Update docs for expire option in postgresql_user (#32418)

This fix adds documentation update and example update
for user's password expiration option 'expire' in postgresql_user.
Now, option is more clear and explicit about default value.

Fixes: #30195

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
pull/33616/head
Abhijeet Kasurde 7 years ago committed by ansibot
parent c098c42ab9
commit 61ca2a711d

@ -45,80 +45,68 @@ options:
C('str[\\"md5\\"] + md5[ password + username ]'), resulting in a total of 35 characters. An easy way to do this is: C('str[\\"md5\\"] + md5[ password + username ]'), resulting in a total of 35 characters. An easy way to do this is:
C(echo \\"md5`echo -n \\"verysecretpasswordJOE\\" | md5`\\"). Note that if the provided password string is already in C(echo \\"md5`echo -n \\"verysecretpasswordJOE\\" | md5`\\"). Note that if the provided password string is already in
MD5-hashed format, then it is used as-is, regardless of encrypted parameter. MD5-hashed format, then it is used as-is, regardless of encrypted parameter.
required: false
default: null default: null
db: db:
description: description:
- name of database where permissions will be granted - name of database where permissions will be granted
required: false
default: null default: null
fail_on_user: fail_on_user:
description: description:
- if C(yes), fail when user can't be removed. Otherwise just log and continue - if C(yes), fail when user can't be removed. Otherwise just log and continue
required: false
default: 'yes' default: 'yes'
choices: [ "yes", "no" ] choices: [ "yes", "no" ]
port: port:
description: description:
- Database port to connect to. - Database port to connect to.
required: false
default: 5432 default: 5432
login_user: login_user:
description: description:
- User (role) used to authenticate with PostgreSQL - User (role) used to authenticate with PostgreSQL
required: false
default: postgres default: postgres
login_password: login_password:
description: description:
- Password used to authenticate with PostgreSQL - Password used to authenticate with PostgreSQL
required: false
default: null default: null
login_host: login_host:
description: description:
- Host running PostgreSQL. - Host running PostgreSQL.
required: false
default: localhost default: localhost
login_unix_socket: login_unix_socket:
description: description:
- Path to a Unix domain socket for local connections - Path to a Unix domain socket for local connections
required: false
default: null default: null
priv: priv:
description: description:
- "PostgreSQL privileges string in the format: C(table:priv1,priv2)" - "PostgreSQL privileges string in the format: C(table:priv1,priv2)"
required: false
default: null default: null
role_attr_flags: role_attr_flags:
description: description:
- "PostgreSQL role attributes string in the format: CREATEDB,CREATEROLE,SUPERUSER" - "PostgreSQL role attributes string in the format: CREATEDB,CREATEROLE,SUPERUSER"
required: false
default: "" default: ""
choices: [ "[NO]SUPERUSER","[NO]CREATEROLE", "[NO]CREATEUSER", "[NO]CREATEDB", choices: [ "[NO]SUPERUSER","[NO]CREATEROLE", "[NO]CREATEUSER", "[NO]CREATEDB",
"[NO]INHERIT", "[NO]LOGIN", "[NO]REPLICATION", "[NO]BYPASSRLS" ] "[NO]INHERIT", "[NO]LOGIN", "[NO]REPLICATION", "[NO]BYPASSRLS" ]
state: state:
description: description:
- The user (role) state - The user (role) state
required: false
default: present default: present
choices: [ "present", "absent" ] choices: [ "present", "absent" ]
encrypted: encrypted:
description: description:
- whether the password is stored hashed in the database. boolean. Passwords can be passed already hashed or unhashed, and postgresql ensures the - whether the password is stored hashed in the database. boolean. Passwords can be passed already hashed or unhashed, and postgresql ensures the
stored password is hashed when encrypted is set. stored password is hashed when encrypted is set.
required: false
default: false default: false
version_added: '1.4' version_added: '1.4'
expires: expires:
description: description:
- sets the user's password expiration. - The date at which the user's password is to expire.
required: false - If set to C('infinity'), user's password never expire.
- Note that this value should be a valid SQL date and time type.
default: null default: null
version_added: '1.4' version_added: '1.4'
no_password_changes: no_password_changes:
description: description:
- if C(yes), don't inspect database for password changes. Effective when C(pg_authid) is not accessible (such as AWS RDS). Otherwise, make - if C(yes), don't inspect database for password changes. Effective when C(pg_authid) is not accessible (such as AWS RDS). Otherwise, make
password changes as necessary. password changes as necessary.
required: false
default: 'no' default: 'no'
choices: [ "yes", "no" ] choices: [ "yes", "no" ]
version_added: '2.0' version_added: '2.0'
@ -127,7 +115,6 @@ options:
- Determines whether or with what priority a secure SSL TCP/IP connection will be negotiated with the server. - Determines whether or with what priority a secure SSL TCP/IP connection will be negotiated with the server.
- See https://www.postgresql.org/docs/current/static/libpq-ssl.html for more information on the modes. - See https://www.postgresql.org/docs/current/static/libpq-ssl.html for more information on the modes.
- Default of C(prefer) matches libpq default. - Default of C(prefer) matches libpq default.
required: false
default: prefer default: prefer
choices: [disable, allow, prefer, require, verify-ca, verify-full] choices: [disable, allow, prefer, require, verify-ca, verify-full]
version_added: '2.3' version_added: '2.3'
@ -135,13 +122,11 @@ options:
description: description:
- Specifies the name of a file containing SSL certificate authority (CA) certificate(s). If the file exists, the server's certificate will be - Specifies the name of a file containing SSL certificate authority (CA) certificate(s). If the file exists, the server's certificate will be
verified to be signed by one of these authorities. verified to be signed by one of these authorities.
required: false
default: null default: null
version_added: '2.3' version_added: '2.3'
conn_limit: conn_limit:
description: description:
- Specifies the user connection limit. - Specifies the user connection limit.
required: false
default: null default: null
version_added: '2.4' version_added: '2.4'
notes: notes:
@ -194,6 +179,14 @@ EXAMPLES = '''
priv: ALL priv: ALL
state: absent state: absent
# Set user's password with no expire date
- postgresql_user:
db: acme
name: django
password: mysupersecretword
priv: "CONNECT/products:ALL"
expire: infinity
# Example privileges string format # Example privileges string format
# INSERT,UPDATE/table:SELECT/anothertable:ALL # INSERT,UPDATE/table:SELECT/anothertable:ALL

Loading…
Cancel
Save