Vh ^ddlmZmZmZeZdZdZdZddl Z ddl m Z ddl m Z ddlmZmZdd lmZmZmZmZmZmZmZmZdd lmZereed krdd lmZnerdd lmZe d Z!ddddddZ"dddddZ#gZ$Gdde%ZdZ&Gdde'Z(Gdde'Z)dZ*e+dk(re*yy) )absolute_importdivisionprint_functiona --- module: postgresql_privs short_description: Grant or revoke privileges on PostgreSQL database objects description: - Grant or revoke privileges on PostgreSQL database objects. - This module is basically a wrapper around most of the functionality of PostgreSQL's GRANT and REVOKE statements with detection of changes (GRANT/REVOKE I(privs) ON I(type) I(objs) TO/FROM I(roles)). options: login_db: description: - Name of database to connect to. - The V(db) and V(database) aliases are deprecated and will be removed in version 5.0.0. required: true type: str aliases: - db - database state: description: - If C(present), the specified privileges are granted, if C(absent) they are revoked. type: str default: present choices: [ absent, present ] privs: description: - Comma separated list of privileges to grant/revoke. type: str aliases: - priv type: description: - Type of database object to set privileges on. - The C(default_privs) choice is available starting at version 2.7. - The C(foreign_data_wrapper) and C(foreign_server) object types are available since Ansible version 2.8. - The C(type) choice is available since Ansible version 2.10. - The C(procedure) is supported since collection version 1.3.0 and PostgreSQL 11. - The C(parameter) is supported since collection version 3.1.0 and PostgreSQL 15. - The C(table) is inclusive of foreign tables since collection version 3.6.0. type: str default: table choices: [ database, default_privs, foreign_data_wrapper, foreign_server, function, group, language, table, tablespace, schema, sequence, type, procedure, parameter ] objs: description: - Comma separated list of database objects to set privileges on. - If I(type) is C(table), C(partition table), C(sequence), C(function) or C(procedure), the special value C(ALL_IN_SCHEMA) can be provided instead to specify all database objects of I(type) in the schema specified via I(schema). (This also works with PostgreSQL < 9.0.) (C(ALL_IN_SCHEMA) is available for C(function) and C(partition table) since Ansible 2.8). - C(procedure) is supported since PostgreSQL 11 and community.postgresql collection 1.3.0. - C(parameter) is supported since PostgreSQL 15 and community.postgresql collection 3.1.0. - If I(type) is C(database), this parameter can be omitted, in which case privileges are set for the database specified via I(database). - If I(type) is C(function) or C(procedure), colons (":") in object names will be replaced with commas (needed to specify signatures, see examples). type: str aliases: - obj schema: description: - Schema that contains the database objects specified via I(objs). - May only be provided if I(type) is C(table), C(sequence), C(function), C(procedure), C(type), or C(default_privs). Defaults to C(public) in these cases. - Pay attention, for embedded types when I(type=type) I(schema) can be C(pg_catalog) or C(information_schema) respectively. - If not specified, uses C(public). Not to pass any schema, use C(not-specified). type: str roles: description: - Comma separated list of role (user/group) names to set permissions for. - Roles C(PUBLIC), C(CURRENT_ROLE), C(CURRENT_USER), C(SESSION_USER) are implicitly defined