role

package
v0.0.0-...-a46c5bf Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2019 License: Apache-2.0 Imports: 1 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Role 

type Role struct {
	// contains filtered or unexported fields
}

The “postgresql_role“ resource creates and manages a role on a PostgreSQL server.

When a “postgresql_role“ resource is removed, the PostgreSQL ROLE will automatically run a [`REASSIGN OWNED`](https://www.postgresql.org/docs/current/static/sql-reassign-owned.html) and [`DROP OWNED`](https://www.postgresql.org/docs/current/static/sql-drop-owned.html) to the `CURRENT_USER` (normally the connected user for the provider). If the specified PostgreSQL ROLE owns objects in multiple PostgreSQL databases in the same PostgreSQL Cluster, one PostgreSQL provider per database must be created and all but the final “postgresql_role“ must specify a `skip_drop_role`.

> **Note:** All arguments including role name and password will be stored in the raw state as plain-text. [Read more about sensitive data in state](https://www.terraform.io/docs/state/sensitive-data.html).

func GetRole 

func GetRole(ctx *pulumi.Context,
	name string, id pulumi.ID, state *RoleState, opts ...pulumi.ResourceOpt) (*Role, error)

GetRole gets an existing Role resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewRole 

func NewRole(ctx *pulumi.Context,
	name string, args *RoleArgs, opts ...pulumi.ResourceOpt) (*Role, error)

NewRole registers a new resource with the given unique name, arguments, and options.

func (*Role) BypassRowLevelSecurity 

func (r *Role) BypassRowLevelSecurity() *pulumi.BoolOutput

Defines whether a role bypasses every row-level security (RLS) policy. Default value is `false`.

func (*Role) ConnectionLimit 

func (r *Role) ConnectionLimit() *pulumi.IntOutput

If this role can log in, this specifies how many concurrent connections the role can establish. `-1` (the default) means no limit.

func (*Role) CreateDatabase 

func (r *Role) CreateDatabase() *pulumi.BoolOutput

Defines a role's ability to execute `CREATE DATABASE`. Default value is `false`.

func (*Role) CreateRole 

func (r *Role) CreateRole() *pulumi.BoolOutput

Defines a role's ability to execute `CREATE ROLE`. A role with this privilege can also alter and drop other roles. Default value is `false`.

func (*Role) Encrypted 

func (r *Role) Encrypted() *pulumi.StringOutput

func (*Role) EncryptedPassword 

func (r *Role) EncryptedPassword() *pulumi.BoolOutput

Defines whether the password is stored encrypted in the system catalogs. Default value is `true`. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of [PostgreSQL's `password_encryption` setting](https://www.postgresql.org/docs/current/static/runtime-config-connection.html#GUC-PASSWORD-ENCRYPTION).

func (*Role) ID 

func (r *Role) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*Role) Inherit 

func (r *Role) Inherit() *pulumi.BoolOutput

Defines whether a role "inherits" the privileges of roles it is a member of. Default value is `true`.

func (*Role) Login 

func (r *Role) Login() *pulumi.BoolOutput

Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is `false`.

func (*Role) Name 

func (r *Role) Name() *pulumi.StringOutput

The name of the role. Must be unique on the PostgreSQL server instance where it is configured.

func (*Role) Password 

func (r *Role) Password() *pulumi.StringOutput

Sets the role's password. A password is only of use for roles having the `login` attribute set to true.

func (*Role) Replication 

func (r *Role) Replication() *pulumi.BoolOutput

Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is `false`

func (*Role) SkipDropRole 

func (r *Role) SkipDropRole() *pulumi.BoolOutput

When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the [cleanup of ownership of objects](https://www.postgresql.org/docs/current/static/role-removal.html) in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.

func (*Role) SkipReassignOwned 

func (r *Role) SkipReassignOwned() *pulumi.BoolOutput

When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a [`REASSIGN OWNED`](https://www.postgresql.org/docs/current/static/sql-reassign-owned.html) in must be executed on each of the respective databases before the `DROP ROLE` can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicit [`DROP OWNED`](https://www.postgresql.org/docs/current/static/sql-drop-owned.html)).

func (*Role) Superuser 

func (r *Role) Superuser() *pulumi.BoolOutput

Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is `false`.

func (*Role) URN 

func (r *Role) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

func (*Role) ValidUntil 

func (r *Role) ValidUntil() *pulumi.StringOutput

Defines the date and time after which the role's password is no longer valid. Established connections past this `valid_time` will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic value `NULL` is used, `valid_until` will be set to `infinity`. Default is `NULL`, therefore `infinity`.

