diff --git a/test/integration/targets/incidental_postgresql_user/aliases b/test/integration/targets/incidental_postgresql_user/aliases deleted file mode 100644 index 78b47900abf..00000000000 --- a/test/integration/targets/incidental_postgresql_user/aliases +++ /dev/null @@ -1,4 +0,0 @@ -destructive -shippable/posix/incidental -skip/aix -skip/osx diff --git a/test/integration/targets/incidental_postgresql_user/defaults/main.yml b/test/integration/targets/incidental_postgresql_user/defaults/main.yml deleted file mode 100644 index bc9ef19b93a..00000000000 --- a/test/integration/targets/incidental_postgresql_user/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -db_name: 'ansible_db' -db_user1: 'ansible_db_user1' -db_user2: 'ansible_db_user2' diff --git a/test/integration/targets/incidental_postgresql_user/meta/main.yml b/test/integration/targets/incidental_postgresql_user/meta/main.yml deleted file mode 100644 index c2a0d561d13..00000000000 --- a/test/integration/targets/incidental_postgresql_user/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - incidental_setup_postgresql_db diff --git a/test/integration/targets/incidental_postgresql_user/tasks/main.yml b/test/integration/targets/incidental_postgresql_user/tasks/main.yml deleted file mode 100644 index d59ae63502b..00000000000 --- a/test/integration/targets/incidental_postgresql_user/tasks/main.yml +++ /dev/null @@ -1,7 +0,0 @@ -# Initial CI tests of postgresql_user module -- import_tasks: postgresql_user_initial.yml - when: postgres_version_resp.stdout is version('9.4', '>=') - -# General tests: -- import_tasks: postgresql_user_general.yml - when: postgres_version_resp.stdout is version('9.4', '>=') diff --git a/test/integration/targets/incidental_postgresql_user/tasks/postgresql_user_general.yml b/test/integration/targets/incidental_postgresql_user/tasks/postgresql_user_general.yml deleted file mode 100644 index 963f58ac1ae..00000000000 --- a/test/integration/targets/incidental_postgresql_user/tasks/postgresql_user_general.yml +++ /dev/null @@ -1,741 +0,0 @@ -# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -# Integration tests for postgresql_user module. - -- vars: - test_user: hello.user.with.dots - test_user2: hello - test_group1: group1 - test_group2: group2 - test_table: test - test_comment1: 'comment1' - test_comment2: 'comment2' - task_parameters: &task_parameters - become_user: '{{ pg_user }}' - become: yes - register: result - pg_parameters: &pg_parameters - login_user: '{{ pg_user }}' - login_db: postgres - - block: - # - # Common tests - # - - name: Create role in check_mode - <<: *task_parameters - check_mode: yes - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - - - assert: - that: - - result is changed - - result.user == '{{ test_user }}' - - - name: check that the user doesn't exist - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_user }}'" - - - assert: - that: - - result.rowcount == 0 - - - name: Create role in actual mode - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - - - assert: - that: - - result is changed - - result.user == '{{ test_user }}' - - - name: check that the user exists - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_user }}'" - - - assert: - that: - - result.rowcount == 1 - - - name: Add a comment on the user - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - comment: '{{ test_comment1 }}' - - - assert: - that: - - result is changed - - result.queries == ["COMMENT ON ROLE \"{{ test_user }}\" IS '{{ test_comment1 }}'"] - - - name: check the comment - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: > - SELECT pg_catalog.shobj_description(r.oid, 'pg_authid') AS comment - FROM pg_catalog.pg_roles r WHERE r.rolname = '{{ test_user }}' - - - assert: - that: - - result.rowcount == 1 - - result.query_result[0].comment == '{{ test_comment1 }}' - - - name: Try to add the same comment on the user - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - comment: '{{ test_comment1 }}' - - - assert: - that: - - result is not changed - - - name: Try to add another comment on the user - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - comment: '{{ test_comment2 }}' - - - assert: - that: - - result is changed - - result.queries == ["COMMENT ON ROLE \"{{ test_user }}\" IS '{{ test_comment2 }}'"] - - - name: check the comment - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: > - SELECT pg_catalog.shobj_description(r.oid, 'pg_authid') AS comment - FROM pg_catalog.pg_roles r WHERE r.rolname = '{{ test_user }}' - - - assert: - that: - - result.rowcount == 1 - - result.query_result[0].comment == '{{ test_comment2 }}' - - - name: Try to create role again in check_mode - <<: *task_parameters - check_mode: yes - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - - - assert: - that: - - result is not changed - - result.user == '{{ test_user }}' - - - name: check that the user exists - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_user }}'" - - - assert: - that: - - result.rowcount == 1 - - - name: Try to create role again - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - - - assert: - that: - - result is not changed - - result.user == '{{ test_user }}' - - - name: check that the user exists - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_user }}'" - - - assert: - that: - - result.rowcount == 1 - - - name: Drop role in check_mode - <<: *task_parameters - check_mode: yes - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - state: absent - - - assert: - that: - - result is changed - - result.user == '{{ test_user }}' - - - name: check that the user actually exists - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_user }}'" - - - assert: - that: - - result.rowcount == 1 - - - name: Drop role in actual mode - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - state: absent - - - assert: - that: - - result is changed - - result.user == '{{ test_user }}' - - - name: check that the user doesn't exist - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_user }}'" - - - assert: - that: - - result.rowcount == 0 - - - name: Try to drop role in check mode again - <<: *task_parameters - check_mode: yes - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - state: absent - - - assert: - that: - - result is not changed - - result.user == '{{ test_user }}' - - - name: Try to drop role in actual mode again - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - state: absent - - - assert: - that: - - result is not changed - - result.user == '{{ test_user }}' - - # - # password, no_password_changes, encrypted, expires parameters - # - - - name: Create role with password, passed as hashed md5 - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - password: md59543f1d82624df2b31672ec0f7050460 - - - assert: - that: - - result is changed - - result.user == '{{ test_user }}' - - - name: Check that the user exist with a proper password - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: "SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}' and rolpassword = 'md59543f1d82624df2b31672ec0f7050460'" - - - assert: - that: - - result.rowcount == 1 - - - name: Test no_password_changes - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - password: u123 - no_password_changes: yes - - - assert: - that: - - result is not changed - - result.user == '{{ test_user }}' - - - - name: Check that nothing changed - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: "SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}' and rolpassword = 'md59543f1d82624df2b31672ec0f7050460'" - - - assert: - that: - - result.rowcount == 1 - - # Storing unencrypted passwords is not available from PostgreSQL 10 - - name: Change password, passed as unencrypted - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - password: myunencryptedpass - encrypted: no - when: postgres_version_resp.stdout is version('10', '<') - - - assert: - that: - - result is changed - - result.user == '{{ test_user }}' - when: postgres_version_resp.stdout is version('10', '<') - - - name: Check that the user exist with the unencrypted password - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: "SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}' and rolpassword = 'myunencryptedpass'" - when: postgres_version_resp.stdout is version('10', '<') - - - assert: - that: - - result.rowcount == 1 - when: postgres_version_resp.stdout is version('10', '<') - - - name: Change password, explicit encrypted=yes - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - password: myunencryptedpass - encrypted: yes - - - assert: - that: - - result is changed - - result.user == '{{ test_user }}' - - - name: Check that the user exist with encrypted password - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: "SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}' and rolpassword != 'myunencryptedpass'" - - - assert: - that: - - result.rowcount == 1 - - - name: Change rolvaliduntil attribute - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - expires: 'Jan 31 2020' - - - assert: - that: - - result is changed - - result.user == '{{ test_user }}' - - - name: Check the prev step - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: > - SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}' - AND rolvaliduntil::text like '2020-01-31%' - - - assert: - that: - - result.rowcount == 1 - - - name: Try to set the same rolvaliduntil value again - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - expires: 'Jan 31 2020' - - - assert: - that: - - result is not changed - - result.user == '{{ test_user }}' - - - name: Check that nothing changed - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: > - SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}' - AND rolvaliduntil::text like '2020-01-31%' - - - assert: - that: - - result.rowcount == 1 - - # - # role_attr_flags - # - - name: Set role attributes - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - role_attr_flags: CREATEROLE,CREATEDB - - - assert: - that: - - result is changed - - result.user == '{{ test_user }}' - - - name: Check the prev step - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: > - SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}' - AND rolcreaterole = 't' and rolcreatedb = 't' - - - assert: - that: - - result.rowcount == 1 - - - name: Set the same role attributes again - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - role_attr_flags: CREATEROLE,CREATEDB - - - assert: - that: - - result is not changed - - result.user == '{{ test_user }}' - - - name: Check the prev step - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: > - SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}' - AND rolcreaterole = 't' and rolcreatedb = 't' - - - name: Set role attributes - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - role_attr_flags: NOCREATEROLE,NOCREATEDB - - - assert: - that: - - result is changed - - result.user == '{{ test_user }}' - - - name: Check the prev step - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: > - SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}' - AND rolcreaterole = 'f' and rolcreatedb = 'f' - - - assert: - that: - - result.rowcount == 1 - - - name: Set role attributes - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - role_attr_flags: NOCREATEROLE,NOCREATEDB - - - assert: - that: - - result is not changed - - result.user == '{{ test_user }}' - - - name: Check the prev step - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: > - SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}' - AND rolcreaterole = 'f' and rolcreatedb = 'f' - - # - # priv - # - - name: Create test table - <<: *task_parameters - postgresql_table: - <<: *pg_parameters - name: '{{ test_table }}' - columns: - - id int - - - name: Insert data to test table - <<: *task_parameters - postgresql_query: - query: "INSERT INTO {{ test_table }} (id) VALUES ('1')" - <<: *pg_parameters - - - name: Check that test_user is not allowed to read the data - <<: *task_parameters - postgresql_query: - db: postgres - login_user: '{{ pg_user }}' - session_role: '{{ test_user }}' - query: 'SELECT * FROM {{ test_table }}' - ignore_errors: yes - - - assert: - that: - - result is failed - - "'permission denied' in result.msg" - - - name: Grant privileges - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - priv: '{{ test_table }}:SELECT' - - - assert: - that: - - result is changed - - - name: Check that test_user is allowed to read the data - <<: *task_parameters - postgresql_query: - db: postgres - login_user: '{{ pg_user }}' - session_role: '{{ test_user }}' - query: 'SELECT * FROM {{ test_table }}' - - - assert: - that: - - result.rowcount == 1 - - - name: Grant the same privileges again - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - priv: '{{ test_table }}:SELECT' - - - assert: - that: - - result is not changed - - - name: Remove test table - <<: *task_parameters - postgresql_table: - <<: *pg_parameters - name: '{{ test_table }}' - state: absent - - # - # fail_on_user - # - - name: Create role for test - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user2 }}' - - - name: Create test table, set owner as test_user - <<: *task_parameters - postgresql_table: - <<: *pg_parameters - name: '{{ test_table }}' - owner: '{{ test_user2 }}' - - - name: Test fail_on_user - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user2 }}' - state: absent - ignore_errors: yes - - - assert: - that: - - result is failed - - result.msg == 'Unable to remove user' - - - name: Test fail_on_user - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - fail_on_user: no - - - assert: - that: - - result is not changed - - # - # Test groups parameter - # - - name: Create test group - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_group2 }}' - role_attr_flags: NOLOGIN - - - name: Create role test_group1 and grant test_group2 to test_group1 in check_mode - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_group1 }}' - groups: '{{ test_group2 }}' - role_attr_flags: NOLOGIN - check_mode: yes - - - assert: - that: - - result is changed - - result.user == '{{ test_group1 }}' - - result.queries == ['CREATE USER "{{ test_group1 }}" NOLOGIN', 'GRANT "{{ test_group2 }}" TO "{{ test_group1 }}"'] - - - name: check that the user doesn't exist - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_group1 }}'" - - - assert: - that: - - result.rowcount == 0 - - - name: check membership - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: "SELECT grolist FROM pg_group WHERE groname = '{{ test_group2 }}' AND grolist != '{}'" - - - assert: - that: - - result.rowcount == 0 - - - name: Create role test_group1 and grant test_group2 to test_group1 - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_group1 }}' - groups: '{{ test_group2 }}' - role_attr_flags: NOLOGIN - - - assert: - that: - - result is changed - - result.user == '{{ test_group1 }}' - - result.queries == ['CREATE USER "{{ test_group1 }}" NOLOGIN', 'GRANT "{{ test_group2 }}" TO "{{ test_group1 }}"'] - - - name: check that the user exists - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_group1 }}'" - - - assert: - that: - - result.rowcount == 1 - - - name: check membership - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: "SELECT grolist FROM pg_group WHERE groname = '{{ test_group2 }}' AND grolist != '{}'" - - - assert: - that: - - result.rowcount == 1 - - - name: Grant test_group2 to test_group1 again - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_group1 }}' - groups: '{{ test_group2 }}' - - - assert: - that: - - result is not changed - - result.user == '{{ test_group1 }}' - - - name: check membership - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: "SELECT grolist FROM pg_group WHERE groname = '{{ test_group2 }}' AND grolist != '{}'" - - - assert: - that: - - result.rowcount == 1 - - - name: Grant groups to existent role - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ test_user }}' - groups: - - '{{ test_group1 }}' - - '{{ test_group2 }}' - - - assert: - that: - - result is changed - - result.user == '{{ test_user }}' - - result.queries == ['GRANT "{{ test_group1 }}" TO "{{ test_user }}"', 'GRANT "{{ test_group2 }}" TO "{{ test_user }}"'] - - - name: check membership - <<: *task_parameters - postgresql_query: - <<: *pg_parameters - query: "SELECT * FROM pg_group WHERE groname in ('{{ test_group1 }}', '{{ test_group2 }}') AND grolist != '{}'" - - - assert: - that: - - result.rowcount == 2 - - always: - # - # Clean up - # - - name: Drop test table - <<: *task_parameters - postgresql_table: - <<: *pg_parameters - name: '{{ test_table }}' - state: absent - - - name: Drop test user - <<: *task_parameters - postgresql_user: - <<: *pg_parameters - name: '{{ item }}' - state: absent - loop: - - '{{ test_user }}' - - '{{ test_user2 }}' - - '{{ test_group1 }}' - - '{{ test_group2 }}' diff --git a/test/integration/targets/incidental_postgresql_user/tasks/postgresql_user_initial.yml b/test/integration/targets/incidental_postgresql_user/tasks/postgresql_user_initial.yml deleted file mode 100644 index ccd42847c67..00000000000 --- a/test/integration/targets/incidental_postgresql_user/tasks/postgresql_user_initial.yml +++ /dev/null @@ -1,153 +0,0 @@ -# -# Create and destroy user, test 'password' and 'encrypted' parameters -# -# unencrypted values are not supported on newer versions -# do not run the encrypted: no tests if on 10+ -- set_fact: - encryption_values: - - 'yes' - -- set_fact: - encryption_values: '{{ encryption_values + ["no"]}}' - when: postgres_version_resp.stdout is version('10', '<=') - -- include_tasks: test_password.yml - vars: - encrypted: '{{ loop_item }}' - db_password1: 'secretù' # use UTF-8 - loop: '{{ encryption_values }}' - loop_control: - loop_var: loop_item - -# BYPASSRLS role attribute was introduced in PostgreSQL 9.5, so -# we want to test attribute management differently depending -# on the version. -- set_fact: - bypassrls_supported: "{{ postgres_version_resp.stdout is version('9.5.0', '>=') }}" - -# test 'no_password_change' and 'role_attr_flags' parameters -- include_tasks: test_no_password_change.yml - vars: - no_password_changes: '{{ loop_item }}' - loop: - - 'yes' - - 'no' - loop_control: - loop_var: loop_item - -### TODO: fail_on_user - -# -# Test login_user functionality -# -- name: Create a user to test login module parameters - become: yes - become_user: "{{ pg_user }}" - postgresql_user: - name: "{{ db_user1 }}" - state: "present" - encrypted: 'yes' - password: "password" - role_attr_flags: "CREATEDB,LOGIN,CREATEROLE" - login_user: "{{ pg_user }}" - db: postgres - -- name: Create db - postgresql_db: - name: "{{ db_name }}" - state: "present" - login_user: "{{ db_user1 }}" - login_password: "password" - login_host: "localhost" - -- name: Check that database created - become: yes - become_user: "{{ pg_user }}" - shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres - register: result - -- assert: - that: - - "result.stdout_lines[-1] == '(1 row)'" - -- name: Create a user - postgresql_user: - name: "{{ db_user2 }}" - state: "present" - encrypted: 'yes' - password: "md55c8ccfd9d6711fc69a7eae647fc54f51" - db: "{{ db_name }}" - login_user: "{{ db_user1 }}" - login_password: "password" - login_host: "localhost" - -- name: Check that it was created - become: yes - become_user: "{{ pg_user }}" - shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres - register: result - -- assert: - that: - - "result.stdout_lines[-1] == '(1 row)'" - -- name: Grant database privileges - postgresql_privs: - type: "database" - state: "present" - roles: "{{ db_user2 }}" - privs: "CREATE,connect" - objs: "{{ db_name }}" - db: "{{ db_name }}" - login: "{{ db_user1 }}" - password: "password" - host: "localhost" - -- name: Check that the user has the requested permissions (database) - become: yes - become_user: "{{ pg_user }}" - shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }} - register: result_database - -- assert: - that: - - "result_database.stdout_lines[-1] == '(1 row)'" - - "db_user2 ~ '=Cc' in result_database.stdout" - -- name: Remove user - postgresql_user: - name: "{{ db_user2 }}" - state: 'absent' - priv: "ALL" - db: "{{ db_name }}" - login_user: "{{ db_user1 }}" - login_password: "password" - login_host: "localhost" - -- name: Check that they were removed - become: yes - become_user: "{{ pg_user }}" - shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres - register: result - -- assert: - that: - - "result.stdout_lines[-1] == '(0 rows)'" - -- name: Destroy DB - postgresql_db: - state: absent - name: "{{ db_name }}" - login_user: "{{ db_user1 }}" - login_password: "password" - login_host: "localhost" - -- name: Check that database was destroyed - become: yes - become_user: "{{ pg_user }}" - shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres - register: result - -- assert: - that: - - "result.stdout_lines[-1] == '(0 