Management of PostgreSQL users (roles)
The postgres_users module is used to create and manage Postgres users.
frank:
postgres_user.present
salt.states.postgres_user.absent(name, user=None, maintenance_db=None, db_password=None, db_host=None, db_port=None, db_user=None)
-
Ensure that the named user is absent
- name
- The username of the user to remove
- user
-
System user all operations should be performed on behalf of
- db_user
- database username if different from config or default
- db_password
- user password if any password for a specified user
- db_host
- Database host if different from config or default
- db_port
- Database port if different from config or default
salt.states.postgres_user.present(name, createdb=None, createroles=None, encrypted=None, superuser=None, replication=None, inherit=None, login=None, password=None, default_password=None, refresh_password=None, valid_until=None, groups=None, user=None, maintenance_db=None, db_password=None, db_host=None, db_port=None, db_user=None)
-
Ensure that the named user is present with the specified privileges Please note that the user/group notion in postgresql is just abstract, we have roles, where users can be seens as roles with the LOGIN privilege and groups the others.
- name
- The name of the system user to manage.
- createdb
- Is the user allowed to create databases?
- createroles
- Is the user allowed to create other users?
- encrypted
- Should the password be encrypted in the system catalog?
- login
- Should the group have login perm
- inherit
- Should the group inherit permissions
- superuser
- Should the new user be a "superuser"
- replication
- Should the new user be allowed to initiate streaming replication
- password
-
The system user's password. It can be either a plain string or a md5 postgresql hashed password:
'md5{MD5OF({password}{role}}'
If encrypted is None or True, the password will be automatically encrypted to the previous format if it is not already done.
- default_password
-
The password used only when creating the user, unless password is set.
- refresh_password
-
Password refresh flag
Boolean attribute to specify whether to password comparison check should be performed.
If refresh_password is True
, the password will be automatically updated without extra password change check.
This behaviour makes it possible to execute in environments without superuser access available, e.g. Amazon RDS for PostgreSQL
- valid_until
- A date and time after which the role's password is no longer valid.
- groups
- A string of comma separated groups the user should be in
- user
-
System user all operations should be performed on behalf of
- db_user
- Postgres database username, if different from config or default.
- db_password
- Postgres user's password, if any password, for a specified db_user.
- db_host
- Postgres database host, if different from config or default.
- db_port
- Postgres database port, if different from config or default.