Class Role
The postgresql..Role resource creates and manages a role on a PostgreSQL
server.
When a postgresql..Role resource is removed, the PostgreSQL ROLE will
automatically run a REASSIGN OWNED
and DROP OWNED to
the CURRENT_USER (normally the connected user for the provider). If the
specified PostgreSQL ROLE owns objects in multiple PostgreSQL databases in the
same PostgreSQL Cluster, one PostgreSQL provider per database must be created
and all but the final postgresql..Role must specify a skip_drop_role.
Note: All arguments including role name and password will be stored in the raw state as plain-text. Read more about sensitive data in state.
Usage
using Pulumi;
using PostgreSql = Pulumi.PostgreSql;
class MyStack : Stack
{
public MyStack()
{
var myRole = new PostgreSql.Role("myRole", new PostgreSql.RoleArgs
{
Login = true,
Password = "mypass",
});
var myReplicationRole = new PostgreSql.Role("myReplicationRole", new PostgreSql.RoleArgs
{
ConnectionLimit = 5,
Login = true,
Password = "md5c98cbfeb6a347a47eb8e96cfb4c4b890",
Replication = true,
});
}
}
Inherited Members
Namespace: Pulumi.PostgreSql
Assembly: Pulumi.PostgreSql.dll
Syntax
public class Role : CustomResourceConstructors
View SourceRole(String, RoleArgs, CustomResourceOptions)
Create a Role resource with the given unique name, arguments, and options.
Declaration
public Role(string name, RoleArgs args = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resource |
| RoleArgs | args | The arguments used to populate this resource's properties |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Properties
View SourceBypassRowLevelSecurity
Defines whether a role bypasses every
row-level security (RLS) policy. Default value is false.
Declaration
public Output<bool?> BypassRowLevelSecurity { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
ConnectionLimit
If this role can log in, this specifies how
many concurrent connections the role can establish. -1 (the default) means no
limit.
Declaration
public Output<int?> ConnectionLimit { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Int32>> |
CreateDatabase
Defines a role's ability to execute CREATE DATABASE. Default value is false.
Declaration
public Output<bool?> CreateDatabase { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
CreateRole
Defines a role's ability to execute CREATE ROLE.
A role with this privilege can also alter and drop other roles. Default value
is false.
Declaration
public Output<bool?> CreateRole { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
Encrypted
Declaration
public Output<string> Encrypted { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
EncryptedPassword
Defines whether the password is stored
encrypted in the system catalogs. Default value is true. NOTE: this value
is always set (to the conservative and safe value), but may interfere with the
behavior of
PostgreSQL's password_encryption setting.
Declaration
public Output<bool?> EncryptedPassword { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
Inherit
Defines whether a role "inherits" the privileges of
roles it is a member of. Default value is true.
Declaration
public Output<bool?> Inherit { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
Login
Defines whether role is allowed to log in. Roles without
this attribute are useful for managing database privileges, but are not users
in the usual sense of the word. Default value is false.
Declaration
public Output<bool?> Login { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
Name
The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
Declaration
public Output<string> Name { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Password
Sets the role's password. A password is only of use
for roles having the login attribute set to true.
Declaration
public Output<string> Password { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Replication
Defines whether a role is allowed to initiate
streaming replication or put the system in and out of backup mode. Default
value is false
Declaration
public Output<bool?> Replication { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
Roles
Defines list of roles which will be granted to this new role.
Declaration
public Output<ImmutableArray<string>> Roles { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableArray<System.String>> |
SearchPaths
Alters the search path of this new role. Note that
due to limitations in the implementation, values cannot contain the substring
", ".
Declaration
public Output<ImmutableArray<string>> SearchPaths { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableArray<System.String>> |
SkipDropRole
When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
Declaration
public Output<bool?> SkipDropRole { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
SkipReassignOwned
When a PostgreSQL ROLE exists in multiple
databases and the ROLE is dropped, a
REASSIGN OWNED in
must be executed on each of the respective databases before the DROP ROLE
can be executed to dropped the ROLE from the catalog. This is the first and
second steps taken when removing a ROLE from a database (the second step being
an implicit
DROP OWNED).
Declaration
public Output<bool?> SkipReassignOwned { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
StatementTimeout
Defines statement_timeout setting for this role which allows to abort any statement that takes more than the specified amount of time.
Declaration
public Output<int?> StatementTimeout { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Int32>> |
Superuser
Defines whether the role is a "superuser", and
therefore can override all access restrictions within the database. Default
value is false.
Declaration
public Output<bool?> Superuser { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
ValidUntil
Defines the date and time after which the role's
password is no longer valid. Established connections past this valid_time
will have to be manually terminated. This value corresponds to a PostgreSQL
datetime. If omitted or the magic value NULL is used, valid_until will be
set to infinity. Default is NULL, therefore infinity.
Declaration
public Output<string> ValidUntil { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Methods
View SourceGet(String, Input<String>, RoleState, CustomResourceOptions)
Get an existing Role resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
Declaration
public static Role Get(string name, Input<string> id, RoleState state = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resulting resource. |
| Input<System.String> | id | The unique provider ID of the resource to lookup. |
| RoleState | state | Any extra arguments used during the lookup. |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Returns
| Type | Description |
|---|---|
| Role |