in PostgreSQL. - C(CURRENT_USER) and C(SESSION_USER) implicit roles are supported since collection version 3.1.0 and PostgreSQL 9.5. - C(CURRENT_ROLE) implicit role is supported since collection version 3.1.0 and PostgreSQL 14. type: str required: true aliases: - role fail_on_role: description: - If C(true), fail when target role (for whom privs need to be granted) does not exist. Otherwise just warn and continue. default: true type: bool session_role: description: - Switch to session_role after connecting. - The specified session_role must be a role that the current login_user is a member of. - Permissions checking for SQL commands is carried out as though the session_role were the one that had logged in originally. type: str target_roles: description: - A list of existing role (user/group) names to set as the default permissions for database objects subsequently created by them. - Parameter I(target_roles) is only available with C(type=default_privs). type: str grant_option: description: - Whether C(role) may grant/revoke the specified privileges/group memberships to others. - Set to C(false) to revoke GRANT OPTION, leave unspecified to make no changes. - I(grant_option) only has an effect if I(state) is C(present). type: bool aliases: - admin_option password: description: - The password to authenticate with. - This option has been B(deprecated) and will be removed in community.postgresql 4.0.0, use the I(login_password) option instead. - Mutually exclusive with I(login_password). type: str default: '' trust_input: description: - If C(false), check whether values of parameters I(roles), I(target_roles), I(session_role), I(schema) are potentially dangerous. - It makes sense to use C(false) only when SQL injections via the parameters are possible. type: bool default: true version_added: '0.2.0' notes: - Parameters that accept comma separated lists (I(privs), I(objs), I(roles)) have singular alias names (I(priv), I(obj), I(role)). - To revoke only C(GRANT OPTION) for a specific object, set I(state) to C(present) and I(grant_option) to C(false) (see examples). - Note that when revoking privileges from a role R, this role may still have access via privileges granted to any role R is a member of including C(PUBLIC). - Note that when revoking privileges from a role R, you do so as the user specified via I(login_user). If R has been granted the same privileges by another user also, R can still access database objects via these privileges. - When revoking privileges, C(RESTRICT) is assumed (see PostgreSQL docs). seealso: - module: community.postgresql.postgresql_user - module: community.postgresql.postgresql_owner - module: community.postgresql.postgresql_membership - name: PostgreSQL privileges description: General information about PostgreSQL privileges. link: https://www.postgresql.org/docs/current/ddl-priv.html - name: PostgreSQL GRANT command reference description: Complete reference of the PostgreSQL GRANT command documentation. link: https://www.postgresql.org/docs/current/sql-grant.html - name: PostgreSQL REVOKE command reference description: Complete reference of the PostgreSQL REVOKE command documentation. link: https://www.postgresql.org/docs/current/sql-revoke.html attributes: check_mode: support: full extends_documentation_fragment: - community.postgresql.postgres author: - Bernhard Weitzhofer (@b6d) - Tobias