1 # Define for granting membership to a role. See README.md for more information
2 define postgresql::server::grant_role (
4 String[1] $role = $name,
5 Enum['present', 'absent'] $ensure = 'present',
6 $psql_db = $postgresql::server::default_database,
7 $psql_user = $postgresql::server::user,
8 $port = $postgresql::server::port,
9 $connect_settings = $postgresql::server::default_connect_settings,
13 $command = "GRANT \"${group}\" TO \"${role}\""
17 $command = "REVOKE \"${group}\" FROM \"${role}\""
21 fail("Unknown value for ensure '${ensure}'.")
25 postgresql_psql { "grant_role:${name}":
27 unless => "SELECT 1 WHERE EXISTS (SELECT 1 FROM pg_roles AS r_role JOIN pg_auth_members AS am ON r_role.oid = am.member JOIN pg_roles AS r_group ON r_group.oid = am.roleid WHERE r_group.rolname = '${group}' AND r_role.rolname = '${role}') ${unless_comp} true",
29 psql_user => $psql_user,
31 connect_settings => $connect_settings,
34 if ! $connect_settings or empty($connect_settings) {
35 Class['postgresql::server']->Postgresql_psql["grant_role:${name}"]
37 if defined(Postgresql::Server::Role[$role]) {
38 Postgresql::Server::Role[$role]->Postgresql_psql["grant_role:${name}"]
40 if defined(Postgresql::Server::Role[$group]) {
41 Postgresql::Server::Role[$group]->Postgresql_psql["grant_role:${name}"]