| Dir : /proc/self/root/opt/saltstack/salt/lib/python3.10/site-packages/salt/states/ |
| Server: Linux ngx353.inmotionhosting.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64 IP: 209.182.202.254 |
| Dir : //proc/self/root/opt/saltstack/salt/lib/python3.10/site-packages/salt/states/postgres_privileges.py |
"""
Management of PostgreSQL Privileges
===================================
The postgres_privileges module is used to manage Postgres privileges.
Privileges can be set as either absent or present.
Privileges can be set on the following database object types:
* database
* schema
* tablespace
* table
* sequence
* language
* group
Setting the grant option is supported as well.
.. versionadded:: 2016.3.0
.. code-block:: yaml
baruwa:
postgres_privileges.present:
- object_name: awl
- object_type: table
- privileges:
- SELECT
- INSERT
- DELETE
- grant_option: False
- prepend: public
- maintenance_db: testdb
.. code-block:: yaml
andrew:
postgres_privileges.present:
- object_name: admins
- object_type: group
- grant_option: False
- maintenance_db: testdb
.. code-block:: yaml
baruwa:
postgres_privileges.absent:
- object_name: awl
- object_type: table
- privileges:
- SELECT
- INSERT
- DELETE
- prepend: public
- maintenance_db: testdb
.. code-block:: yaml
andrew:
postgres_privileges.absent:
- object_name: admins
- object_type: group
- maintenance_db: testdb
"""
def __virtual__():
"""
Only load if the postgres module is present
"""
if "postgres.privileges_grant" not in __salt__:
return (
False,
"Unable to load postgres module. Make sure `postgres.bins_dir` is set.",
)
return True
def present(
name,
object_name,
object_type,
privileges=None,
grant_option=None,
prepend="public",
maintenance_db=None,
user=None,
db_password=None,
db_host=None,
db_port=None,
db_user=None,
):
"""
Grant the requested privilege(s) on the specified object to a role
name
Name of the role to which privileges should be granted
object_name
Name of the object on which the grant is to be performed.
'ALL' may be used for objects of type 'table' or 'sequence'.
object_type
The object type, which can be one of the following:
- table
- sequence
- schema
- tablespace
- language
- database
- group
- function
View permissions should specify `object_type: table`.
privileges
List of privileges to grant, from the list below:
- INSERT
- CREATE
- TRUNCATE
- CONNECT
- TRIGGER
- SELECT
- USAGE
- TEMPORARY
- UPDATE
- EXECUTE
- REFERENCES
- DELETE
- ALL
:note: privileges should not be set when granting group membership
grant_option
If grant_option is set to True, the recipient of the privilege can
in turn grant it to others
prepend
Table and Sequence object types live under a schema so this should be
provided if the object is not under the default `public` schema
maintenance_db
The name of the database in which the language is to be installed
user
System user all operations should be performed on behalf of
db_user
database username if different from config or default
db_password
user password if any password for a specified user
db_host
Database host if different from config or default
db_port
Database port if different from config or default
"""
ret = {
"name": name,
"changes": {},
"result": True,
"comment": "The requested privilege(s) are already set",
}
privileges = ",".join(privileges) if privileges else None
kwargs = {
"privileges": privileges,
"grant_option": grant_option,
"prepend": prepend,
"maintenance_db": maintenance_db,
"runas": user,
"host": db_host,
"user": db_user,
"port": db_port,
"password": db_password,
}
if not __salt__["postgres.has_privileges"](
name, object_name, object_type, **kwargs
):
_privs = object_name if object_type == "group" else privileges
if __opts__["test"]:
ret["result"] = None
ret["comment"] = "The privilege(s): {} are set to be granted to {}".format(
_privs, name
)
return ret
if __salt__["postgres.privileges_grant"](
name, object_name, object_type, **kwargs
):
ret["comment"] = "The privilege(s): {} have been granted to {}".format(
_privs, name
)
ret["changes"][name] = "Present"
else:
ret["comment"] = "Failed to grant privilege(s): {} to {}".format(
_privs, name
)
ret["result"] = False
return ret
def absent(
name,
object_name,
object_type,
privileges=None,
prepend="public",
maintenance_db=None,
user=None,
db_password=None,
db_host=None,
db_port=None,
db_user=None,
):
"""
Revoke the requested privilege(s) on the specificed object(s)
name
Name of the role whose privileges should be revoked
object_name
Name of the object on which the revoke is to be performed
object_type
The object type, which can be one of the following:
- table
- sequence
- schema
- tablespace
- language
- database
- group
- function
View permissions should specify `object_type: table`.
privileges
Comma separated list of privileges to revoke, from the list below:
- INSERT
- CREATE
- TRUNCATE
- CONNECT
- TRIGGER
- SELECT
- USAGE
- TEMPORARY
- UPDATE
- EXECUTE
- REFERENCES
- DELETE
- ALL
:note: privileges should not be set when revoking group membership
prepend
Table and Sequence object types live under a schema so this should be
provided if the object is not under the default `public` schema
maintenance_db
The name of the database in which the language is to be installed
user
System user all operations should be performed on behalf of
db_user
database username if different from config or default
db_password
user password if any password for a specified user
db_host
Database host if different from config or default
db_port
Database port if different from config or default
"""
ret = {
"name": name,
"changes": {},
"result": True,
"comment": "The requested privilege(s) are not set so cannot be revoked",
}
privileges = ",".join(privileges) if privileges else None
kwargs = {
"privileges": privileges,
"prepend": prepend,
"maintenance_db": maintenance_db,
"runas": user,
"host": db_host,
"user": db_user,
"port": db_port,
"password": db_password,
}
if __salt__["postgres.has_privileges"](name, object_name, object_type, **kwargs):
_privs = object_name if object_type == "group" else privileges
if __opts__["test"]:
ret["result"] = None
ret["comment"] = (
"The privilege(s): {} are set to be revoked from {}".format(
_privs, name
)
)
return ret
if __salt__["postgres.privileges_revoke"](
name, object_name, object_type, **kwargs
):
ret["comment"] = "The privilege(s): {} have been revoked from {}".format(
_privs, name
)
ret["changes"][name] = "Absent"
else:
ret["comment"] = "Failed to revoke privilege(s): {} from {}".format(
_privs, name
)
ret["result"] = False
return ret