salt.modules.postgres

Module to provide Postgres compatibility to salt.

configuration

In order to connect to Postgres, certain configuration is required in /etc/salt/minion on the relevant minions. Some sample configs might look like:

postgres.host: 'localhost'
postgres.port: '5432'
postgres.user: 'postgres' -> db user
postgres.pass: ''
postgres.maintenance_db: 'postgres'

The default for the maintenance_db is 'postgres' and in most cases it can be left at the default setting. This data can also be passed into pillar. Options passed into opts will overwrite options passed into pillar

note

This module uses MD5 hashing which may not be compliant with certain security audits.

note

When installing postgres from the official postgres repos, on certain linux distributions, either the psql or the initdb binary is not automatically placed on the path. Add a configuration to the location of the postgres bin's path to the relevant minion for this module:

postgres.bins_dir: '/usr/pgsql-9.5/bin/'
salt.modules.postgres.available_extensions(user=None, host=None, port=None, maintenance_db=None, password=None, runas=None)

List available postgresql extensions

CLI Example:

salt '*' postgres.available_extensions
salt.modules.postgres.create_extension(name, if_not_exists=None, schema=None, ext_version=None, from_version=None, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None)

Install a postgresql extension

CLI Example:

salt '*' postgres.create_extension 'adminpack'
salt.modules.postgres.create_metadata(name, ext_version=None, schema=None, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None)

Get lifecycle information about an extension

CLI Example:

salt '*' postgres.create_metadata adminpack
salt.modules.postgres.datadir_exists(name)

New in version 2016.3.0.

Checks if postgres data directory has been initialized

CLI Example:

salt '*' postgres.datadir_exists '/var/lib/pgsql/data'
name

Name of the directory to check

salt.modules.postgres.datadir_init(name, auth='password', user=None, password=None, encoding='UTF8', locale=None, waldir=None, checksums=False, runas=None)

New in version 2016.3.0.

Initializes a postgres data directory

CLI Example:

salt '*' postgres.datadir_init '/var/lib/pgsql/data'
name

The name of the directory to initialize

auth

The default authentication method for local connections

password

The password to set for the postgres user

user

The database superuser name

encoding

The default encoding for new databases

locale

The default locale for new databases

waldir

The transaction log (WAL) directory (default is to keep WAL inside the data directory)

New in version 2019.2.0.

checksums

If True, the cluster will be created with data page checksums.

Note

Data page checksums are supported since PostgreSQL 9.3.

New in version 2019.2.0.

runas

The system user the operation should be performed on behalf of

salt.modules.postgres.db_alter(name, user=None, host=None, port=None, maintenance_db=None, password=None, tablespace=None, owner=None, owner_recurse=False, runas=None)

Change tablespace or/and owner of database.

CLI Example:

salt '*' postgres.db_alter dbname owner=otheruser
salt.modules.postgres.db_create(name, user=None, host=None, port=None, maintenance_db=None, password=None, tablespace=None, encoding=None, lc_collate=None, lc_ctype=None, owner=None, template=None, runas=None)

Adds a databases to the Postgres server.

CLI Example:

salt '*' postgres.db_create 'dbname'

salt '*' postgres.db_create 'dbname' template=template_postgis
salt.modules.postgres.db_exists(name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None)

Checks if a database exists on the Postgres server.

CLI Example:

salt '*' postgres.db_exists 'dbname'
salt.modules.postgres.db_list(user=None, host=None, port=None, maintenance_db=None, password=None, runas=None)

Return dictionary with information about databases of a Postgres server.

CLI Example:

salt '*' postgres.db_list
salt.modules.postgres.db_remove(name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None)

Removes a databases from the Postgres server.

CLI Example:

salt '*' postgres.db_remove 'dbname'
salt.modules.postgres.default_privileges_grant(name, object_name, object_type, defprivileges=None, grant_option=None, prepend='public', maintenance_db=None, user=None, host=None, port=None, password=None, runas=None)

New in version 2019.0.0.

Grant default privileges on a postgres object

CLI Example:

salt '*' postgres.default_privileges_grant user_name table_name table \
SELECT,UPDATE maintenance_db=db_name
name

Name of the role to which default privileges should be granted

object_name

Name of the object on which the grant is to be performed

object_type

The object type, which can be one of the following:

  • table

  • sequence

  • schema

  • group

  • function

privileges

Comma separated list of privileges to grant, from the list below:

  • INSERT

  • CREATE

  • TRUNCATE

  • TRIGGER

  • SELECT

  • USAGE

  • UPDATE

  • EXECUTE

  • REFERENCES

  • DELETE

  • ALL

grant_option

If grant_option is set to True, the recipient of the default privilege can in turn grant it to others

prepend

Table and Sequence object types live under a schema so this should be provided if the object is not under the default public schema

maintenance_db

The database to connect to

user

database username if different from config or default

password

user password if any password for a specified user

host

Database host if different from config or default

port

Database port if different from config or default

runas

System user all operations should be performed on behalf of

salt.modules.postgres.default_privileges_list(name, object_type, prepend='public', maintenance_db=None, user=None, host=None, port=None, password=None, runas=None)

New in version 2019.0.0.

