From 0e09800a9acfcb2c6b9c78f3201e6f5c8dac4a52 Mon Sep 17 00:00:00 2001 From: Andrey Klychkov Date: Wed, 17 Jul 2019 18:00:40 +0300 Subject: [PATCH] Postgresql modules: tidying up of CI tests (#59099) --- .../targets/postgresql/tasks/main.yml | 964 ++---------------- .../tasks/pg_authid_not_readable.yml | 6 +- .../postgresql/tasks/postgresql_copy.yml | 16 +- .../postgresql/tasks/postgresql_db.yml | 12 +- .../postgresql/tasks/postgresql_ext.yml | 12 +- .../tasks/postgresql_ext_version_opt.yml | 42 +- .../postgresql/tasks/postgresql_idx.yml | 20 +- .../postgresql/tasks/postgresql_lang.yml | 12 +- .../tasks/postgresql_membership.yml | 26 +- .../postgresql/tasks/postgresql_owner.yml | 52 +- .../postgresql/tasks/postgresql_ping.yml | 4 +- .../postgresql/tasks/postgresql_privs.yml | 38 +- .../postgresql/tasks/postgresql_query.yml | 24 +- .../postgresql/tasks/postgresql_schema.yml | 16 +- .../postgresql/tasks/postgresql_sequence.yml | 32 +- .../postgresql/tasks/postgresql_slot.yml | 40 +- .../postgresql/tasks/postgresql_table.yml | 52 +- .../tasks/postgresql_tablespace.yml | 20 +- .../targets/postgresql/tasks/session_role.yml | 64 +- .../postgresql/tasks/state_dump_restore.yml | 10 +- .../tasks/test_no_password_change.yml | 14 +- .../postgresql/tasks/test_password.yml | 2 +- .../postgresql/tasks/test_target_role.yml | 4 +- .../targets/postgresql/tasks/unsorted.yml | 789 ++++++++++++++ .../setup_postgresql_db/tasks/main.yml | 33 +- 25 files changed, 1158 insertions(+), 1146 deletions(-) create mode 100644 test/integration/targets/postgresql/tasks/unsorted.yml diff --git a/test/integration/targets/postgresql/tasks/main.yml b/test/integration/targets/postgresql/tasks/main.yml index d2dedb1f041..d3ddfa5f218 100644 --- a/test/integration/targets/postgresql/tasks/main.yml +++ b/test/integration/targets/postgresql/tasks/main.yml @@ -1,847 +1,84 @@ -# -# Create and destroy db -# -- name: Create DB - become_user: "{{ pg_user }}" - become: True - postgresql_db: - state: present - name: "{{ db_name }}" - login_user: "{{ pg_user }}" - register: result +# Unsorted tests that were moved from here to unsorted.yml +- import_tasks: unsorted.yml -- name: assert that module reports the db was created - assert: - that: - - "result.changed == true" - - "result.db =='{{ db_name }}'" - -- name: Check that database created - become_user: "{{ pg_user }}" - become: True - shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres - register: result - -- assert: - that: - - "result.stdout_lines[-1] == '(1 row)'" - -- name: Run create on an already created db - become_user: "{{ pg_user }}" - become: True - postgresql_db: - state: present - name: "{{ db_name }}" - login_user: "{{ pg_user }}" - register: result - -- name: assert that module reports the db was unchanged - assert: - that: - - "result.changed == false" - -- name: Destroy DB - become_user: "{{ pg_user }}" - become: True - postgresql_db: - state: absent - name: "{{ db_name }}" - login_user: "{{ pg_user }}" - register: result - -- name: assert that module reports the db was changed - assert: - that: - - "result.changed == true" - -- name: Check that database was destroyed - become_user: "{{ pg_user }}" - become: True - shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres - register: result - -- assert: - that: - - "result.stdout_lines[-1] == '(0 rows)'" - -- name: Destroy DB - become_user: "{{ pg_user }}" - become: True - postgresql_db: - state: absent - name: "{{ db_name }}" - login_user: "{{ pg_user }}" - register: result - -- name: assert that removing an alreaady removed db makes no change - assert: - that: - - "result.changed == false" - - -# This corner case works to add but not to drop. This is sufficiently crazy -# that I'm not going to attempt to fix it unless someone lets me know that they -# need the functionality -# -# - postgresql_db: -# state: 'present' -# name: '"silly.""name"' -# - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql -# register: result -# -# - assert: -# that: "result.stdout_lines[-1] == '(1 row)'" -# - postgresql_db: -# state: absent -# name: '"silly.""name"' -# - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql -# register: result -# -# - assert: -# that: "result.stdout_lines[-1] == '(0 rows)'" - -# -# Test conn_limit, encoding, collate, ctype, template options -# -- name: Create a DB with conn_limit, encoding, collate, ctype, and template options - become_user: "{{ pg_user }}" - become: True - postgresql_db: - name: '{{ db_name }}' - state: 'present' - conn_limit: '100' - encoding: 'LATIN1' - lc_collate: 'pt_BR{{ locale_latin_suffix }}' - lc_ctype: 'es_ES{{ locale_latin_suffix }}' - template: 'template0' - login_user: "{{ pg_user }}" - -- name: Check that the DB has all of our options - become_user: "{{ pg_user }}" - become: True - shell: echo "select datname, datconnlimit, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres - register: result - -- assert: - that: - - "result.stdout_lines[-1] == '(1 row)'" - - "'LATIN1' in result.stdout_lines[-2]" - - "'pt_BR' in result.stdout_lines[-2]" - - "'es_ES' in result.stdout_lines[-2]" - - "'UTF8' not in result.stdout_lines[-2]" - - "'en_US' not in result.stdout_lines[-2]" - - "'100' in result.stdout_lines[-2]" - -- name: Check that running db cration with options a second time does nothing - become_user: "{{ pg_user }}" - become: True - postgresql_db: - name: '{{ db_name }}' - state: 'present' - conn_limit: '100' - encoding: 'LATIN1' - lc_collate: 'pt_BR{{ locale_latin_suffix }}' - lc_ctype: 'es_ES{{ locale_latin_suffix }}' - template: 'template0' - login_user: "{{ pg_user }}" - register: result - -- assert: - that: - - 'result.changed == False' - - -- name: Check that attempting to change encoding returns an error - become_user: "{{ pg_user }}" - become: True - postgresql_db: - name: '{{ db_name }}' - state: 'present' - encoding: 'UTF8' - lc_collate: 'pt_BR{{ locale_utf8_suffix }}' - lc_ctype: 'es_ES{{ locale_utf8_suffix }}' - template: 'template0' - login_user: "{{ pg_user }}" - register: result - ignore_errors: True - -- assert: - that: - - 'result.failed == True' +# Test ssl. +# Restricted using Debian family because of there are errors on other distributions +# that not related with PostgreSQL or psycopg2 SSL support. +# The tests' key point is to be sure that ssl options work in general +- import_tasks: ssl.yml + when: + - ansible_os_family == 'Debian' + - postgres_version_resp.stdout is version('9.4', '>=') + +- include_tasks: '{{ loop_item }}' + loop: + # Test postgresql_set + - postgresql_set.yml + + # Test postgresql_copy module + - postgresql_copy.yml + + # Test postgresql_slot module. + # Physical replication slots are available from PostgreSQL 9.4 + - postgresql_slot.yml + loop_control: + loop_var: loop_item + when: postgres_version_resp.stdout is version('9.4', '>=') -- name: Check that changing the conn_limit actually works - become_user: "{{ pg_user }}" - become: True - postgresql_db: - name: '{{ db_name }}' - state: 'present' - conn_limit: '200' - encoding: 'LATIN1' - lc_collate: 'pt_BR{{ locale_latin_suffix }}' - lc_ctype: 'es_ES{{ locale_latin_suffix }}' - template: 'template0' - login_user: "{{ pg_user }}" - register: result +- include_tasks: '{{ loop_item }}' + loop: + # Test postgresql_user module + - postgresql_user.yml -- assert: - that: - - 'result.changed == True' + # Verify different session_role scenarios + - session_role.yml -- name: Check that conn_limit has actually been set / updated to 200 - become_user: "{{ pg_user }}" - become: True - shell: echo "SELECT datconnlimit AS conn_limit FROM pg_database WHERE datname = '{{ db_name }}';" | psql -d postgres - register: result + # Test postgresql_idx module + - postgresql_idx.yml -- assert: - that: - - "result.stdout_lines[-1] == '(1 row)'" - - "'200' == '{{ result.stdout_lines[-2] | trim }}'" + # Test postgresql_query module + - postgresql_query.yml -- name: Cleanup test DB - become_user: "{{ pg_user }}" - become: True - postgresql_db: - name: '{{ db_name }}' - state: 'absent' - login_user: "{{ pg_user }}" + # Test postgresql_tablespace module + - postgresql_tablespace.yml -- shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres - become_user: "{{ pg_user }}" - become: True - register: result + # Test postgresql_db module, specific options + - postgresql_db.yml -- assert: - that: - - "result.stdout_lines[-1] == '(0 rows)'" + # Test postgresql_privs + - postgresql_privs.yml -# -# Create and destroy user, test 'password' and 'encrypted' parameters -# -# unencrypted values are not supported on newer versions -# do not run the encrypted: no tests if on 10+ -- name: Get PostgreSQL version - become_user: "{{ pg_user }}" - become: True - shell: "echo 'SHOW SERVER_VERSION' | psql --tuples-only --no-align --dbname postgres" - register: postgres_version_resp + # Test postgresql_info module + - postgresql_info.yml -- name: Print PostgreSQL server version - debug: - msg: "{{ postgres_version_resp.stdout }}" + # Test postgresql_schema module + - postgresql_schema.yml -- set_fact: - encryption_values: - - 'yes' + # Test postgresql_membership module + - postgresql_membership.yml -- set_fact: - encryption_values: '{{ encryption_values + ["no"]}}' - when: postgres_version_resp.stdout is version('10', '<=') + # Test postgresql_table module + - postgresql_table.yml -- include: test_password.yml - vars: - encrypted: '{{ item }}' - db_password1: 'secretù' # use UTF-8 - loop: '{{ encryption_values }}' + # Test postgresql_owner module + - postgresql_owner.yml -# BYPASSRLS role attribute was introduced in PostgreSQL 9.5, so -# we want to test atrribute management differently depending -# on the version. -- set_fact: - bypassrls_supported: "{{ postgres_version_resp.stdout is version('9.5.0', '>=') }}" + # Test postgres_pg_hba module + - postgresql_pg_hba.yml + loop_control: + loop_var: loop_item -# test 'no_password_change' and 'role_attr_flags' parameters -- include: test_no_password_change.yml +# Test postgresql_ping module +- import_tasks: postgresql_ping.yml vars: - no_password_changes: '{{ item }}' - with_items: - - 'yes' - - 'no' - -### TODO: fail_on_user - -# -# Test db ownership -# -- name: Create an unprivileged user to own a DB - become_user: "{{ pg_user }}" - become: True - postgresql_user: - name: "{{ db_user1 }}" - encrypted: 'yes' - password: "md55c8ccfd9d6711fc69a7eae647fc54f51" - login_user: "{{ pg_user }}" - db: postgres - -- name: Create db with user ownership - become_user: "{{ pg_user }}" - become: True - postgresql_db: - name: "{{ db_name }}" - state: "present" - owner: "{{ db_user1 }}" - login_user: "{{ pg_user }}" - -- name: Check that the user owns the newly created DB - become_user: "{{ pg_user }}" - become: True - shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql -d postgres - register: result - -- assert: - that: - - "result.stdout_lines[-1] == '(1 row)'" - - "'{{ db_user1 }}' == '{{ result.stdout_lines[-2] | trim }}'" - -- name: Change the owner on an existing db - become_user: "{{ pg_user }}" - become: True - postgresql_db: - name: "{{ db_name }}" - state: "present" - owner: "{{ pg_user }}" - login_user: "{{ pg_user }}" - register: result - -- name: assert that ansible says it changed the db - assert: - that: - - "result.changed == True" - -- name: Check that the user owns the newly created DB - become_user: "{{ pg_user }}" - become: True - shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql -d postgres - register: result - -- assert: - that: - - "result.stdout_lines[-1] == '(1 row)'" - - "'{{ pg_user }}' == '{{ result.stdout_lines[-2] | trim }}'" - -- name: Cleanup db - become_user: "{{ pg_user }}" - become: True - postgresql_db: - name: "{{ db_name }}" - state: "absent" - login_user: "{{ pg_user }}" - -- name: Check that database was destroyed - become_user: "{{ pg_user }}" - become: True - shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres - register: result - -- assert: - that: - - "result.stdout_lines[-1] == '(0 rows)'" - -- name: Cleanup test user - become_user: "{{ pg_user }}" - become: True - postgresql_user: - name: "{{ db_user1 }}" - state: 'absent' - login_user: "{{ pg_user }}" - db: postgres - -- name: Check that they were removed - become_user: "{{ pg_user }}" - become: True - shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres - register: result - -- assert: - that: - - "result.stdout_lines[-1] == '(0 rows)'" - -# -# Test settings privileges -# -- name: Create db - become_user: "{{ pg_user }}" - become: True - postgresql_db: - name: "{{ db_name }}" - state: "present" - login_user: "{{ pg_user }}" - -- name: Create some tables on the db - become_user: "{{ pg_user }}" - become: True - shell: echo "create table test_table1 (field text);" | psql {{ db_name }} - -- become_user: "{{ pg_user }}" - become: True - shell: echo "create table test_table2 (field text);" | psql {{ db_name }} - -- vars: - db_password: 'secretù' # use UTF-8 - block: - - name: Create a user with some permissions on the db - become_user: "{{ pg_user }}" - become: True - postgresql_user: - name: "{{ db_user1 }}" - encrypted: 'yes' - password: "md5{{ (db_password ~ db_user1) | hash('md5')}}" - db: "{{ db_name }}" - priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP' - login_user: "{{ pg_user }}" - - - include: pg_authid_not_readable.yml - -- name: Check that the user has the requested permissions (table1) - become_user: "{{ pg_user }}" - become: True - shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }} - register: result_table1 - -- name: Check that the user has the requested permissions (table2) - become_user: "{{ pg_user }}" - become: True - shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }} - register: result_table2 - -- name: Check that the user has the requested permissions (database) - become_user: "{{ pg_user }}" - become: True - shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }} - register: result_database - -- assert: - that: - - "result_table1.stdout_lines[-1] == '(7 rows)'" - - "'INSERT' in result_table1.stdout" - - "'SELECT' in result_table1.stdout" - - "'UPDATE' in result_table1.stdout" - - "'DELETE' in result_table1.stdout" - - "'TRUNCATE' in result_table1.stdout" - - "'REFERENCES' in result_table1.stdout" - - "'TRIGGER' in result_table1.stdout" - - "result_table2.stdout_lines[-1] == '(1 row)'" - - "'INSERT' == '{{ result_table2.stdout_lines[-2] | trim }}'" - - "result_database.stdout_lines[-1] == '(1 row)'" - - "'{{ db_user1 }}=CTc/{{ pg_user }}' in result_database.stdout_lines[-2]" - -- name: Add another permission for the user - become_user: "{{ pg_user }}" - become: True - postgresql_user: - name: "{{ db_user1 }}" - encrypted: 'yes' - password: "md55c8ccfd9d6711fc69a7eae647fc54f51" - db: "{{ db_name }}" - priv: 'test_table2:select' - login_user: "{{ pg_user }}" - register: results - -- name: Check that ansible reports it changed the user - assert: - that: - - "results.changed == True" - -- name: Check that the user has the requested permissions (table2) - become_user: "{{ pg_user }}" - become: True - shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }} - register: result_table2 - -- assert: - that: - - "result_table2.stdout_lines[-1] == '(2 rows)'" - - "'INSERT' in result_table2.stdout" - - "'SELECT' in result_table2.stdout" - - -# -# Test priv setting via postgresql_privs module -# (Depends on state from previous _user privs tests) -# - -- name: Revoke a privilege - become_user: "{{ pg_user }}" - become: True - postgresql_privs: - type: "table" - state: "absent" - roles: "{{ db_user1 }}" - privs: "INSERT" - objs: "test_table2" - db: "{{ db_name }}" - login_user: "{{ pg_user }}" - register: results - -- name: Check that ansible reports it changed the user - assert: - that: - - "results.changed == True" - -- name: Check that the user has the requested permissions (table2) - become_user: "{{ pg_user }}" - become: True - shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }} - register: result_table2 - -- assert: - that: - - "result_table2.stdout_lines[-1] == '(1 row)'" - - "'SELECT' == '{{ result_table2.stdout_lines[-2] | trim }}'" - -- name: Revoke many privileges on multiple tables - become_user: "{{ pg_user }}" - become: True - postgresql_privs: - state: "absent" - roles: "{{ db_user1 }}" - privs: "INSERT,select,UPDATE,TRUNCATE,REFERENCES,TRIGGER,delete" - objs: "test_table2,test_table1" - db: "{{ db_name }}" - login_user: "{{ pg_user }}" - register: results - -- name: Check that ansible reports it changed the user - assert: - that: - - "results.changed == True" - -- name: Check that permissions were revoked (table1) - become_user: "{{ pg_user }}" - become: True - shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }} - register: result_table1 - -- name: Check that permissions were revoked (table2) - become_user: "{{ pg_user }}" - become: True - shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }} - register: result_table2 - -- assert: - that: - - "result_table1.stdout_lines[-1] == '(0 rows)'" - - "result_table2.stdout_lines[-1] == '(0 rows)'" - -- name: Revoke database privileges - become_user: "{{ pg_user }}" - become: True - postgresql_privs: - type: "database" - state: "absent" - roles: "{{ db_user1 }}" - privs: "Create,connect,TEMP" - objs: "{{ db_name }}" - db: "{{ db_name }}" - login_user: "{{ pg_user }}" - -- name: Check that the user has the requested permissions (database) - become_user: "{{ pg_user }}" - become: True - shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }} - register: result_database - -- assert: - that: - - "result_database.stdout_lines[-1] == '(1 row)'" - - "'{{ db_user1 }}' not in result_database.stdout" - -- name: Grant database privileges - become_user: "{{ pg_user }}" - become: True - postgresql_privs: - type: "database" - state: "present" - roles: "{{ db_user1 }}" - privs: "CREATE,connect" - objs: "{{ db_name }}" - db: "{{ db_name }}" - login_user: "{{ pg_user }}" - register: results - -- name: Check that ansible reports it changed the user - assert: - that: - - "results.changed == True" - -- name: Check that the user has the requested permissions (database) - become_user: "{{ pg_user }}" - become: True - shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }} - register: result_database - -- assert: - that: - - "result_database.stdout_lines[-1] == '(1 row)'" - - "'{{ db_user1 }}=Cc' in result_database.stdout" - -- name: Grant a single privilege on a table - become_user: "{{ pg_user }}" - become: True - postgresql_privs: - state: "present" - roles: "{{ db_user1 }}" - privs: "INSERT" - objs: "test_table1" - db: "{{ db_name }}" - login_user: "{{ pg_user }}" - -- name: Check that permissions were added (table1) - become_user: "{{ pg_user }}" - become: True - shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }} - register: result_table1 - -- assert: - that: - - "result_table1.stdout_lines[-1] == '(1 row)'" - - "'{{ result_table1.stdout_lines[-2] | trim }}' == 'INSERT'" - -- name: Grant many privileges on multiple tables - become_user: "{{ pg_user }}" - become: True - postgresql_privs: - state: "present" - roles: "{{ db_user1 }}" - privs: 'INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,trigger' - objs: "test_table2,test_table1" - db: "{{ db_name }}" - login_user: "{{ pg_user }}" - -- name: Check that permissions were added (table1) - become_user: "{{ pg_user }}" - become: True - shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }} - register: result_table1 - -- name: Check that permissions were added (table2) - become_user: "{{ pg_user }}" - become: True - shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }} - register: result_table2 - -- assert: - that: - - "result_table1.stdout_lines[-1] == '(7 rows)'" - - "'INSERT' in result_table1.stdout" - - "'SELECT' in result_table1.stdout" - - "'UPDATE' in result_table1.stdout" - - "'DELETE' in result_table1.stdout" - - "'TRUNCATE' in result_table1.stdout" - - "'REFERENCES' in result_table1.stdout" - - "'TRIGGER' in result_table1.stdout" - - "result_table2.stdout_lines[-1] == '(7 rows)'" - - "'INSERT' in result_table2.stdout" - - "'SELECT' in result_table2.stdout" - - "'UPDATE' in result_table2.stdout" - - "'DELETE' in result_table2.stdout" - - "'TRUNCATE' in result_table2.stdout" - - "'REFERENCES' in result_table2.stdout" - - "'TRIGGER' in result_table2.stdout" - -# -# Cleanup -# -- name: Cleanup db - become_user: "{{ pg_user }}" - become: True - postgresql_db: - name: "{{ db_name }}" - state: "absent" - login_user: "{{ pg_user }}" - -- name: Check that database was destroyed - become_user: "{{ pg_user }}" - become: True - shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres - register: result - -- assert: - that: - - "result.stdout_lines[-1] == '(0 rows)'" - -- name: Cleanup test user - become_user: "{{ pg_user }}" - become: True - postgresql_user: - name: "{{ db_user1 }}" - state: 'absent' - login_user: "{{ pg_user }}" - db: postgres - -- name: Check that they were removed - become_user: "{{ pg_user }}" - become: True - shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres - register: result - -- assert: - that: - - "result.stdout_lines[-1] == '(0 rows)'" - -# -# Test login_user functionality -# -- name: Create a user to test login module parameters - become: True - become_user: "{{ pg_user }}" - postgresql_user: - name: "{{ db_user1 }}" - state: "present" - encrypted: 'yes' - password: "password" - role_attr_flags: "CREATEDB,LOGIN,CREATEROLE" - login_user: "{{ pg_user }}" - db: postgres - -- name: Create db - postgresql_db: - name: "{{ db_name }}" - state: "present" - login_user: "{{ db_user1 }}" - login_password: "password" - login_host: "localhost" - -- name: Check that database created - become: True - become_user: "{{ pg_user }}" - shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres - register: result - -- assert: - that: - - "result.stdout_lines[-1] == '(1 row)'" - -- name: Create a user - postgresql_user: - name: "{{ db_user2 }}" - state: "present" - encrypted: 'yes' - password: "md55c8ccfd9d6711fc69a7eae647fc54f51" - db: "{{ db_name }}" - login_user: "{{ db_user1 }}" - login_password: "password" - login_host: "localhost" - -- name: Check that it was created - become: True - become_user: "{{ pg_user }}" - shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres - register: result - -- assert: - that: - - "result.stdout_lines[-1] == '(1 row)'" - -- name: Grant database privileges - postgresql_privs: - type: "database" - state: "present" - roles: "{{ db_user2 }}" - privs: "CREATE,connect" - objs: "{{ db_name }}" - db: "{{ db_name }}" - login: "{{ db_user1 }}" - password: "password" - host: "localhost" - -- name: Check that the user has the requested permissions (database) - become: True - become_user: "{{ pg_user }}" - shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }} - register: result_database - -- assert: - that: - - "result_database.stdout_lines[-1] == '(1 row)'" - - "'{{ db_user2 }}=Cc' in result_database.stdout" - -- name: Remove user - postgresql_user: - name: "{{ db_user2 }}" - state: 'absent' - priv: "ALL" - db: "{{ db_name }}" - login_user: "{{ db_user1 }}" - login_password: "password" - login_host: "localhost" - -- name: Check that they were removed - become: True - become_user: "{{ pg_user }}" - shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres - register: result - -- assert: - that: - - "result.stdout_lines[-1] == '(0 rows)'" - -- name: Destroy DB - postgresql_db: - state: absent - name: "{{ db_name }}" - login_user: "{{ db_user1 }}" - login_password: "password" - login_host: "localhost" - -- name: Check that database was destroyed - become: True - become_user: "{{ pg_user }}" - shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres - register: result - -- assert: - that: - - "result.stdout_lines[-1] == '(0 rows)'" - -# Test ssl. -# Restricted using Debian family because of there are errors on other distributions -# that not related with PostgreSQL or psycopg2 SSL support. -# The tests' key point is to be sure that ssl options work in general -- include: ssl.yml - when: ansible_os_family == 'Debian' and postgres_version_resp.stdout is version('9.4', '>=') - -# Test postgresql_user module -- import_tasks: postgresql_user.yml - -# Test postgresql_set -- include: postgresql_set.yml - when: postgres_version_resp.stdout is version('9.4', '>=') - -# Verify different session_role scenarios -- include: session_role.yml - -# Test postgresql_idx module -- include: postgresql_idx.yml - -# Test postgresql_query module -- include: postgresql_query.yml - -# Verify postgresql_ping module -- include: postgresql_ping.yml db_name_nonexist=fake_db - -# Test postgresql_tablespace module -- include: postgresql_tablespace.yml - -# Test postgresql_db module, specific options: -- include: postgresql_db.yml - -# Test postgresql_privs -- include: postgresql_privs.yml - -# Test postgresql_info module -- include: postgresql_info.yml + db_name_nonexist: fake_db # Test default_privs with target_role -- include: test_target_role.yml +- import_tasks: test_target_role.yml when: postgres_version_resp.stdout is version('9.1', '>=') -# Test postgresql_copy module -- include: postgresql_copy.yml - when: postgres_version_resp.stdout is version('9.4', '>=') - # Test postgresql_sequence module -- include: postgresql_sequence.yml +- import_tasks: postgresql_sequence.yml when: postgres_version_resp.stdout is version('9.0', '>=') # Test postgresql_ext. @@ -851,75 +88,44 @@ # missing postgis package in repositories. # Anyway, these