Pulumi PostgreSQL¶

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-postgresql repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-postgresql repo.

class pulumi_postgresql.Database(resource_name, opts=None, allow_connections=None, connection_limit=None, encoding=None, is_template=None, lc_collate=None, lc_ctype=None, name=None, owner=None, tablespace_name=None, template=None, __props__=None, __name__=None, __opts__=None)¶

The .Database resource creates and manages database objects within a PostgreSQL server instance.

import pulumi
import pulumi_postgresql as postgresql

my_db = postgresql.Database("myDb",
    allow_connections=True,
    connection_limit=-1,
    lc_collate="C",
    owner="my_role",
    template="template0")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
allow_connections (pulumi.Input[bool]) – If false then no one can connect to this database. The default is true, allowing connections (except as restricted by other mechanisms, such as GRANT or REVOKE CONNECT).
connection_limit (pulumi.Input[float]) – How many concurrent connections can be established to this database. -1 (the default) means no limit.
encoding (pulumi.Input[str]) – Character set encoding to use in the new database
is_template (pulumi.Input[bool]) – If true, then this database can be cloned by any user with CREATEDB privileges; if false (the default), then only superusers or the owner of the database can clone it.
lc_collate (pulumi.Input[str]) – Collation order (LC_COLLATE) to use in the new database
lc_ctype (pulumi.Input[str]) – Character classification (LC_CTYPE) to use in the new database
name (pulumi.Input[str]) – The name of the database. Must be unique on the PostgreSQL server instance where it is configured.
owner (pulumi.Input[str]) – The role name of the user who will own the database, or DEFAULT to use the default (namely, the user executing the command). To create a database owned by another role or to change the owner of an existing database, you must be a direct or indirect member of the specified role, or the username in the provider is a superuser.
tablespace_name (pulumi.Input[str]) – The name of the tablespace that will be associated with the database, or DEFAULT to use the template database’s tablespace. This tablespace will be the default tablespace used for objects created in this database.
template (pulumi.Input[str]) – The name of the template from which to create the new database

allow_connections: pulumi.Output[bool] = None¶: If false then no one can connect to this database. The default is true, allowing connections (except as restricted by other mechanisms, such as GRANT or REVOKE CONNECT).

connection_limit: pulumi.Output[float] = None¶: How many concurrent connections can be established to this database. -1 (the default) means no limit.

encoding: pulumi.Output[str] = None¶: Character set encoding to use in the new database

is_template: pulumi.Output[bool] = None¶: If true, then this database can be cloned by any user with CREATEDB privileges; if false (the default), then only superusers or the owner of the database can clone it.

lc_collate: pulumi.Output[str] = None¶: Collation order (LC_COLLATE) to use in the new database

lc_ctype: pulumi.Output[str] = None¶: Character classification (LC_CTYPE) to use in the new database

name: pulumi.Output[str] = None¶: The name of the database. Must be unique on the PostgreSQL server instance where it is configured.

owner: pulumi.Output[str] = None¶: The role name of the user who will own the database, or DEFAULT to use the default (namely, the user executing the command). To create a database owned by another role or to change the owner of an existing database, you must be a direct or indirect member of the specified role, or the username in the provider is a superuser.

tablespace_name: pulumi.Output[str] = None¶: The name of the tablespace that will be associated with the database, or DEFAULT to use the template database’s tablespace. This tablespace will be the default tablespace used for objects created in this database.

template: pulumi.Output[str] = None¶: The name of the template from which to create the new database

static get(resource_name, id, opts=None, allow_connections=None, connection_limit=None, encoding=None, is_template=None, lc_collate=None, lc_ctype=None, name=None, owner=None, tablespace_name=None, template=None)¶

