archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

postgresql_user: Add support for PUBLIC

Browse Source 
This change enables users to add and remove permissions to all roles,
using the PUBLIC user. This is equivalent to using the PUBLIC keyword
in GRANT and DENY postgres SQL commands.

For example, see: <http://www.postgresql.org/docs/current/interactive/sql-grant.html>

Fixes #1833
pull/2128/head
Lorin Hochstein 12 years ago
parent f06cb8c8b1
commit 4a90e2b50a
1 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File

21
library/postgresql_user
Unescape Escape View File

@ -129,6 +129,9 @@ else:
def user_exists(cursor, user): def user_exists(cursor, user):
# The PUBLIC user is a special case that is always there
if user == 'PUBLIC':
return True
query = "SELECT rolname FROM pg_roles WHERE rolname=%(user)s" query = "SELECT rolname FROM pg_roles WHERE rolname=%(user)s"
cursor.execute(query, {'user': user}) cursor.execute(query, {'user': user})
return cursor.rowcount > 0 return cursor.rowcount > 0
@ -144,6 +147,14 @@ def user_alter(cursor, user, password, role_attr_flags):
"""Change user password""" """Change user password"""
changed = False changed = False
if user == 'PUBLIC':
if password is not None:
module.fail_json(msg="cannot change the password for PUBLIC user")
elif role_attr_flags != '':
module.fail_json(msg="cannot change the role_attr_flags for PUBLIC user")
else:
return False
# Handle passwords. # Handle passwords.
if password is not None or role_attr_flags is not None: if password is not None or role_attr_flags is not None:
# Select password and all flag-like columns in order to verify changes. # Select password and all flag-like columns in order to verify changes.
@ -241,14 +252,20 @@ def has_database_privilege(cursor, user, db, priv):
def grant_database_privilege(cursor, user, db, priv): def grant_database_privilege(cursor, user, db, priv):
prev_priv = get_database_privileges(cursor, user, db) prev_priv = get_database_privileges(cursor, user, db)
query = 'GRANT %s ON DATABASE \"%s\" TO \"%s\"' % (priv, db, user) if user == "PUBLIC":
query = 'GRANT %s ON DATABASE \"%s\" TO PUBLIC' % (priv, db)
else:
query = 'GRANT %s ON DATABASE \"%s\" TO \"%s\"' % (priv, db, user)
cursor.execute(query) cursor.execute(query)
curr_priv = get_database_privileges(cursor, user, db) curr_priv = get_database_privileges(cursor, user, db)
return len(curr_priv) > len(prev_priv) return len(curr_priv) > len(prev_priv)
def revoke_database_privilege(cursor, user, db, priv): def revoke_database_privilege(cursor, user, db, priv):
prev_priv = get_database_privileges(cursor, user, db) prev_priv = get_database_privileges(cursor, user, db)
query = 'REVOKE %s ON DATABASE \"%s\" FROM \"%s\"' % (priv, db, user) if user == "PUBLIC":
query = 'REVOKE %s ON DATABASE \"%s\" FROM PUBLIC' % (priv, db)
else:
query = 'REVOKE %s ON DATABASE \"%s\" FROM \"%s\"' % (priv, db, user)
cursor.execute(query) cursor.execute(query)
curr_priv = get_database_privileges(cursor, user, db) curr_priv = get_database_privileges(cursor, user, db)
return len(curr_priv) < len(prev_priv) return len(curr_priv) < len(prev_priv)

Write Preview
Loading…
Cancel
Save