Return a list of default privileges for the specified object.

CLI Example:

salt '*' postgres.default_privileges_list table_name table maintenance_db=db_name
name

Name of the object for which the permissions should be returned

object_type

The object type, which can be one of the following:

  • table

  • sequence

  • schema

  • group

  • function

prepend

Table and Sequence object types live under a schema so this should be provided if the object is not under the default public schema

maintenance_db

The database to connect to

user

database username if different from config or default

password

user password if any password for a specified user

host

Database host if different from config or default

port

Database port if different from config or default

runas

System user all operations should be performed on behalf of

salt.modules.postgres.default_privileges_revoke(name, object_name, object_type, defprivileges=None, prepend='public', maintenance_db=None, user=None, host=None, port=None, password=None, runas=None)

New in version 2019.0.0.

Revoke default privileges on a postgres object

CLI Example:

salt '*' postgres.default_privileges_revoke user_name table_name table \
SELECT,UPDATE maintenance_db=db_name
name

Name of the role whose default privileges should be revoked

object_name

Name of the object on which the revoke is to be performed

object_type

The object type, which can be one of the following:

  • table

  • sequence

  • schema

  • group

  • function

privileges

Comma separated list of privileges to revoke, from the list below:

  • INSERT

  • CREATE

  • TRUNCATE

  • TRIGGER

  • SELECT

  • USAGE

  • UPDATE

  • EXECUTE

  • REFERENCES

  • DELETE

  • ALL

maintenance_db

The database to connect to

user

database username if different from config or default

password

user password if any password for a specified user

host

Database host if different from config or default

port

Database port if different from config or default

runas

System user all operations should be performed on behalf of

salt.modules.postgres.drop_extension(name, if_exists=None, restrict=None, cascade=None, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None)

Drop an installed postgresql extension

CLI Example:

salt '*' postgres.drop_extension 'adminpack'
salt.modules.postgres.get_available_extension(name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None)

Get info about an available postgresql extension

CLI Example:

salt '*' postgres.get_available_extension plpgsql
salt.modules.postgres.get_installed_extension(name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None)

Get info about an installed postgresql extension

CLI Example:

salt '*' postgres.get_installed_extension plpgsql
salt.modules.postgres.group_create(groupname, user=None, host=None, port=None, maintenance_db=None, password=None, createdb=None, createroles=None, encrypted=None, login=None, inherit=None, superuser=None, replication=None, rolepassword=None, groups=None, runas=None)

Creates a Postgres group. A group is postgres is similar to a user, but cannot login.

CLI Example:

salt '*' postgres.group_create 'groupname' user='user' \
        host='hostname' port='port' password='password' \
        rolepassword='rolepassword'
salt.modules.postgres.group_remove(groupname, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None)

Removes a group from the Postgres server.

CLI Example:

salt '*' postgres.group_remove 'groupname'
salt.modules.postgres.group_update(groupname, user=None, host=None, port=None, maintenance_db=None, password=None, createdb=None, createroles=None, encrypted=None, inherit=None, login=None, superuser=None, replication=None, rolepassword=None, groups=None, runas=None)

Updates a postgres group

CLI Examples:

salt '*' postgres.group_update 'username' user='user' \
        host='hostname' port='port' password='password' \
        rolepassword='rolepassword'
salt.modules.postgres.has_default_privileges(name, object_name, object_type, defprivileges=None, grant_option=None, prepend='public', maintenance_db=None, user=None, host=None, port=None, password=None, runas=None)

New in version 2019.0.0.