rows)'" diff --git a/test/integration/targets/incidental_postgresql_user/tasks/test_no_password_change.yml b/test/integration/targets/incidental_postgresql_user/tasks/test_no_password_change.yml deleted file mode 100644 index c296c0ea779..00000000000 --- a/test/integration/targets/incidental_postgresql_user/tasks/test_no_password_change.yml +++ /dev/null @@ -1,167 +0,0 @@ -- vars: - task_parameters: &task_parameters - become_user: "{{ pg_user }}" - become: yes - register: result - postgresql_parameters: ¶meters - db: postgres - name: "{{ db_user1 }}" - login_user: "{{ pg_user }}" - - block: - - - name: Create a user with all role attributes - <<: *task_parameters - postgresql_user: - <<: *parameters - state: "present" - role_attr_flags: "SUPERUSER,CREATEROLE,CREATEDB,INHERIT,LOGIN{{ bypassrls_supported | ternary(',BYPASSRLS', '') }}" - no_password_changes: '{{ no_password_changes }}' # no_password_changes is ignored when user doesn't already exist - - - name: Check that the user has the requested role attributes - <<: *task_parameters - shell: "echo \"select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin {{ bypassrls_supported | ternary(\", 'bypassrls:'||rolbypassrls\", '') }} from pg_roles where rolname='{{ db_user1 }}';\" | psql -d postgres" - - - assert: - that: - - "result.stdout_lines[-1] == '(1 row)'" - - "'super:t' in result.stdout_lines[-2]" - - "'createrole:t' in result.stdout_lines[-2]" - - "'create:t' in result.stdout_lines[-2]" - - "'inherit:t' in result.stdout_lines[-2]" - - "'login:t' in result.stdout_lines[-2]" - - - block: - - name: Check that the user has the requested role attribute BYPASSRLS - <<: *task_parameters - shell: "echo \"select 'bypassrls:'||rolbypassrls from pg_roles where rolname='{{ db_user1 }}';\" | psql -d postgres" - - - assert: - that: - - "not bypassrls_supported or 'bypassrls:t' in result.stdout_lines[-2]" - when: bypassrls_supported - - - name: Modify a user to have no role attributes - <<: *task_parameters - postgresql_user: - <<: *parameters - state: "present" - role_attr_flags: "NOSUPERUSER,NOCREATEROLE,NOCREATEDB,noinherit,NOLOGIN{{ bypassrls_supported | ternary(',NOBYPASSRLS', '') }}" - no_password_changes: '{{ no_password_changes }}' - - - name: Check that ansible reports it modified the role - assert: - that: - - result is changed - - - name: "Check that the user doesn't have any attribute" - <<: *task_parameters - shell: "echo \"select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';\" | psql -d postgres" - - - assert: - that: - - "result.stdout_lines[-1] == '(1 row)'" - - "'super:f' in result.stdout_lines[-2]" - - "'createrole:f' in result.stdout_lines[-2]" - - "'create:f' in result.stdout_lines[-2]" - - "'inherit:f' in result.stdout_lines[-2]" - - "'login:f' in result.stdout_lines[-2]" - - - block: - - name: Check that the user has the requested role attribute BYPASSRLS - <<: *task_parameters - shell: "echo \"select 'bypassrls:'||rolbypassrls from pg_roles where rolname='{{ db_user1 }}';\" | psql -d postgres" - - - assert: - that: - - "not bypassrls_supported or 'bypassrls:f' in result.stdout_lines[-2]" - when: bypassrls_supported - - - name: Try to add an invalid attribute - <<: *task_parameters - postgresql_user: - <<: *parameters - state: "present" - role_attr_flags: "NOSUPERUSER,NOCREATEROLE,NOCREATEDB,noinherit,NOLOGIN{{ bypassrls_supported | ternary(',NOBYPASSRLS', '') }},INVALID" - no_password_changes: '{{ no_password_changes }}' - ignore_errors: yes - - - name: Check that ansible reports failure - assert: - that: - - result is not changed - - result is failed - - "result.msg == 'Invalid role_attr_flags specified: INVALID'" - - - name: Modify a single role attribute on a user - <<: *task_parameters - postgresql_user: - <<: *parameters - state: "present" - role_attr_flags: "LOGIN" - no_password_changes: '{{ no_password_changes }}' - - - name: Check that ansible reports it modified the role - assert: - that: - - result is changed - - - name: Check the role attributes - <<: *task_parameters - shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql -d postgres - - - assert: - that: - - "result.stdout_lines[-1] == '(1 row)'" - - "'super:f' in result.stdout_lines[-2]" - - "'createrole:f' in result.stdout_lines[-2]" - - "'create:f' in result.stdout_lines[-2]" - - "'inherit:f' in result.stdout_lines[-2]" - - "'login:t' in result.stdout_lines[-2]" - - - block: - - name: Check the role attribute BYPASSRLS - <<: *task_parameters - shell: echo "select 'bypassrls:'||rolbypassrls from pg_roles where rolname='{{ db_user1 }}';" | psql -d postgres - - - assert: - that: - - "( postgres_version_resp.stdout is version('9.5.0', '<')) or 'bypassrls:f' in result.stdout_lines[-2]" - when: bypassrls_supported - - - name: Check that using same attribute a second time does nothing - <<: *task_parameters - postgresql_user: - <<: *parameters - state: "present" - role_attr_flags: "LOGIN" - no_password_changes: '{{ no_password_changes }}' - environment: - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - name: Check there isn't any update reported - assert: - that: - - result is not changed - - - name: Cleanup the user - <<: *task_parameters - postgresql_user: - <<: *parameters - state: 'absent' - no_password_changes: '{{ no_password_changes }}' # user deletion: no_password_changes is ignored - - - name: Check that user was removed - <<: *task_parameters - shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres - - - assert: - that: - - "result.stdout_lines[-1] == '(0 rows)'" - - always: - - name: Cleanup the user - <<: *task_parameters - postgresql_user: - <<: *parameters - state: 'absent' diff --git a/test/integration/targets/incidental_postgresql_user/tasks/test_password.yml b/test/integration/targets/incidental_postgresql_user/tasks/test_password.yml deleted file mode 100644 index be033a5569c..00000000000 --- a/test/integration/targets/incidental_postgresql_user/tasks/test_password.yml +++ /dev/null @@ -1,336 +0,0 @@ -- vars: - task_parameters: &task_parameters - become_user: "{{ pg_user }}" - become: yes - register: result - postgresql_parameters: ¶meters - db: postgres - name: "{{ db_user1 }}" - login_user: "{{ pg_user }}" - - block: - - name: 'Check that PGOPTIONS environment variable is effective (1/2)' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '{{ db_password1 }}' - ignore_errors: true - environment: - PGCLIENTENCODING: 'UTF8' - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - name: 'Check that PGOPTIONS environment variable is effective (2/2)' - assert: - that: - - "{{ result is failed }}" - - - name: 'Create a user (password encrypted: {{ encrypted }})' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '{{ db_password1 }}' - encrypted: '{{ encrypted }}' - environment: - PGCLIENTENCODING: 'UTF8' - - - block: &changed # block is only used here in order to be able to define YAML anchor - - name: Check that ansible reports it was created - assert: - that: - - "{{ result is changed }}" - - - name: Check that it was created - <<: *task_parameters - shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres - - - assert: - that: - - "result.stdout_lines[-1] == '(1 row)'" - - - name: Check that creating user a second time does nothing - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '{{ db_password1 }}' - encrypted: '{{ encrypted }}' - environment: - PGCLIENTENCODING: 'UTF8' - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - block: ¬_changed # block is only used here in order to be able to define YAML anchor - - name: Check that ansible reports no change - assert: - that: - - "{{ result is not changed }}" - - - name: 'Define an expiration time' - <<: *task_parameters - postgresql_user: - <<: *parameters - expires: '2025-01-01' - environment: - PGCLIENTENCODING: 'UTF8' - - - <<: *changed - - - name: 'Redefine the same expiration time' - <<: *task_parameters - postgresql_user: - expires: '2025-01-01' - <<: *parameters - environment: - PGCLIENTENCODING: 'UTF8' - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - block: - - - name: 'Using MD5-hashed password: check that password not changed when using cleartext password' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '{{ db_password1 }}' - encrypted: 'yes' - environment: - PGCLIENTENCODING: 'UTF8' - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - name: "Using MD5-hashed password: check that password not changed when using md5 hash with 'ENCRYPTED'" - <<: *task_parameters - postgresql_user: - <<: *parameters - password: "md5{{ (db_password1 ~ db_user1) | hash('md5')}}" - encrypted: 'yes' - environment: - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - name: "Using MD5-hashed password: check that password not changed when using md5 hash with 'UNENCRYPTED'" - <<: *task_parameters - postgresql_user: - <<: *parameters - password: "md5{{ (db_password1 ~ db_user1) | hash('md5')}}" - encrypted: 'no' - environment: - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - name: 'Redefine the same expiration time and password (encrypted)' - <<: *task_parameters - postgresql_user: - <<: *parameters - encrypted: 'yes' - password: "md5{{ (db_password1 ~ db_user1) | hash('md5')}}" - expires: '2025-01-01' - environment: - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - name: 'Using MD5-hashed password: check that password changed when using another cleartext password' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: 'prefix{{ db_password1 }}' - encrypted: 'yes' - environment: - PGCLIENTENCODING: 'UTF8' - - - <<: *changed - - - name: "Using MD5-hashed password: check that password changed when using another md5 hash with 'ENCRYPTED'" - <<: *task_parameters - postgresql_user: - <<: *parameters - password: "md5{{ ('prefix1' ~ db_password1 ~ db_user1) | hash('md5')}}" - encrypted: 'yes' - - - <<: *changed - - - name: "Using MD5-hashed password: check that password changed when using md5 hash with 'UNENCRYPTED'" - <<: *task_parameters - postgresql_user: - <<: *parameters - password: "md5{{ ('prefix2' ~ db_password1 ~ db_user1) | hash('md5')}}" - encrypted: 'no' - register: change_pass_unencrypted - failed_when: - - change_pass_unencrypted is failed - # newer version of psycopg2 no longer supported unencrypted password, we ignore the error - - '"UNENCRYPTED PASSWORD is no longer supported" not in change_pass_unencrypted.msg' - - - <<: *changed - - - name: 'Using MD5-hashed password: check that password changed when clearing the password' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '' - encrypted: 'yes' - environment: - PGCLIENTENCODING: 'UTF8' - - - <<: *changed - - - name: 'Using MD5-hashed password: check that password not changed when clearing the password again' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '' - encrypted: 'yes' - environment: - PGCLIENTENCODING: 'UTF8' - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - name: 'Using cleartext password: check that password not changed when clearing the password again' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '' - encrypted: 'no' - environment: - PGCLIENTENCODING: 'UTF8' - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - name: 'Using MD5-hashed password: check that password changed when using a cleartext password' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '{{ db_password1 }}' - encrypted: 'yes' - environment: - PGCLIENTENCODING: 'UTF8' - - - <<: *changed - - when: encrypted == 'yes' - - - block: - - - name: 'Using cleartext password: check that password not changed when using cleartext password' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: "{{ db_password1 }}" - encrypted: 'no' - environment: - PGCLIENTENCODING: 'UTF8' - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - name: 'Redefine the same expiration time and password (not encrypted)' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: "{{ db_password1 }}" - encrypted: 'no' - expires: '2025-01-01' - environment: - PGCLIENTENCODING: 'UTF8' - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - name: 'Using cleartext password: check that password changed when using another cleartext password' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: "changed{{ db_password1 }}" - encrypted: 'no' - environment: - PGCLIENTENCODING: 'UTF8' - - - <<: *changed - - - name: 'Using cleartext password: check that password changed when clearing the password' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '' - encrypted: 'no' - environment: - PGCLIENTENCODING: 'UTF8' - - - <<: *changed - - - name: 'Using cleartext password: check that password not changed when clearing the password again' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '' - encrypted: 'no' - environment: - PGCLIENTENCODING: 'UTF8' - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - name: 'Using MD5-hashed password: check that password not changed when clearing the password again' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '' - encrypted: 'yes' - environment: - PGCLIENTENCODING: 'UTF8' - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - name: 'Using cleartext password: check that password changed when using cleartext password' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: "{{ db_password1 }}" - encrypted: 'no' - environment: - PGCLIENTENCODING: 'UTF8' - - - <<: *changed - - when: encrypted == 'no' - - - name: Remove user - <<: *task_parameters - postgresql_user: - state: 'absent' - <<: *parameters - - - <<: *changed - - - name: Check that they were removed - <<: *task_parameters - shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres - environment: - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - assert: - that: - - "result.stdout_lines[-1] == '(0 rows)'" - - - name: Check that removing user a second time does nothing - <<: *task_parameters - postgresql_user: - state: 'absent' - <<: *parameters - environment: - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - always: - - name: Remove user - <<: *task_parameters - postgresql_user: - state: 'absent' - <<: *parameters diff --git a/test/integration/targets/incidental_setup_postgresql_db/aliases b/test/integration/targets/incidental_setup_postgresql_db/aliases deleted file mode 100644 index 136c05e0d02..