Merge pull request #202 from elventear/postgresql_user

Docs for postgresql_user recent changes
2024-09-14 20:13:21 +02:00 · 2012-08-27 18:53:12 -07:00 · 2012-08-27 18:53:12 -07:00 · c4522d9f29
commit c4522d9f29
parent b57e9c9a27 514f491514
2 changed files with 29 additions and 4 deletions
--- a/rst/modules/postgresql_db.rst
+++ b/rst/modules/postgresql_db.rst
@ -29,6 +29,8 @@ host before using this module.
 +--------------------+----------+----------+----------------------------------------------------------------------------+
 | login_host         | no       |          | host running PostgreSQL. Default (blank) implies localhost                 |
 +--------------------+----------+----------+----------------------------------------------------------------------------+
+| owner              | no       |          | name of the role to set as owner of the database                           |
+--------------------+----------+----------+----------------------------------------------------------------------------+
 | state              |          | present  | 'absent' or 'present'                                                      |
 +--------------------+----------+----------+----------------------------------------------------------------------------+

--- a/rst/modules/postgresql_user.rst
+++ b/rst/modules/postgresql_user.rst
@ -5,8 +5,8 @@ postgresql_user

 .. versionadded:: 0.6

-Add or remove PostgreSQL users (roles) from a remote host, and grant the users
-access to an existing database.
+Add or remove PostgreSQL users (roles) from a remote host and, optionally, grant the users
+access to an existing database or tables.

 The default authentication assumes that you are either logging in as or
 sudo'ing to the postgres account on the host.
@ -25,7 +25,11 @@ host before using this module.
 +--------------------+----------+----------+----------------------------------------------------------------------------+
 | password           | yes      |          | set the user's password                                                    |
 +--------------------+----------+----------+----------------------------------------------------------------------------+
-| db                 | yes      |          | name of an existing database to grant user access to                       |
+| db                 | no       |          | name of database where permissions will be granted                         |
+--------------------+----------+----------+----------------------------------------------------------------------------+
+| priv               | no       |          | PostgreSQL privileges string in the format: table:priv1,priv2              |
+--------------------+----------+----------+----------------------------------------------------------------------------+
+| fail_on_user       | no       | yes      | if yes, fail when user can't be removed. Otherwise just log and continue   |
 +--------------------+----------+----------+----------------------------------------------------------------------------+
 | login_user         | no       | postgres | user (role) used to authenticate with PostgreSQL                           |
 +--------------------+----------+----------+----------------------------------------------------------------------------+
@ -36,7 +40,26 @@ host before using this module.
 | state              |          | present  | 'absent' or 'present'                                                      |
 +--------------------+----------+----------+----------------------------------------------------------------------------+

+The fundamental function of the module is to create, or delete, roles from a PostgreSQL cluster. 
+Privilege assignment, or removal, is an optional step, which works on one database at a time.
+This allows for the module to be called several times in the same module to modify the permissions on 
+different databases, or to grant permissions to already existing users. 
+
+A user cannot be removed untill all the privileges have been stripped from the user. In such situation,
+if the module tries to remove the user it will fail. To avoid this from happening the *fail_on_user* option
+signals the module to try to remove the user, but if not possible keep going; the module will report if changes
+happened and separately if the user was removed or not.
+
+Example privileges string format:
+    
+    INSERT,UPDATE/table:SELECT/anothertable:ALL

 Example action from Ansible :doc:`playbooks`::

-    postgresql_user db=acme user=django password=ceec4eif7ya
+    - name: Create django user and grant access to database and products table
+      postgresql_user db=acme user=django password=ceec4eif7ya privs=CONNECT/products:ALL
+    
+    - name: Remove test user privileges from acme
+      postgresql_user db=acme user=test privs=ALL/products:ALL state=absent fail_on_user=no
+    - name: Remove test user from test database and the cluster
+      postgresql_user db=test user=test privs=ALL state=absent