community.general.vertica_user module – Adds or removes Vertica database users and assigns roles

Note

This module is part of the community.general collection (version 10.1.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: community.general.vertica_user.

Synopsis

  • Adds or removes Vertica database user and, optionally, assigns roles.

  • A user will not be removed until all the dependencies have been dropped.

  • In such a situation, if the module tries to remove the user it will fail and only remove roles granted to the user.

Requirements

The below requirements are needed on the host that executes this module.

  • unixODBC

  • pyodbc

Parameters

Parameter

Comments

cluster

string

Name of the Vertica cluster.

Default: "localhost"

db

string

Name of the Vertica database.

expired

boolean

Sets the user’s password expiration.

Choices:

  • false

  • true

ldap

boolean

Set to true if users are authenticated via LDAP.

The user will be created with password expired and set to $ldap$.

Choices:

  • false

  • true

login_password

string

The password used to authenticate with.

login_user

string

The username used to authenticate with.

Default: "dbadmin"

password

string

The user’s password encrypted by the MD5 algorithm.

The password must be generated with the format "md5" + md5[password + username], resulting in a total of 35 characters. An easy way to do this is by querying the Vertica database with select 'md5'||md5('<user_password><user_name>').

port

string

Vertica cluster port to connect to.

Default: "5433"

profile

string

Sets the user’s profile.

resource_pool

string

Sets the user’s resource pool.

roles

aliases: role

string

Comma separated list of roles to assign to the user.

state

string

Whether to create (present), drop (absent), or lock (locked) a user.

Choices:

  • "present" ← (default)

  • "absent"

  • "locked"

user

aliases: name

string / required

Name of the user to add or remove.

Attributes

Attribute

Support

Description

check_mode

Support: full

Can run in check_mode and return changed status prediction without modifying target.

diff_mode

Support: none

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

Notes

Note

  • The default authentication assumes that you are either logging in as or sudo’ing to the dbadmin account on the host.

  • This module uses pyodbc, a Python ODBC database adapter. You must ensure that unixODBC and pyodbc is installed on the host and properly configured.

  • Configuring unixODBC for Vertica requires Driver = /opt/vertica/lib64/libverticaodbc.so to be added to the Vertica section of either /etc/odbcinst.ini or $HOME/.odbcinst.ini and both ErrorMessagesPath = /opt/vertica/lib64 and DriverManagerEncoding = UTF-16 to be added to the Driver section of either /etc/vertica.ini or $HOME/.vertica.ini.

Examples

- name: Creating a new vertica user with password
  community.general.vertica_user: name=user_name password=md5<encrypted_password> db=db_name state=present

- name: Creating a new vertica user authenticated via ldap with roles assigned
  community.general.vertica_user:
    name=user_name
    ldap=true
    db=db_name
    roles=schema_name_ro
    state=present

Authors

  • Dariusz Owczarek (@dareko)