Check if a role has the specified privileges on an object

CLI Example:

salt '*' postgres.has_default_privileges user_name table_name table \
SELECT,INSERT maintenance_db=db_name
name

Name of the role whose privileges should be checked on object_type

object_name

Name of the object on which the check is to be performed

object_type

The object type, which can be one of the following:

  • table

  • sequence

  • schema

  • group

  • function

privileges

Comma separated list of privileges to check, from the list below:

  • INSERT

  • CREATE

  • TRUNCATE

  • TRIGGER

  • SELECT

  • USAGE

  • UPDATE

  • EXECUTE

  • REFERENCES

  • DELETE

  • ALL

grant_option

If grant_option is set to True, the grant option check is performed

prepend

Table and Sequence object types live under a schema so this should be provided if the object is not under the default public schema

maintenance_db

The database to connect to

user

database username if different from config or default

password

user password if any password for a specified user

host

Database host if different from config or default

port

Database port if different from config or default

runas

System user all operations should be performed on behalf of

salt.modules.postgres.has_privileges(name, object_name, object_type, privileges=None, grant_option=None, prepend='public', maintenance_db=None, user=None, host=None, port=None, password=None, runas=None)

New in version 2016.3.0.

Check if a role has the specified privileges on an object

CLI Example:

salt '*' postgres.has_privileges user_name table_name table \
SELECT,INSERT maintenance_db=db_name
name

Name of the role whose privileges should be checked on object_type

object_name

Name of the object on which the check is to be performed

object_type

The object type, which can be one of the following:

  • table

  • sequence

  • schema

  • tablespace

  • language

  • database

  • group

  • function

privileges

Comma separated list of privileges to check, from the list below:

  • INSERT

  • CREATE

  • TRUNCATE

  • CONNECT

  • TRIGGER

  • SELECT

  • USAGE

  • TEMPORARY

  • UPDATE

  • EXECUTE

  • REFERENCES

  • DELETE

  • ALL

grant_option

If grant_option is set to True, the grant option check is performed

prepend

Table and Sequence object types live under a schema so this should be provided if the object is not under the default public schema

maintenance_db

The database to connect to

user

database username if different from config or default

password

user password if any password for a specified user

host

Database host if different from config or default

port

Database port if different from config or default

runas

System user all operations should be performed on behalf of

salt.modules.postgres.installed_extensions(user=None, host=None, port=None, maintenance_db=None, password=None, runas=None)

List installed postgresql extensions

CLI Example:

salt '*' postgres.installed_extensions
salt.modules.postgres.is_available_extension(name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None)

Test if a specific extension is available

CLI Example:

salt '*' postgres.is_available_extension
salt.modules.postgres.is_installed_extension(name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None)

Test if a specific extension is installed

CLI Example:

salt '*' postgres.is_installed_extension
salt.modules.postgres.language_create(name, maintenance_db, user=None, host=None, port=None, password=None, runas=None)

New in version 2016.3.0.

Installs a language into a database

CLI Example:

salt '*' postgres.language_create plpgsql dbname
name

Language to install

maintenance_db

The database to install the language in

user

database username if different from config or default

password

user password if any password for a specified user

host

Database host if different from config or default

port

Database port if different from config or default

runas

System user all operations should be performed on behalf of

salt.modules.postgres.language_exists(name, maintenance_db, user=None, host=None, port=None, password=None, runas=None)

New in version 2016.3.0.

Checks if language exists in a database.

CLI Example:

salt '*' postgres.language_exists plpgsql dbname
name

Language to check for

maintenance_db

The database to check in

user

database username if different from config or default

password

user password if any password for a specified user

host

Database host if different from config or default

port

Database port if different from config or default

runas

System user all operations should be performed on behalf of

salt.modules.postgres.language_list(maintenance_db, user=None, host=None, port=None, password=None, runas=None)

New in version 2016.3.0.

Return a list of languages in a database.

CLI Example:

salt '*' postgres.language_list dbname
maintenance_db

The database to check

user

database username if different from config or default

password

user password if any password for a specified user

host

Database host if different from config or default

port

Database port if different from config or default

runas

System user all operations should be performed on behalf of

salt.modules.postgres.language_remove(name, maintenance_db, user=None, host=None, port=None, password=None, runas=None)

New in version 2016.3.0.

Removes a language from a database

CLI Example:

salt '*' postgres.language_remove plpgsql dbname
name

Language to remove

maintenance_db

The database to install the language in

user

database username if different from config or default

password

user password if any password for a specified user

host

Database host if different from config or default

port

Database port if different from config or default

runas

System user all operations should be performed on behalf of

salt.modules.postgres.owner_to(dbname, ownername, user=None, host=None, port=None, password=None, runas=None)

Set the owner of all schemas, functions, tables, views and sequences to the given username.

CLI Example:

salt '*' postgres.owner_to 'dbname' 'username'
salt.modules.postgres.privileges_grant(name, object_name, object_type, privileges=None, grant_option=None, prepend='public', maintenance_db=None, user=None, host=None, port=None, password=None, runas=None)

New in version 2016.3.0.

