How to grant in Puppet a global permissions to PostgreSQL?

Question

Official postgresql module from puppetlabs allow granting privileges on specific database.

postgresql::database_grant{'grant to myuser':
    privilege   => 'CREATE',
    db          => 'app_production',
    role        => 'myuser',
  }

this would execute:

 GRANT ${privilege} ON database ${db} TO ${role};

However I'd like to execute query on global permissions for given user:

  ALTER role myuser login createdb;

Is there a way how to do this? Or should I use different puppet module for PostgreSQL?

Michael Szymczak · Accepted Answer · 2014-04-15T09:14:25.503

The solution that works for me is to use 'postgresql::server::role' with createdb => true instead of 'postgresql::database_grant'. It makes sense as you want to alter user's global behaviour, not the one related to the particular database.

This is an example directive that adds the user along with createdb privileges:

postgresql::server::role { 'username':
  password_hash => postgresql_password('username', 'password'),
  createdb  => true
}

Given 'vagrant' as the user name, this is the expected output:

Role[vagrant]/Postgresql_psql[ALTER ROLE "vagrant" CREATEDB]/command: command changed '' to 'ALTER ROLE "vagrant" CREATEDB'

Important: If you use version 2 of the module, you can use postgresql::role instead of postgresql::server::role. See https://forge.puppetlabs.com/puppetlabs/postgresql#upgrading

How to grant in Puppet a global permissions to PostgreSQL?

1 Answers1