Get an existing Database resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
allow_connections (pulumi.Input[bool]) – If false then no one can connect to this database. The default is true, allowing connections (except as restricted by other mechanisms, such as GRANT or REVOKE CONNECT).
connection_limit (pulumi.Input[float]) – How many concurrent connections can be established to this database. -1 (the default) means no limit.
encoding (pulumi.Input[str]) – Character set encoding to use in the new database
is_template (pulumi.Input[bool]) – If true, then this database can be cloned by any user with CREATEDB privileges; if false (the default), then only superusers or the owner of the database can clone it.
lc_collate (pulumi.Input[str]) – Collation order (LC_COLLATE) to use in the new database
lc_ctype (pulumi.Input[str]) – Character classification (LC_CTYPE) to use in the new database
name (pulumi.Input[str]) – The name of the database. Must be unique on the PostgreSQL server instance where it is configured.
owner (pulumi.Input[str]) – The role name of the user who will own the database, or DEFAULT to use the default (namely, the user executing the command). To create a database owned by another role or to change the owner of an existing database, you must be a direct or indirect member of the specified role, or the username in the provider is a superuser.
tablespace_name (pulumi.Input[str]) – The name of the tablespace that will be associated with the database, or DEFAULT to use the template database’s tablespace. This tablespace will be the default tablespace used for objects created in this database.
template (pulumi.Input[str]) – The name of the template from which to create the new database

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_postgresql.DefaultPrivileg(resource_name, opts=None, database=None, object_type=None, owner=None, privileges=None, role=None, schema=None, __props__=None, __name__=None, __opts__=None)¶

Create a DefaultPrivileg resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] database: The database to grant default privileges for this role :param pulumi.Input[str] object_type: The PostgreSQL object type to set the default privileges on (one of: table, sequence) :param pulumi.Input[str] owner: Target role for which to alter default privileges. :param pulumi.Input[list] privileges: The list of privileges to apply as default privileges :param pulumi.Input[str] role: The name of the role to which grant default privileges on :param pulumi.Input[str] schema: The database schema to set default privileges for this role

database: pulumi.Output[str] = None¶: The database to grant default privileges for this role

object_type: pulumi.Output[str] = None¶: The PostgreSQL object type to set the default privileges on (one of: table, sequence)

owner: pulumi.Output[str] = None¶: Target role for which to alter default privileges.

privileges: pulumi.Output[list] = None¶: The list of privileges to apply as default privileges

role: pulumi.Output[str] = None¶: The name of the role to which grant default privileges on

schema: pulumi.Output[str] = None¶: The database schema to set default privileges for this role

static get(resource_name, id, opts=None, database=None, object_type=None, owner=None, privileges=None, role=None, schema=None)¶

Get an existing DefaultPrivileg resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
database (pulumi.Input[str]) – The database to grant default privileges for this role
object_type (pulumi.Input[str]) – The PostgreSQL object type to set the default privileges on (one of: table, sequence)
owner (pulumi.Input[str]) – Target role for which to alter default privileges.
privileges (pulumi.Input[list]) – The list of privileges to apply as default privileges
role (pulumi.Input[str]) – The name of the role to which grant default privileges on
schema (pulumi.Input[str]) – The database schema to set default privileges for this role

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_postgresql.DefaultPrivileges(resource_name, opts=None, database=None, object_type=None, owner=None, privileges=None, role=None, schema=None, __props__=None, __name__=None, __opts__=None)¶

The .DefaultPrivileges resource creates and manages default privileges given to a user for a database schema.

Note: This resource needs Postgresql version 9 or above.

import pulumi
import pulumi_postgresql as postgresql

read_only_tables = postgresql.DefaultPrivileges("readOnlyTables",
    database="test_db",
    object_type="table",
    owner="db_owner",
    privileges=["SELECT"],
    role="test_role",
    schema="public")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
database (pulumi.Input[str]) – The database to grant default privileges for this role.
object_type (pulumi.Input[str]) – The PostgreSQL object type to set the default privileges on (one of: table, sequence).
owner (pulumi.Input[str]) – Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
privileges (pulumi.Input[list]) – The list of privileges to apply as default privileges.
role (pulumi.Input[str]) – The name of the role to which grant default privileges on.
schema (pulumi.Input[str]) – The database schema to set default privileges for this role.

database: pulumi.Output[str] = None¶: The database to grant default privileges for this role.

object_type: pulumi.Output[str] = None¶: The PostgreSQL object type to set the default privileges on (one of: table, sequence).

owner: pulumi.Output[str] = None¶: Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).

privileges: pulumi.Output[list] = None¶: The list of privileges to apply as default privileges.

