From 22fc589988426cabad7f618177b8f234b74af8e9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20-=20Le=20Filament?= <remi@le-filament.com>
Date: Thu, 1 Dec 2022 12:34:27 +0100
Subject: [PATCH] [FIX] add userns in path

---
 tasks/main.yml | 26 ++++++++++++++++++++++----
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index 8de04d4..5d39262 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -603,20 +603,38 @@
 # --------------------------------------------------
 # Postgres Readonly user
 # --------------------------------------------------
-- name: PROD Allow readonly user connection to prod db
+- name: PROD Allow readonly user connection to prod db (with userns_remap)
+  blockinfile:
+    path: /var/lib/docker/{{ dockremap_subuid }}.{{ dockremap_subgid }}/volumes/odoo_db/_data/pg_hba.conf
+    block: |
+      host {{ odoo_prod.db }} {{ odoo_prod.db_user }} 172.16.0.0/12 md5
+      host postgres {{ odoo_prod.db_user }} 172.16.0.0/12 md5
+      host {{ odoo_prod.db }} {{ odoo_db_rouser }} all md5
+  when: odoo_remote_db_access and odoo_prod is defined and docker_userns_remap
+  tags: odoo_prod
+
+- name: PROD Allow readonly user connection to prod db (no userns_remap)
   blockinfile:
     path: /var/lib/docker/volumes/odoo_db/_data/pg_hba.conf
     block: |
       host {{ odoo_prod.db }} {{ odoo_prod.db_user }} 172.16.0.0/12 md5
       host postgres {{ odoo_prod.db_user }} 172.16.0.0/12 md5
       host {{ odoo_prod.db }} {{ odoo_db_rouser }} all md5
-  when: odoo_remote_db_access and odoo_prod is defined
+  when: odoo_remote_db_access and odoo_prod is defined and not docker_userns_remap
+  tags: odoo_prod
+
+- name: PROD Disable access all rights (with userns_remap)
+  lineinfile:
+    name: /var/lib/docker/{{ dockremap_subuid }}.{{ dockremap_subgid }}/volumes/odoo_db/_data/pg_hba.conf
+    regexp: "^host all all all md5"
+    line: "#host all all all md5"
+  when: odoo_remote_db_access and odoo_prod is defined and docker_userns_remap
   tags: odoo_prod
 
-- name: PROD Disable access all rights
+- name: PROD Disable access all rights (no userns_remap)
   lineinfile:
     name: /var/lib/docker/volumes/odoo_db/_data/pg_hba.conf
     regexp: "^host all all all md5"
     line: "#host all all all md5"
-  when: odoo_remote_db_access and odoo_prod is defined
+  when: odoo_remote_db_access and odoo_prod is defined and not docker_userns_remap
   tags: odoo_prod
-- 
GitLab