@ -45,12 +45,13 @@ options:
type :
type :
description :
description :
- Type of database object to set privileges on .
- Type of database object to set privileges on .
- The ` default_privs ` choice is available starting at version 2.7 .
- The C ( default_privs ) choice is available starting at version 2.7 .
- The ' foreign_data_wrapper ' and ' foreign_server ' object types are available from Ansible version ' 2.8 ' .
- The C ( foreign_data_wrapper ) and C ( foreign_server ) object types are available from Ansible version ' 2.8 ' .
- The C ( type ) choice is available from Ansible version ' 2.10 ' .
type : str
type : str
default : table
default : table
choices : [ database , default_privs , foreign_data_wrapper , foreign_server , function ,
choices : [ database , default_privs , foreign_data_wrapper , foreign_server , function ,
group , language , table , tablespace , schema , sequence ]
group , language , table , tablespace , schema , sequence , type ]
objs :
objs :
description :
description :
- Comma separated list of database objects to set privileges on .
- Comma separated list of database objects to set privileges on .
@ -69,8 +70,10 @@ options:
schema :
schema :
description :
description :
- Schema that contains the database objects specified via I ( objs ) .
- Schema that contains the database objects specified via I ( objs ) .
- May only be provided if I ( type ) is C ( table ) , C ( sequence ) , C ( function )
- May only be provided if I ( type ) is C ( table ) , C ( sequence ) , C ( function ) , C ( type ) ,
or C ( default_privs ) . Defaults to C ( public ) in these cases .
or C ( default_privs ) . Defaults to C ( public ) in these cases .
- Pay attention , for embedded types when I ( type = type )
I ( schema ) can be C ( pg_catalog ) or C ( information_schema ) respectively .
type : str
type : str
roles :
roles :
description :
description :
@ -326,6 +329,15 @@ EXAMPLES = r'''
type : foreign_data_wrapper
type : foreign_data_wrapper
role : reader
role : reader
# Available since version 2.10
- name : GRANT ALL PRIVILEGES ON TYPE customtype TO reader
postgresql_privs :
db : test
objs : customtype
privs : ALL
type : type
role : reader
# Available since version 2.8
# Available since version 2.8
- name : GRANT ALL PRIVILEGES ON FOREIGN SERVER fdw_server TO reader
- name : GRANT ALL PRIVILEGES ON FOREIGN SERVER fdw_server TO reader
postgresql_privs :
postgresql_privs :
@ -376,6 +388,16 @@ EXAMPLES = r'''
type : default_privs
type : default_privs
role : reader
role : reader
target_roles : librarian
target_roles : librarian
# Available since version 2.10
- name : Grant type privileges for pg_catalog . numeric type to alice
postgresql_privs :
type : type
roles : alice
privs : ALL
objs : numeric
schema : pg_catalog
db : acme
'''
'''
RETURN = r '''
RETURN = r '''
@ -622,6 +644,13 @@ class Connection(object):
self . cursor . execute ( query , ( fs , ) )
self . cursor . execute ( query , ( fs , ) )
return [ t [ 0 ] for t in self . cursor . fetchall ( ) ]
return [ t [ 0 ] for t in self . cursor . fetchall ( ) ]
def get_type_acls ( self , schema , types ) :
query = """ SELECT t.typacl FROM pg_catalog.pg_type t
JOIN pg_catalog . pg_namespace n ON n . oid = t . typnamespace
WHERE n . nspname = % s AND t . typname = ANY ( % s ) ORDER BY typname """
self . cursor . execute ( query , ( schema , types ) )
return [ t [ 0 ] for t in self . cursor . fetchall ( ) ]
# Manipulating privileges
# Manipulating privileges
def manipulate_privs ( self , obj_type , privs , objs , roles , target_roles ,
def manipulate_privs ( self , obj_type , privs , objs , roles , target_roles ,
@ -669,6 +698,8 @@ class Connection(object):
get_status = self . get_foreign_data_wrapper_acls
get_status = self . get_foreign_data_wrapper_acls
elif obj_type == ' foreign_server ' :
elif obj_type == ' foreign_server ' :
get_status = self . get_foreign_server_acls
get_status = self . get_foreign_server_acls
elif obj_type == ' type ' :
get_status = partial ( self . get_type_acls , schema_qualifier )
else :
else :
raise Error ( ' Unsupported database object type " %s " . ' % obj_type )
raise Error ( ' Unsupported database object type " %s " . ' % obj_type )
@ -685,7 +716,7 @@ class Connection(object):
except Exception :
except Exception :
raise Error ( ' Illegal function signature: " %s " . ' % obj )
raise Error ( ' Illegal function signature: " %s " . ' % obj )
obj_ids . append ( ' " %s " . " %s " ( %s ' % ( schema_qualifier , f , args ) )
obj_ids . append ( ' " %s " . " %s " ( %s ' % ( schema_qualifier , f , args ) )
elif obj_type in [ ' table ' , ' sequence ' ]:
elif obj_type in [ ' table ' , ' sequence ' , ' type ' ]:
obj_ids = [ ' " %s " . " %s " ' % ( schema_qualifier , o ) for o in objs ]
obj_ids = [ ' " %s " . " %s " ' % ( schema_qualifier , o ) for o in objs ]
else :
else :
obj_ids = [ ' " %s " ' % o for o in objs ]
obj_ids = [ ' " %s " ' % o for o in objs ]
@ -892,7 +923,8 @@ def main():
' group ' ,
' group ' ,
' default_privs ' ,
' default_privs ' ,
' foreign_data_wrapper ' ,
' foreign_data_wrapper ' ,
' foreign_server ' ] ) ,
' foreign_server ' ,
' type ' , ] ) ,
objs = dict ( required = False , aliases = [ ' obj ' ] ) ,
objs = dict ( required = False , aliases = [ ' obj ' ] ) ,
schema = dict ( required = False ) ,
schema = dict ( required = False ) ,
roles = dict ( required = True , aliases = [ ' role ' ] ) ,
roles = dict ( required = True , aliases = [ ' role ' ] ) ,
@ -917,7 +949,7 @@ def main():
# Create type object as namespace for module params
# Create type object as namespace for module params
p = type ( ' Params ' , ( ) , module . params )
p = type ( ' Params ' , ( ) , module . params )
# param "schema": default, allowed depends on param "type"
# param "schema": default, allowed depends on param "type"
if p . type in [ ' table ' , ' sequence ' , ' function ' , ' default_privs' ] :
if p . type in [ ' table ' , ' sequence ' , ' function ' , ' type' , ' default_privs' ] :
p . schema = p . schema or ' public '
p . schema = p . schema or ' public '
elif p . schema :
elif p . schema :
module . fail_json ( msg = ' Argument " schema " is not allowed '
module . fail_json ( msg = ' Argument " schema " is not allowed '