---

- name: Check params
  ansible.builtin.assert:
    that:
      - user is defined
      - database is defined
      - not(access_host is defined and password is not defined)

- name: Set up PostgreSQL
  ansible.builtin.include_role:
    name: postgresql-server

- name: Create user
  community.postgresql.postgresql_user:
    name: "{{ user }}"
    password: "{{ password | default(omit) }}"
  become: true
  become_user: postgres

- name: Create database
  community.postgresql.postgresql_db:
    name: "{{ database }}"
    owner: "{{ user }}"
  become: true
  become_user: postgres

- name: Get pg_hba.conf location
  community.postgresql.postgresql_query:
    query: SHOW hba_file
  become: true
  become_user: postgres
  register: postgres_hba_file_query

- name: Update pg_hba scram authentication
  community.postgresql.postgresql_pg_hba:
    contype: host
    users: "{{ user }}"
    source: "{{ access_host }}"
    databases: "{{ database }}"
    method: "scram-sha-256"
    dest: "{{ postgres_hba_file_query.query_result[0].hba_file }}"
  when: access_host is defined
  notify: Restart PostgreSQL