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/aliases +++ /dev/null @@ -1 +0,0 @@ -hidden diff --git a/test/integration/targets/incidental_setup_postgresql_db/defaults/main.yml b/test/integration/targets/incidental_setup_postgresql_db/defaults/main.yml deleted file mode 100644 index aea02442807..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/defaults/main.yml +++ /dev/null @@ -1,17 +0,0 @@ -postgresql_service: postgresql - -postgresql_packages: - - postgresql-server - - python-psycopg2 - -pg_user: postgres -pg_group: root - -locale_latin_suffix: -locale_utf8_suffix: - -# defaults for test SSL -ssl_db: 'ssl_db' -ssl_user: 'ssl_user' -ssl_pass: 'ssl_pass' -ssl_rootcert: '~{{ pg_user }}/root.crt' diff --git a/test/integration/targets/incidental_setup_postgresql_db/files/dummy--1.0.sql b/test/integration/targets/incidental_setup_postgresql_db/files/dummy--1.0.sql deleted file mode 100644 index 53c79666b47..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/files/dummy--1.0.sql +++ /dev/null @@ -1,2 +0,0 @@ -CREATE OR REPLACE FUNCTION dummy_display_ext_version() -RETURNS text LANGUAGE SQL AS 'SELECT (''1.0'')::text'; diff --git a/test/integration/targets/incidental_setup_postgresql_db/files/dummy--2.0.sql b/test/integration/targets/incidental_setup_postgresql_db/files/dummy--2.0.sql deleted file mode 100644 index 227ba1b4c4d..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/files/dummy--2.0.sql +++ /dev/null @@ -1,2 +0,0 @@ -CREATE OR REPLACE FUNCTION dummy_display_ext_version() -RETURNS text LANGUAGE SQL AS 'SELECT (''2.0'')::text'; diff --git a/test/integration/targets/incidental_setup_postgresql_db/files/dummy--3.0.sql b/test/integration/targets/incidental_setup_postgresql_db/files/dummy--3.0.sql deleted file mode 100644 index 7d6a60e543a..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/files/dummy--3.0.sql +++ /dev/null @@ -1,2 +0,0 @@ -CREATE OR REPLACE FUNCTION dummy_display_ext_version() -RETURNS text LANGUAGE SQL AS 'SELECT (''3.0'')::text'; diff --git a/test/integration/targets/incidental_setup_postgresql_db/files/dummy.control b/test/integration/targets/incidental_setup_postgresql_db/files/dummy.control deleted file mode 100644 index 4f8553c2271..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/files/dummy.control +++ /dev/null @@ -1,3 +0,0 @@ -comment = 'dummy extension used to test postgresql_ext Ansible module' -default_version = '3.0' -relocatable = true diff --git a/test/integration/targets/incidental_setup_postgresql_db/files/pg_hba.conf b/test/integration/targets/incidental_setup_postgresql_db/files/pg_hba.conf deleted file mode 100644 index 58de3607f9d..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/files/pg_hba.conf +++ /dev/null @@ -1,10 +0,0 @@ -# !!! This file managed by Ansible. Any local changes may be overwritten. !!! - -# Database administrative login by UNIX sockets -# note: you may wish to restrict this further later -local all {{ pg_user }} trust - -# TYPE DATABASE USER CIDR-ADDRESS METHOD -local all all md5 -host all all 127.0.0.1/32 md5 -host all all ::1/128 md5 diff --git a/test/integration/targets/incidental_setup_postgresql_db/tasks/main.yml b/test/integration/targets/incidental_setup_postgresql_db/tasks/main.yml deleted file mode 100644 index 2e969c31f61..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/tasks/main.yml +++ /dev/null @@ -1,222 +0,0 @@ -- name: python 2 - set_fact: - python_suffix: "" - when: ansible_python_version is version('3', '<') - -- name: python 3 - set_fact: - python_suffix: "-py3" - when: ansible_python_version is version('3', '>=') - -- name: Include distribution and Python version specific variables - include_vars: "{{ lookup('first_found', params) }}" - vars: - params: - files: - - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}{{ python_suffix }}.yml' - - '{{ ansible_distribution }}-{{ ansible_distribution_version }}{{ python_suffix }}.yml' - - '{{ ansible_os_family }}{{ python_suffix }}.yml' - - 'default{{ python_suffix }}.yml' - paths: - - "{{ role_path }}/vars" - -- name: make sure the dbus service is started under systemd - systemd: - name: dbus - state: started - when: ansible_service_mgr == 'systemd' and ansible_distribution == 'Fedora' - -# Make sure we start fresh -- name: stop postgresql service - service: name={{ postgresql_service }} state=stopped - ignore_errors: True - -- name: remove old db (RedHat or Suse) - file: - path: "{{ pg_dir }}" - state: absent - ignore_errors: True - when: ansible_os_family == "RedHat" or ansible_os_family == "Suse" - -- name: remove old db (FreeBSD) - file: - path: "{{ pg_dir }}" - state: absent - ignore_errors: True - when: ansible_os_family == "FreeBSD" - -# Theoretically, pg_dropcluster should work but it doesn't so remove files -- name: remove old db config and files (debian) - file: - path: '{{ loop_item }}' - state: absent - ignore_errors: True - when: ansible_os_family == "Debian" - loop: - - /etc/postgresql - - /var/lib/postgresql - loop_control: - loop_var: loop_item - -- name: install dependencies for postgresql test - package: - name: "{{ postgresql_package_item }}" - state: present - with_items: "{{ postgresql_packages }}" - loop_control: - loop_var: postgresql_package_item - -- name: initialize postgres (FreeBSD) - command: /usr/local/etc/rc.d/postgresql oneinitdb - when: ansible_os_family == "FreeBSD" - -- name: Initialize postgres (RedHat systemd) - command: postgresql-setup initdb - when: ansible_os_family == "RedHat" and ansible_service_mgr == "systemd" - -- name: Initialize postgres (RedHat sysv) - command: /sbin/service postgresql initdb - when: ansible_os_family == "RedHat" and ansible_service_mgr != "systemd" - -- name: Initialize postgres (Debian) - shell: '. /usr/share/postgresql-common/maintscripts-functions && set_system_locale && /usr/bin/pg_createcluster -u postgres {{ pg_ver }} main' - args: - creates: "/etc/postgresql/{{ pg_ver }}/" - when: ansible_os_family == 'Debian' - -- name: Initialize postgres (Suse) - service: name=postgresql state=restarted - when: ansible_os_family == 'Suse' - -- name: Copy pg_hba into place - template: - src: files/pg_hba.conf - dest: "{{ pg_hba_location }}" - owner: "{{ pg_user }}" - group: "{{ pg_group }}" - mode: "0644" - -- name: Generate locales (Debian) - locale_gen: - name: '{{ item }}' - state: present - with_items: - - pt_BR - - es_ES - when: ansible_os_family == 'Debian' - -# Suse: locales are installed by default (glibc-locale package). -# Fedora 23: locales are installed by default (glibc-common package) -# CentOS: all locales are installed by default (glibc-common package) but some -# RPM macros could prevent