Birkefeld (@tcraxs) - Daniele Giudice (@RealGreenDragon) a^ # On database "library": # GRANT SELECT, INSERT, UPDATE ON TABLE public.books, public.authors # TO librarian, reader WITH GRANT OPTION - name: Grant privs to librarian and reader on database library community.postgresql.postgresql_privs: login_db: library state: present privs: SELECT,INSERT,UPDATE type: table objs: books,authors schema: public roles: librarian,reader grant_option: true - name: Same as above leveraging default values community.postgresql.postgresql_privs: login_db: library privs: SELECT,INSERT,UPDATE objs: books,authors roles: librarian,reader grant_option: true # REVOKE GRANT OPTION FOR INSERT ON TABLE books FROM reader # Note that role "reader" will be *granted* INSERT privilege itself if this # isn't already the case (since state: present). - name: Revoke privs from reader community.postgresql.postgresql_privs: login_db: library state: present priv: INSERT obj: books role: reader grant_option: false # "public" is the default schema. This also works for PostgreSQL 8.x. - name: REVOKE INSERT, UPDATE ON ALL TABLES IN SCHEMA public FROM reader community.postgresql.postgresql_privs: login_db: library state: absent privs: INSERT,UPDATE objs: ALL_IN_SCHEMA role: reader - name: GRANT ALL PRIVILEGES ON SCHEMA public, math TO librarian community.postgresql.postgresql_privs: login_db: library privs: ALL type: schema objs: public,math role: librarian # Note the separation of arguments with colons. - name: GRANT ALL PRIVILEGES ON FUNCTION math.add(int, int) TO librarian, reader community.postgresql.postgresql_privs: login_db: library privs: ALL type: function obj: add(int:int) schema: math roles: librarian,reader # Note that group role memberships apply cluster-wide and therefore are not # restricted to database "library" here. - name: GRANT librarian, reader TO alice, bob WITH ADMIN OPTION community.postgresql.postgresql_privs: login_db: library type: group objs: librarian,reader roles: alice,bob admin_option: true # Note that here "db: postgres" specifies the database to connect to, not the # database to grant privileges on (which is specified via the "objs" param) - name: GRANT ALL PRIVILEGES ON DATABASE library TO librarian community.postgresql.postgresql_privs: login_db: postgres privs: ALL type: database obj: library role: librarian # If objs is omitted for type "database", it defaults to the database # to which the connection is established - name: GRANT ALL PRIVILEGES ON DATABASE library TO librarian community.postgresql.postgresql_privs: login_db: library privs: ALL type: database role: librarian # Available since version 2.7 # Objs must be set, ALL_DEFAULT to TABLES/SEQUENCES/TYPES/FUNCTIONS # ALL_DEFAULT works only with privs=ALL # For specific - name: ALTER DEFAULT PRIVILEGES ON DATABASE library TO librarian community.postgresql.postgresql_privs: login_db: library objs: ALL_DEFAULT privs: ALL type: default_privs role: librarian grant_option: true # Available since version 2.7 # Objs must be set, ALL_DEFAULT to TABLES/SEQUENCES/TYPES/FUNCTIONS # ALL_DEFAULT works only with privs=ALL # For specific - name: ALTER DEFAULT PRIVILEGES ON DATABASE library TO reader, step 1 community.postgresql.postgresql_privs: login_db: library objs: TABLES,SEQUENCES privs: SELECT type: default_privs role: reader - name: ALTER DEFAULT PRIVILEGES ON