salt.states.postgres_user

Management of PostgreSQL users (roles)

The postgres_users module is used to create and manage Postgres users.

frank:
  postgres_user.present
salt.states.postgres_user.absent(name, runas=None, user=None, maintenance_db=None, db_password=None, db_host=None, db_port=None, db_user=None)

Ensure that the named user is absent

name
The username of the user to remove
runas

System user all operations should be performed on behalf of

Deprecated since version 0.17.0.

user

System user all operations should be performed on behalf of

New in version 0.17.0.

db_user
database username if different from config or default
db_password
user password if any password for a specified user
db_host
Database host if different from config or default
db_port
Database port if different from config or default
salt.states.postgres_user.present(name, createdb=None, createroles=None, createuser=None, encrypted=None, superuser=None, replication=None, inherit=None, login=None, password=None, refresh_password=None, groups=None, runas=None, user=None, maintenance_db=None, db_password=None, db_host=None, db_port=None, db_user=None)

Ensure that the named user is present with the specified privileges Please note that the user/group notion in postgresql is just abstract, we have roles, where users can be seens as roles with the LOGIN privilege and groups the others.

name
The name of the user to manage
createdb
Is the user allowed to create databases?
createroles
Is the user allowed to create other users?
createuser
Alias to create roles
encrypted
Should the password be encrypted in the system catalog?
login
Should the group have login perm
inherit
Should the group inherit permissions
superuser
Should the new user be a "superuser"
replication
Should the new user be allowed to initiate streaming replication
password

The user's password It can be either a plain string or a md5 postgresql hashed password:

'md5{MD5OF({password}{role}}'

If encrypted is None or True, the password will be automatically encrypted to the previous format if it is not already done.

refresh_password

Password refresh flag

Boolean attribute to specify whether to password comparison check should be performed.

If refresh_password is None or False, the password will be automatically updated without extra password change check.

This behaviour allows to execute in environments without superuser access available, e.g. Amazon RDS for PostgreSQL

groups
A string of comma separated groups the user should be in
runas

System user all operations should be performed on behalf of

Deprecated since version 0.17.0.

user

System user all operations should be performed on behalf of

New in version 0.17.0.

db_user
database username if different from config or default
db_password
user password if any password for a specified user
db_host
Database host if different from config or default
db_port
Database port if different from config or default