tests completely depend on Postgres version, # not specific distributions. -- include: postgresql_ext.yml - when: postgres_version_resp.stdout is version('9.1', '>=') and ansible_distribution == 'Fedora' +- import_tasks: postgresql_ext.yml + when: + - postgres_version_resp.stdout is version('9.1', '>=') + - ansible_distribution == 'Fedora' -- include: postgresql_ext_version_opt.yml +- import_tasks: postgresql_ext_version_opt.yml when: ansible_distribution == 'Ubuntu' -# Test postgresql_slot module. -# Physical replication slots are available from PostgreSQL 9.4 -- include: postgresql_slot.yml - when: postgres_version_resp.stdout is version('9.4', '>=') - -# Test postgresql_schema module -- include: postgresql_schema.yml - -# Test postgresql_membership module -- include: postgresql_membership.yml - -# Test postgresql_table module -- include: postgresql_table.yml - # Test postgresql_lang module. # To implement tests, it needs to install some additional packages # that may cause problems on different distributions, # so I restricted the tests using CentOS because the results # depend only on Postgres version # (CentOS 6 repo contains the oldest PG version in these tests - 9.0): -- include: postgresql_lang.yml +- import_tasks: postgresql_lang.yml when: ansible_distribution == 'CentOS' -# Test postgresql_owner module -- include: postgresql_owner.yml - # dump/restore tests per format # ============================================================ -- include: state_dump_restore.yml test_fixture=user file=dbdata.sql -- include: state_dump_restore.yml test_fixture=user file=dbdata.sql.gz -- include: state_dump_restore.yml test_fixture=user file=dbdata.sql.bz2 -- include: state_dump_restore.yml test_fixture=user file=dbdata.sql.xz -- include: state_dump_restore.yml test_fixture=user file=dbdata.tar -- include: state_dump_restore.yml test_fixture=user file=dbdata.tar.gz -- include: state_dump_restore.yml test_fixture=user file=dbdata.tar.bz2 -- include: state_dump_restore.yml test_fixture=user file=dbdata.tar.xz +- include_tasks: state_dump_restore.yml + vars: + test_fixture: user + file: '{{ loop_item }}' + loop: + - dbdata.sql + - dbdata.sql.gz + - dbdata.sql.bz2 + - dbdata.sql.xz + - dbdata.tar + - dbdata.tar.gz + - dbdata.tar.bz2 + - dbdata.tar.xz + loop_control: + loop_var: loop_item # dump/restore tests per other logins # ============================================================ -- include: state_dump_restore.yml file=dbdata.tar test_fixture=admin - -# postgres_pg_hba module checks -# ============================================================ -- include: postgresql_pg_hba.yml - -# -# Cleanup -# -- name: Cleanup test user - become: True - become_user: "{{ pg_user }}" - postgresql_user: - name: "{{ db_user1 }}" - state: 'absent' - db: postgres - login_user: "{{ pg_user }}" - -- name: Check that they were removed - become: True - become_user: "{{ pg_user }}" - shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres - register: result - -- assert: - that: - - "result.stdout_lines[-1] == '(0 rows)'" +- import_tasks: state_dump_restore.yml + vars: + file: dbdata.tar + test_fixture: admin diff --git a/test/integration/targets/postgresql/tasks/pg_authid_not_readable.yml b/test/integration/targets/postgresql/tasks/pg_authid_not_readable.yml index 6dd6b4056bb..f5d502d091f 100644 --- a/test/integration/targets/postgresql/tasks/pg_authid_not_readable.yml +++ b/test/integration/targets/postgresql/tasks/pg_authid_not_readable.yml @@ -1,6 +1,6 @@ - name: "Admin user is allowed to access pg_authid relation: password comparison will succeed, password won't be updated" become_user: "{{ pg_user }}" - become: True + become: yes postgresql_user: name: "{{ db_user1 }}" encrypted: 'yes' @@ -21,7 +21,7 @@ shell: 'psql -c "select * from pg_authid;" {{ db_name }} {{ db_user1 }}' environment: PGPASSWORD: '{{ db_password }}' - ignore_errors: True + ignore_errors: yes register: pg_authid - assert: @@ -31,7 +31,7 @@ - name: "Normal user isn't allowed to access pg_authid relation: password comparison will fail, password will be updated" become_user: "{{ pg_user }}" - become: True + become: yes postgresql_user: name: "{{ db_user1 }}" encrypted: 'yes' diff --git a/test/integration/targets/postgresql/tasks/postgresql_copy.yml b/test/integration/targets/postgresql/tasks/postgresql_copy.yml index 62094914a0c..62ab6051438 100644 --- a/test/integration/targets/postgresql/tasks/postgresql_copy.yml +++ b/test/integration/targets/postgresql/tasks/postgresql_copy.yml @@ -8,7 +8,7 @@ data_file_csv: /tmp/data.csv task_parameters: &task_parameters become_user: '{{ pg_user }}' - become: True + become: yes register: result pg_parameters: &pg_parameters login_user: '{{ pg_user }}' @@ -55,7 +55,7 @@ - assert: that: - - result.changed == true + - result is changed # check that nothing changed after the previous step: - name: postgresql_copy - check that data_file_txt doesn't exist @@ -79,7 +79,7 @@ - assert: that: - - result.changed == true + - result is changed # check that nothing changed after the previous step: - name: postgresql_copy - check that test table continue to have one row @@ -116,7 +116,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ["COPY \"{{ test_table }}\" TO '{{ data_file_txt }}'"] - result.src == '{{ test_table }}' - result.dst == '{{ data_file_txt }}' @@ -145,7 +145,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ["COPY \"{{ test_table }}\" (id,name) TO '{{ data_file_csv }}' (format csv)"] - result.src == '{{ test_table }}' - result.dst == '{{ data_file_csv }}' @@ -173,7 +173,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ["COPY \"{{ test_table }}\" (id,name) FROM '{{ data_file_csv }}' (format csv)"] - result.dst == '{{ test_table }}' - result.src == '{{ data_file_csv }}' @@ -202,7 +202,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ["COPY \"{{ test_table }}\" (id, name) TO PROGRAM '/bin/true' (delimiter '|')"] - result.src == '{{ test_table }}' - result.dst == '/bin/true' @@ -221,7 +221,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ["COPY \"{{ test_table }}\" (id, name) FROM PROGRAM 'echo 1,first' (delimiter ',')"] - result.dst == '{{ test_table }}' - result.src == 'echo 1,first' diff --git a/test/integration/targets/postgresql/tasks/postgresql_db.yml b/test/integration/targets/postgresql/tasks/postgresql_db.yml index 4218f7a4e2b..d24568c8ace 100644 --- a/test/integration/targets/postgresql/tasks/postgresql_db.yml +++ b/test/integration/targets/postgresql/tasks/postgresql_db.yml @@ -8,7 +8,7 @@ db_name: acme block_parameters: &block_parameters become_user: "{{ pg_user }}" - become: True + become: yes task_parameters: &task_parameters register: result pg_parameters: &pg_parameters @@ -37,7 +37,7 @@ - assert: that: - - result.changed == true + - result is changed - name: postgresql_db_tablespace - Check actual DB tablespace, rowcount must be 0 because actually nothing changed <<: *task_parameters @@ -64,7 +64,7 @@ - assert: that: - - result.changed == true + - result is changed - name: postgresql_db_tablespace - Check actual DB tablespace, rowcount must be 1 <<: *task_parameters @@ -91,7 +91,7 @@ - assert: that: - - result.changed == false + - result is not changed # Try to change tablespace in check_mode: - name: postgresql_db_tablespace - Change tablespace in check_mode @@ -105,7 +105,7 @@ - assert: that: - - result.changed == true + - result is changed - name: postgresql_db_tablespace - Check actual DB tablespace, rowcount must be 1 because actually nothing changed <<: *task_parameters @@ -132,7 +132,7 @@ - assert: that: - - result.changed == true + - result is changed - name: postgresql_db_tablespace - Check actual DB tablespace, rowcount must be 1 <<: *task_parameters diff --git a/test/integration/targets/postgresql/tasks/postgresql_ext.yml b/test/integration/targets/postgresql/tasks/postgresql_ext.yml index e24c8a5471b..c785d82cd8a 100644 --- a/test/integration/targets/postgresql/tasks/postgresql_ext.yml +++ b/test/integration/targets/postgresql/tasks/postgresql_ext.yml @@ -43,7 +43,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == [] # Check that extension doesn't exist after the previous step, rowcount must be 0 @@ -73,7 +73,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['CREATE EXTENSION "postgis"'] # Check that extension exists after the previous step, rowcount must be 1 @@ -103,7 +103,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['DROP EXTENSION "postgis"'] # Check that extension doesn't exist after the previous step, rowcount must be 0 @@ -133,7 +133,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['CREATE EXTENSION "postgis" WITH SCHEMA "schema1"'] # Check that extension exists after the previous step, rowcount must be 1 @@ -174,7 +174,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['DROP EXTENSION "postgis" CASCADE'] # Check that extension doesn't exist after the previous step, rowcount must be 0 @@ -206,7 +206,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['CREATE EXTENSION "postgis" CASCADE"'] when: postgres_version_resp.stdout is version('9.6', '<=') diff --git a/test/integration/targets/postgresql/tasks/postgresql_ext_version_opt.yml b/test/integration/targets/postgresql/tasks/postgresql_ext_version_opt.yml index 2efd4f01591..d2beac6708c 100644 --- a/test/integration/targets/postgresql/tasks/postgresql_ext_version_opt.yml +++ b/test/integration/targets/postgresql/tasks/postgresql_ext_version_opt.yml @@ -7,7 +7,7 @@ test_schema: schema1 task_parameters: &task_parameters become_user: '{{ pg_user }}' - become: True + become: yes register: result pg_parameters: &pg_parameters login_user: '{{ pg_user }}' @@ -28,12 +28,12 @@ <<: *pg_parameters name: "{{ test_ext }}" schema: "{{ test_schema }}" - version: 1.0 + version: '1.0' check_mode: yes - assert: that: - - result.changed == true + - result is changed - name: postgresql_ext_version - check that nothing was actually changed <<: *task_parameters @@ -51,11 +51,11 @@ <<: *pg_parameters name: "{{ test_ext }}" schema: "{{ test_schema }}" - version: 1.0 + version: '1.0' - assert: that: - - result.changed == true + - result is changed - result.queries == ["CREATE EXTENSION \"{{ test_ext }}\" WITH SCHEMA \"{{ test_schema }}\" VERSION '1.0'"] - name: postgresql_ext_version - check @@ -74,12 +74,12 @@ <<: *pg_parameters name: "{{ test_ext }}" schema: "{{ test_schema }}" - version: 1.0 + version: '1.0' check_mode: yes - assert: that: - - result.changed == false + - result is not changed - name: postgresql_ext_version - check <<: *task_parameters @@ -97,11 +97,11 @@ <<: *pg_parameters name: "{{ test_ext }}" schema: "{{ test_schema }}" - version: 1.0 + version: '1.0' - assert: that: - - result.changed == false + - result is not changed - name: postgresql_ext_version - check <<: *task_parameters @@ -119,12 +119,12 @@ <<: *pg_parameters name: "{{ test_ext }}" schema: "{{ test_schema }}" - version: 2.0 + version: '2.0' check_mode: yes - assert: that: - - result.changed == true + - result is changed - name: postgresql_ext_version - check, the version must be 1.0 <<: *task_parameters @@ -142,11 +142,11 @@ <<: *pg_parameters name: "{{ test_ext }}" schema: "{{ test_schema }}" - version: 2.0 + version: '2.0' - assert: that: - - result.changed == true + - result is changed - result.queries == ["ALTER EXTENSION \"{{ test_ext }}\" UPDATE TO '2.0'"] - name: postgresql_ext_version - check, the version must be 2.0 @@ -168,7 +168,7 @@ - assert: that: - - result.changed == false + - result is not changed - name: postgresql_ext_version - check, the version must be 2.0 <<: *task_parameters @@ -190,7 +190,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ["ALTER EXTENSION \"{{ test_ext }}\" UPDATE TO '3.0'"] - name: postgresql_ext_version - check @@ -213,7 +213,7 @@ - assert: that: - - result.changed == false + - result is not changed - name: postgresql_ext_version - try to downgrade the extension version, must fail <<: *task_parameters @@ -221,7 +221,7 @@ <<: *pg_parameters name: "{{ test_ext }}" schema: "{{ test_schema }}" - version: 1.0 + version: '1.0' ignore_errors: yes - assert: @@ -238,7 +238,7 @@ - assert: that: - - result.changed == true + - result is changed - name: postgresql_ext_version - check that extension exists <<: *task_parameters @@ -259,7 +259,7 @@ - assert: that: - - result.changed == true + - result is changed - name: postgresql_ext_version - check that extension doesn't exist after the prev step <<: *task_parameters @@ -280,7 +280,7 @@ - assert: that: - - result.changed == false + - result is not changed - name: postgresql_ext_version - create the extension without passing version <<: *task_parameters @@ -290,7 +290,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ["CREATE EXTENSION \"{{ test_ext }}\""] - name: postgresql_ext_version - check diff --git a/test/integration/targets/postgresql/tasks/postgresql_idx.yml b/test/integration/targets/postgresql/tasks/postgresql_idx.yml index 236821ffa9c..2e733126ac6 100644 --- a/test/integration/targets/postgresql/tasks/postgresql_idx.yml +++ b/test/integration/targets/postgresql/tasks/postgresql_idx.yml @@ -75,7 +75,7 @@ - assert: that: - - result.changed == true + - result is changed - result.tblname == '' - result.name == 'test0_idx' - result.state == 'absent' @@ -114,7 +114,7 @@ - assert: that: - - result.changed == true + - result is changed - result.tblname == 'test_table' - result.name == 'test0_idx' - result.state == 'present' @@ -153,7 +153,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.tblname == 'test_table' - result.name == 'test0_idx' - result.state == 'present' @@ -185,7 +185,7 @@ - assert: that: - - result.changed == true + - result is changed - result.tblname == 'foo_table' - result.name == 'foo_test_idx' - result.state == 'present' @@ -215,7 +215,7 @@ - assert: that: - - result.changed == true + - result is changed - result.tblname == 'test_table' - result.name == 'test_brin_idx' - result.state == 'present' @@ -237,13 +237,13 @@ table: test_table columns: id idxname: test1_idx - cond: id > 1 AND id != 10 + cond: 'id > 1 AND id != 10' register: result ignore_errors: yes - assert: that: - - result.changed == true + - result is changed - result.tblname == 'test_table' - result.name == 'test1_idx' - result.state == 'present' @@ -272,7 +272,7 @@ - assert: that: - - result.changed == true + - result is changed - result.name == 'foo_test_idx' - result.state == 'present' - result.schema == 'foo' @@ -313,7 +313,7 @@ - assert: that: - - result.changed == true + - result is changed - result.name == 'foo_test_idx' - result.state == 'absent' - result.schema == 'foo' @@ -351,5 +351,5 @@ - assert: that: - - result.changed == false + - result is not changed - result.query == '' diff --git a/test/integration/targets/postgresql/tasks/postgresql_lang.yml b/test/integration/targets/postgresql/tasks/postgresql_lang.yml index cbeb643dc14..ec5c30b51ca 100644 --- a/test/integration/targets/postgresql/tasks/postgresql_lang.yml +++ b/test/integration/targets/postgresql/tasks/postgresql_lang.yml @@ -29,7 +29,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == [] - name: postgresql_lang - check that lang doesn't exist after previous step, rowcount must be 0 @@ -58,7 +58,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['CREATE LANGUAGE "plperl"'] - name: postgresql_lang - check that lang exists after previous step @@ -89,7 +89,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == [] - name: postgresql_lang - check that lang exists after previous step, rowcount must be 1 @@ -119,7 +119,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['DROP LANGUAGE "plperl"'] - name: postgresql_lang - check that lang doesn't exist after previous step, rowcount must be 0 @@ -184,7 +184,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['CREATE TRUSTED LANGUAGE "plpythonu"', "UPDATE pg_language SET lanpltrusted = 'True' WHERE lanname = 'plpythonu'"] - name: postgresql_lang - check that lang exists and it's trusted after previous step @@ -216,7 +216,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['DROP LANGUAGE "plpythonu" CASCADE'] - name: postgresql_lang - check that lang doesn't exist after previous step, rowcount must be 0 diff --git a/test/integration/targets/postgresql/tasks/postgresql_membership.yml b/test/integration/targets/postgresql/tasks/postgresql_membership.yml index 574354fcc00..2a704310860 100644 --- a/test/integration/targets/postgresql/tasks/postgresql_membership.yml +++ b/test/integration/targets/postgresql/tasks/postgresql_membership.yml @@ -39,7 +39,7 @@ - assert: that: - - result.changed == true + - result is changed - result.groups == ["group1"] - result.queries == ["GRANT \"group1\" TO \"user1\""] - result.granted.group1 == ["user1"] @@ -63,7 +63,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.groups == ["group1"] - result.queries == [] - result.revoked.group1 == [] @@ -86,7 +86,7 @@ - assert: that: - - result.changed == true + - result is changed - result.groups == ["group1"] - result.queries == ["GRANT \"group1\" TO \"user1\""] - result.granted.group1 == ["user1"] @@ -108,7 +108,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.groups == ["group1"] - result.queries == [] - result.granted.group1 == [] @@ -130,7 +130,7 @@ - assert: that: - - result.changed == true + - result is changed - result.groups == ["group1"] - result.queries == ["REVOKE \"group1\" FROM \"user1\""] - result.revoked.group1 == ["user1"] @@ -152,7 +152,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.groups == ["group1"] - result.queries == [] - result.revoked.group1 == [] @@ -178,7 +178,7 @@ - assert: that: - - result.changed == true + - result is changed - result.groups == ["group1", "group2"] - result.queries == ["GRANT \"group1\" TO \"user1\"", "GRANT \"group1\" TO \"user2\"", "GRANT \"group2\" TO \"user1\"", "GRANT \"group2\" TO \"user2\""] - result.granted.group1 == ["user1", "user2"] @@ -205,7 +205,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.groups == ["group1", "group2"] - result.queries == [] - result.granted.group1 == [] @@ -228,7 +228,7 @@ - assert: that: - - result.changed == true + - result is changed - result.groups == ["group1"] - result.queries == ["REVOKE \"group1\" FROM \"user1\""] - result.revoked.group1 == ["user1"] @@ -254,7 +254,7 @@ - assert: that: - - result.changed == true + - result is changed - result.groups == ["group1", "group2"] - result.queries == ["GRANT \"group1\" TO \"user1\""] - result.granted.group1 == ["user1"] @@ -281,7 +281,7 @@ - assert: that: - - result.changed == false + - result is not changed # Try to grant non existent group to non existent role with fail_on_role=no: - name: postgresql_membership - grant group1 to user1 @@ -299,7 +299,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.granted == {} - result.groups == [] - result.target_roles == [] @@ -321,7 +321,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.revoked == {} - result.groups == [] - result.target_roles == [] diff --git a/test/integration/targets/postgresql/tasks/postgresql_owner.yml b/test/integration/targets/postgresql/tasks/postgresql_owner.yml index 5894f0ab93c..f425b00387d 100644 --- a/test/integration/targets/postgresql/tasks/postgresql_owner.yml +++ b/test/integration/targets/postgresql/tasks/postgresql_owner.yml @@ -153,7 +153,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['REASSIGN OWNED BY "bob" TO "alice"'] # Check, rowcount must be 0 @@ -184,7 +184,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['REASSIGN OWNED BY "bob" TO "alice"'] # Check, rowcount must be 1 @@ -222,7 +222,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['ALTER DATABASE "acme" OWNER TO "bob"'] # Check, rowcount must be 0 @@ -254,7 +254,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['ALTER DATABASE "acme" OWNER TO "bob"'] # Check, rowcount must be 1 @@ -286,7 +286,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.queries == [] # Check, rowcount must be 1 @@ -320,7 +320,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['ALTER TABLE "my_table" OWNER TO "bob"'] # Check, rowcount must be 0 @@ -352,7 +352,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['ALTER TABLE "my_table" OWNER TO "bob"'] # Check, rowcount must be 1 @@ -384,7 +384,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.queries == [] # Check, rowcount must be 1 @@ -418,7 +418,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['ALTER SEQUENCE "test_seq" OWNER TO "bob"'] # Check, rowcount must be 0 @@ -450,7 +450,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['ALTER SEQUENCE "test_seq" OWNER TO "bob"'] # Check, rowcount must be 1 @@ -482,7 +482,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.queries == [] # Check, rowcount must be 1 @@ -518,7 +518,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['ALTER FUNCTION increment OWNER TO "bob"'] when: postgres_version_resp.stdout is version('10', '>=') @@ -554,7 +554,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['ALTER FUNCTION increment OWNER TO "bob"'] when: postgres_version_resp.stdout is version('10', '>=') @@ -590,7 +590,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.queries == [] when: postgres_version_resp.stdout is version('10', '>=') @@ -627,7 +627,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['ALTER SCHEMA "test_schema" OWNER TO "bob"'] # Check, rowcount must be 0 @@ -659,7 +659,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['ALTER SCHEMA "test_schema" OWNER TO "bob"'] # Check, rowcount must be 1 @@ -691,7 +691,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.queries == [] # Check, rowcount must be 1 @@ -725,7 +725,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['ALTER VIEW "test_view" OWNER TO "bob"'] # Check, rowcount must be 0 @@ -757,7 +757,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['ALTER VIEW "test_view" OWNER TO "bob"'] # Check, rowcount must be 1 @@ -789,7 +789,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.queries == [] # Check, rowcount must be 1 @@ -824,7 +824,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['ALTER MATERIALIZED VIEW "test_mat_view" OWNER TO "bob"'] when: postgres_version_resp.stdout is version('9.4', '>=') @@ -860,7 +860,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['ALTER MATERIALIZED VIEW "test_mat_view" OWNER TO "bob"'] when: postgres_version_resp.stdout is version('9.4', '>=') @@ -896,7 +896,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.queries == [] when: postgres_version_resp.stdout is version('9.4', '>=') @@ -933,7 +933,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['ALTER TABLESPACE "acme" OWNER TO "bob"'] # Check, rowcount must be 0 @@ -965,7 +965,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['ALTER TABLESPACE "acme" OWNER TO "bob"'] # Check, rowcount must be 1 @@ -997,7 +997,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.queries == [] # Check, rowcount must be 1 diff --git a/test/integration/targets/postgresql/tasks/postgresql_ping.yml b/test/integration/targets/postgresql/tasks/postgresql_ping.yml index eb9e75aa836..c2105ee25bf 100644 --- a/test/integration/targets/postgresql/tasks/postgresql_ping.yml +++ b/test/integration/targets/postgresql/tasks/postgresql_ping.yml @@ -17,7 +17,7 @@ - result.server_version != {} - result.server_version.major != false - result.server_version.minor != false - - result.changed == false + - result is not changed - name: postgresql_ping - check ping of non-existing database doesn't return anything become_user: "{{ pg_user }}" @@ -32,4 +32,4 @@ that: - result.is_available == false - result.server_version == {} - - result.changed == false + - result is not changed diff --git a/test/integration/targets/postgresql/tasks/postgresql_privs.yml b/test/integration/targets/postgresql/tasks/postgresql_privs.yml index 588d747cea2..d28d13402f1 100644 --- a/test/integration/targets/postgresql/tasks/postgresql_privs.yml +++ b/test/integration/targets/postgresql/tasks/postgresql_privs.yml @@ -67,7 +67,7 @@ - assert: that: - - result.changed == true + - result is changed # Check: - name: Check that nothing was changed after the prev step @@ -99,7 +99,7 @@ - assert: that: - - result.changed == true + - result is changed # Check: - name: Check that nothing was changed after the prev step @@ -131,7 +131,7 @@ - assert: that: - - result.changed == false + - result is not changed # Cleanup: - name: Drop test view @@ -187,7 +187,7 @@ # Checks - assert: that: - - "result.changed == true" + - result is changed - name: Get foreign data wrapper privileges become: yes @@ -220,7 +220,7 @@ # Checks - assert: that: - - "result.changed == false" + - result is not changed # Test - name: Revoke foreign data wrapper privileges @@ -238,7 +238,7 @@ # Checks - assert: that: - - "result.changed == true" + - result is changed - name: Get foreign data wrapper privileges become: yes @@ -271,7 +271,7 @@ # Checks - assert: that: - - "result.changed == false" + - result is not changed # Test - name: Grant foreign server privileges @@ -289,7 +289,7 @@ # Checks - assert: that: - - "result.changed == true" + - result is changed - name: Get foreign server privileges become: yes @@ -322,7 +322,7 @@ # Checks - assert: that: - - "result.changed == false" + - result is not changed # Test - name: Revoke foreign server privileges @@ -340,7 +340,7 @@ # Checks - assert: that: - - "result.changed == true" + - result is changed - name: Get foreign server privileges become: yes @@ -373,7 +373,7 @@ # Checks - assert: that: - - "result.changed == false" + - result