How to define a user with SELECT privileges with puppet?

Question

I want to create a user in postgres who can only made SELECT in all the tables of the current database. How can specify ALL tables in puppet?

Here an extract of my puppet file:

... 
postgresql::server::database_grant { 'PnBP':
  privilege => 'CREATE',
  db        => 'db',
  role      => 'role',
}

postgresql::server::table_grant { 'SELECT':
  privilege => 'SELECT',
  table     => 'ALL',
  db        => 'db',
  role      => 'role',
}
...

But when I specify the word ALL it doesn't work. Here the error:

Error: /Stage[main]/Main/Node[default]/Postgresql::Server::Table_grant[PnBP]/Postgresql::Server::Grant[table:PnBP]/Postgresql_psql[grant:table:PnBP]: Could not evaluate: Error evaluating 'unless' clause, returned pid 30443 exit 1: 'ERROR: relation "all" does not exist '

I check the doc, but it doesn't specify how to apply the privileges for all the tables.

table : Specifies the table to which you are granting access.

postgresql::server::table_grant

Answer 1

The Puppet documentation for Postgresql describes a postgresql::server::grant option that looks more flexible than the table_grant which assumes a single table.

Looks to be something like:

postgresql::server::grant{ 'SELECT':
  object_type => 'ALL TABLES IN SCHEMA',
  object_name => 'public',
  privilege => 'SELECT',
  db        => 'db',
  role      => 'role',
}

https://github.com/puppetlabs/puppetlabs-postgresql#postgresqlservergrant