Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
add support for group roles to postgresql_user #11035
Issue Type: Feature Idea
The postgresql_user module doesn't have any provision to manage role membership within other roles (groups). This makes it impossible to manage complex role structures using postgresql_user.
This is typically handled with a grant, or create/alter role syntax:
GRANT role_name [, ...] TO role_name [, ...]
CREATE ROLE name [ [ WITH ] option [ ... ] ]
Relevant documentation links:
Steps To Reproduce:
I would expect that ansible generate SQL equivalent to the following:
changed the title from
postgresql_user doesn't handle "group" roles.
add support for group roles to postgresql_user
May 26, 2015
It's already possible to create/manage group roles with postgresql_user and postgresql_privs, although it's not too intuitive.
Per the above, it seems the postgresql modules writers have made the design decision to separate priv creation from user creation, so I'm going to close this at this time.
If you have any further questions, please let us know by stopping by one of the two mailing lists, as appropriate:
Because this project is very active, we're unlikely to see comments made on closed tickets, but the mailing list is a great way to ask questions, or post if you don't think this particular issue is resolved.
Since I'm on github but not the ansible mailing list I'll comment here in spite of the advice above.
I think it is a mistake to close this issue as a valid design choice on the part of the module authors. The authors of the postgresql database clearly made the opposite choice. They provide the feature of group roles with inheritance for a purpose, and it is widely used for that purpose. It is an extremely unwise design choice to make this feature inaccessible from the ansible module.
The third example in the comment by MannerMan was just pointed out to me. This does support the use of the postgresql feature, so that solves the main problem. The remaining problem, which should be regarded as a documentation bug, is that the ansible documents do not describe the usage shown in the example. The use of the objs parameter to hold a group role name is not mentioned in the documents. Assuming it works, which I've not yet tried, this important case should be documented.
The problem is how the module implements groups as a privilege, not as an object by itself. It will be more intuitive to count with a
Although, it must be mentioned that the current implementation actually relies more on the concept of