is not changed # Foreign data wrapper cleanup - name: Drop foreign server @@ -420,7 +420,7 @@ # Checks - assert: - that: result.changed == true + that: result is changed - name: Check that all functions have execute privileges become: yes @@ -448,7 +448,7 @@ # Checks - assert: - that: result.changed == false + that: result is not changed # Test - name: Revoke execute to all functions @@ -467,7 +467,7 @@ # Checks - assert: - that: result.changed == true + that: result is changed # Test - name: Revoke execute to all functions again @@ -485,7 +485,7 @@ ignore_errors: yes - assert: - that: result.changed == false + that: result is not changed # Function ALL_IN_SCHEMA cleanup - name: Remove function for test @@ -567,7 +567,7 @@ # Checks - assert: - that: result.changed == true + that: result is changed when: postgres_version_resp.stdout is version('10', '>=') - name: Check that all partitioned tables have select privileges @@ -606,7 +606,7 @@ # Checks - assert: - that: result.changed == false + that: result is not changed when: postgres_version_resp.stdout is version('10', '>=') # Test @@ -627,7 +627,7 @@ # Checks - assert: - that: result.changed == true + that: result is changed when: postgres_version_resp.stdout is version('10', '>=') - name: Check that all partitioned tables don't have select privileges @@ -665,7 +665,7 @@ when: postgres_version_resp.stdout is version('10', '>=') - assert: - that: result.changed == false + that: result is not changed when: postgres_version_resp.stdout is version('10', '>=') # Table ALL_IN_SCHEMA cleanup diff --git a/test/integration/targets/postgresql/tasks/postgresql_query.yml b/test/integration/targets/postgresql/tasks/postgresql_query.yml index 6bdfeb28318..b86598fbc3e 100644 --- a/test/integration/targets/postgresql/tasks/postgresql_query.yml +++ b/test/integration/targets/postgresql/tasks/postgresql_query.yml @@ -68,7 +68,7 @@ - assert: that: - - result.changed == true + - result is changed - result.query == 'ANALYZE test_table' - result.rowcount == 0 - result.statusmessage == 'ANALYZE' @@ -90,7 +90,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.query == 'SELECT version();\nSELECT story FROM test_table\nWHERE id = 1;\n' - result.rowcount == 1 - result.statusmessage == 'SELECT 1' or result.statusmessage == 'SELECT' @@ -110,7 +110,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.query == 'SELECT * FROM test_table' - result.rowcount == 3 - result.statusmessage == 'SELECT 3' or result.statusmessage == 'SELECT' @@ -137,7 +137,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.query == "SELECT id FROM test_table WHERE id = 1 AND story = 'first'" or result.query == "SELECT id FROM test_table WHERE id = 1 AND story = E'first'" - result.rowcount == 1 - result.statusmessage == 'SELECT 1' or result.statusmessage == 'SELECT' @@ -159,7 +159,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.query == "SELECT story FROM test_table WHERE id = 2 AND story = 'second'" or result.query == "SELECT story FROM test_table WHERE id = 2 AND story = E'second'" - result.rowcount == 1 - result.statusmessage == 'SELECT 1' or result.statusmessage == 'SELECT' @@ -178,7 +178,7 @@ - assert: that: - - result.changed == true + - result is changed - result.query == "UPDATE test_table SET story = 'new' WHERE id = 3" - result.rowcount == 1 - result.statusmessage == 'UPDATE 1' @@ -211,7 +211,7 @@ - assert: that: - - result.changed == true + - result is changed - result.query == "UPDATE test_table SET story = 'CHECK_MODE' WHERE id = 3" - result.rowcount == 1 - result.statusmessage == 'UPDATE 1' @@ -244,7 +244,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.query == "UPDATE test_table SET story = 'new' WHERE id = 100" - result.rowcount == 0 - result.statusmessage == 'UPDATE 0' @@ -266,7 +266,7 @@ - assert: that: - - result.changed == true + - result is changed - result.query == "INSERT INTO test_table (id, story) VALUES (4, 'fourth')" or result.query == "INSERT INTO test_table (id, story) VALUES (4, E'fourth')" - result.rowcount == 1 - result.statusmessage == 'INSERT 0 1' @@ -285,7 +285,7 @@ - assert: that: - - result.changed == true + - result is changed - result.query == "TRUNCATE test_table" - result.rowcount == 0 - result.statusmessage == 'TRUNCATE TABLE' @@ -304,7 +304,7 @@ - assert: that: - - result.changed == true + - result is changed - result.query == "ALTER TABLE test_table ADD COLUMN foo int" - result.rowcount == 0 - result.statusmessage == 'ALTER TABLE' @@ -355,7 +355,7 @@ - assert: that: - - result.changed == true + - result is changed - result.query == "VACUUM" - result.rowcount == 0 - result.statusmessage == 'VACUUM' diff --git a/test/integration/targets/postgresql/tasks/postgresql_schema.yml b/test/integration/targets/postgresql/tasks/postgresql_schema.yml index 441f215fef4..050ee074efe 100644 --- a/test/integration/targets/postgresql/tasks/postgresql_schema.yml +++ b/test/integration/targets/postgresql/tasks/postgresql_schema.yml @@ -34,7 +34,7 @@ # Checks - assert: that: - - result.changed == true + - result is changed - result.schema == 'acme' - name: Check that the new schema "acme" not exists @@ -63,7 +63,7 @@ # Checks - assert: that: - - result.changed == true + - result is changed - result.schema == 'acme' - result.queries == [ 'CREATE SCHEMA "acme"' ] @@ -95,7 +95,7 @@ # Checks - assert: that: - - result.changed == false + - result is not changed - name: Check that the new schema "acme" still exists become: yes @@ -124,7 +124,7 @@ # Checks - assert: that: - - result.changed == true + - result is changed - result.queries == [ 'DROP SCHEMA "acme"' ] - name: Check that no schema "acme" exists @@ -163,7 +163,7 @@ # Checks - assert: that: - - result.changed == true + - result is changed - result.schema == 'acme' - result.queries == [ 'CREATE SCHEMA "acme"' ] - result2.changed == true @@ -210,7 +210,7 @@ # Checks - assert: that: - - result.changed == true + - result is changed - result.queries == [ 'DROP SCHEMA "acme" CASCADE' ] - name: Check that no schema "acme" exists @@ -241,7 +241,7 @@ # Checks - assert: that: - - result.changed == true + - result is changed - result.schema == 'acme' - result.queries == [ 'CREATE SCHEMA "acme" AUTHORIZATION "{{ db_user2 }}"' ] @@ -273,7 +273,7 @@ # Checks - assert: that: - - result.changed == true + - result is changed - result.queries == [ 'DROP SCHEMA "acme"' ] - name: Check that no schema "acme" exists diff --git a/test/integration/targets/postgresql/tasks/postgresql_sequence.yml b/test/integration/targets/postgresql/tasks/postgresql_sequence.yml index 0c580bff06e..45f68b157d1 100644 --- a/test/integration/targets/postgresql/tasks/postgresql_sequence.yml +++ b/test/integration/targets/postgresql/tasks/postgresql_sequence.yml @@ -59,7 +59,7 @@ - name: postgresql_sequence - check with assert the output assert: that: - - result.changed == True + - result is changed - result.sequence == 'foobar' - result.queries == ["CREATE SEQUENCE \"public\".\"foobar\""] @@ -94,7 +94,7 @@ - name: postgresql_sequence - check with assert the output assert: that: - - result.changed == True + - result is changed - result.sequence == 'foobar' - result.queries == ["CREATE SEQUENCE \"public\".\"foobar\""] @@ -130,7 +130,7 @@ - name: postgresql_sequence - check with assert the output assert: that: - - result.changed == True + - result is changed - result.sequence == 'foobar' - result.queries == ["DROP SEQUENCE \"public\".\"foobar\""] @@ -165,7 +165,7 @@ - name: postgresql_sequence - check with assert the output assert: that: - - result.changed == True + - result is changed - result.sequence == 'foobar' - result.queries == ["DROP SEQUENCE \"public\".\"foobar\""] @@ -200,7 +200,7 @@ - name: postgresql_sequence - check with assert the output assert: that: - - result.changed == False + - result is not changed - result.sequence == 'foobar' - result.queries == [] @@ -239,7 +239,7 @@ - name: postgresql_sequence - check with assert the output assert: that: - - result.changed == True + - result is changed - result.sequence == 'foobar_desc' - result.increment == '-1' - result.minvalue == '1' @@ -277,7 +277,7 @@ - name: postgresql_sequence - check with assert the output assert: that: - - result.changed == True + - result is changed - result.sequence == 'foobar_desc' - result.newname == 'foobar_with_options' - result.queries == ["ALTER SEQUENCE \"public\".\"foobar_desc\" RENAME TO \"foobar_with_options\""] @@ -313,7 +313,7 @@ - name: postgresql_sequence - check with assert the output assert: that: - - result.changed == True + - result is changed - result.sequence == 'foobar_desc' - result.newname == 'foobar_with_options' - result.queries == ["ALTER SEQUENCE \"public\".\"foobar_desc\" RENAME TO \"foobar_with_options\""] @@ -350,7 +350,7 @@ - name: postgresql_sequence - check with assert the output assert: that: - - result.changed == True + - result is changed - result.sequence == 'foobar_with_options' - result.schema == 'public' - result.newschema == 'foobar_schema' @@ -387,7 +387,7 @@ - name: postgresql_sequence - check with assert the output assert: that: - - result.changed == True + - result is changed - result.sequence == 'foobar_with_options' - result.schema == 'public' - result.newschema == 'foobar_schema' @@ -426,7 +426,7 @@ - name: postgresql_sequence - check with assert the output assert: that: - - result.changed == True + - result is changed - result.sequence == 'foobar_with_options' - result.owner == "{{ pg_user }}" - result.queries == ["ALTER SEQUENCE \"foobar_schema\".\"foobar_with_options\" OWNER TO \"{{ db_user1 }}\""] @@ -470,7 +470,7 @@ - name: postgresql_sequence - check with assert the output assert: that: - - result.changed == True + - result is changed - result.sequence == 'foobar_with_options' - result.owner == "{{ pg_user }}" - result.queries == ["ALTER SEQUENCE \"foobar_schema\".\"foobar_with_options\" OWNER TO \"{{ db_user1 }}\""] @@ -539,7 +539,7 @@ - name: postgresql_sequence - check with assert the output assert: that: - - result.changed == True + - result is changed - result.sequence == 'seq1' - result.queries == ["DROP SEQUENCE \"public\".\"seq1\" CASCADE"] @@ -575,7 +575,7 @@ - name: postgresql_sequence - check with assert the output assert: that: - - result.changed == True + - result is changed - result.sequence == 'seq1' - result.queries == ["DROP SEQUENCE \"public\".\"seq1\" CASCADE"] @@ -611,7 +611,7 @@ - name: postgresql_sequence - check with assert the output assert: that: - - result.changed == True + - result is changed - result.sequence == 'foobar2' - result.queries == ["CREATE SEQUENCE \"public\".\"foobar2\"", "ALTER SEQUENCE \"public\".\"foobar2\" OWNER TO \"ansible_db_user2\""] @@ -646,7 +646,7 @@ - name: postgresql_sequence - check with assert the output assert: that: - - result.changed == True + - result is changed - result.sequence == 'foobar2' - result.queries == ["CREATE SEQUENCE \"public\".\"foobar2\"", "ALTER SEQUENCE \"public\".