Skip to content

Role check result

Result of RoleManager.roles_inventory.

Contains all discovered database roles related to the module's configured schemas: configured roles (generic and suffixed), other roles with schema access, and the list of expected role names from the configuration.

Version Added

1.5.0

Source code in pum/role_manager.py 
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
@dataclass
class RoleInventory:
    """Result of ``RoleManager.roles_inventory``.

    Contains all discovered database roles related to the module's
    configured schemas: configured roles (generic and suffixed),
    other roles with schema access, and the list of expected role
    names from the configuration.

    Version Added:
        1.5.0
    """

    roles: list[RoleStatus] = field(default_factory=list)
    """All discovered roles."""
    expected_roles: list[str] = field(default_factory=list)
    """Role names from the configuration that were expected to exist."""
    other_login_roles: list[str] = field(default_factory=list)
    """Login roles that are not superusers and have no access to any configured schema.

    Version Added:
        1.5.0
    """

    @property
    def configured_roles(self) -> list["RoleStatus"]:
        """Roles that are mapped to a configuration entry."""
        return [r for r in self.roles if not r.is_unknown]

    @property
    def grantee_roles(self) -> list["RoleStatus"]:
        """Roles not in the configuration but that are members of a configured role.

        These are typically login users that were granted module roles
        via ``grant_to`` and inherit schema access through membership.
        """
        configured_names = {r.name for r in self.roles if not r.is_unknown}
        return [
            r
            for r in self.roles
            if r.is_unknown and any(g in configured_names for g in r.granted_to)
        ]

    @property
    def unknown_roles(self) -> list["RoleStatus"]:
        """Roles not in the configuration that have schema access and are not grantees."""
        configured_names = {r.name for r in self.roles if not r.is_unknown}
        return [
            r
            for r in self.roles
            if r.is_unknown and not any(g in configured_names for g in r.granted_to)
        ]

    @property
    def missing_roles(self) -> list[str]:
        """Configured role names for which no DB role was found."""
        found = {r.role.name for r in self.configured_roles}
        return [name for name in self.expected_roles if name not in found]

configured_roles property 

configured_roles: list[RoleStatus]

Roles that are mapped to a configuration entry.

expected_roles class-attribute instance-attribute 

expected_roles: list[str] = field(default_factory=list)

Role names from the configuration that were expected to exist.

grantee_roles property 

grantee_roles: list[RoleStatus]

Roles not in the configuration but that are members of a configured role.

These are typically login users that were granted module roles via grant_to and inherit schema access through membership.

missing_roles property 

missing_roles: list[str]

Configured role names for which no DB role was found.

other_login_roles class-attribute instance-attribute 

other_login_roles: list[str] = field(default_factory=list)

Login roles that are not superusers and have no access to any configured schema.

Version Added

1.5.0

roles class-attribute instance-attribute 

roles: list[RoleStatus] = field(default_factory=list)

All discovered roles.

unknown_roles property 

unknown_roles: list[RoleStatus]

Roles not in the configuration that have schema access and are not grantees.