postgresql_user readonly user

zausel_z · January 27, 2021, 7:45am

Hi, I’m using the postgresql_user_module. How can I create a read-only-user (SELECT) for all tables of a database? priv: CONNECT/ALL:SELECT is not working

thank you

Dick_Visser · January 27, 2021, 8:16am

What does “not working” mean?

zausel_z · January 27, 2021, 10:56am

Hi,

Error:

/ansible_postgresql_user_payload.zip/ansible/modules/database/postgresql/postgresql_user.py", line 555, in grant_table_privileges\n File "/usr/lib64/python2.7/site-packages/psycopg2/extras.py", line 120, in execute\n return super(DictCursor, self).execute(query, vars)\npsycopg2.ProgrammingError: relation "ALL" does not exist\n\n", “module_stdout”: “”, “msg”: “MODULE FAILURE\nSee stdout/stderr for the exact error”, “rc”: 1}

racke · January 27, 2021, 11:30am

Hi,

Error:

/ansible_postgresql_user_payload.zip/ansible/modules/database/postgresql/postgresql_user.py\", line 555, in
grant_table_privileges\n File \"/usr/lib64/python2.7/site-packages/psycopg2/extras.py\", line 120, in execute\n
return super(DictCursor, self).execute(query, vars)\npsycopg2.ProgrammingError: relation \"ALL\" does not exist\n\n",
"module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

Please try to wrap it in parentheses:

priv: "CONNECT/ALL:SELECT"

Regards
Racke

zausel_z · January 27, 2021, 3:47pm

Hey Racke,

this is my configuration

host_vars:

pg_users:

{ name: dbuser, db: mydb, privileges: “CONNECT/ALL:SELECT” , password: “xxxxxxxxxxxx” }

task:

name: db user
postgresql_user:
name: “{{ item.name }}”
db: “{{ item.db }}”
priv: “{{ item.privileges }}”
password: “{{ item.password | default(‘omit’) }}”
state: “present”
become_user: postgres
loop: “{{ pg_users }}”

racke · January 27, 2021, 4:49pm

Hey Racke,

this is my configuration

host_vars:
pg_users:
- { name: dbuser, db: mydb, privileges: "CONNECT/ALL:SELECT" , password: "xxxxxxxxxxxx" }

task:

- name: db user
postgresql_user:
name: "{{ item.name }}"
db: "{{ item.db }}"
priv: "{{ item.privileges }}"
password: "{{ item.password | default('omit') }}"
state: "present"
become_user: postgres
loop: "{{ pg_users }}"

I tried that and got a similar error. You might consider to break out the privilege into another task:

    - postgresql_privs:
        db: "{{ item.db }}"
        privs: SELECT,CONNECT
        objs: ALL_IN_SCHEMA
        role: "{{ item.name }}"
      become_user: postgres
      loop: "{{ pg_users }}"

Regards
Racke

zausel_z · January 28, 2021, 8:22am

Hey Racke ,

thanks for your effort, I will test postgresql_privs

zausel_z · January 28, 2021, 6:13pm

thanks for your help, the solution with postgres_privs works great

Topic		Replies	Views
Grant all privileges on a database using postgresql_user module Ansible Project	0	3	January 7, 2015
postgresql_user and granting select on pg_stat_database Ansible Project	3	0	March 19, 2015
Postgresql_privs module question Ansible Project	0	0	July 8, 2016
postgresql_user module failed to authenticate as postgres when set ansible_become Ansible Project	3	4	April 1, 2016
Postgresql (Peer Authentication Error) with Ansible 2.4 Ansible Project	3	1	April 15, 2018

postgresql_user readonly user

Related topics