role: pulumi.Output[str] = None¶: The name of the role to which grant default privileges on.

schema: pulumi.Output[str] = None¶: The database schema to set default privileges for this role.

static get(resource_name, id, opts=None, database=None, object_type=None, owner=None, privileges=None, role=None, schema=None)¶

Get an existing DefaultPrivileges resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
database (pulumi.Input[str]) – The database to grant default privileges for this role.
object_type (pulumi.Input[str]) – The PostgreSQL object type to set the default privileges on (one of: table, sequence).
owner (pulumi.Input[str]) – Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
privileges (pulumi.Input[list]) – The list of privileges to apply as default privileges.
role (pulumi.Input[str]) – The name of the role to which grant default privileges on.
schema (pulumi.Input[str]) – The database schema to set default privileges for this role.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_postgresql.Extension(resource_name, opts=None, database=None, name=None, schema=None, version=None, __props__=None, __name__=None, __opts__=None)¶

The .Extension resource creates and manages an extension on a PostgreSQL server.

import pulumi
import pulumi_postgresql as postgresql

my_extension = postgresql.Extension("myExtension")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
database (pulumi.Input[str]) – Which database to create the extension on. Defaults to provider database.
name (pulumi.Input[str]) – The name of the extension.
schema (pulumi.Input[str]) – Sets the schema of an extension.
version (pulumi.Input[str]) – Sets the version number of the extension.

database: pulumi.Output[str] = None¶: Which database to create the extension on. Defaults to provider database.

name: pulumi.Output[str] = None¶: The name of the extension.

schema: pulumi.Output[str] = None¶: Sets the schema of an extension.

version: pulumi.Output[str] = None¶: Sets the version number of the extension.

static get(resource_name, id, opts=None, database=None, name=None, schema=None, version=None)¶

Get an existing Extension resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
database (pulumi.Input[str]) – Which database to create the extension on. Defaults to provider database.
name (pulumi.Input[str]) – The name of the extension.
schema (pulumi.Input[str]) – Sets the schema of an extension.
version (pulumi.Input[str]) – Sets the version number of the extension.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_postgresql.Grant(resource_name, opts=None, database=None, object_type=None, privileges=None, role=None, schema=None, with_grant_option=None, __props__=None, __name__=None, __opts__=None)¶

The .Grant resource creates and manages privileges given to a user for a database schema.

Note: This resource needs Postgresql version 9 or above.

import pulumi
import pulumi_postgresql as postgresql

readonly_tables = postgresql.Grant("readonlyTables",
    database="test_db",
    object_type="table",
    privileges=["SELECT"],
    role="test_role",
    schema="public")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
database (pulumi.Input[str]) – The database to grant privileges on for this role.
object_type (pulumi.Input[str]) – The PostgreSQL object type to grant the privileges on (one of: table, sequence).
privileges (pulumi.Input[list]) – The list of privileges to grant.
role (pulumi.Input[str]) – The name of the role to grant privileges on.
schema (pulumi.Input[str]) – The database schema to grant privileges on for this role.
with_grant_option (pulumi.Input[bool]) – Permit the grant recipient to grant it to others

database: pulumi.Output[str] = None¶: The database to grant privileges on for this role.

object_type: pulumi.Output[str] = None¶: The PostgreSQL object type to grant the privileges on (one of: table, sequence).

privileges: pulumi.Output[list] = None¶: The list of privileges to grant.

role: pulumi.Output[str] = None¶: The name of the role to grant privileges on.

schema: pulumi.Output[str] = None¶: The database schema to grant privileges on for this role.

with_grant_option: pulumi.Output[bool] = None¶: Permit the grant recipient to grant it to others

static get(resource_name, id, opts=None, database=None, object_type=None, privileges=None, role=None, schema=None, with_grant_option=None)¶

Get an existing Grant resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
database (pulumi.Input[str]) – The database to grant privileges on for this role.
object_type (pulumi.Input[str]) – The PostgreSQL object type to grant the privileges on (one of: table, sequence).
privileges (pulumi.Input[list]) – The list of privileges to grant.
role (pulumi.Input[str]) – The name of the role to grant privileges on.
schema (pulumi.Input[str]) – The database schema to grant privileges on for this role.
with_grant_option (pulumi.Input[bool]) – Permit the grant recipient to grant it to others

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_postgresql.Provider(resource_name, opts=None, clientcert=None, connect_timeout=None, database=None, database_username=None, expected_version=None, host=None, max_connections=None, password=None, port=None, ssl_mode=None, sslmode=None, sslrootcert=None, superuser=None, username=None, __props__=None, __name__=None, __opts__=None)¶

The provider type for the postgresql package. By default, resources use package-wide configuration settings, however an explicit Provider instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the documentation for more information.