DATABASE library TO reader, step 2 community.postgresql.postgresql_privs: login_db: library objs: TYPES privs: USAGE type: default_privs role: reader # Available since version 2.8 - name: GRANT ALL PRIVILEGES ON FOREIGN DATA WRAPPER fdw TO reader community.postgresql.postgresql_privs: login_db: library objs: fdw privs: ALL type: foreign_data_wrapper role: reader # Available since community.postgresql 0.2.0 - name: GRANT ALL PRIVILEGES ON TYPE customtype TO reader community.postgresql.postgresql_privs: login_db: library objs: customtype privs: ALL type: type role: reader # Available since version 2.8 - name: GRANT ALL PRIVILEGES ON FOREIGN SERVER fdw_server TO reader community.postgresql.postgresql_privs: login_db: test objs: fdw_server privs: ALL type: foreign_server role: reader # Available since version 2.8 # Grant 'execute' permissions on all functions in schema 'common' to role 'caller' - name: GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA common TO caller community.postgresql.postgresql_privs: type: function state: present privs: EXECUTE roles: caller objs: ALL_IN_SCHEMA schema: common # Available since collection version 1.3.0 # Grant 'execute' permissions on all procedures in schema 'common' to role 'caller' # Needs PostreSQL 11 or higher and community.postgresql 1.3.0 or higher - name: GRANT EXECUTE ON ALL PROCEDURES IN SCHEMA common TO caller community.postgresql.postgresql_privs: type: procedure state: present privs: EXECUTE roles: caller objs: ALL_IN_SCHEMA schema: common # Available since version 2.8 # ALTER DEFAULT PRIVILEGES FOR ROLE librarian IN SCHEMA library GRANT SELECT ON TABLES TO reader # GRANT SELECT privileges for new TABLES objects created by librarian as # default to the role reader. # For specific - name: ALTER privs community.postgresql.postgresql_privs: login_db: library schema: library objs: TABLES privs: SELECT type: default_privs role: reader target_roles: librarian # Available since version 2.8 # ALTER DEFAULT PRIVILEGES FOR ROLE librarian IN SCHEMA library REVOKE SELECT ON TABLES FROM reader # REVOKE SELECT privileges for new TABLES objects created by librarian as # default from the role reader. # For specific - name: ALTER privs community.postgresql.postgresql_privs: login_db: library state: absent schema: library objs: TABLES privs: SELECT type: default_privs role: reader target_roles: librarian # Available since community.postgresql 0.2.0 - name: Grant type privileges for pg_catalog.numeric type to alice community.postgresql.postgresql_privs: type: type roles: alice privs: ALL objs: numeric schema: pg_catalog login_db: acme - name: Alter default privileges grant usage on schemas to datascience community.postgresql.postgresql_privs: login_db: test type: default_privs privs: usage objs: schemas role: datascience # Available since community.postgresql 3.1.0 # Needs PostgreSQL 15 or higher - name: GRANT SET ON PARAMETER log_destination,log_line_prefix TO logtest community.postgresql.postgresql_privs: login_db: logtest state: present privs: SET type: parameter objs: log_destination,log_line_prefix roles: logtest - name: GRANT ALTER SYSTEM ON PARAMETER primary_conninfo,synchronous_standby_names TO replicamgr community.postgresql.postgresql_privs: login_db: replicamgr state: present privs: ALTER_SYSTEM type: parameter objs: primary_conninfo,synchronous_standby_names