Ansible "postgresql_user" module "priv" parameter syntax clearification

Question

The documentation for the postgresql_user module on how privileges for a user should be defined conflicts with itself regarding the format. The format is described as such in the options table:

priv | PostgreSQL privileges string in the format: table:priv1,priv2

However, the examples given below use another format

priv: "CONNECT/products:ALL"
priv: "ALL/products:ALL"
# Example privileges string format
INSERT,UPDATE/table:SELECT/anothertable:ALL

The blog post Ansible Loves PostgreSQL mentions yet another format:

priv: Privileges in “priv1/priv2” or table privileges in “table:priv1,priv2,…” format

I'm having trouble creating users with read-only access, i.e. SELECT privilege on all tables.

Could someone shed some light on the correct format to use, exemplified by giving a user read-only access on all tables?

Answer 1

In the source for postgresl_user there is a parse_privs function. That seems to be the best source for the expected format of priv:

Format:
        privileges[/privileges/...]
Where:
        privileges := DATABASE_PRIVILEGES[,DATABASE_PRIVILEGES,...] |
            TABLE_NAME:TABLE_PRIVILEGES[,TABLE_PRIVILEGES,...]

It looks like / is the separator for privileges, and : is the separator for a table name, and the privilege(s) for that table. , separates the privileges for a table.