Merge pull request #202 from elventear/postgresql_user

Docs for postgresql_user recent changes
pull/1256/head
Michael DeHaan 12 years ago
commit c4522d9f29

@ -29,6 +29,8 @@ host before using this module.
+--------------------+----------+----------+----------------------------------------------------------------------------+ +--------------------+----------+----------+----------------------------------------------------------------------------+
| login_host | no | | host running PostgreSQL. Default (blank) implies localhost | | login_host | no | | host running PostgreSQL. Default (blank) implies localhost |
+--------------------+----------+----------+----------------------------------------------------------------------------+ +--------------------+----------+----------+----------------------------------------------------------------------------+
| owner | no | | name of the role to set as owner of the database |
+--------------------+----------+----------+----------------------------------------------------------------------------+
| state | | present | 'absent' or 'present' | | state | | present | 'absent' or 'present' |
+--------------------+----------+----------+----------------------------------------------------------------------------+ +--------------------+----------+----------+----------------------------------------------------------------------------+

@ -5,8 +5,8 @@ postgresql_user
.. versionadded:: 0.6 .. versionadded:: 0.6
Add or remove PostgreSQL users (roles) from a remote host, and grant the users Add or remove PostgreSQL users (roles) from a remote host and, optionally, grant the users
access to an existing database. access to an existing database or tables.
The default authentication assumes that you are either logging in as or The default authentication assumes that you are either logging in as or
sudo'ing to the postgres account on the host. sudo'ing to the postgres account on the host.
@ -25,7 +25,11 @@ host before using this module.
+--------------------+----------+----------+----------------------------------------------------------------------------+ +--------------------+----------+----------+----------------------------------------------------------------------------+
| password | yes | | set the user's password | | password | yes | | set the user's password |
+--------------------+----------+----------+----------------------------------------------------------------------------+ +--------------------+----------+----------+----------------------------------------------------------------------------+
| db | yes | | name of an existing database to grant user access to | | db | no | | name of database where permissions will be granted |
+--------------------+----------+----------+----------------------------------------------------------------------------+
| priv | no | | PostgreSQL privileges string in the format: table:priv1,priv2 |
+--------------------+----------+----------+----------------------------------------------------------------------------+
| fail_on_user | no | yes | if yes, fail when user can't be removed. Otherwise just log and continue |
+--------------------+----------+----------+----------------------------------------------------------------------------+ +--------------------+----------+----------+----------------------------------------------------------------------------+
| login_user | no | postgres | user (role) used to authenticate with PostgreSQL | | login_user | no | postgres | user (role) used to authenticate with PostgreSQL |
+--------------------+----------+----------+----------------------------------------------------------------------------+ +--------------------+----------+----------+----------------------------------------------------------------------------+
@ -36,7 +40,26 @@ host before using this module.
| state | | present | 'absent' or 'present' | | state | | present | 'absent' or 'present' |
+--------------------+----------+----------+----------------------------------------------------------------------------+ +--------------------+----------+----------+----------------------------------------------------------------------------+
The fundamental function of the module is to create, or delete, roles from a PostgreSQL cluster.
Privilege assignment, or removal, is an optional step, which works on one database at a time.
This allows for the module to be called several times in the same module to modify the permissions on
different databases, or to grant permissions to already existing users.
A user cannot be removed untill all the privileges have been stripped from the user. In such situation,
if the module tries to remove the user it will fail. To avoid this from happening the *fail_on_user* option
signals the module to try to remove the user, but if not possible keep going; the module will report if changes
happened and separately if the user was removed or not.
Example privileges string format:
INSERT,UPDATE/table:SELECT/anothertable:ALL
Example action from Ansible :doc:`playbooks`:: Example action from Ansible :doc:`playbooks`::
postgresql_user db=acme user=django password=ceec4eif7ya - name: Create django user and grant access to database and products table
postgresql_user db=acme user=django password=ceec4eif7ya privs=CONNECT/products:ALL
- name: Remove test user privileges from acme
postgresql_user db=acme user=test privs=ALL/products:ALL state=absent fail_on_user=no
- name: Remove test user from test database and the cluster
postgresql_user db=test user=test privs=ALL state=absent

Loading…
Cancel
Save