roles: replicamgr z queries: description: List of executed queries. returned: success type: list sample: ['REVOKE GRANT OPTION FOR INSERT ON TABLE "books" FROM "reader";'] N) to_native) AnsibleModule) check_inputpg_quote_identifier) HAS_PSYCOPGPSYCOPG_VERSION connect_to_dbensure_required_libsget_conn_paramsget_server_versionpg_cursor_argspostgres_common_argument_spec) LooseVersionz3.0)Error)SELECTINSERTUPDATEDELETETRUNCATE REFERENCESTRIGGERCREATECONNECT TEMPORARYTEMPEXECUTEUSAGEALLSET ALTER_SYSTEM)r!rrrrrrr)r!rrr )r!r)r!r )rr )TABLES SEQUENCES FUNCTIONSTYPESSCHEMASisi")PUBLIC CURRENT_USER SESSION_USER CURRENT_ROLEc eZdZy)rN)__name__ __module__ __qualname__y/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/postgresql/plugins/modules/postgresql_privs.pyrrsr2rcDfd}|_|_|_|S)zPartial function applicationc\j}|j||zi|SN)copyupdate)g_argsg_kwargs new_kwargsargsfkwargss r3gzpartial..gs0[[] (#4&=.X..r2)r=r<r>)r=r<r>r?s``` r3partialr@s$/ AC AFAH Hr2ceZdZdZdZddZdZdZdZdZ d Z d Z d Z d Z d ZdZdZdZdZdZdZdZdZdZdZdZdZdZ ddZy) ConnectionzAWrapper around a psycopg connection with some convenience methodsc||j_|_t|t ||j d}t ||d\_}jjdit_tj_ tfdtjD_y)NF)warn_db_default) autocommitc3HK|]\}}j|k\s|ywr6) pg_version).0 implicit_role version_minselfs r3 z&Connection.__init__..s)' 8m[\`\k\koz\zM' s""r1)login_dbdatabasemoduler r__dict__r connectioncursorrrrGtupleVALID_IMPLICIT_ROLESitemspg_implicit_roles)rKparamsrO conn_paramsdummys` r3__init__zConnection.__init__s   V$%ffoouU !.v{u!U,doo,,>~> ,T__="'' = 11 for type=procedure. ExitrvzSELECT p.proname, oidvectortypes(p.proargtypes) ptypes FROM pg_catalog.pg_proc p JOIN pg_namespace n ON n.oid = p.pronamespace WHERE nspname = %s and p.prokind = 'p'zfSELECT p.proname, oidvectortypes(p.proargtypes) ptypes FROM pg_catalog.pg_proc p WHERE p.prokind = 'p'rrrr)rGrrtr^rRryrzs r3get_all_procedures_in_schemaz'Connection.get_all_procedures_in_schemaQs ??V #ST T %%f-9FBCC>E LL *GE LL @D @T@T@VW1AiL!H+6WWWsBc|rd}|j|||fnd}|j||jjDcgc]}|d c}Scc}w)Na#SELECT relacl::text FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace WHERE nspname = %s AND relkind in ('r','p','v','m','f') AND relname = ANY (%s) ORDER BY relnamez{SELECT relacl::text FROM pg_catalog.pg_class WHERE relkind in ('r','p','v','m','f') AND relname = ANY (%s) ORDER BY relnamerelaclr^rRry)rKrstablesrar{s r3get_table_aclszConnection.get_table_aclsms[ +E LL 0 1(E LL %)[[%9%9%;<( <<< Ac|rd}|j|||fnd}|j||jjDcgc]}|d c}Scc}w)NaSELECT relacl::text FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace WHERE nspname = %s AND relkind = 'S' AND relname = ANY (%s) ORDER BY relnameziSELECT relacl::text FROM pg_catalog.pg_class WHERE relkind = 'S' AND relname = ANY (%s) ORDER BY relnamerr)rKrs sequencesrar{s r3get_sequence_aclszConnection.get_sequence_acls|sZ +E LL 3 4TE LL %)[[%9%9%;<( <<?1+???s Acd}|j||f|jjDcgc]}|d c}Scc}w)NzxSELECT fdwacl::text FROM pg_catalog.pg_foreign_data_wrapper WHERE fdwname = ANY (%s) ORDER BY fdwnamefdwaclr)rKfdwsrar{s r3get_foreign_data_wrapper_aclsz(Connection.get_foreign_data_wrapper_aclss?