Type __postgres_role does not modify role permissions, if changed #212

New Issue

Closed

opened 2021-11-20 15:21:35 +00:00 by ungleich-gitea · 5 comments

ungleich-gitea commented 2021-11-20 15:21:35 +00:00

Owner

Copy Link

Created by: telmich

I add:
__postgres_role app

I modify it to:

__postgres_role app --createdb

-> no permissions are changed, as the user already exists.

I think we should enhance this type to support adding and removing permissions

*Created by: telmich* I add: __postgres_role app I modify it to: __postgres_role app --createdb -> no permissions are changed, as the user already exists. I think we should enhance this type to support adding and removing permissions

ungleich-gitea added the

Stale

label 2021-11-20 15:21:35 +00:00

ungleich-gitea closed this issue 2021-11-20 15:21:36 +00:00

ungleich-gitea commented 2021-11-20 15:48:11 +00:00

Author

Owner

Copy Link

closed

closed

ungleich-gitea commented 2021-11-20 15:48:12 +00:00

Author

Owner

Copy Link

Created by: markasoftware

Although it isn't too hard to check that attributes are right, there is no easy way to check if the password is correct. Perhaps it should unconditionally ALTER ROLE when state_is == state_should == present

*Created by: markasoftware* Although it isn't too hard to check that attributes are right, there is no easy way to check if the password is correct. Perhaps it should unconditionally `ALTER ROLE` when state_is == state_should == present

ungleich-gitea commented 2021-11-20 15:48:13 +00:00

Author

Owner

Copy Link

Created by: telmich

Maybe introduce two new parameters to set / unset attributes?

--no-attribute <...>
--attribute <...>

and deprecate the current options?

@asteven, what do you think about this?

*Created by: telmich* Maybe introduce two new parameters to set / unset attributes? --no-attribute <...> --attribute <...> and deprecate the current options? @asteven, what do you think about this?

ungleich-gitea commented 2021-11-20 15:48:15 +00:00

Author

Owner

Copy Link

Created by: telmich

22:58 < telmich> thus I was wondering, if there is a variant of \du
available, that is easily machine parsable
22:58 < johto> telmich; select * from pg_user;?

postgres=# select * from pg_user where usename = 'app';
usename | usesysid | usecreatedb | usesuper | usecatupd | userepl | passwd | valuntil | useconfig
---------+----------+-------------+----------+-----------+---------+----------+----------+-----------
app | 16384 | t | f | f | f | ******** | |
(1 row)

*Created by: telmich* 22:58 < telmich> thus I was wondering, if there is a variant of \du available, that is easily machine parsable 22:58 < johto> telmich; select \* from pg_user;? postgres=# select \* from pg_user where usename = 'app'; usename | usesysid | usecreatedb | usesuper | usecatupd | userepl | passwd | valuntil | useconfig ---------+----------+-------------+----------+-----------+---------+----------+----------+----------- app | 16384 | t | f | f | f | *******\* | | (1 row)

ungleich-gitea commented 2021-11-20 15:48:16 +00:00

Author

Owner

Copy Link

Created by: telmich

postgres-# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+-----------
app | Create DB | {}
postgres | Superuser, Create role, Create DB, Replication | {}

postgres-#

http://www.postgresql.org/docs/8.1/static/role-attributes.html

*Created by: telmich* postgres-# \du List of roles Role name | Attributes | Member of -----------+------------------------------------------------+----------- app | Create DB | {} postgres | Superuser, Create role, Create DB, Replication | {} postgres-# http://www.postgresql.org/docs/8.1/static/role-attributes.html