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
clientcert (pulumi.Input[dict]) – SSL client certificate if required by the database.
connect_timeout (pulumi.Input[float]) – Maximum wait for connection, in seconds. Zero or not specified means wait indefinitely.
database (pulumi.Input[str]) – The name of the database to connect to in order to conenct to (defaults to postgres).
database_username (pulumi.Input[str]) – Database username associated to the connected user (for user name maps)
expected_version (pulumi.Input[str]) – Specify the expected version of PostgreSQL.
host (pulumi.Input[str]) – Name of PostgreSQL server address to connect to
max_connections (pulumi.Input[float]) – Maximum number of connections to establish to the database. Zero means unlimited.
password (pulumi.Input[str]) – Password to be used if the PostgreSQL server demands password authentication
port (pulumi.Input[float]) – The PostgreSQL port number to connect to at the server host, or socket file name extension for Unix-domain connections
sslmode (pulumi.Input[str]) – This option determines whether or with what priority a secure SSL TCP/IP connection will be negotiated with the PostgreSQL server
sslrootcert (pulumi.Input[str]) – The SSL server root certificate file path. The file must contain PEM encoded data.
superuser (pulumi.Input[bool]) – Specify if the user to connect as is a Postgres superuser or not.If not, some feature might be disabled (e.g.: Refreshing state password from Postgres)
username (pulumi.Input[str]) – PostgreSQL user name to connect as

The clientcert object supports the following:

cert (pulumi.Input[str])
key (pulumi.Input[str])

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_postgresql.Role(resource_name, opts=None, bypass_row_level_security=None, connection_limit=None, create_database=None, create_role=None, encrypted=None, encrypted_password=None, inherit=None, login=None, name=None, password=None, replication=None, roles=None, search_paths=None, skip_drop_role=None, skip_reassign_owned=None, statement_timeout=None, superuser=None, valid_until=None, __props__=None, __name__=None, __opts__=None)¶

The .Role resource creates and manages a role on a PostgreSQL server.

When a .Role resource is removed, the PostgreSQL ROLE will automatically run a ``REASSIGN OWNED` <https://www.postgresql.org/docs/current/static/sql-reassign-owned.html>`_ and ``DROP OWNED` <https://www.postgresql.org/docs/current/static/sql-drop-owned.html>`_ to the CURRENT_USER (normally the connected user for the provider). If the specified PostgreSQL ROLE owns objects in multiple PostgreSQL databases in the same PostgreSQL Cluster, one PostgreSQL provider per database must be created and all but the final .Role must specify a skip_drop_role.

Note: All arguments including role name and password will be stored in the raw state as plain-text. Read more about sensitive data in state.

import pulumi
import pulumi_postgresql as postgresql

my_role = postgresql.Role("myRole",
    login=True,
    password="mypass")
my_replication_role = postgresql.Role("myReplicationRole",
    connection_limit=5,
    login=True,
    password="md5c98cbfeb6a347a47eb8e96cfb4c4b890",
    replication=True)