Grant privileges on a postgres object

CLI Example:

salt '*' postgres.privileges_grant user_name table_name table \
SELECT,UPDATE maintenance_db=db_name
name

Name of the role to which privileges should be granted

object_name

Name of the object on which the grant is to be performed

object_type

The object type, which can be one of the following:

  • table

  • sequence

  • schema

  • tablespace

  • language

  • database

  • group

  • function

privileges

Comma separated list of privileges to grant, from the list below:

  • INSERT

  • CREATE

  • TRUNCATE

  • CONNECT

  • TRIGGER

  • SELECT

  • USAGE

  • TEMPORARY

  • UPDATE

  • EXECUTE

  • REFERENCES

  • DELETE

  • ALL

grant_option

If grant_option is set to True, the recipient of the privilege can in turn grant it to others

prepend

Table and Sequence object types live under a schema so this should be provided if the object is not under the default public schema

maintenance_db

The database to connect to

user

database username if different from config or default

password

user password if any password for a specified user

host

Database host if different from config or default

port

Database port if different from config or default

runas

System user all operations should be performed on behalf of

salt.modules.postgres.privileges_list(name, object_type, prepend='public', maintenance_db=None, user=None, host=None, port=None, password=None, runas=None)

New in version 2016.3.0.

Return a list of privileges for the specified object.

CLI Example:

salt '*' postgres.privileges_list table_name table maintenance_db=db_name
name

Name of the object for which the permissions should be returned

object_type

The object type, which can be one of the following:

  • table

  • sequence

  • schema

  • tablespace

  • language

  • database

  • group

  • function

prepend

Table and Sequence object types live under a schema so this should be provided if the object is not under the default public schema

maintenance_db

The database to connect to

user

database username if different from config or default

password

user password if any password for a specified user

host

Database host if different from config or default

port

Database port if different from config or default

runas

System user all operations should be performed on behalf of

salt.modules.postgres.privileges_revoke(name, object_name, object_type, privileges=None, prepend='public', maintenance_db=None, user=None, host=None, port=None, password=None, runas=None)

New in version 2016.3.0.

Revoke privileges on a postgres object

CLI Example:

salt '*' postgres.privileges_revoke user_name table_name table \
SELECT,UPDATE maintenance_db=db_name
name

Name of the role whose privileges should be revoked

object_name

Name of the object on which the revoke is to be performed

object_type

The object type, which can be one of the following:

  • table

  • sequence

  • schema

  • tablespace

  • language

  • database

  • group

  • function

privileges

Comma separated list of privileges to revoke, from the list below:

  • INSERT

  • CREATE

  • TRUNCATE

  • CONNECT

  • TRIGGER

  • SELECT

  • USAGE

  • TEMPORARY

  • UPDATE

  • EXECUTE

  • REFERENCES

  • DELETE

  • ALL

maintenance_db

The database to connect to

user

database username if different from config or default

password

user password if any password for a specified user

host

Database host if different from config or default

port

Database port if different from config or default

runas

System user all operations should be performed on behalf of

salt.modules.postgres.psql_query(query, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, write=False)

Run an SQL-Query and return the results as a list. This command only supports SELECT statements. This limitation can be worked around with a query like this:

WITH updated AS (UPDATE pg_authid SET rolconnlimit = 2000 WHERE rolname = 'rolename' RETURNING rolconnlimit) SELECT * FROM updated;

query

The query string.

user

Database username, if different from config or default.

host

Database host, if different from config or default.

port

Database port, if different from the config or default.

maintenance_db

The database to run the query against.

password

User password, if different from the config or default.

runas

User to run the command as.

write

Mark query as READ WRITE transaction.

CLI Example:

salt '*' postgres.psql_query 'select * from pg_stat_activity'
salt.modules.postgres.role_get(name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, return_password=False)

Return a dict with information about users of a Postgres server.

Set return_password to True to get password hash in the result.

CLI Example:

salt '*' postgres.role_get postgres
salt.modules.postgres.schema_create(dbname, name, owner=None, user=None, db_user=None, db_password=None, db_host=None, db_port=None)

Creates a Postgres schema.

CLI Example:

salt '*' postgres.schema_create dbname name owner='owner' \
        user='user' \
        db_user='user' db_password='password'
        db_host='hostname' db_port='port'
salt.modules.postgres.schema_exists(dbname, name, user=None, db_user=None, db_password=None, db_host=None, db_port=None)

Checks if a schema exists on the Postgres server.

CLI Example:

salt '*' postgres.schema_exists dbname schemaname
dbname

Database name we query on

name

Schema name we look for

user

The system user the operation should be performed on behalf of

db_user

database username if different from config or default

db_password

user password if any password for a specified user

db_host

Database host if different from config or default

db_port

Database port if different from config or default

salt.modules.postgres.schema_get(dbname, name, user=None, db_user=None, db_password=None, db_host=None, db_port=None)

Return a dict with information about schemas in a database.

