From 0bc31eb27e3b63fdc4f191058736ad11e24a1c92 Mon Sep 17 00:00:00 2001
From: shtlrs <amrbellalouna@gmail.com>
Date: Tue, 14 May 2024 19:34:07 +0200
Subject: [PATCH] add the task that configures host based authentication

---
 ansible/roles/postgres/tasks/main.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/ansible/roles/postgres/tasks/main.yml b/ansible/roles/postgres/tasks/main.yml
index 034ff9c9..b605093b 100644
--- a/ansible/roles/postgres/tasks/main.yml
+++ b/ansible/roles/postgres/tasks/main.yml
@@ -32,3 +32,19 @@
   become_user: "{{ postgres_user }}"
   tags:
     - role::postgres
+
+
+- name: Set host based authentication rules for all postgres users at once
+  ansible.builtin.blockinfile:
+    path: /etc/postgresql/{{ postgres_version }}/main/pg_hba.conf
+    insertafter: "# Put your actual configuration here"
+    marker: "# {mark} ANSIBLE MANAGED HBA CONF BLOCK"
+    block: |
+      {% for db in postgres_databases %}
+      host    {{ db.name }}    {{ db.owner }}    all    scram-sha-256
+      {% endfor %}
+  loop: "{{ postgres_databases }}"
+  notify:
+    - Reload the postgres service
+  tags:
+    - role::postgres