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
bypass_row_level_security (pulumi.Input[bool]) – Defines whether a role bypasses every row-level security (RLS) policy. Default value is false.
connection_limit (pulumi.Input[float]) – If this role can log in, this specifies how many concurrent connections the role can establish. -1 (the default) means no limit.
create_database (pulumi.Input[bool]) – Defines a role’s ability to execute CREATE DATABASE. Default value is false.
create_role (pulumi.Input[bool]) – Defines a role’s ability to execute CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value is false.
encrypted_password (pulumi.Input[bool]) – Defines whether the password is stored encrypted in the system catalogs. Default value is true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL’s ``password_encryption` setting <https://www.postgresql.org/docs/current/static/runtime-config-connection.html#GUC-PASSWORD-ENCRYPTION>`_.
inherit (pulumi.Input[bool]) – Defines whether a role “inherits” the privileges of roles it is a member of. Default value is true.
login (pulumi.Input[bool]) – Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is false.
name (pulumi.Input[str]) – The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
password (pulumi.Input[str]) – Sets the role’s password. A password is only of use for roles having the login attribute set to true.
replication (pulumi.Input[bool]) – Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is false
roles (pulumi.Input[list]) – Defines list of roles which will be granted to this new role.
search_paths (pulumi.Input[list]) – Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring ", ".
skip_drop_role (pulumi.Input[bool]) – When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
skip_reassign_owned (pulumi.Input[bool]) – When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a ``REASSIGN OWNED` <https://www.postgresql.org/docs/current/static/sql-reassign-owned.html>`_ in must be executed on each of the respective databases before the DROP ROLE can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicit ``DROP OWNED` <https://www.postgresql.org/docs/current/static/sql-drop-owned.html>`_).
statement_timeout (pulumi.Input[float]) – Defines ``statement_timeout` <https://www.postgresql.org/docs/current/runtime-config-client.html#RUNTIME-CONFIG-CLIENT-STATEMENT>`_ setting for this role which allows to abort any statement that takes more than the specified amount of time.
superuser (pulumi.Input[bool]) – Defines whether the role is a “superuser”, and therefore can override all access restrictions within the database. Default value is false.
valid_until (pulumi.Input[str]) – Defines the date and time after which the role’s password is no longer valid. Established connections past this valid_time will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic value NULL is used, valid_until will be set to infinity. Default is NULL, therefore infinity.

bypass_row_level_security: pulumi.Output[bool] = None¶: Defines whether a role bypasses every row-level security (RLS) policy. Default value is false.

connection_limit: pulumi.Output[float] = None¶: If this role can log in, this specifies how many concurrent connections the role can establish. -1 (the default) means no limit.

create_database: pulumi.Output[bool] = None¶: Defines a role’s ability to execute CREATE DATABASE. Default value is false.

create_role: pulumi.Output[bool] = None¶: Defines a role’s ability to execute CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value is false.

encrypted_password: pulumi.Output[bool] = None¶: Defines whether the password is stored encrypted in the system catalogs. Default value is true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL’s ``password_encryption` setting <https://www.postgresql.org/docs/current/static/runtime-config-connection.html#GUC-PASSWORD-ENCRYPTION>`_.

inherit: pulumi.Output[bool] = None¶: Defines whether a role “inherits” the privileges of roles it is a member of. Default value is true.

login: pulumi.Output[bool] = None¶: Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is false.

name: pulumi.Output[str] = None¶: The name of the role. Must be unique on the PostgreSQL server instance where it is configured.

password: pulumi.Output[str] = None¶: Sets the role’s password. A password is only of use for roles having the login attribute set to true.

replication: pulumi.Output[bool] = None¶: Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is false

roles: pulumi.Output[list] = None¶: Defines list of roles which will be granted to this new role.

search_paths: pulumi.Output[list] = None¶: Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring ", ".

skip_drop_role: pulumi.Output[bool] = None¶: When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.

skip_reassign_owned: pulumi.Output[bool] = None¶: When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a ``REASSIGN OWNED` <https://www.postgresql.org/docs/current/static/sql-reassign-owned.html>`_ in must be executed on each of the respective databases before the DROP ROLE can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicit ``DROP OWNED` <https://www.postgresql.org/docs/current/static/sql-drop-owned.html>`_).

statement_timeout: pulumi.Output[float] = None¶: Defines ``statement_timeout` <https://www.postgresql.org/docs/current/runtime-config-client.html#RUNTIME-CONFIG-CLIENT-STATEMENT>`_ setting for this role which allows to abort any statement that takes more than the specified amount of time.

superuser: pulumi.Output[bool] = None¶: Defines whether the role is a “superuser”, and therefore can override all access restrictions within the database. Default value is false.