CLI Example:

salt '*' postgres.schema_get dbname name
dbname

Database name we query on

name

Schema name we look for

user

The system user the operation should be performed on behalf of

db_user

database username if different from config or default

db_password

user password if any password for a specified user

db_host

Database host if different from config or default

db_port

Database port if different from config or default

salt.modules.postgres.schema_list(dbname, user=None, db_user=None, db_password=None, db_host=None, db_port=None)

Return a dict with information about schemas in a Postgres database.

CLI Example:

salt '*' postgres.schema_list dbname
dbname

Database name we query on

user

The system user the operation should be performed on behalf of

db_user

database username if different from config or default

db_password

user password if any password for a specified user

db_host

Database host if different from config or default

db_port

Database port if different from config or default

salt.modules.postgres.schema_remove(dbname, name, user=None, db_user=None, db_password=None, db_host=None, db_port=None)

Removes a schema from the Postgres server.

CLI Example:

salt '*' postgres.schema_remove dbname schemaname
dbname

Database name we work on

schemaname

The schema's name we'll remove

user

System user all operations should be performed on behalf of

db_user

database username if different from config or default

db_password

user password if any password for a specified user

db_host

Database host if different from config or default

db_port

Database port if different from config or default

salt.modules.postgres.tablespace_alter(name, user=None, host=None, port=None, maintenance_db=None, password=None, new_name=None, new_owner=None, set_option=None, reset_option=None, runas=None)

Change tablespace name, owner, or options.

CLI Example:

salt '*' postgres.tablespace_alter tsname new_owner=otheruser
salt '*' postgres.tablespace_alter index_space new_name=fast_raid
salt '*' postgres.tablespace_alter test set_option="{'seq_page_cost': '1.1'}"
salt '*' postgres.tablespace_alter tsname reset_option=seq_page_cost

New in version 2015.8.0.

salt.modules.postgres.tablespace_create(name, location, options=None, owner=None, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None)

Adds a tablespace to the Postgres server.

CLI Example:

salt '*' postgres.tablespace_create tablespacename '/path/datadir'

New in version 2015.8.0.

salt.modules.postgres.tablespace_exists(name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None)

Checks if a tablespace exists on the Postgres server.

CLI Example:

salt '*' postgres.tablespace_exists 'dbname'

New in version 2015.8.0.

salt.modules.postgres.tablespace_list(user=None, host=None, port=None, maintenance_db=None, password=None, runas=None)

Return dictionary with information about tablespaces of a Postgres server.

CLI Example:

salt '*' postgres.tablespace_list

New in version 2015.8.0.

salt.modules.postgres.tablespace_remove(name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None)

Removes a tablespace from the Postgres server.

CLI Example:

salt '*' postgres.tablespace_remove tsname

New in version 2015.8.0.

salt.modules.postgres.user_create(username, user=None, host=None, port=None, maintenance_db=None, password=None, createdb=None, createroles=None, inherit=None, login=None, connlimit=None, encrypted=None, superuser=None, replication=None, rolepassword=None, valid_until=None, groups=None, runas=None)

Creates a Postgres user.

CLI Examples:

salt '*' postgres.user_create 'username' user='user' \
        host='hostname' port='port' password='password' \
        rolepassword='rolepassword' valid_until='valid_until'
salt.modules.postgres.user_exists(name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None)

Checks if a user exists on the Postgres server.

CLI Example:

salt '*' postgres.user_exists 'username'
salt.modules.postgres.user_list(user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, return_password=False)

Return a dict with information about users of a Postgres server.

Set return_password to True to get password hash in the result.

CLI Example:

salt '*' postgres.user_list
salt.modules.postgres.user_remove(username, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None)

Removes a user from the Postgres server.

CLI Example:

salt '*' postgres.user_remove 'username'
salt.modules.postgres.user_update(username, user=None, host=None, port=None, maintenance_db=None, password=None, createdb=None, createroles=None, encrypted=None, superuser=None, inherit=None, login=None, connlimit=None, replication=None, rolepassword=None, valid_until=None, groups=None, runas=None)

Updates a Postgres user.

CLI Examples:

salt '*' postgres.user_update 'username' user='user' \
        host='hostname' port='port' password='password' \
        rolepassword='rolepassword' valid_until='valid_until'
salt.modules.postgres.version(user=None, host=None, port=None, maintenance_db=None, password=None, runas=None)

Return the version of a Postgres server.

CLI Example:

salt '*' postgres.version