'All' grants for PostgreSQL.

This update allows granting privileges on ALL tables or ALL sequences in a given schema. Such as: GRANT SELECT ON ALL TABLES IN SCHEMA public TO 'monkey';
2025-04-17 10:10:20 +00:00 · 2016-09-13 16:17:52 -04:00 · 2016-09-13 16:17:52 -04:00 · 8b877f014d
commit 8b877f014d
parent fbbe9ec571
2 changed files with 37 additions and 0 deletions
--- a/salt/modules/postgres.py
+++ b/salt/modules/postgres.py
@ -2873,12 +2873,21 @@ def privileges_grant(name,
        if object_type == 'group':
            query = 'GRANT {0} TO "{1}" WITH ADMIN OPTION'.format(
                object_name, name)
+        elif (object_type in ('table', 'sequence') and
+                object_name.upper() == 'ALL'):
+            query = 'GRANT {0} ON ALL {1}S IN SCHEMA {2} TO ' + \
+                    '"{3}" WITH GRANT OPTION'.format(
+                _grants, object_type.upper(), prepend, name)
        else:
            query = 'GRANT {0} ON {1} {2} TO "{3}" WITH GRANT OPTION'.format(
                _grants, object_type.upper(), on_part, name)
    else:
        if object_type == 'group':
            query = 'GRANT {0} TO "{1}"'.format(object_name, name)
+        elif (object_type in ('table', 'sequence') and
+                object_name.upper() == 'ALL'):
+            query = 'GRANT {0} ON ALL {1}S IN SCHEMA {2} TO "{3}"'.format(
+                _grants, object_type.upper(), prepend, name)
        else:
            query = 'GRANT {0} ON {1} {2} TO "{3}"'.format(
                _grants, object_type.upper(), on_part, name)
--- a/tests/unit/modules/postgres_test.py
+++ b/tests/unit/modules/postgres_test.py
@ -1277,6 +1277,34 @@ class PostgresTestCase(TestCase):
                    host='testhost', port='testport',
                    password='testpassword', user='testuser', runas='user')

+        # Test grant on all tables
+        with patch('salt.modules.postgres._run_psql',
+            Mock(return_value={'retcode': 0})):
+            with patch('salt.modules.postgres.has_privileges',
+                    Mock(return_value=False)):
+                ret = postgres.privileges_grant(
+                   'baruwa',
+                   'ALL',
+                   'table',
+                   'SELECT',
+                   maintenance_db='db_name',
+                   runas='user',
+                   host='testhost',
+                   port='testport',
+                   user='testuser',
+                   password='testpassword'
+                )
+
+                query = 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO "baruwa"'
+
+                postgres._run_psql.assert_called_once_with(
+                    ['/usr/bin/pgsql', '--no-align', '--no-readline',
+                     '--no-password', '--username', 'testuser', '--host',
+                     'testhost', '--port', 'testport', '--dbname', 'db_name',
+                     '-c', query],
+                    host='testhost', port='testport',
+                    password='testpassword', user='testuser', runas='user')
+
    def test_privileges_grant_group(self):
        '''
        Test granting privileges on group