their installation (for example when using anaconda -# instLangs parameter). - -- block: - - name: Install langpacks (RHEL8) - yum: - name: - - glibc-langpack-es - - glibc-langpack-pt - - glibc-all-langpacks - state: present - when: ansible_distribution_major_version is version('8', '>=') - - - name: Check if locales need to be generated (RedHat) - shell: "localedef --list-archive | grep -a -q '^{{ locale }}$'" - register: locale_present - ignore_errors: True - with_items: - - es_ES - - pt_BR - loop_control: - loop_var: locale - - - name: Reinstall internationalization files - shell: 'yum -y reinstall glibc-common || yum -y install glibc-common' - args: - warn: no - when: locale_present is failed - - - name: Generate locale (RedHat) - command: 'localedef -f ISO-8859-1 -i {{ item.locale }} {{ item.locale }}' - when: item is failed - with_items: '{{ locale_present.results }}' - when: ansible_os_family == 'RedHat' and ansible_distribution != 'Fedora' - -- name: Install glibc langpacks (Fedora >= 24) - package: - name: '{{ item }}' - state: 'latest' - with_items: - - glibc-langpack-es - - glibc-langpack-pt - when: ansible_distribution == 'Fedora' and ansible_distribution_major_version is version('24', '>=') - -- name: enable postgresql service (FreeBSD) - lineinfile: - path: /etc/rc.conf - line: 'postgresql_enable="YES"' - when: ansible_os_family == "FreeBSD" - -- name: stop postgresql service - service: - name: "{{ postgresql_service }}" - state: stopped - -- name: pause between stop and start of postgresql service - pause: - seconds: 3 - -- name: start postgresql service - service: - name: "{{ postgresql_service }}" - state: started - -######################## -# Setup dummy extension: -- name: copy control file for dummy ext - copy: - src: dummy.control - dest: "/usr/share/postgresql/{{ pg_ver }}/extension/dummy.control" - mode: 0444 - when: ansible_os_family == 'Debian' - -- name: copy version files for dummy ext - copy: - src: "{{ item }}" - dest: "/usr/share/postgresql/{{ pg_ver }}/extension/{{ item }}" - mode: 0444 - with_items: - - dummy--1.0.sql - - dummy--2.0.sql - - dummy--3.0.sql - when: ansible_os_family == 'Debian' - -- name: add update paths - file: - path: "/usr/share/postgresql/{{ pg_ver }}/extension/{{ item }}" - mode: 0444 - state: touch - with_items: - - dummy--1.0--2.0.sql - - dummy--2.0--3.0.sql - when: ansible_os_family == 'Debian' - -- name: Get PostgreSQL version - become_user: "{{ pg_user }}" - become: yes - shell: "echo 'SHOW SERVER_VERSION' | psql --tuples-only --no-align --dbname postgres" - register: postgres_version_resp - -- name: Print PostgreSQL server version - debug: - msg: "{{ postgres_version_resp.stdout }}" - -# SSL configuration. -# Restricted using Debian family because of there are errors on other distributions -# that not related with PostgreSQL or psycopg2 SSL support. -# The tests key point is to be sure that ssl options work in general -- import_tasks: ssl.yml - when: - - ansible_os_family == 'Debian' - - postgres_version_resp.stdout is version('9.4', '>=') diff --git a/test/integration/targets/incidental_setup_postgresql_db/tasks/ssl.yml b/test/integration/targets/incidental_setup_postgresql_db/tasks/ssl.yml deleted file mode 100644 index bc45ec6f4b4..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/tasks/ssl.yml +++ /dev/null @@ -1,81 +0,0 @@ -# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) - -# The aim of this test is to be sure that SSL options work in general -# and preparing the environment for testing these options in -# the following PostgreSQL modules (ssl_db, ssl_user, certs). -# Configured by https://www.postgresql.org/docs/current/ssl-tcp.html - -#################### -# Prepare for tests: - -- name: postgresql SSL - create database - become_user: "{{ pg_user }}" - become: yes - postgresql_db: - name: "{{ ssl_db }}" - -- name: postgresql SSL - create role - become_user: "{{ pg_user }}" - become: yes - postgresql_user: - name: "{{ ssl_user }}" - role_attr_flags: SUPERUSER - password: "{{ ssl_pass }}" - -- name: postgresql SSL - install openssl - become: yes - package: name=openssl state=present - -- name: postgresql SSL - create certs 1 - become_user: root - become: yes - shell: 'openssl req -new -nodes -text -out ~{{ pg_user }}/root.csr \ - -keyout ~{{ pg_user }}/root.key -subj "/CN=localhost.local"' - -- name: postgresql SSL - create certs 2 - become_user: root - become: yes - shell: 'openssl x509 -req -in ~{{ pg_user }}/root.csr -text -days 3650 \ - -extensions v3_ca -signkey ~{{ pg_user }}/root.key -out ~{{ pg_user }}/root.crt' - -- name: postgresql SSL - create certs 3 - become_user: root - become: yes - shell: 'openssl req -new -nodes -text -out ~{{ pg_user }}/server.csr \ - -keyout ~{{ pg_user }}/server.key -subj "/CN=localhost.local"' - -- name: postgresql SSL - create certs 4 - become_user: root - become: yes - shell: 'openssl x509 -req -in ~{{ pg_user }}/server.csr -text -days 365 \ - -CA ~{{ pg_user }}/root.crt -CAkey ~{{ pg_user }}/root.key -CAcreateserial -out server.crt' - -- name: postgresql SSL - set right permissions to files - become_user: root - become: yes - file: - path: '{{ item }}' - mode: 0600 - owner: '{{ pg_user }}' - group: '{{ pg_user }}' - with_items: - - '~{{ pg_user }}/root.key' - - '~{{ pg_user }}/server.key' - - '~{{ pg_user }}/root.crt' - - '~{{ pg_user }}/server.csr' - -- name: postgresql SSL - enable SSL - become_user: "{{ pg_user }}" - become: yes - postgresql_set: - login_user: "{{ pg_user }}" - db: postgres - name: ssl - value: on - -- name: postgresql SSL - reload PostgreSQL to enable ssl on - become: yes - service: - name: "{{ postgresql_service }}" - state: reloaded diff --git a/test/integration/targets/incidental_setup_postgresql_db/vars/Debian-8.yml b/test/integration/targets/incidental_setup_postgresql_db/vars/Debian-8.yml deleted file mode 100644 index c5c6795eac3..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/vars/Debian-8.yml +++ /dev/null @@ -1,8 +0,0 @@ -postgresql_packages: - - "postgresql" - - "postgresql-common" - - "python-psycopg2" - -pg_hba_location: "/etc/postgresql/9.4/main/pg_hba.conf" -pg_dir: "/var/lib/postgresql/9.4/main" -pg_ver: 9.4 diff --git a/test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-11-py3.yml b/test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-11-py3.yml deleted file mode 100644 index 2f6b0d98468..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-11-py3.yml +++ /dev/null @@ -1,12 +0,0 @@ -postgresql_packages: - - postgresql95-server - - py36-psycopg2 - -pg_dir: /usr/local/pgsql/data -pg_hba_location: "{{ pg_dir }}/pg_hba.conf" -pg_ver: 9.5 -pg_user: pgsql -pg_group: pgsql - -locale_latin_suffix: .ISO8859-1 -locale_utf8_suffix: .UTF-8 diff --git a/test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-11.yml b/test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-11.yml deleted file mode 100644 index efb0603b5e0..