Ansible "postgresql_user" module "priv" parameter syntax clearification

In the source for postgresl_user there is a parse_privs function. That seems to be the best source for the expected format of priv:

Format:        privileges[/privileges/...]Where:        privileges := DATABASE_PRIVILEGES[,DATABASE_PRIVILEGES,...] |            TABLE_NAME:TABLE_PRIVILEGES[,TABLE_PRIVILEGES,...]

It looks like / is the separator for privileges, and : is the separator for a table name, and the privilege(s) for that table. , separates the privileges for a table.

Completely agree. See here too:

https://github.com/ansible/ansible-modules-core/blob/devel/database/postgresql/postgresql_user.py#L201

VALID_PRIVS = dict(table=frozenset(('SELECT', 'INSERT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER', 'ALL')),    database=frozenset(('CREATE', 'CONNECT', 'TEMPORARY', 'TEMP', 'ALL')),    )

Permissions for database must be in that list. I was trying to specify table perms for database.

It looks like this can't be done with just the postgresql_user ansible module. It needs a separate call to the postgresql_privs module. Here's an example to create a read only user on a database and assign it the ability to only connect to the database and read data

    # leaving any "become" calls out of here, but you should add them as needed to become    # postgres or another user that can assign privs    - name: Create user and ensure it has access to the database itself      postgresql_user:        db: "your_db_name"        name: "your_db_username"        password: "your_db_password"        priv: "CONNECT"  # make this user able to read, but not see anything else        state: present    - name: Grant SELECT to the read only user for default privileges      postgresql_privs:        db: "your_db_name"        privs: SELECT        objs: TABLES,SEQUENCES        type: default_privs        role: "your_db_username"        grant_option: no    - name: Grant USAGE to the read only user on the specified schema itself      postgresql_privs:        db: "your_db_name"        obj: your_db_schema        type: schema        privs: USAGE        role: "your_db_username"        grant_option: no    - name: Grant SELECT to user as schema defaults (I think this is still needed, despite above)      postgresql_privs:        db: "your_db_name"        schema: your_db_schema        privs: SELECT        objs: TABLES,SEQUENCES        type: default_privs        role: "your_db_username"        grant_option: no    - name: Grant SELECT to read only user on tables in schema      postgresql_privs:        db: "your_db_name"        privs: SELECT        objs: ALL_IN_SCHEMA        type: table        schema: your_db_schema        role: "your_db_username"        grant_option: no    - name: Grant SELECT to read only user on sequences in schema      postgresql_privs:        db: "your_db_name"        privs: SELECT        objs: ALL_IN_SCHEMA        type: sequence        schema: your_db_schema        role: "your_db_username"        grant_option: no