community.postgresql
community.postgresql copied to clipboard
Published
20 hours ago •
ansible-collections
ansible-collections
Can't revoke functions from user
SUMMARY
Can't revoke the functions from user with community.postgresql.postgresql_privs.
ISSUE TYPE
- Bug Report
COMPONENT NAME
postgresql_privs
COLLECTION VERSION
community.general 8.5.0
ACTUAL RESULTS
The revoke FUNCTIONS is missing in the queries.
"changed": false,
"invocation": {
"module_args": {
"ca_cert": null,
"connect_params": {},
"database": "pgappli",
"db": "appli",
"fail_on_role": true,
"grant_option": null,
"login_host": "localhost",
"login_password": "",
"login_port": 5432,
"login_unix_socket": "",
"login_user": "postgres",
"objs": "FUNCTIONS",
"password": "",
"port": 5432,
"privs": "ALL",
"role": "testTOUp",
"roles": "testTOUp",
"schema": "public",
"session_role": null,
"ssl_cert": null,
"ssl_key": null,
"ssl_mode": "prefer",
"state": "absent",
"target_roles": null,
"trust_input": true,
"type": "default_privs"
}
},
"queries": [
"ALTER DEFAULT PRIVILEGES IN SCHEMA \"public\" REVOKE ALL ON TABLES FROM \"testTOUp\";\nALTER DEFAULT PRIVILEGES IN SCHEMA \"public\" REVOKE ALL ON SEQUENCES FROM \"testTOUp\";\nALTER DEFAULT PRIVILEGES IN SCHEMA \"public\" REVOKE ALL ON TYPES FROM \"testTOUp\";"
PROPOSED SOLUTION
In the module postgresql_privs.py : add FUNCTIONS at the line 975:
972 def build_absent(self):
973 if self._obj_type == 'default_privs':
974 self.query = []
975 for obj in ['TABLES', 'FUNCTIONS', 'SEQUENCES', 'TYPES']:
976 if self._as_who:
977 self.query.append(
978 'ALTER DEFAULT PRIVILEGES FOR ROLE {0}{1} REVOKE ALL ON {2} FROM {3};'.format(self._as_who,
979 self._schema, obj,
980 self._for_whom))
981 else:
982 self.query.append(
983 'ALTER DEFAULT PRIVILEGES{0} REVOKE ALL ON {1} FROM {2};'.format(self._schema, obj,
984 self._for_whom))
985 else:
986 self.query.append('REVOKE {0} FROM {1};'.format(self._set_what, self._for_whom))