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-11.yml +++ /dev/null @@ -1,12 +0,0 @@ -postgresql_packages: - - postgresql95-server - - py27-psycopg2 - -pg_dir: /usr/local/pgsql/data -pg_hba_location: "{{ pg_dir }}/pg_hba.conf" -pg_ver: 9.5 -pg_user: pgsql -pg_group: pgsql - -locale_latin_suffix: .ISO8859-1 -locale_utf8_suffix: .UTF-8 diff --git a/test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-12.0-py3.yml b/test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-12.0-py3.yml deleted file mode 100644 index 2f6b0d98468..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-12.0-py3.yml +++ /dev/null @@ -1,12 +0,0 @@ -postgresql_packages: - - postgresql95-server - - py36-psycopg2 - -pg_dir: /usr/local/pgsql/data -pg_hba_location: "{{ pg_dir }}/pg_hba.conf" -pg_ver: 9.5 -pg_user: pgsql -pg_group: pgsql - -locale_latin_suffix: .ISO8859-1 -locale_utf8_suffix: .UTF-8 diff --git a/test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-12.0.yml b/test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-12.0.yml deleted file mode 100644 index 1fe66782625..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-12.0.yml +++ /dev/null @@ -1,12 +0,0 @@ -postgresql_packages: - - postgresql96-server - - py27-psycopg2 - -pg_dir: /usr/local/pgsql/data -pg_hba_location: "{{ pg_dir }}/pg_hba.conf" -pg_ver: 9.6 -pg_user: pgsql -pg_group: pgsql - -locale_latin_suffix: .ISO8859-1 -locale_utf8_suffix: .UTF-8 diff --git a/test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-12.1-py3.yml b/test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-12.1-py3.yml deleted file mode 100644 index cd7c83a4c18..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-12.1-py3.yml +++ /dev/null @@ -1,12 +0,0 @@ -postgresql_packages: - - postgresql11-server - - py36-psycopg2 - -pg_dir: /var/db/postgres/data11 -pg_hba_location: "{{ pg_dir }}/pg_hba.conf" -pg_ver: 11 -pg_user: postgres -pg_group: postgres - -locale_latin_suffix: .ISO8859-1 -locale_utf8_suffix: .UTF-8 diff --git a/test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-12.1.yml b/test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-12.1.yml deleted file mode 100644 index 0b1ab5b26ee..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-12.1.yml +++ /dev/null @@ -1,12 +0,0 @@ -postgresql_packages: - - postgresql11-server - - py27-psycopg2 - -pg_dir: /var/db/postgres/data11 -pg_hba_location: "{{ pg_dir }}/pg_hba.conf" -pg_ver: 11 -pg_user: postgres -pg_group: postgres - -locale_latin_suffix: .ISO8859-1 -locale_utf8_suffix: .UTF-8 diff --git a/test/integration/targets/incidental_setup_postgresql_db/vars/RedHat-py3.yml b/test/integration/targets/incidental_setup_postgresql_db/vars/RedHat-py3.yml deleted file mode 100644 index ee083722268..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/vars/RedHat-py3.yml +++ /dev/null @@ -1,8 +0,0 @@ -postgresql_packages: - - "postgresql-server" - - "python3-psycopg2" - - "bzip2" - - "xz" - -pg_hba_location: "/var/lib/pgsql/data/pg_hba.conf" -pg_dir: "/var/lib/pgsql/data" diff --git a/test/integration/targets/incidental_setup_postgresql_db/vars/RedHat.yml b/test/integration/targets/incidental_setup_postgresql_db/vars/RedHat.yml deleted file mode 100644 index 20c4b1f5b74..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/vars/RedHat.yml +++ /dev/null @@ -1,7 +0,0 @@ -postgresql_packages: - - "postgresql-server" - - "python-psycopg2" - - "bzip2" - -pg_hba_location: "/var/lib/pgsql/data/pg_hba.conf" -pg_dir: "/var/lib/pgsql/data" diff --git a/test/integration/targets/incidental_setup_postgresql_db/vars/Ubuntu-12.yml b/test/integration/targets/incidental_setup_postgresql_db/vars/Ubuntu-12.yml deleted file mode 100644 index 4b6e744b441..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/vars/Ubuntu-12.yml +++ /dev/null @@ -1,8 +0,0 @@ -postgresql_packages: - - "postgresql" - - "postgresql-common" - - "python-psycopg2" - -pg_hba_location: "/etc/postgresql/9.1/main/pg_hba.conf" -pg_dir: "/var/lib/postgresql/9.1/main" -pg_ver: 9.1 diff --git a/test/integration/targets/incidental_setup_postgresql_db/vars/Ubuntu-14.yml b/test/integration/targets/incidental_setup_postgresql_db/vars/Ubuntu-14.yml deleted file mode 100644 index ffcc8dd4962..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/vars/Ubuntu-14.yml +++ /dev/null @@ -1,8 +0,0 @@ -postgresql_packages: - - "postgresql" - - "postgresql-common" - - "python-psycopg2" - -pg_hba_location: "/etc/postgresql/9.3/main/pg_hba.conf" -pg_dir: "/var/lib/postgresql/9.3/main" -pg_ver: 9.3 diff --git a/test/integration/targets/incidental_setup_postgresql_db/vars/Ubuntu-16-py3.yml b/test/integration/targets/incidental_setup_postgresql_db/vars/Ubuntu-16-py3.yml deleted file mode 100644 index b088c3105ea..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/vars/Ubuntu-16-py3.yml +++ /dev/null @@ -1,8 +0,0 @@ -postgresql_packages: - - "postgresql" - - "postgresql-common" - - "python3-psycopg2" - -pg_hba_location: "/etc/postgresql/9.5/main/pg_hba.conf" -pg_dir: "/var/lib/postgresql/9.5/main" -pg_ver: 9.5 diff --git a/test/integration/targets/incidental_setup_postgresql_db/vars/Ubuntu-16.yml b/test/integration/targets/incidental_setup_postgresql_db/vars/Ubuntu-16.yml deleted file mode 100644 index 897efd2c769..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/vars/Ubuntu-16.yml +++ /dev/null @@ -1,8 +0,0 @@ -postgresql_packages: - - "postgresql" - - "postgresql-common" - - "python-psycopg2" - -pg_hba_location: "/etc/postgresql/9.5/main/pg_hba.conf" -pg_dir: "/var/lib/postgresql/9.5/main" -pg_ver: 9.5 diff --git a/test/integration/targets/incidental_setup_postgresql_db/vars/Ubuntu-18-py3.yml b/test/integration/targets/incidental_setup_postgresql_db/vars/Ubuntu-18-py3.yml deleted file mode 100644 index 10453bdf906..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/vars/Ubuntu-18-py3.yml +++ /dev/null @@ -1,8 +0,0 @@ -postgresql_packages: - - "postgresql" - - "postgresql-common" - - "python3-psycopg2" - -pg_hba_location: "/etc/postgresql/10/main/pg_hba.conf" -pg_dir: "/var/lib/postgresql/10/main" -pg_ver: 10 diff --git a/test/integration/targets/incidental_setup_postgresql_db/vars/default-py3.yml b/test/integration/targets/incidental_setup_postgresql_db/vars/default-py3.yml deleted file mode 100644 index 19152a64356..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/vars/default-py3.yml +++ /dev/null @@ -1,6 +0,0 @@ -postgresql_packages: - - "postgresql-server" - - "python3-psycopg2" - -pg_hba_location: "/var/lib/pgsql/data/pg_hba.conf" -pg_dir: "/var/lib/pgsql/data" diff --git a/test/integration/targets/incidental_setup_postgresql_db/vars/default.yml b/test/integration/targets/incidental_setup_postgresql_db/vars/default.yml deleted file mode 100644 index ab36dd9f1d2..00000000000 --- a/test/integration/targets/incidental_setup_postgresql_db/vars/default.yml +++ /dev/null @@ -1,6 +0,0 @@ -postgresql_packages: - - "postgresql-server" - - "python-psycopg2" - -pg_hba_location: "/var/lib/pgsql/data/pg_hba.conf" -pg_dir: "/var/lib/pgsql/data"