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

7.0

6.9

py3.10

ander/__package_apt_update_index

haproxy-dualstack

ander/__sed

beta

ander/os_version_debian_sid

evilham-compatibility-fixes

ander/__rsync

__snakeoil_cert

ander/update_readme

__download_improvements

feature/onchange

cleanup/string-formatting

feature/type-relationship-graph

cleanup/ssh-auth-keys-types

__letsencrypt_cert-fix-hooks

bugfix/preos-debug

bugfix/in-script-import

6.8

bugfix/sphinx-docs-build

6.7

cherry-pick-2f433a14

bugfix/make-code-consistent

6.6

regain-py3.2-support

6.5

bugfix/multiple-log-lines

matterbridge

coturn

alpinefix

matrix

new-type/network-interface

feature/process

6.4

feature/info-command

feature/libexec

6.3

preos-plugins-dir-opt

gitlab-ci

6.2

order-dep-fix

6.1

6.0

build/support-pip-from-git

feature/shell-lib

5.1

feature/support-type-deprecation

5.0

feature/python-types

4.11

4.10

shellcheck

4.9

4.8

freebsd-improvements

new-prometheus

key_value-onchange

feature/output_streams

AnotherKamila-patch-1

__letsencrypt_cert-fixes

letsencrypt-cron-fix

4.7

newtype-__letsencrypt_cert

os_explorer_devuan_fix

prometheus-exporter-fixes

daemontools-for-fbsd

type-prometheus-exporter-from-master

prometheus-more-fixes

4.6

4.5

fix-j

steven-backport

4.4

prometheus-fixes

grafana_dashboard

prometheus

daemontools

consul_improvements

feature/trigger

4.3

4.0-pre-not-stable

4.2

4.1

4.0

feature_install_and_preos

3.1

no-dot-cdist

random_dot_cdist

feature_yum_url

feature_files_export

3.0

2.3

2.2

2.1

ssh_callback

2.0

archive_shell_function_approach

1.7

1.6

1.5

1.4

1.3

1.2

1.1

1.0

7.0.0

6.9.8

6.9.7

6.9.6

6.9.5

6.9.4

6.9.3

6.9.2

6.9.1

6.9.0

6.8.0

6.7.0

6.6.0

6.5.6

6.5.5

6.5.4

6.5.3

6.5.2

6.5.1

6.5.0

6.4.0

6.3.0

6.2.0

6.1.1

6.1.0

6.0.4

6.0.3

6.0.2

6.0.1

6.0.0

5.1.3

5.1.2

5.1.1

5.1.0

5.0.2

5.0.1

5.0.0

4.11.1

4.11.0

4.10.11

4.10.10

4.10.9

4.10.8

4.10.7

4.10.6

4.10.5

4.10.4

4.10.3

4.10.2

4.10.1

4.10.0

4.9.1

4.9.0

4.8.4

4.8.3

4.8.2

4.8.1

4.8.0

4.7.3

4.7.2

4.7.1

4.7.0

4.6.1

4.6.0

4.5.0

4.4.4

4.4.3

4.4.2

4.4.1

4.4.0

4.3.2

4.3.1

4.3.0

4.2.2

4.2.1

4.2.0

4.1.0

4.0.0

3.1.13

tn1

3.1.12

3.1.11

3.1.10

3.1.9

3.1.8

3.1.7

3.1.6

4.0.0pre3

3.1.5

3.1.4

3.1.3

3.1.2

3.1.1

3.1.0

4.0.0pre2

3.0.9

3.0.8

3.0.7

3.0.6

3.0.5

3.0.4

3.0.3

4.0.0pre1

3.0.2

3.0.1

3.0.0

2.3.7

2.3.6

2.3.5

2.3.4

2.3.3

2.3.2

2.3.1

2.3.0

2.2.0

2.1.2

2.1.1

2.1.0

2.1.0pre8

2.1.0pre7

2.1.0pre6

2.0.15

2.1.0pre5

2.1.0pre4

2.1.0pre3

2.1.0pre2

2.1.0pre1

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.0

1.4.1

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

0.9.9

0.9.8

0.9.7

0.9.6

0.9.5

0.9.4

0.9.3

0.9.2

0.9.1

0.9

0.8

0.7

0.6

0.5

0.4

0.3

0.2

0.1

Labels

Clear labels   

bugfix

  

cleanup

  

discussion

  

documentation

  

doing

  

done

  

feature

  

improvement

  

packaging

  

Stale

  

testing

  

TODO

No Label

bugfix

cleanup

discussion

documentation

doing

done

feature

improvement

packaging

Stale

testing

TODO

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ungleich-public/cdist#212

No description provided.