Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PostgreSQL - granting privileges to all functions in schema not supported #49581

Open
jehlert opened this issue Sep 8, 2018 · 6 comments
Open

PostgreSQL - granting privileges to all functions in schema not supported #49581

jehlert opened this issue Sep 8, 2018 · 6 comments
Labels
Execution-Module Feature new functionality including changes to functionality and code refactors, etc.
Milestone
Approved

Comments

@jehlert
Copy link

jehlert commented Sep 8, 2018
edited by Ch3LL

Description of Issue/Question

It's appropriate in PostgreSQL to grant privileges to all functions within a schema. PostgreSQL syntax - GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA <schema_name> to <role_name>; This currently is not support in the postgresql module

When doing it via salt, the following is produced - GRANT EXECUTE ON FUNCTION ALL IN SCHEMA <schema_name> TO <role_name>.

Here is the line in the PostgreSQL module - https://github.com/saltstack/salt/blob/develop/salt/modules/postgres.py#L2947
Not sure why functions are handled differently than table and sequences.

Setup

Example:

postgres:
  groups:
    - name: my_role
      db: test_db
      privileges:
        - resource: ALL
          type: function
          prepend: test_schema
          privs:
            - EXECUTE

Steps to Reproduce Issue

Versions Report

Salt Version:
Salt: 2018.3.2

Dependency Versions:
cffi: 1.11.2
cherrypy: unknown
dateutil: 2.7.2
docker-py: Not Installed
gitdb: Not Installed
gitpython: Not Installed
ioflo: Not Installed
Jinja2: 2.10
libgit2: Not Installed
libnacl: Not Installed
M2Crypto: Not Installed
Mako: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.5.1
mysql-python: Not Installed
pycparser: 2.18
pycrypto: 2.6.1
pycryptodome: Not Installed
pygit2: Not Installed
Python: 2.7.5 (default, Apr 11 2018, 07:36:10)
python-gnupg: Not Installed
PyYAML: 3.12
PyZMQ: 15.3.0
RAET: Not Installed
smmap: Not Installed
timelib: Not Installed
Tornado: 4.2.1
ZMQ: 4.1.5

System Versions:
dist: centos 7.5.1804 Core
locale: UTF-8
machine: x86_64
release: 3.10.0-862.3.2.el7.x86_64
system: Linux
version: CentOS Linux 7.5.1804 Core
@Ch3LL
Copy link
Contributor

Ch3LL commented Sep 10, 2018

looks like we just need to add the ability to do this for functions as well. Also the ability to add ALL to tables and sequences was added here: #36280 just as an fyi for whoever tackles this issue.

@Ch3LL Ch3LL added Feature new functionality including changes to functionality and code refactors, etc. Execution-Module labels Sep 10, 2018
@Ch3LL Ch3LL added this to the Approved milestone Sep 10, 2018
@stale
Copy link

stale bot commented Jan 9, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

@stale stale bot added the stale label Jan 9, 2020
@anitakrueger
Copy link
Contributor

This is still a problem...

@stale
Copy link

stale bot commented Jan 9, 2020

Thank you for updating this issue. It is no longer marked as stale.

@stale stale bot removed the stale label Jan 9, 2020
@maxammann
Copy link

Still a problem :)

@eriko
Copy link

eriko commented May 24, 2022

Still as problem

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Execution-Module Feature new functionality including changes to functionality and code refactors, etc.
Projects
None yet
Milestone
Approved
Development

No branches or pull requests
5 participants
@eriko @maxammann @anitakrueger @jehlert @Ch3LL