community.postgresql icon indicating copy to clipboard operation
community.postgresql copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

Cannot grant select on tables in all schemas with postgresql_privs

Open caseyandgina opened this issue 2 years ago • 2 comments

SUMMARY

I want to alter default permissions to grant select on all tables in all schemas, using community.postgresql.postgresql_privs, but this does not seem to be possible as it defaults to public schema only.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

community.postgresql.postgresql_privs

ANSIBLE VERSION
ansible [core 2.12.5]
  config file = /home/ubuntu/worktrees/casey_patroni_fixups/ansible/ansible.cfg
  configured module search path = ['/home/ubuntu/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.8/dist-packages/ansible
  ansible collection location = /home/ubuntu/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.8.10 (default, Jun 22 2022, 20:18:18) [GCC 9.4.0]
  jinja version = 2.10.1
  libyaml = True
COLLECTION VERSION
# /usr/local/lib/python3.8/dist-packages/ansible_collections
Collection           Version
-------------------- -------
community.postgresql 1.6.0
CONFIGURATION
OS / ENVIRONMENT

Ubuntu 20.04

STEPS TO REPRODUCE
- name: Grant datascience usage to all tables in test database
  community.postgresql.postgresql_privs:
    database: test
    type: default_privs
    privs: select
    objs: tables
    role: datascience
    target_roles: test
    usage_on_types: no
EXPECTED RESULTS
test=# \ddp
           Default access privileges
 Owner | Schema |  Type  |  Access privileges  
-------+--------+--------+---------------------
 truth |        | table  | datascience=r/test
ACTUAL RESULTS
test=# \ddp
           Default access privileges
 Owner | Schema |  Type  |  Access privileges  
-------+--------+--------+---------------------
 truth | public | table  | datascience=r/test

caseyandgina avatar Aug 20 '22 05:08 caseyandgina

thanks for the report @caseyandgina . can you repro this w/ collection version 1.7.5 or 2.2.0?

hunleyd avatar Aug 20 '22 12:08 hunleyd

Per the current documentation, it is defaulted to 'public' for default_privs. There isn't any mention of an option for any schema. https://docs.ansible.com/ansible/latest/collections/community/postgresql/postgresql_privs_module.html

caseyandgina avatar Aug 20 '22 12:08 caseyandgina