@ UTG$%)[[%9%9%;<( <<= 15 for type=parameter. ExitzqSELECT paracl::text FROM pg_catalog.pg_parameter_acl WHERE parname = ANY (%s) ORDER BY parnameparacl)rGrrRr^ry)rK parametersrar{s r3get_parameter_aclszConnection.get_parameter_aclss] ??V #ST T@ EJ=1%)[[%9%9%;<( <<.Is?Qfqj?sc|yt|S)N)str)rcs r3 nonesortedz/Connection.manipulate_privs..nonesorted\syq6Mr2)key)!r@rrrrrrrrrrrrrrreplacerr_appendjoinr QueryBuilder for_objtypewith_grant_optionfor_whomas_who for_schemaset_whatfor_objsbuildexecuted_queriesr^sort)rKobj_typeprivsobjs orig_objsroles target_rolesstate grant_optionschema_qualifier fail_on_role get_statusquoted_schema_qualifierobj_idsobjr=r<orirr status_beforera status_afterrs r3manipulate_privszConnection.manipulate_privss. w  !4!46FGJ  # !7!79IJJ 2 2 !7!79IJJ  !--J  #//J  %11J  #//J  33J  ( !7!79IJJ / /;;J ) )55J   !3!35EFJ  $00J@8KL LRb&+;+C+CC+N"Nhl 0 0G RW!iiQ/GAt/F4PQ  R 6 6IMNA$;Q?NGN+/0avz0G0 w xx(H  (xxH88DKLq.q':LL$,/HHUO,C,CC,MyZqr,/HHUO,C,CC,MxO_O_`cehOiknkskst{k|}88E? XX?,??F"4( U# [ "  | , Xh  VF^ Z/ 0 Xh  Xd^ UW  & U!$'   z*j) ,,A!W ORU UVVWO0MsN N" N#&N(Nr6)NT)r.r/r0__doc__rZr^rerhrlrortr|r~rrrrrrrrrrrrrrrrr1r2r3rBrBsK "] !# 9 (/ > >X$X8 = = == = = = & @= = ==SW-r2rBc`eZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZy)rcd|_d|_d|_d|_d|_||_d|_d|_g|_yr6) _grant_option _for_whom_as_who _set_what _obj_type_state_schema_objsra)rKrs r3rZzQueryBuilder.__init__jsB!     r2c||_|Sr6)r)rKrs r3rzQueryBuilder.for_objsus  r2c0| d|z|_|Sd|_|S)Nz IN SCHEMA %sr)r)rKrss r3rzQueryBuilder.for_schemays(393E/  LN  r2c||_|Sr6)r)rKoptions r3rzQueryBuilder.with_grant_option}s# r2c||_|Sr6)r)rKwhos r3rzQueryBuilder.for_whoms r2c||_|Sr6)r)rKrs r3rzQueryBuilder.as_whos#  r2c||_|Sr6)r)rKwhats r3rzQueryBuilder.set_whats r2c||_|Sr6)r)rKobjtypes r3rzQueryBuilder.for_objtypes  r2c|jdk(r|jn0|jdk(r|jn|jdj|jS)Npresentabsent )r build_present build_absentrrarfs r3rzQueryBuilder.buildsQ ;;) #    [[H $        yy$$r2c V|jD]}|jrL|jjdj |j|j ||j [|jjdj |j ||j y)NDALTER DEFAULT PRIVILEGES FOR ROLE {0}{1} REVOKE ALL ON {2} FROM {3};7ALTER DEFAULT PRIVILEGES{0} REVOKE ALL ON {1} FROM {2};)rrrarformatrrrKrs r3add_default_revokezQueryBuilder.add_default_revokes:: fC|| !!Zaabfbnbnbfbnbnpsbfbpbprs  !!MTTUYUaUacfUYUcUcef fr2cP|jr?|jdk(r|jdxxdz cc<y|jdxxdz cc<y|jdur|jdxxdz cc<|jdk(r@|jjdj |j |j y|jdk(s@|jjd j |j |j yy|jdxxdz cc<y) Nrz WITH ADMIN OPTION;z WITH GRANT OPTION;F;z%REVOKE ADMIN OPTION FOR {0} FROM {1};rz%REVOKE GRANT OPTION FOR {0} FROM {1};)rrrarrrrrfs r3add_grant_optionzQueryBuilder.add_grant_options   ~~( 2"77 2"77   5 ( JJrNc !N~~( !!"I"P"PQUQ_Q_aeaoao"pq^^6 !!"I"P"PQUQ_Q_aeaoao"pq7 JJrNc !Nr2c |jD]}|jrW|jjdj |j|j |j ||jnK|jjdj |j |j ||j|jy)Nz@ALTER DEFAULT PRIVILEGES FOR ROLE {0}{1} GRANT {2} ON {3} TO {4}z3ALTER DEFAULT PRIVILEGES{0} GRANT {1} ON {2} TO {3}) rrrarrrrrr!rs r3add_default_privzQueryBuilder.add_default_privs:: $C|| !!V]]^b^j^j^b^j^j^b^l^l^a^b^l^l no !!IPPQUQ]Q]QUQ_Q_QTQUQ_Q_ab  ! ! # $r2c|jdk(r!|j|jy|jj dj |j |j|jy)NrzGRANT {0} TO {1}) rrr#rarrrrr!rfs r3rzQueryBuilder.build_presentsZ >>_ ,  # # %  ! ! # JJ  077W X  ! ! #r2c |jdk(rg|_dD]}|jrL|jjdj |j|j ||j [|jjdj |j ||j y|jjdj |j|j y)Nr)r$r&r%r'rrzREVOKE {0} FROM {1};)rrarrrrrrrs r3rzQueryBuilder.build_absents >>_ ,DJD j<<JJ%%^eefjfrfrfjfrfrtwfjftftvw JJ%%QXXY]YeYegjY]YgYgij j JJ  4;;DNNDNN[ \r2N)r.r/r0rZrrrrrrrrrr!r#rrr1r2r3rrisJ % f "$"$]r2rct}|jtddddgddddddddgtd d d g td d gtdgd td dgtd tddgtd td td ddgtddddtddtdd t|d}|jd}t dd |j}|j r/|jr|jd!"|j |_|j d#vr<|jd$k(s|jd%k(rd|_ nA|jxsd&|_ n+|jr|jd'|j z"|jd(k(r-|j d)vr|jd*|j z"|j dk(r |jxs |j|_ n+|js|jd+|j z"|j d,k(r|jr>|jd-"n+|js|jd.|j z"|js7t||j|j |j"|jt%||}|j"r) |j&j)d/|j"z |jrit3d3|jj5d4Dj7t8s+|jd5j;t8z"ndd}|jd(k(r|j dk(r|j=|j}n|j d6k(r|j?