valid_until: pulumi.Output[str] = None¶: Defines the date and time after which the role’s password is no longer valid. Established connections past this valid_time will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic value NULL is used, valid_until will be set to infinity. Default is NULL, therefore infinity.

static get(resource_name, id, opts=None, bypass_row_level_security=None, connection_limit=None, create_database=None, create_role=None, encrypted=None, encrypted_password=None, inherit=None, login=None, name=None, password=None, replication=None, roles=None, search_paths=None, skip_drop_role=None, skip_reassign_owned=None, statement_timeout=None, superuser=None, valid_until=None)¶

Get an existing Role resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
bypass_row_level_security (pulumi.Input[bool]) – Defines whether a role bypasses every row-level security (RLS) policy. Default value is false.
connection_limit (pulumi.Input[float]) – If this role can log in, this specifies how many concurrent connections the role can establish. -1 (the default) means no limit.
create_database (pulumi.Input[bool]) – Defines a role’s ability to execute CREATE DATABASE. Default value is false.
create_role (pulumi.Input[bool]) – Defines a role’s ability to execute CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value is false.
encrypted_password (pulumi.Input[bool]) – Defines whether the password is stored encrypted in the system catalogs. Default value is true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL’s ``password_encryption` setting <https://www.postgresql.org/docs/current/static/runtime-config-connection.html#GUC-PASSWORD-ENCRYPTION>`_.
inherit (pulumi.Input[bool]) – Defines whether a role “inherits” the privileges of roles it is a member of. Default value is true.
login (pulumi.Input[bool]) – Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is false.
name (pulumi.Input[str]) – The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
password (pulumi.Input[str]) – Sets the role’s password. A password is only of use for roles having the login attribute set to true.
replication (pulumi.Input[bool]) – Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is false
roles (pulumi.Input[list]) – Defines list of roles which will be granted to this new role.
search_paths (pulumi.Input[list]) – Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring ", ".
skip_drop_role (pulumi.Input[bool]) –
When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
skip_reassign_owned (pulumi.Input[bool]) – When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a ``REASSIGN OWNED` <https://www.postgresql.org/docs/current/static/sql-reassign-owned.html>`_ in must be executed on each of the respective databases before the DROP ROLE can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicit ``DROP OWNED` <https://www.postgresql.org/docs/current/static/sql-drop-owned.html>`_).
statement_timeout (pulumi.Input[float]) – Defines ``statement_timeout` <https://www.postgresql.org/docs/current/runtime-config-client.html#RUNTIME-CONFIG-CLIENT-STATEMENT>`_ setting for this role which allows to abort any statement that takes more than the specified amount of time.
superuser (pulumi.Input[bool]) – Defines whether the role is a “superuser”, and therefore can override all access restrictions within the database. Default value is false.
valid_until (pulumi.Input[str]) – Defines the date and time after which the role’s password is no longer valid. Established connections past this valid_time will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic value NULL is used, valid_until will be set to infinity. Default is NULL, therefore infinity.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_postgresql.Schema(resource_name, opts=None, database=None, drop_cascade=None, if_not_exists=None, name=None, owner=None, policies=None, __props__=None, __name__=None, __opts__=None)¶

The .Schema resource creates and manages schema objects within a PostgreSQL database.

import pulumi
import pulumi_postgresql as postgresql

app_www = postgresql.Role("appWww")
app_dba = postgresql.Role("appDba")
app_releng = postgresql.Role("appReleng")
my_schema = postgresql.Schema("mySchema",
    owner="postgres",
    policies=[
        {
            "role": app_www.name,
            "usage": True,
        },
        {
            "create": True,
            "role": app_releng.name,
            "usage": True,
        },
        {
            "createWithGrant": True,
            "role": app_dba.name,
            "usageWithGrant": True,
        },
    ])

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
database (pulumi.Input[str]) – The DATABASE in which where this schema will be created. (Default: The database used by your provider configuration)
drop_cascade (pulumi.Input[bool]) – When true, will also drop all the objects that are contained in the schema. (Default: false)
if_not_exists (pulumi.Input[bool]) – When true, use the existing schema if it exists. (Default: true)
name (pulumi.Input[str]) – The name of the schema. Must be unique in the PostgreSQL database instance where it is configured.
owner (pulumi.Input[str]) – The ROLE who owns the schema.
policies (pulumi.Input[list]) – Can be specified multiple times for each policy. Each policy block supports fields documented below.

