN_SCHEMA role: taler-auditor-httpd grant_option: false become: true become_user: postgres -- name: Grant usage to exchange database versioning +- name: Grant access to exchange database versioning community.postgresql.postgresql_privs: database: taler-exchange state: present - privs: USAGE - type: schema - objs: _v + privs: SELECT + schema: _v + objs: ALL_IN_SCHEMA role: taler-auditor-httpd grant_option: false become: true become_user: postgres +- name: Inject auditor logic into exchange database + ansible.builtin.command: + cmd: taler-exchange-dbinit -c /etc/taler-exchange/taler-exchange.conf --inject-auditor + chdir: /tmp + - name: Ensure taler-auditor service is enabled and started service: name: taler-auditor.target