|j}nU|j d7k(r|jA|j}n*|j d8k(r|jC|j}|jDd9k\r|j dk(rd:}n|j d6k(rd;}nr|j d7k(rd<}n_|j d8k(rOd=}nK|j d>k(r|jd?k(r3tFjId@t3tFjK}nvt3dA|jj5d4D}|j7tFs6|jdB|j;tFjKz"t3fdC|D}||k(sk|jdDjM||"nH|jj5d4}|j dEvr|D cgc]} | jOdFd4}} g} |jj5d4} | D]} |jQ| rY|jS| r#| jUdG| jWzH| jUdH| jOdIdJzm|r|jdK| z"|jYdL| z| s(|jYdM|j[d t\N|j r |j d>k(s|jYdO|j r|j j5d4} nd} |j_|j || | |j`|jb|j|P }|jjss|jgn|jm|j&jo|jpjo|j[t\Ny#t*$rI}|jd0|j"d1t-|t/j02Yd}~"d}~wwxYwcc} w#td$rI}|jg|jt-|t/j02Yd}~"d}~wth$r6}|jg|jt-|"Yd}~_d}~wwxYw)QNrTdbrNz5.0.0zcommunity.postgresql)nameversioncollection_name)rrequiredaliasesdeprecated_aliasesrr)defaultchoicesFpriv)r+r,r)rrrrrNrsrrrrrrrrr)r+rolebool admin_option)r+rr,rz4.0.0zcommunity.postgreql)r.no_logremoved_in_versionremoved_from_collection)rr.) rMrrrrrsr session_rolerrpasswordr trust_input) argument_specsupports_check_moderParamsr1z]Use the "password" or "login_password" option but not both to pass a password to log in with.r\)rrrrrrrz not-specifiedpublicz/Argument "schema" is not allowed for type "%s". ALL_IN_SCHEMA)rrrrzpArgument "objs": ALL_IN_SCHEMA can be used only for type: table, sequence, function or procedure, %s was passed.z*Argument "objs" is required for type "%s".rz1Argument "privs" is not allowed for type "group".z+Argument "privs" is required for type "%s".z SET ROLE "%s"zCould not switch to role z: )r] exceptionc3<K|]}|jywr6rj)rHprs r3rLzmain..TsFRbhhjFrz Invalid privileges specified: %srrri_zALL TABLES IN SCHEMAzALL SEQUENCES IN SCHEMAzALL FUNCTIONS IN SCHEMAzALL PROCEDURES IN SCHEMAr ALL_DEFAULTr(c3<K|]}|jywr6rA)rHrs r3rLzmain..ts J JrCz Invalid Object set specified: %sc3TK|]}jt|s|!ywr6)issubsetVALID_DEFAULT_OBJS)rHrrs r3rLzmain..ys#.nsennUghkUlFms.ns((z@Invalid priv specified. Valid object for priv: {0}. Objects: {1}r:z%srrrzRole '%s' does not existz!Role '%s' does not exist, pass itz&No valid roles provided, nothing to do)changedquerieszf"target_roles" will be ignored Argument "type: default_privs" is required for usage of "target_roles".) rrrrrrrrrr)9rr8dictrrWrr8login_passwordr`rrsrMrr9rrrr7rBrRr^r_r traceback format_exc frozensetrrG VALID_PRIVS differencer|r~rrrGrHpopkeysrrrorlrrjwarn exit_jsonrrrrrrh PsycopgError check_moderecloserQ)r:rOrpconnrcrrvalid_objects_for_privrr roles_rawrrrJrs @r3mainr^s13M54$ 9K"#9  #"#9  a  9y(.CDEF84 ' *+55' 2U#D6(35)5)5v#1"24b)0.CEvt4fd3W,\# F ==0L Xr6==)A  zz     "F  G:: vvXX 66Y !((o"=AHxx+8AH .017 8  vv QVV3a%a.017 8  vv%1:: VV.017 8 vv 77   "5  6 WW.017 8 ==FAGGQ^^Q^^QXXN a D~~ G KK  !.. @ Ag+ 77F177==3EFFE>>+.  %G%JZJZ[fJg%g hE 66_ $vv 44QXX>:%77A:%77A;&88B%'66W$ 6IVVz) 9IVVz) 9IVV{* :I VV &vv&"&&y1 !3!8!8!:; J S8I JJ}}%78$$>QcQhQhQjAkk%m&/.nd.n%n ")T1  Zaa.6!766<<$Dvv229=># C->>GGMM#&  IA"((+LL !12LL!))C*>!>?$$)Ca)G$HKK Ca GH I KK@ A   U4D  E >>!&&O"; KKb c >>>>//4LL''VV%''XX%(  *  KKOO W.>?i G   annV_`aVb!coxpDpDpF  G G Gj?^ M Yq\Y5I5I5KLL + Yq\**+sP=(_:&Ka'aE?a: a >aa a c#>b!! c#-+cc#__main__), __future__rrrr __metaclass__ DOCUMENTATIONEXAMPLESRETURNrNansible.module_utils._textransible.module_utils.basicrFansible_collections.community.postgresql.plugins.module_utils.databaserr Fansible_collections.community.postgresql.plugins.module_utils.postgresr r r r rrrrEansible_collections.community.postgresql.plugins.module_utils.versionrpsycopg2rrWpsycopgrPrQrHrTrr_r@objectrBrr^r.r1r2r3rmsA@ ` Dr h 04   ?\%%88.-kl t#G#5/!4 8 #$(-(-(.2  I  --D s]6s]lc@L zFr2