Ansible:在 postgres 中为用户附加角色 [英] Ansible: Attach role to user in postgres

问题描述

我已经在 Postgres 中扮演了一个角色，即 readonly.它对所有数据库中的所有表具有只读访问权限.

I am already having a role in Postgres namely readonly. It has readonly access on all the tables in all the databases.

我想将此角色附加到用户，以便他/她也可以在一个命令中获得对所有表的只读访问权限.如何使用 ansible 的 postgresql_user 模块执行以下命令?

I want to attach this role to a user so that he/she also gets the readonly access on all tables in one command. How can I perform the following command using ansible's postgresql_user module?

mydb=> grant readonly to dev_username;

添加更多细节

这是我试过的，

- name: Postgres
  postgresql_user:
    login_host: xx.xx.com
    login_password: mypassword
    login_user: myuser
    db: mydb
    name: dev_username
    password: mypassword
    priv: "readonly"
    expires: infinity
    state: present

它给了我这个错误，

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: __main__.InvalidPrivsError: Invalid privs specified for database: READONLY
fatal: [127.0.0.1]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"/var/folders/h1/w57gk9nx0xl8j6xb_cqv3wb00000gn/T/ansible_2ema8gl3/ansible_module_postgresql_user.py\", line 855, in <module>\n    main()\n  File \"/var/folders/h1/w57gk9nx0xl8j6xb_cqv3wb00000gn/T/ansible_2ema8gl3/ansible_module_postgresql_user.py\", line 746, in main\n    privs = parse_privs(module.params[\"priv\"], db)\n  File \"/var/folders/h1/w57gk9nx0xl8j6xb_cqv3wb00000gn/T/ansible_2ema8gl3/ansible_module_postgresql_user.py\", line 686, in parse_privs\n    (type_, ' '.join(priv_set.difference(VALID_PRIVS[type_]))))\n__main__.InvalidPrivsError: Invalid privs specified for database: READONLY\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1}

我也尝试过 role_attr_flags: readonly，但还是失败了.它在官方文档中明确写到 role_attr_flags 和 priv 中只允许一些值，我知道它不起作用但我只是为了它而这样做.

I also tried with role_attr_flags: readonly, but again it failed. Its clearly written in the official docs that there are only some values allowed in role_attr_flags and priv, I knew it wouldn't work but I did it just for the sake of it.

这甚至可以用 ansible 实现吗?

Is this even possible with ansible?

推荐答案

postgresql 术语回顾:用户是角色，组是角色.第一个有登录权限，第二个通常没有.

Recap of postgresql terminology: a user is a role, a group is a role. The first has login privileges, the second usually not.

postgresql_user ansible 模块不允许您将现有角色分配给用户.

postgresql_user ansible module does not allow you to assign an existing role to a user.

您需要先创建用户，然后使用 postgresql_membership

You will need to first create the user and then attach the other role with postgresql_membership

这篇关于Ansible:在 postgres 中为用户附加角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！