type RoleArgs 

type RoleArgs struct {
	// Defines whether a role bypasses every
	// row-level security (RLS) policy.  Default value is `false`.
	BypassRowLevelSecurity interface{}
	// If this role can log in, this specifies how
	// many concurrent connections the role can establish. `-1` (the default) means no
	// limit.
	ConnectionLimit interface{}
	// Defines a role's ability to execute `CREATE
	// DATABASE`.  Default value is `false`.
	CreateDatabase interface{}
	// Defines a role's ability to execute `CREATE ROLE`.
	// A role with this privilege can also alter and drop other roles.  Default value
	// is `false`.
	CreateRole interface{}
	Encrypted  interface{}
	// Defines whether the password is stored
	// encrypted in the system catalogs.  Default value is `true`.  NOTE: this value
	// is always set (to the conservative and safe value), but may interfere with the
	// behavior of
	// [PostgreSQL's `password_encryption` setting](https://www.postgresql.org/docs/current/static/runtime-config-connection.html#GUC-PASSWORD-ENCRYPTION).
	EncryptedPassword interface{}
	// Defines whether a role "inherits" the privileges of
	// roles it is a member of.  Default value is `true`.
	Inherit interface{}
	// Defines whether role is allowed to log in.  Roles without
	// this attribute are useful for managing database privileges, but are not users
	// in the usual sense of the word.  Default value is `false`.
	Login interface{}
	// The name of the role. Must be unique on the PostgreSQL
	// server instance where it is configured.
	Name interface{}
	// Sets the role's password. A password is only of use
	// for roles having the `login` attribute set to true.
	Password interface{}
	// Defines whether a role is allowed to initiate
	// streaming replication or put the system in and out of backup mode.  Default
	// value is `false`
	Replication interface{}
	// When a PostgreSQL ROLE exists in multiple
	// databases and the ROLE is dropped, the
	// [cleanup of ownership of objects](https://www.postgresql.org/docs/current/static/role-removal.html)
	// in each of the respective databases must occur before the ROLE can be dropped
	// from the catalog.  Set this option to true when there are multiple databases
	// in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership.
	// This is the third and final step taken when removing a ROLE from a database.
	SkipDropRole interface{}
	// When a PostgreSQL ROLE exists in multiple
	// databases and the ROLE is dropped, a
	// [`REASSIGN OWNED`](https://www.postgresql.org/docs/current/static/sql-reassign-owned.html) in
	// must be executed on each of the respective databases before the `DROP ROLE`
	// can be executed to dropped the ROLE from the catalog.  This is the first and
	// second steps taken when removing a ROLE from a database (the second step being
	// an implicit
	// [`DROP OWNED`](https://www.postgresql.org/docs/current/static/sql-drop-owned.html)).
	SkipReassignOwned interface{}
	// Defines whether the role is a "superuser", and
	// therefore can override all access restrictions within the database.  Default
	// value is `false`.
	Superuser interface{}
	// Defines the date and time after which the role's
	// password is no longer valid.  Established connections past this `valid_time`
	// will have to be manually terminated.  This value corresponds to a PostgreSQL
	// datetime. If omitted or the magic value `NULL` is used, `valid_until` will be
	// set to `infinity`.  Default is `NULL`, therefore `infinity`.
	ValidUntil interface{}
}

The set of arguments for constructing a Role resource.

type RoleState 

type RoleState struct {
	// Defines whether a role bypasses every
	// row-level security (RLS) policy.  Default value is `false`.
	BypassRowLevelSecurity interface{}
	// If this role can log in, this specifies how
	// many concurrent connections the role can establish. `-1` (the default) means no
	// limit.
	ConnectionLimit interface{}
	// Defines a role's ability to execute `CREATE
	// DATABASE`.  Default value is `false`.
	CreateDatabase interface{}
	// Defines a role's ability to execute `CREATE ROLE`.
	// A role with this privilege can also alter and drop other roles.  Default value
	// is `false`.
	CreateRole interface{}
	Encrypted  interface{}
	// Defines whether the password is stored
	// encrypted in the system catalogs.  Default value is `true`.  NOTE: this value
	// is always set (to the conservative and safe value), but may interfere with the
	// behavior of
	// [PostgreSQL's `password_encryption` setting](https://www.postgresql.org/docs/current/static/runtime-config-connection.html#GUC-PASSWORD-ENCRYPTION).
	EncryptedPassword interface{}
	// Defines whether a role "inherits" the privileges of
	// roles it is a member of.  Default value is `true`.
	Inherit interface{}
	// Defines whether role is allowed to log in.  Roles without
	// this attribute are useful for managing database privileges, but are not users
	// in the usual sense of the word.  Default value is `false`.
	Login interface{}
	// The name of the role. Must be unique on the PostgreSQL
	// server instance where it is configured.
	Name interface{}
	// Sets the role's password. A password is only of use
	// for roles having the `login` attribute set to true.
	Password interface{}
	// Defines whether a role is allowed to initiate
	// streaming replication or put the system in and out of backup mode.  Default
	// value is `false`
	Replication interface{}
	// When a PostgreSQL ROLE exists in multiple
	// databases and the ROLE is dropped, the
	// [cleanup of ownership of objects](https://www.postgresql.org/docs/current/static/role-removal.html)
	// in each of the respective databases must occur before the ROLE can be dropped
	// from the catalog.  Set this option to true when there are multiple databases
	// in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership.
	// This is the third and final step taken when removing a ROLE from a database.
	SkipDropRole interface{}
	// When a PostgreSQL ROLE exists in multiple
	// databases and the ROLE is dropped, a
	// [`REASSIGN OWNED`](https://www.postgresql.org/docs/current/static/sql-reassign-owned.html) in
	// must be executed on each of the respective databases before the `DROP ROLE`
	// can be executed to dropped the ROLE from the catalog.  This is the first and
	// second steps taken when removing a ROLE from a database (the second step being
	// an implicit
	// [`DROP OWNED`](https://www.postgresql.org/docs/current/static/sql-drop-owned.html)).
	SkipReassignOwned interface{}
	// Defines whether the role is a "superuser", and
	// therefore can override all access restrictions within the database.  Default
	// value is `false`.
	Superuser interface{}
	// Defines the date and time after which the role's
	// password is no longer valid.  Established connections past this `valid_time`
	// will have to be manually terminated.  This value corresponds to a PostgreSQL
	// datetime. If omitted or the magic value `NULL` is used, `valid_until` will be
	// set to `infinity`.  Default is `NULL`, therefore `infinity`.
	ValidUntil interface{}
}

Input properties used for looking up and filtering Role resources.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.