salt.states.postgres_group
Management of PostgreSQL groups (roles)
The postgres_group module is used to create and manage Postgres groups.
frank: postgres_group.present
-
Ensure that the named group is absent
- name
-
The groupname of the group to remove
- user
-
System user all operations should be performed on behalf of
New in version 0.17.0.
- db_user
-
database username if different from config or default
- db_password
-
user password if any password for a specified user
- db_host
-
Database host if different from config or default
- db_port
-
Database port if different from config or default
salt.states.postgres_group.absent(name, user=None, maintenance_db=None, db_password=None, db_host=None, db_port=None, db_user=None)
-
Ensure that the named group is present with the specified privileges Please note that the user/group notion in postgresql is just abstract, we have roles, where users can be seen as roles with the
LOGIN
privilege and groups the others.- name
-
The name of the group to manage
- createdb
-
Is the group allowed to create databases?
- createroles
-
Is the group allowed to create other roles/users
- encrypted
-
How the password should be stored.
If encrypted is
None
,True
, ormd5
, it will use PostgreSQL's MD5 algorithm.If encrypted is
False
, it will be stored in plaintext.If encrypted is
scram-sha-256
, it will use the algorithm described in RFC 7677.Changed in version 3003: Prior versions only supported
True
andFalse
- login
-
Should the group have login perm
- inherit
-
Should the group inherit permissions
- superuser
-
Should the new group be a "superuser"
- replication
-
Should the new group be allowed to initiate streaming replication
- password
-
The group's password. It can be either a plain string or a pre-hashed password:
'md5{MD5OF({password}{role}}' 'SCRAM-SHA-256${iterations}:{salt}${stored_key}:{server_key}'
If encrypted is not
False
, then the password will be converted to the appropriate format above, if not already. As a consequence, passwords that start with "md5" or "SCRAM-SHA-256" cannot be used. - refresh_password
-
Password refresh flag
Boolean attribute to specify whether to password comparison check should be performed.
If refresh_password is
True
, the password will be automatically updated without extra password change check.This behaviour makes it possible to execute in environments without superuser access available, e.g. Amazon RDS for PostgreSQL
- groups
-
A string of comma separated groups the group should be in
- user
-
System user all operations should be performed on behalf of
New in version 0.17.0.
- db_user
-
database username if different from config or default
- db_password
-
user password if any password for a specified user
- db_host
-
Database host if different from config or default
- db_port
-
Database port if different from config or default
salt.states.postgres_group.present(name, createdb=None, createroles=None, encrypted=None, superuser=None, inherit=None, login=None, replication=None, password=None, refresh_password=None, groups=None, user=None, maintenance_db=None, db_password=None, db_host=None, db_port=None, db_user=None)
© 2021 SaltStack.
Licensed under the Apache License, Version 2.0.
https://docs.saltproject.io/en/latest/ref/states/all/salt.states.postgres_group.html