salt.states.postgres_group

Management of PostgreSQL groups (roles)

The postgres_group module is used to create and manage Postgres groups.

frank:
  postgres_group.present
salt.states.postgres_group.absent(name, user=None, maintenance_db=None, db_password=None, db_host=None, db_port=None, db_user=None)

Ensure that the named group is absent

name

The groupname of the group to remove

user

System user all operations should be performed on behalf of

New in version 0.17.0.

db_user

database username if different from config or default

db_password

user password if any password for a specified user

db_host

Database host if different from config or default

db_port

Database port if different from config or default

salt.states.postgres_group.present(name, createdb=None, createroles=None, encrypted=None, superuser=None, inherit=None, login=None, replication=None, password=None, refresh_password=None, groups=None, user=None, maintenance_db=None, db_password=None, db_host=None, db_port=None, db_user=None)

Ensure that the named group is present with the specified privileges Please note that the user/group notion in postgresql is just abstract, we have roles, where users can be seen as roles with the LOGIN privilege and groups the others.

name

The name of the group to manage

createdb

Is the group allowed to create databases?

createroles

Is the group allowed to create other roles/users

encrypted

How the password should be stored.

If encrypted is None, True, or md5, it will use PostgreSQL's MD5 algorithm.

If encrypted is False, it will be stored in plaintext.

If encrypted is scram-sha-256, it will use the algorithm described in RFC 7677.

Changed in version 3003: Prior versions only supported True and False

login

Should the group have login perm

inherit

Should the group inherit permissions

superuser

Should the new group be a "superuser"

replication

Should the new group be allowed to initiate streaming replication

password

The group's password. It can be either a plain string or a pre-hashed password:

'md5{MD5OF({password}{role}}'
'SCRAM-SHA-256${iterations}:{salt}${stored_key}:{server_key}'

If encrypted is not False, then the password will be converted to the appropriate format above, if not already. As a consequence, passwords that start with "md5" or "SCRAM-SHA-256" cannot be used.

refresh_password

Password refresh flag

Boolean attribute to specify whether to password comparison check should be performed.

If refresh_password is True, the password will be automatically updated without extra password change check.

This behaviour makes it possible to execute in environments without superuser access available, e.g. Amazon RDS for PostgreSQL

groups

A string of comma separated groups the group should be in

user

System user all operations should be performed on behalf of

New in version 0.17.0.

db_user

database username if different from config or default

db_password

user password if any password for a specified user

db_host

Database host if different from config or default

db_port

Database port if different from config or default