The policies object supports the following:

create (pulumi.Input[bool]) - Should the specified ROLE have CREATE privileges to the specified SCHEMA.
createWithGrant (pulumi.Input[bool]) - Should the specified ROLE have CREATE privileges to the specified SCHEMA and the ability to GRANT the CREATE privilege to other ROLEs.
role (pulumi.Input[str]) - The ROLE who is receiving the policy. If this value is empty or not specified it implies the policy is referring to the ``PUBLIC` role <https://www.postgresql.org/docs/current/static/sql-grant.html>`_.
usage (pulumi.Input[bool]) - Should the specified ROLE have USAGE privileges to the specified SCHEMA.
usageWithGrant (pulumi.Input[bool]) - Should the specified ROLE have USAGE privileges to the specified SCHEMA and the ability to GRANT the USAGE privilege to other ROLEs.

database: pulumi.Output[str] = None¶: The DATABASE in which where this schema will be created. (Default: The database used by your provider configuration)

drop_cascade: pulumi.Output[bool] = None¶: When true, will also drop all the objects that are contained in the schema. (Default: false)

if_not_exists: pulumi.Output[bool] = None¶: When true, use the existing schema if it exists. (Default: true)

name: pulumi.Output[str] = None¶: The name of the schema. Must be unique in the PostgreSQL database instance where it is configured.

owner: pulumi.Output[str] = None¶: The ROLE who owns the schema.

policies: pulumi.Output[list] = None¶

Can be specified multiple times for each policy. Each policy block supports fields documented below.

create (bool) - Should the specified ROLE have CREATE privileges to the specified SCHEMA.
createWithGrant (bool) - Should the specified ROLE have CREATE privileges to the specified SCHEMA and the ability to GRANT the CREATE privilege to other ROLEs.
role (str) - The ROLE who is receiving the policy. If this value is empty or not specified it implies the policy is referring to the ``PUBLIC` role <https://www.postgresql.org/docs/current/static/sql-grant.html>`_.
usage (bool) - Should the specified ROLE have USAGE privileges to the specified SCHEMA.
usageWithGrant (bool) - Should the specified ROLE have USAGE privileges to the specified SCHEMA and the ability to GRANT the USAGE privilege to other ROLEs.

static get(resource_name, id, opts=None, database=None, drop_cascade=None, if_not_exists=None, name=None, owner=None, policies=None)¶

Get an existing Schema resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
database (pulumi.Input[str]) – The DATABASE in which where this schema will be created. (Default: The database used by your provider configuration)
drop_cascade (pulumi.Input[bool]) – When true, will also drop all the objects that are contained in the schema. (Default: false)
if_not_exists (pulumi.Input[bool]) – When true, use the existing schema if it exists. (Default: true)
name (pulumi.Input[str]) – The name of the schema. Must be unique in the PostgreSQL database instance where it is configured.
owner (pulumi.Input[str]) – The ROLE who owns the schema.
policies (pulumi.Input[list]) – Can be specified multiple times for each policy. Each policy block supports fields documented below.

The policies object supports the following:

create (pulumi.Input[bool]) - Should the specified ROLE have CREATE privileges to the specified SCHEMA.
createWithGrant (pulumi.Input[bool]) - Should the specified ROLE have CREATE privileges to the specified SCHEMA and the ability to GRANT the CREATE privilege to other ROLEs.
role (pulumi.Input[str]) - The ROLE who is receiving the policy. If this value is empty or not specified it implies the policy is referring to the ``PUBLIC` role <https://www.postgresql.org/docs/current/static/sql-grant.html>`_.
usage (pulumi.Input[bool]) - Should the specified ROLE have USAGE privileges to the specified SCHEMA.
usageWithGrant (pulumi.Input[bool]) - Should the specified ROLE have USAGE privileges to the specified SCHEMA and the ability to GRANT the USAGE privilege to other ROLEs.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

Pulumi PostgreSQL¶

On This Page