Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New module postgresql_membership: Add or remove PostgreSQL roles from groups #53733

Open
wants to merge 2 commits into
base: devel
from

Conversation

Projects
None yet
3 participants
@Andersson007
Copy link
Contributor

Andersson007 commented Mar 13, 2019

SUMMARY

Adds or removes PostgreSQL roles from groups (other roles)

Implements role membership https://www.postgresql.org/docs/current/role-membership.html.

Users are roles with login privilege.
Groups are PostgreSQL roles usually without LOGIN privelege.

Common use case:

  1. add a new group (groups) by postgresql_user module
  2. grant them desired privileges by postgresql_privs module
  3. add desired PostgreSQL users to the new group (groups) by this module
ISSUE TYPE
  • New Module Pull Request
MAIN OPTIONS
  • groups [group, source_role, source_roles]: The list of groups (roles) that need to be granted to or revoked from I(target_roles).
  • target_roles [target_role, users, user]: The list of target roles (groups will be granted to them).
  • fail_on_role: If yes, fail when group or target_role doesn't exist. If no, just warn and continue.
EXAMPLES
- name: Grant role read_only to alice and bob
  postgresql_membership:
    group: read_only
    target_roles:
    - alice
    - bob
    state: present

- name: Revoke role read_only and exec_func from bob. Ignore if roles don't exist
  postgresql_membership:
    groups:
    - read_only
    - exec_func
    target_role: bob
    fail_on_role: no
    state: absent
RETURNS
queries:
    description: List of executed queries.
    returned: always
    type: str
    sample: [ "GRANT \"user_ro\" TO \"alice\"" ]
granted:
    description: Dict of granted groups and roles.
    returned: if I(state=present)
    type: dict
    sample: { "ro_group": [ "alice", "bob" ] }
revoked:
    description: Dict of revoked groups and roles.
    returned: if I(state=absent)
    type: dict
    sample: { "ro_group": [ "alice", "bob" ] }
state:
    description: Membership state that tried to be set.
    returned: always
    type: str
    sample: "present"
OUTPUT EXAMPLE
    "changed": true, 
    "granted": {
        "group1": [
            "user1"
        ], 
        "group2": [
            "user1"
        ]
    }, 
    "groups": [
        "group1", 
        "group2"
    ], 
    "queries": [
        "GRANT \"group1\" TO \"user1\"", 
        "GRANT \"group2\" TO \"user1\""
    ], 
    "state": "present", 
    "target_roles": [
        "user1"
    ]
@Andersson007

This comment has been minimized.

Copy link
Contributor Author

Andersson007 commented Mar 13, 2019

ready_for_review

@ansibot

This comment has been minimized.

Copy link
Contributor

ansibot commented Mar 13, 2019

@Dorn- @andytom @antoinell @archf @b6d @dschep @jbscalia @jensdepuydt @kostiantyn-nemchenko @kustodian @matburt @nerzhul @sebasmannem @wrouesnel

As a maintainer of a module in the same namespace this new module has been submitted to, your vote counts for shipits. Please review this module and add shipit if you would like to see it merged.

click here for bot help

@Andersson007 Andersson007 force-pushed the Andersson007:postgresql_membership branch from 08e6997 to 81d5f1d Mar 18, 2019

@Andersson007 Andersson007 force-pushed the Andersson007:postgresql_membership branch from 81d5f1d to 0a1c66c Mar 21, 2019

@tcraxs

This comment has been minimized.

Copy link
Contributor

tcraxs commented Mar 21, 2019

shipit

@Andersson007

This comment has been minimized.

Copy link
Contributor Author

Andersson007 commented Mar 21, 2019

@tcraxs , thanks for the review!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.