Блог

У меня возникают трудности с созданием пользователей с доступом только для чтения ко всем таблицам в схеме.

Я использую следующее в манифесте

   postgresql::server::grant {<Unique friendly name>:
    db          => <dbname>,
    object_name => <schema_name>,
    object_type => 'ALL TABLES IN SCHEMA',
    privilege   => 'SELECT',
    role        => <username>,
  }
  

При запуске puppet я получаю следующую ошибку:
Could not evaluate: Error evaluating 'unless' clause, returned pid 6933 exit 1: 'ERROR: unrecognized privilege type: "SELECT ON ALL TABLES"

Тем не менее, глядя на манифест:

 postgresql::server::grant
Manages grant-based access privileges for roles. See PostgreSQL documentation for grant for more information.

db
Specifies the database to which you are granting access.

object_type
Specifies the type of object to which you are granting privileges. Valid options: DATABASE, SCHEMA, SEQUENCE, ALL SEQUENCES IN SCHEMA, TABLE or ALL TABLES IN SCHEMA.

object_name
Specifies name of object_type to which to grant access.

port
Port to use when connecting. Default: undef, which generally defaults to port 5432 depending on your PostgreSQL packaging.

privilege
Specifies the privilege to grant. Valid options: ALL, ALL PRIVILEGES or object_type dependent string.

psql_db
Specifies the database to execute the grant against. This should not ordinarily be changed from the default, which is postgres.

psql_user
Sets the OS user to run psql. Default: the default user for the module, usually postgres.

role
Specifies the role or user whom you are granting access to.
  

Поиск «типа привилегий»:
privilege_type='${custom_privilege}'

 $custom_privilege = $_privilege ? {
        'ALL'            => 'INSERT',
        'ALL PRIVILEGES' => 'INSERT',
        default          => $_privilege,
      }
  

И, наконец
validate_string($_privilege,'SELECT','INSERT','UPDATE','DELETE','TRUNCATE','REFERENCES','TRIGGER','ALL','ALL PRIVILEGES')

Есть идеи?