From 46e2a6e0e44ebefebf53b9d17367254941b4a0b3 Mon Sep 17 00:00:00 2001
From: Oleksandr Stepanov <alexandrst88@gmail.com>
Date: Wed, 27 Nov 2024 14:51:33 +0100
Subject: [PATCH 1/4] feat: Added user with backup permissions only

---
 defaults/main.yml     |  3 +++
 tasks/replication.yml | 10 ++++++++++
 2 files changed, 13 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index 9c63663..7b2a818 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -64,6 +64,9 @@ postgres_replica_user_password: ""
 postgres_replica_auth_method: "scram-sha-256"
 postgres_replication_bind_address: ""
 postgres_replica_address: ""
+backup_db_user: ""
+backup_db_password: ""
+backup_db_name: ""
 
 # Enable TLS for traefik
 enable_tls: false
diff --git a/tasks/replication.yml b/tasks/replication.yml
index b313c8d..f7c1681 100644
--- a/tasks/replication.yml
+++ b/tasks/replication.yml
@@ -40,3 +40,13 @@
     login_user: "{{ database_username }}"
     login_password: "{{ database_password }}"
     query: "SELECT pg_reload_conf()"
+
+- name: Create postgres replication user
+  community.postgresql.postgresql_user:
+    login_host: "{{ postgres_replication_bind_address }}"
+    login_user: "{{ database_username }}"
+    login_password: "{{ database_password }}"
+    name: "{{ backup_db_user }}"
+    password: "{{ backup_db_password }}"
+    db: "{{ backup_db_name }}"
+    priv: "pg_read_all_data"

From 69777ac4e845ed59eb74645487556ab9df792a53 Mon Sep 17 00:00:00 2001
From: Oleksandr Stepanov <alexandrst88@gmail.com>
Date: Wed, 27 Nov 2024 15:08:46 +0100
Subject: [PATCH 2/4] feat: Added user with backup permissions only

---
 tasks/replication.yml | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/tasks/replication.yml b/tasks/replication.yml
index f7c1681..7a82571 100644
--- a/tasks/replication.yml
+++ b/tasks/replication.yml
@@ -41,12 +41,17 @@
     login_password: "{{ database_password }}"
     query: "SELECT pg_reload_conf()"
 
-- name: Create postgres replication user
+- name: Create postgres backup user
   community.postgresql.postgresql_user:
     login_host: "{{ postgres_replication_bind_address }}"
     login_user: "{{ database_username }}"
     login_password: "{{ database_password }}"
     name: "{{ backup_db_user }}"
     password: "{{ backup_db_password }}"
-    db: "{{ backup_db_name }}"
-    priv: "pg_read_all_data"
+
+- name: Grant role read_only to alice and bob
+  community.postgresql.postgresql_membership:
+    group: pg_read_all_data
+    target_roles:
+    - "{{ backup_db_user }}"
+    state: present

From 2eb2b1f6d46acaf83e3018903f33c4f8174b976d Mon Sep 17 00:00:00 2001
From: Oleksandr Stepanov <alexandrst88@gmail.com>
Date: Wed, 27 Nov 2024 15:12:12 +0100
Subject: [PATCH 3/4] feat: Added user with backup permissions only

---
 tasks/replication.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tasks/replication.yml b/tasks/replication.yml
index 7a82571..01d9a4d 100644
--- a/tasks/replication.yml
+++ b/tasks/replication.yml
@@ -49,8 +49,11 @@
     name: "{{ backup_db_user }}"
     password: "{{ backup_db_password }}"
 
-- name: Grant role read_only to alice and bob
+- name: Grant role pg_read_all_data to backup user
   community.postgresql.postgresql_membership:
+    login_host: "{{ postgres_replication_bind_address }}"
+    login_user: "{{ database_username }}"
+    login_password: "{{ database_password }}"
     group: pg_read_all_data
     target_roles:
     - "{{ backup_db_user }}"

From 60333c40da9d1ef9f19a0ccf86e35ddf36005bc2 Mon Sep 17 00:00:00 2001
From: Oleksandr Stepanov <alexandrst88@gmail.com>
Date: Wed, 27 Nov 2024 15:24:20 +0100
Subject: [PATCH 4/4] feat: Added user with backup permissions only

---
 tasks/replication.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/replication.yml b/tasks/replication.yml
index 01d9a4d..8fe09b6 100644
--- a/tasks/replication.yml
+++ b/tasks/replication.yml
@@ -56,5 +56,5 @@
     login_password: "{{ database_password }}"
     group: pg_read_all_data
     target_roles:
-    - "{{ backup_db_user }}"
+      - "{{ backup_db_user }}"
     state: present