New in version 2.8.
Parameter | Choices/Defaults | Comments |
---|---|---|
ca_cert
string
|
Specifies the name of a file containing SSL certificate authority (CA) certificate(s).
If the file exists, the server's certificate will be verified to be signed by one of these authorities.
aliases: ssl_rootcert |
|
db
string
|
Name of database to connect to.
aliases: login_db |
|
fail_on_role
boolean
|
|
If
yes , fail when group or target_role doesn't exist. If no , just warn and continue. |
groups
list
/ required
|
The list of groups (roles) that need to be granted to or revoked from target_roles.
aliases: group, source_role, source_roles |
|
login_host
string
|
Host running the database.
|
|
login_password
string
|
The password used to authenticate with.
|
|
login_unix_socket
string
|
Path to a Unix domain socket for local connections.
|
|
login_user
string
|
Default: "postgres"
|
The username used to authenticate with.
|
port
integer
|
Default: 5432
|
Database port to connect to.
aliases: login_port |
session_role
string
|
Switch to session_role after connecting. The specified session_role must be a role that the current login_user is a member of.
Permissions checking for SQL commands is carried out as though the session_role were the one that had logged in originally.
|
|
ssl_mode
string
|
|
Determines whether or with what priority a secure SSL TCP/IP connection will be negotiated with the server.
See https://www.postgresql.org/docs/current/static/libpq-ssl.html for more information on the modes.
Default of
prefer matches libpq default. |
state
string
|
|
Membership state.
state=present implies the groupsmust be granted to target_roles.
state=absent implies the groups must be revoked from target_roles.
|
target_roles
list
/ required
|
The list of target roles (groups will be granted to them).
aliases: target_role, users, user |
Note
postgres
account on the host.postgresql
, libpq-dev
, and python-psycopg2
packages on the remote host before using this module.- name: Grant role read_only to alice and bob
postgresql_membership:
group: read_only
target_roles:
- alice
- bob
state: present
# you can also use target_roles: alice,bob,etc to pass the role list
- name: Revoke role read_only and exec_func from bob. Ignore if roles don't exist
postgresql_membership:
groups:
- read_only
- exec_func
target_role: bob
fail_on_role: no
state: absent
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
granted
dictionary
|
if state=present |
Dict of granted groups and roles.
Sample:
{'ro_group': ['alice', 'bob']}
|
queries
string
|
always |
List of executed queries.
Sample:
['GRANT "user_ro" TO "alice"']
|
revoked
dictionary
|
if state=absent |
Dict of revoked groups and roles.
Sample:
{'ro_group': ['alice', 'bob']}
|
state
string
|
always |
Membership state that tried to be set.
Sample:
present
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.