\"foobar2\" OWNER TO \"ansible_db_user2\""] diff --git a/test/integration/targets/postgresql/tasks/postgresql_slot.yml b/test/integration/targets/postgresql/tasks/postgresql_slot.yml index 3037353f673..3cf47ac6bbc 100644 --- a/test/integration/targets/postgresql/tasks/postgresql_slot.yml +++ b/test/integration/targets/postgresql/tasks/postgresql_slot.yml @@ -8,7 +8,7 @@ login_user: "{{ pg_user }}" db: postgres name: max_replication_slots - value: 10 + value: '10' - name: postgresql_slot - set wal_level to logical become_user: "{{ pg_user }}" @@ -42,7 +42,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == [] # Check, rowcount must be 0 @@ -72,13 +72,13 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ["SELECT pg_create_physical_replication_slot('slot0', False)"] when: postgres_version_resp.stdout is version('9.6', '>=') - assert: that: - - result.changed == true + - result is changed - result.queries == ["SELECT pg_create_physical_replication_slot('slot0')"] when: postgres_version_resp.stdout is version('9.6', '<') @@ -110,7 +110,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.queries == [] # Check, rowcount must be 1 @@ -141,7 +141,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.queries == [] # Check, rowcount must be 1 @@ -176,7 +176,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ["SELECT pg_create_physical_replication_slot('slot1', True)"] when: postgres_version_resp.stdout is version('9.6', '>=') @@ -223,7 +223,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == [] when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu' @@ -258,7 +258,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ["SELECT pg_create_logical_replication_slot('slot2', 'test_decoding')"] when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu' @@ -294,7 +294,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.queries == [] when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu' @@ -329,7 +329,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.queries == [] when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu' @@ -368,7 +368,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ["SELECT pg_create_logical_replication_slot('slot3', 'test_decoding')"] when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu' @@ -408,7 +408,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == [] when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu' @@ -443,7 +443,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ["SELECT pg_drop_replication_slot('slot2')"] when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu' @@ -479,7 +479,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.queries == [] when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu' @@ -514,7 +514,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.queries == [] when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu' @@ -553,7 +553,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == [] when: postgres_version_resp.stdout is version('9.6', '>=') @@ -588,7 +588,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ["SELECT pg_drop_replication_slot('slot1')"] when: postgres_version_resp.stdout is version('9.6', '>=') @@ -624,7 +624,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.queries == [] when: postgres_version_resp.stdout is version('9.6', '>=') @@ -659,7 +659,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.queries == [] when: postgres_version_resp.stdout is version('9.6', '>=') diff --git a/test/integration/targets/postgresql/tasks/postgresql_table.yml b/test/integration/targets/postgresql/tasks/postgresql_table.yml index 6a0bab20b3a..919c145a444 100644 --- a/test/integration/targets/postgresql/tasks/postgresql_table.yml +++ b/test/integration/targets/postgresql/tasks/postgresql_table.yml @@ -41,7 +41,7 @@ - assert: that: - - result.changed == true + - result is changed - result.table == 'test1' - result.queries == ['CREATE TABLE "test1" (id int)', 'ALTER TABLE "test1" OWNER TO "alice"'] - result.state == 'absent' @@ -77,7 +77,7 @@ - assert: that: - - result.changed == true + - result is changed - result.table == 'test1' - result.queries == ['CREATE TABLE "test1" (id int)', 'ALTER TABLE "test1" OWNER TO "alice"'] - result.state == 'present' @@ -134,7 +134,7 @@ - assert: that: - - result.changed == true + - result is changed - result.table == 'test2' - result.queries == ['CREATE TABLE "test2" (LIKE "test1")'] - result.state == 'absent' @@ -168,7 +168,7 @@ - assert: that: - - result.changed == true + - result is changed - result.table == 'test2' - result.queries == ['CREATE TABLE "test2" (LIKE "test1")'] - result.state == 'present' @@ -210,7 +210,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['DROP TABLE "test2"'] - result.state == 'present' - result.storage_params == [] @@ -246,7 +246,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['DROP TABLE "test2"'] - result.state == 'absent' @@ -280,7 +280,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['CREATE TABLE "test2" (LIKE "test1" INCLUDING indexes)'] - result.state == 'present' - result.storage_params == [] @@ -302,7 +302,7 @@ - assert: that: - - result.changed == false + - result is not changed # Drop the table to prepare for the next step: - name: postgresql_table - drop table @@ -330,7 +330,7 @@ - assert: that: - - result.changed == false + - result is not changed # # Change ownership @@ -365,7 +365,7 @@ - result.owner == 'alice' - result.queries == ['ALTER TABLE "test1" OWNER TO "test_user"'] - result.state == 'present' - - result.changed == true + - result is changed # Check that the tableowner was not changed to test_user - name: postgresql_table - check that table owner was not changed @@ -380,7 +380,7 @@ - assert: that: - - result.changed == 0 + - result is not changed # Try to change owner to test_user - name: postgresql_table - change table ownership to test_user @@ -399,7 +399,7 @@ - result.owner == 'test_user' - result.queries == ['ALTER TABLE "test1" OWNER TO "test_user"'] - result.state == 'present' - - result.changed == true + - result is changed # Check that the tableowner was changed to test_user - name: postgresql_table - check that table owner was changed @@ -439,7 +439,7 @@ - assert: that: - - result.changed == true + - result is changed - result.state == 'present' - result.queries == ['CREATE TABLE "test3" (id int,name text) WITH (fillfactor=10,autovacuum_analyze_threshold=1)'] - result.storage_params == [ "fillfactor=10", "autovacuum_analyze_threshold=1" ] @@ -486,7 +486,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['TRUNCATE TABLE "test3"'] - result.state == "present" @@ -520,7 +520,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['TRUNCATE TABLE "test3"'] - result.state == "present" @@ -560,7 +560,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['ALTER TABLE "test3" RENAME TO "test4"'] - result.state == "absent" @@ -593,7 +593,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['ALTER TABLE "test3" RENAME TO "test4"'] - result.state == "present" @@ -646,7 +646,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['CREATE UNLOGGED TABLE "test5" ()'] when: postgres_version_resp.stdout is version('9.1', '>=') @@ -679,7 +679,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['CREATE UNLOGGED TABLE "test5" ()'] when: postgres_version_resp.stdout is version('9.1', '>=') @@ -715,7 +715,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['DROP TABLE "test5" CASCADE'] when: postgres_version_resp.stdout is version('9.1', '>=') @@ -748,7 +748,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['CREATE TABLE "acme"."test_schema_table" ()'] - name: postgresql_table - check that table exists after the previous step @@ -774,7 +774,7 @@ - assert: that: - - result.changed == false + - result is not changed - name: postgresql_table - create a table in the default schema for the next test postgresql_table: @@ -785,7 +785,7 @@ - assert: that: - - result.changed == true + - result is changed - name: postgresql_table - drop the table from schema acme postgresql_table: @@ -797,7 +797,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['DROP TABLE "postgres"."acme"."test_schema_table"'] - name: postgresql_table - check that the table doesn't exist after the previous step @@ -824,7 +824,7 @@ - assert: that: - - result.changed == false + - result is not changed - name: postgresql_table - check that the table with the same name in schema public exists become_user: "{{ pg_user }}" @@ -850,5 +850,5 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ['ALTER TABLE "public"."test_schema_table" RENAME TO "new_test_schema_table"'] diff --git a/test/integration/targets/postgresql/tasks/postgresql_tablespace.yml b/test/integration/targets/postgresql/tasks/postgresql_tablespace.yml index 1f7d21a5cde..ea6e3366228 100644 --- a/test/integration/targets/postgresql/tasks/postgresql_tablespace.yml +++ b/test/integration/targets/postgresql/tasks/postgresql_tablespace.yml @@ -63,7 +63,7 @@ - assert: that: - - result.changed == true + - result is changed - result.owner == 'bob' - result.queries == ["CREATE TABLESPACE \"acme\" LOCATION '/ssd'", "ALTER TABLESPACE \"acme\" OWNER TO bob"] - result.state == 'present' @@ -85,7 +85,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.msg == "Tablespace 'acme' exists with different location '/ssd'" # Change tablespace owner @@ -102,7 +102,7 @@ - assert: that: - - result.changed == true + - result is changed - result.owner == 'alice' - result.queries == ["ALTER TABLESPACE \"acme\" OWNER TO alice"] - result.state == 'present' @@ -123,7 +123,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.owner == 'alice' - result.queries == [] - result.state == 'present' @@ -145,7 +145,7 @@ - assert: that: - - result.changed == true + - result is changed - result.owner == 'alice' - result.queries == ["ALTER TABLESPACE \"acme\" SET (seq_page_cost = '4')"] - result.state == 'present' @@ -168,7 +168,7 @@ - assert: that: - - result.changed == true + - result is changed - result.queries == ["ALTER TABLESPACE \"acme\" RESET (seq_page_cost)"] when: postgres_version_resp.stdout is version('9.0', '>=') @@ -187,7 +187,7 @@ - assert: that: - - result.changed == false + - result is not changed - result.queries == [] when: postgres_version_resp.stdout is version('9.0', '>=') @@ -205,7 +205,7 @@ - assert: that: - - result.changed == true + - result is changed - result.newname == 'foo' - result.queries == ["ALTER TABLESPACE \"acme\" RENAME TO foo"] @@ -223,7 +223,7 @@ - assert: that: - - result.changed == true + - result is changed - result.state == 'absent' - result.queries == ["DROP TABLESPACE \"foo\""] @@ -241,5 +241,5 @@ - assert: that: - - result.changed == false + - result is not changed - result.msg == "Tries to drop nonexistent tablespace 'foo'" diff --git a/test/integration/targets/postgresql/tasks/session_role.yml b/test/integration/targets/postgresql/tasks/session_role.yml index d75cfd801bd..6b17f522e84 100644 --- a/test/integration/targets/postgresql/tasks/session_role.yml +++ b/test/integration/targets/postgresql/tasks/session_role.yml @@ -1,20 +1,20 @@ - name: Check that becoming an non-existing user throws an error become_user: "{{ pg_user }}" - become: True + become: yes postgresql_db: state: present name: "{{ db_name }}" login_user: "{{ pg_user }}" session_role: "{{ db_session_role1 }}" register: result - ignore_errors: True + ignore_errors: yes - assert: that: - - 'result.failed == True' + - result is failed - name: Create a high privileged user - become: True + become: yes become_user: "{{ pg_user }}" postgresql_user: name: "{{ db_session_role1 }}" @@ -25,7 +25,7 @@ db: postgres - name: Create a low privileged user using the newly created user - become: True + become: yes become_user: "{{ pg_user }}" postgresql_user: name: "{{ db_session_role2 }}" @@ -38,7 +38,7 @@ - name: Create DB as session_role become_user: "{{ pg_user }}" - become: True + become: yes postgresql_db: state: present name: "{{ db_session_role1 }}" @@ -48,7 +48,7 @@ - name: Check that database created and is owned by correct user become_user: "{{ pg_user }}" - become: True + become: yes shell: echo "select rolname from pg_database join pg_roles on datdba = pg_roles.oid where datname = '{{ db_session_role1 }}';" | psql -AtXq postgres register: result @@ -58,22 +58,22 @@ - name: Fail when creating database as low privileged user become_user: "{{ pg_user }}" - become: True + become: yes postgresql_db: state: present name: "{{ db_session_role2 }}" login_user: "{{ pg_user }}" session_role: "{{ db_session_role2 }}" register: result - ignore_errors: True + ignore_errors: yes - assert: that: - - 'result.failed == True' + - result is failed - name: Create schema in own database become_user: "{{ pg_user }}" - become: True + become: yes postgresql_schema: database: "{{ db_session_role1 }}" login_user: "{{ pg_user }}" @@ -82,7 +82,7 @@ - name: Create schema in own database, should be owned by session_role become_user: "{{ pg_user }}" - become: True + become: yes postgresql_schema: database: "{{ db_session_role1 }}" login_user: "{{ pg_user }}" @@ -92,35 +92,35 @@ - assert: that: - - result.changed == False + - result is not changed - name: Fail when creating schema in postgres database as a regular user become_user: "{{ pg_user }}" - become: True + become: yes postgresql_schema: database: postgres login_user: "{{ pg_user }}" name: "{{ db_session_role1 }}" session_role: "{{ db_session_role1 }}" - ignore_errors: True + ignore_errors: yes register: result - assert: that: - - 'result.failed == True' + - result is failed # PostgreSQL introduced extensions in 9.1, some checks are still run against older versions, therefore we need to ensure # we only run these tests against supported PostgreSQL databases - name: Check that pg_extension exists (postgresql >= 9.1) become_user: "{{ pg_user }}" - become: True + become: yes shell: echo "select count(*) from pg_class where relname='pg_extension' and relkind='r'" | psql -AtXq postgres register: pg_extension - name: Remove plpgsql from testdb using postgresql_ext become_user: "{{ pg_user }}" - become: True + become: yes postgresql_ext: name: plpgsql db: "{{ db_session_role1 }}" @@ -131,26 +131,26 @@ - name: Fail when trying to create an extension as a mere mortal user become_user: "{{ pg_user }}" - become: True + become: yes postgresql_ext: name: plpgsql db: "{{ db_session_role1 }}" login_user: "{{ pg_user }}" session_role: "{{ db_session_role2 }}" - ignore_errors: True + ignore_errors: yes register: result when: "pg_extension.stdout_lines[-1] == '1'" - assert: that: - - 'result.failed == True' + - result is failed when: "pg_extension.stdout_lines[-1] == '1'" - name: Install extension as session_role become_user: "{{ pg_user }}" - become: True + become: yes postgresql_ext: name: plpgsql db: "{{ db_session_role1 }}" @@ -161,7 +161,7 @@ - name: Check that extension is created and is owned by session_role become_user: "{{ pg_user }}" - become: True + become: yes shell: echo "select rolname from pg_extension join pg_roles on extowner=pg_roles.oid where extname='plpgsql';" | psql -AtXq "{{ db_session_role1 }}" register: result when: @@ -175,7 +175,7 @@ - name: Remove plpgsql from testdb using postgresql_ext become_user: "{{ pg_user }}" - become: True + become: yes postgresql_ext: name: plpgsql db: "{{ db_session_role1 }}" @@ -188,12 +188,12 @@ - name: Create table to be able to grant privileges become_user: "{{ pg_user }}" - become: True + become: yes shell: echo "CREATE TABLE test(i int); CREATE TABLE test2(i int);" | psql -AtXq "{{ db_session_role1 }}" - name: Grant all privileges on test1 table to low privileged user become_user: "{{ pg_user }}" - become: True + become: yes postgresql_privs: db: "{{ db_session_role1 }}" type: table @@ -205,7 +205,7 @@ - name: Verify admin option was successful for grants become_user: "{{ pg_user }}" - become: True + become: yes postgresql_privs: db: "{{ db_session_role1 }}" type: table @@ -217,7 +217,7 @@ - name: Verify no grants can be granted for test2 table become_user: "{{ pg_user }}" - become: True + become: yes postgresql_privs: db: "{{ db_session_role1 }}" type: table @@ -226,23 +226,23 @@ login_user: "{{ pg_user }}" privs: update session_role: "{{ db_session_role2 }}" - ignore_errors: True + ignore_errors: yes register: result - assert: that: - - 'result.failed == True' + - result is failed - name: Drop test db become_user: "{{ pg_user }}" - become: True + become: yes postgresql_db: state: absent name: "{{ db_session_role1 }}" login_user: "{{ pg_user }}" - name: Drop test users - become: True + become: yes become_user: "{{ pg_user }}" postgresql_user: name: "{{ item }}" diff --git a/test/integration/targets/postgresql/tasks/state_dump_restore.yml b/test/integration/targets/postgresql/tasks/state_dump_restore.yml index 84db8cf3217..d4327d362f4 100644 --- a/test/integration/targets/postgresql/tasks/state_dump_restore.yml +++ b/test/integration/targets/postgresql/tasks/state_dump_restore.yml @@ -67,12 +67,12 @@ state: dump register: result become_user: "{{ pg_user }}" - become: True + become: yes - name: assert output message backup the database assert: that: - - "result.changed == true" + - result is changed - name: assert database was backed up successfully command: file {{ db_file_name }} @@ -108,10 +108,12 @@ state: restore register: result become_user: "{{ pg_user }}" - become: True + become: yes - name: assert output message restore the database - assert: { that: "result.changed == true" } + assert: + that: + - result is changed - name: select data from table employee command: '{{ user_str }} -c "{{ sql_select }}"' diff --git a/test/integration/targets/postgresql/tasks/test_no_password_change.yml b/test/integration/targets/postgresql/tasks/test_no_password_change.yml index 1f3d9d36819..c296c0ea779 100644 --- a/test/integration/targets/postgresql/tasks/test_no_password_change.yml +++ b/test/integration/targets/postgresql/tasks/test_no_password_change.yml @@ -1,7 +1,7 @@ - vars: task_parameters: &task_parameters become_user: "{{ pg_user }}" - become: True + become: yes register: result postgresql_parameters: ¶meters db: postgres @@ -52,7 +52,7 @@ - name: Check that ansible reports it modified the role assert: that: - - "result.changed" + - result is changed - name: "Check that the user doesn't have any attribute" <<: *task_parameters @@ -84,13 +84,13 @@ state: "present" role_attr_flags: "NOSUPERUSER,NOCREATEROLE,NOCREATEDB,noinherit,NOLOGIN{{ bypassrls_supported | ternary(',NOBYPASSRLS', '') }},INVALID" no_password_changes: '{{ no_password_changes }}' - ignore_errors: True + ignore_errors: yes - name: Check that ansible reports failure assert: that: - - "not result.changed" - - "result.failed" + - result is not changed + - result is failed - "result.msg == 'Invalid role_attr_flags specified: INVALID'" - name: Modify a single role attribute on a user @@ -104,7 +104,7 @@ - name: Check that ansible reports it modified the role assert: that: - - "result.changed" + - result is changed - name: Check the role attributes <<: *task_parameters @@ -142,7 +142,7 @@ - name: Check there isn't any update reported assert: that: - - "not result.changed" + - result is not changed - name: Cleanup the user <<: *task_parameters diff --git a/test/integration/targets/postgresql/tasks/test_password.yml b/test/integration/targets/postgresql/tasks/test_password.yml index 54661d93f10..be033a5569c 100644 --- a/test/integration/targets/postgresql/tasks/test_password.yml +++ b/test/integration/targets/postgresql/tasks/test_password.yml @@ -1,7 +1,7 @@ - vars: task_parameters: &task_parameters become_user: "{{ pg_user }}" - become: True + become: yes register: result postgresql_parameters: ¶meters db: postgres diff --git a/test/integration/targets/postgresql/tasks/test_target_role.yml b/test/integration/targets/postgresql/tasks/test_target_role.yml index 26d2f02f172..75b58ddfd81 100644 --- a/test/integration/targets/postgresql/tasks/test_target_role.yml +++ b/test/integration/targets/postgresql/tasks/test_target_role.yml @@ -40,7 +40,7 @@ # Checks - assert: - that: result.changed == true + that: result is changed - name: Check that default privileges are set become: yes @@ -68,7 +68,7 @@ # Checks - assert: - that: result.changed == true + that: result is changed # Cleanup - name: Remove user given permissions diff --git a/test/integration/targets/postgresql/tasks/unsorted.yml b/test/integration/targets/postgresql/tasks/unsorted.yml new file mode 100644 index 00000000000..f08d7a20745 --- /dev/null +++ b/test/integration/targets/postgresql/tasks/unsorted.yml @@ -0,0 +1,789 @@ +# +# Create and destroy db +# +- name: Create DB + become_user: "{{ pg_user }}" + become: yes + postgresql_db: + state: present + name: "{{ db_name }}" + login_user: "{{ pg_user }}" + register: result + +- name: assert that module reports the db was created + assert: + that: + - result is changed + - "result.db == db_name" + +- name: Check that database created + become_user: "{{ pg_user }}" + become: yes + shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres + register: result + +- assert: + that: + - "result.stdout_lines[-1] == '(1 row)'" + +- name: Run create on an already created db + become_user: "{{ pg_user }}" + become: yes + postgresql_db: + state: present + name: "{{ db_name }}" + login_user: "{{ pg_user }}" + register: result + +- name: assert that module reports the db was unchanged + assert: + that: + - result is not changed + +- name: Destroy DB + become_user: "{{ pg_user }}" + become: yes + postgresql_db: + state: absent + name: "{{ db_name }}" + login_user: "{{ pg_user }}" + register: result + +- name: assert that module reports the db was changed + assert: + that: + - result is changed + +- name: Check that database was destroyed + become_user: "{{ pg_user }}" + become: yes + shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres + register: result + +- assert: + that: + - "result.stdout_lines[-1] == '(0 rows)'" + +- name: Destroy DB + become_user: "{{ pg_user }}" + become: yes + postgresql_db: + state: absent + name: "{{ db_name }}" + login_user: "{{ pg_user }}" + register: result + +- name: assert that removing an alreaady removed db makes no change + assert: + that: + - result is not changed + + +# This corner case works to add but not to drop. This is sufficiently crazy +# that I'm not going to attempt to fix it unless someone lets me know that they +# need the functionality +# +# - postgresql_db: +# state: 'present' +# name: '"silly.""name"' +# - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql +# register: result +# +# - assert: +# that: "result.stdout_lines[-1] == '(1 row)'" +# - postgresql_db: +# state: absent +# name: '"silly.""name"' +# - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql +# register: result +# +# - assert: +# that: "result.stdout_lines[-1] == '(0 rows)'" + +# +# Test conn_limit, encoding, collate, ctype, template options +# +- name: Create a DB with conn_limit, encoding, collate, ctype, and template options + become_user: "{{ pg_user }}" + become: yes + postgresql_db: + name: '{{ db_name }}' + state: 'present' + conn_limit: '100' + encoding: 'LATIN1' + lc_collate: 'pt_BR{{ locale_latin_suffix }}' + lc_ctype: 'es_ES{{ locale_latin_suffix }}' + template: 'template0' + login_user: "{{ pg_user }}" + +- name: Check that the DB has all of our options + become_user: "{{ pg_user }}" + become: yes + shell: echo "select datname, datconnlimit, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres + register: result + +- assert: + that: + - "result.stdout_lines[-1] == '(1 row)'" + - "'LATIN1' in result.stdout_lines[-2]" + - "'pt_BR' in result.stdout_lines[-2]" + - "'es_ES' in result.stdout_lines[-2]" + - "'UTF8' not in result.stdout_lines[-2]" + - "'en_US' not in result.stdout_lines[-2]" + - "'100' in result.stdout_lines[-2]" + +- name: Check that running db cration with options a second time does nothing + become_user: "{{ pg_user }}" + become: yes + postgresql_db: + name: '{{ db_name }}' + state: 'present' + conn_limit: '100' + encoding: 'LATIN1' + lc_collate: 'pt_BR{{ locale_latin_suffix }}' + lc_ctype: 'es_ES{{ locale_latin_suffix }}' + template: 'template0' + login_user: "{{ pg_user }}" + register: result + +- assert: + that: + - result is not changed + + +- name: Check that attempting to change encoding returns an error + become_user: "{{ pg_user }}" + become: yes + postgresql_db: + name: '{{ db_name }}' + state: 'present' + encoding: 'UTF8' + lc_collate: 'pt_BR{{ locale_utf8_suffix }}' + lc_ctype: 'es_ES{{ locale_utf8_suffix }}' + template: 'template0' + login_user: "{{ pg_user }}" + register: result + ignore_errors: yes + +- assert: + that: + - result is failed + +- name: Check that changing the conn_limit actually works + become_user: "{{ pg_user }}" + become: yes + postgresql_db: + name: '{{ db_name }}' + state: 'present' + conn_limit: '200' + encoding: 'LATIN1' + lc_collate: 'pt_BR{{ locale_latin_suffix }}' + lc_ctype: 'es_ES{{ locale_latin_suffix }}' + template: 'template0' + login_user: "{{ pg_user }}" + register: result + +- assert: + that: + - result is changed + +- name: Check that conn_limit has actually been set / updated to 200 + become_user: "{{ pg_user }}" + become: yes + shell: echo "SELECT datconnlimit AS conn_limit FROM pg_database WHERE datname = '{{ db_name }}';" | psql -d postgres + register: result + +- assert: + that: + - "result.stdout_lines[-1] == '(1 row)'" + - "'200' == '{{ result.stdout_lines[-2] | trim }}'" + +- name: Cleanup test DB + become_user: "{{ pg_user }}" + become: yes + postgresql_db: + name: '{{ db_name }}' + state: 'absent' + login_user: "{{ pg_user }}" + +- shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres + become_user: "{{ pg_user }}" + become: yes + register: result + +- assert: + that: + - "result.stdout_lines[-1] == '(0 rows)'" + +# +# Create and destroy user, test 'password' and 'encrypted' parameters +# +# unencrypted values are not supported on newer versions +# do not run the encrypted: no tests if on 10+ +- set_fact: + encryption_values: + - 'yes' + +- set_fact: + encryption_values: '{{ encryption_values + ["no"]}}' + when: postgres_version_resp.stdout is version('10', '<=') + +- include_tasks: test_password.yml + vars: + encrypted: '{{ loop_item }}' + db_password1: 'secretù' # use UTF-8 + loop: '{{ encryption_values }}' + loop_control: + loop_var: loop_item + +# BYPASSRLS role attribute was introduced in PostgreSQL 9.5, so +# we want to test atrribute management differently depending +# on the version. +- set_fact: + bypassrls_supported: "{{ postgres_version_resp.stdout is version('9.5.0', '>=') }}" + +# test 'no_password_change' and 'role_attr_flags' parameters +- include_tasks: test_no_password_change.yml + vars: + no_password_changes: '{{ loop_item }}' + loop: + - 'yes' + - 'no' + loop_control: + loop_var: loop_item + +### TODO: fail_on_user + +# +# Test db ownership +# +- name: Create an unprivileged user to own a DB + become_user: "{{ pg_user }}" + become: yes + postgresql_user: + name: "{{ db_user1 }}" + encrypted: 'yes' + password: "md55c8ccfd9d6711fc69a7eae647fc54f51" + login_user: "{{ pg_user }}" + db: postgres + +- name: Create db with user ownership + become_user: "{{ pg_user }}" + become: yes + postgresql_db: + name: "{{ db_name }}" + state: "present" + owner: "{{ db_user1 }}" + login_user: "{{ pg_user }}" + +- name: Check that the user owns the newly created DB + become_user: "{{ pg_user }}" + become: yes + shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql -d postgres + register: result + +- assert: + that: + - "result.stdout_lines[-1] == '(1 row)'" + - "'{{ db_user1 }}' == '{{ result.stdout_lines[-2] | trim }}'" + +- name: Change the owner on an existing db + become_user: "{{ pg_user }}" + become: yes + postgresql_db: + name: "{{ db_name }}" + state: "present" + owner: "{{ pg_user }}" + login_user: "{{ pg_user }}" + register: result + +- name: assert that ansible says it changed the db + assert: + that: + - result is changed + +- name: Check that the user owns the newly created DB + become_user: "{{ pg_user }}" + become: yes + shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql -d postgres + register: result + +- assert: + that: + - "result.stdout_lines[-1] == '(1 row)'" + - "'{{ pg_user }}' == '{{ result.stdout_lines[-2] | trim }}'" + +- name: Cleanup db + become_user: "{{ pg_user }}" + become: yes + postgresql_db: + name: "{{ db_name }}" + state: "absent" + login_user: "{{ pg_user }}" + +- name: Check that database was destroyed + become_user: "{{ pg_user }}" + become: yes + shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres + register: result + +- assert: + that: + - "result.stdout_lines[-1] == '(0 rows)'" + +- name: Cleanup test user + become_user: "{{ pg_user }}" + become: yes + postgresql_user: + name: "{{ db_user1 }}" + state: 'absent' + login_user: "{{ pg_user }}" + db: postgres + +- name: Check that they were removed + become_user: "{{ pg_user }}" + become: yes + shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres + register: result + +- assert: + that: + - "result.stdout_lines[-1] == '(0 rows)'" + +# +# Test settings privileges +# +- name: Create db + become_user: "{{ pg_user }}" + become: yes + postgresql_db: + name: "{{ db_name }}" + state: "present" + login_user: "{{ pg_user }}" + +- name: Create some tables on the db + become_user: "{{ pg_user }}" + become: yes + shell: echo "create table test_table1 (field text);" | psql {{ db_name }} + +- become_user: "{{ pg_user }}" + become: yes + shell: echo "create table test_table2 (field text);" | psql {{ db_name }} + +- vars: + db_password: 'secretù' # use UTF-8 + block: + - name: Create a user with some permissions on the db + become_user: "{{ pg_user }}" + become: yes + postgresql_user: + name: "{{ db_user1 }}" + encrypted: 'yes' + password: "md5{{ (db_password ~ db_user1) | hash('md5')}}" + db: "{{ db_name }}" + priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP' + login_user: "{{ pg_user }}" + + - include_tasks: pg_authid_not_readable.yml + +- name: Check that the user has the requested permissions (table1) + become_user: "{{ pg_user }}" + become: yes + shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }} + register: result_table1 + +- name: Check that the user has the requested permissions (table2) + become_user: "{{ pg_user }}" + become: yes + shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }} + register: result_table2 + +- name: Check that the user has the requested permissions (database) + become_user: "{{ pg_user }}" + become: yes + shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }} + register: result_database + +- assert: + that: + - "result_table1.stdout_lines[-1] == '(7 rows)'" + - "'INSERT' in result_table1.stdout" + - "'SELECT' in result_table1.stdout" + - "'UPDATE' in result_table1.stdout" + - "'DELETE' in result_table1.stdout" + - "'TRUNCATE' in result_table1.stdout" + - "'REFERENCES' in result_table1.stdout" + - "'TRIGGER' in result_table1.stdout" + - "result_table2.stdout_lines[-1] == '(1 row)'" + - "'INSERT' == '{{ result_table2.stdout_lines[-2] | trim }}'" + - "result_database.stdout_lines[-1] == '(1 row)'" + - "'{{ db_user1 }}=CTc/{{ pg_user }}' in result_database.stdout_lines[-2]" + +- name: Add another permission for the user + become_user: "{{ pg_user }}" + become: yes + postgresql_user: + name: "{{ db_user1 }}" + encrypted: 'yes' + password: "md55c8ccfd9d6711fc69a7eae647fc54f51" + db: "{{ db_name }}" + priv: 'test_table2:select' + login_user: "{{ pg_user }}" + register: result + +- name: Check that ansible reports it changed the user + assert: + that: + - result is changed + +- name: Check that the user has the requested permissions (table2) + become_user: "{{ pg_user }}" + become: yes + shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }} + register: result_table2 + +- assert: + that: + - "result_table2.stdout_lines[-1] == '(2 rows)'" + - "'INSERT' in result_table2.stdout" + - "'SELECT' in result_table2.stdout" + + +# +# Test priv setting via postgresql_privs module +# (Depends on state from previous _user privs tests) +# + +- name: Revoke a privilege + become_user: "{{ pg_user }}" + become: yes + postgresql_privs: + type: "table" + state: "absent" + roles: "{{ db_user1 }}" + privs: "INSERT" + objs: "test_table2" + db: "{{ db_name }}" + login_user: "{{ pg_user }}" + register: result + +- name: Check that ansible reports it changed the user + assert: + that: + - result is changed + +- name: Check that the user has the requested permissions (table2) + become_user: "{{ pg_user }}" + become: yes + shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }} + register: result_table2 + +- assert: + that: + - "result_table2.stdout_lines[-1] == '(1 row)'" + - "'SELECT' == '{{ result_table2.stdout_lines[-2] | trim }}'" + +- name: Revoke many privileges on multiple tables + become_user: "{{ pg_user }}" + become: yes + postgresql_privs: + state: "absent" + roles: "{{ db_user1 }}" + privs: "INSERT,select,UPDATE,TRUNCATE,REFERENCES,TRIGGER,delete" + objs: "test_table2,test_table1" + db: "{{ db_name }}" + login_user: "{{ pg_user }}" + register: result + +- name: Check that ansible reports it changed the user + assert: + that: + - result is changed + +- name: Check that permissions were revoked (table1) + become_user: "{{ pg_user }}" + become: yes + shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }} + register: result_table1 + +- name: Check that permissions were revoked (table2) + become_user: "{{ pg_user }}" + become: yes + shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }} + register: result_table2 + +- assert: + that: + - "result_table1.stdout_lines[-1] == '(0 rows)'" + - "result_table2.stdout_lines[-1] == '(0 rows)'" + +- name: Revoke database privileges + become_user: "{{ pg_user }}" + become: yes + postgresql_privs: + type: "database" + state: "absent" + roles: "{{ db_user1 }}" + privs: "Create,connect,TEMP" + objs: "{{ db_name }}" + db: "{{ db_name }}" + login_user: "{{ pg_user }}" + +- name: Check that the user has the requested permissions (database) + become_user: "{{ pg_user }}" + become: yes + shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }} + register: result_database + +- assert: + that: + - "result_database.stdout_lines[-1] == '(1 row)'" + - "'{{ db_user1 }}' not in result_database.stdout" + +- name: Grant database privileges + become_user: "{{ pg_user }}" + become: yes + postgresql_privs: + type: "database" + state: "present" + roles: "{{ db_user1 }}" + privs: "CREATE,connect" + objs: "{{ db_name }}" + db: "{{ db_name }}" + login_user: "{{ pg_user }}" + register: result + +- name: Check that ansible reports it changed the user + assert: + that: + - result is changed + +- name: Check that the user has the requested permissions (database) + become_user: "{{ pg_user }}" + become: yes + shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }} + register: result_database + +- assert: + that: + - "result_database.stdout_lines[-1] == '(1 row)'" + - "'{{ db_user1 }}=Cc' in result_database.stdout" + +- name: Grant a single privilege on a table + become_user: "{{ pg_user }}" + become: yes + postgresql_privs: + state: "present" + roles: "{{ db_user1 }}" + privs: "INSERT" + objs: "test_table1" + db: "{{ db_name }}" + login_user: "{{ pg_user }}" + +- name: Check that permissions were added (table1) + become_user: "{{ pg_user }}" + become: yes + shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }} + register: result_table1 + +- assert: + that: + - "result_table1.stdout_lines[-1] == '(1 row)'" + - "'{{ result_table1.stdout_lines[-2] | trim }}' == 'INSERT'" + +- name: Grant many privileges on multiple tables + become_user: "{{ pg_user }}" + become: yes + postgresql_privs: + state: "present" + roles: "{{ db_user1 }}" + privs: 'INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,trigger' + objs: "test_table2,test_table1" + db: "{{ db_name }}" + login_user: "{{ pg_user }}" + +- name: Check that permissions were added (table1) + become_user: "{{ pg_user }}" + become: yes + shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }} + register: result_table1 + +- name: Check that permissions were added (table2) + become_user: "{{ pg_user }}" + become: yes + shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }} + register: result_table2 + +- assert: + that: + - "result_table1.stdout_lines[-1] == '(7 rows)'" + - "'INSERT' in result_table1.stdout" + - "'SELECT' in result_table1.stdout" + - "'UPDATE' in result_table1.stdout" + - "'DELETE' in result_table1.stdout" + - "'TRUNCATE' in result_table1.stdout" + - "'REFERENCES' in result_table1.stdout" + - "'TRIGGER' in result_table1.stdout" + - "result_table2.stdout_lines[-1] == '(7 rows)'" + - "'INSERT' in result_table2.stdout" + - "'SELECT' in result_table2.stdout" + - "'UPDATE' in result_table2.stdout" + - "'DELETE' in result_table2.stdout" + - "'TRUNCATE' in result_table2.stdout" + - "'REFERENCES' in result_table2.stdout" + - "'TRIGGER' in result_table2.stdout" + +# +# Cleanup +# +- name: Cleanup db + become_user: "{{ pg_user }}" + become: yes + postgresql_db: + name: "{{ db_name }}" + state: "absent" + login_user: "{{ pg_user }}" + +- name: Check that database was destroyed + become_user: "{{ pg_user }}" + become: yes + shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres + register: result + +- assert: + that: + - "result.stdout_lines[-1] == '(0 rows)'" + +- name: Cleanup test user + become_user: "{{ pg_user }}" + become: yes + postgresql_user: + name: "{{ db_user1 }}" + state: 'absent' + login_user: "{{ pg_user }}" + db: postgres + +- name: Check that they were removed + become_user: "{{ pg_user }}" + become: yes + shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres + register: result + +- assert: + that: + - "result.stdout_lines[-1] == '(0 rows)'" + +# +# Test login_user functionality +# +- name: Create a user to test login module parameters + become: yes + become_user: "{{ pg_user }}" + postgresql_user: + name: "{{ db_user1 }}" + state: "present" + encrypted: 'yes' + password: "password" + role_attr_flags: "CREATEDB,LOGIN,CREATEROLE" + login_user: "{{ pg_user }}" + db: postgres + +- name: Create db + postgresql_db: + name: "{{ db_name }}" + state: "present" + login_user: "{{ db_user1 }}" + login_password: "password" + login_host: "localhost" + +- name: Check that database created + become: yes + become_user: "{{ pg_user }}" + shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres + register: result + +- assert: + that: + - "result.stdout_lines[-1] == '(1 row)'" + +- name: Create a user + postgresql_user: + name: "{{ db_user2 }}" + state: "present" + encrypted: 'yes' + password: "md55c8ccfd9d6711fc69a7eae647fc54f51" + db: "{{ db_name }}" + login_user: "{{ db_user1 }}" + login_password: "password" + login_host: "localhost" + +- name: Check that it was created + become: yes + become_user: "{{ pg_user }}" + shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres + register: result + +- assert: + that: + - "result.stdout_lines[-1] == '(1 row)'" + +- name: Grant database privileges + postgresql_privs: + type: "database" + state: "present" + roles: "{{ db_user2 }}" + privs: "CREATE,connect" + objs: "{{ db_name }}" + db: "{{ db_name }}" + login: "{{ db_user1 }}" + password: "password" + host: "localhost" + +- name: Check that the user has the requested permissions (database) + become: yes + become_user: "{{ pg_user }}" + shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }} + register: result_database + +- assert: + that: + - "result_database.stdout_lines[-1] == '(1 row)'" + - "db_user2 ~ '=Cc' in result_database.stdout" + +- name: Remove user + postgresql_user: + name: "{{ db_user2 }}" + state: 'absent' + priv: "ALL" + db: "{{ db_name }}" + login_user: "{{ db_user1 }}" + login_password: "password" + login_host: "localhost" + +- name: Check that they were removed + become: yes + become_user: "{{ pg_user }}" + shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres + register: result + +- assert: + that: + - "result.stdout_lines[-1] == '(0 rows)'" + +- name: Destroy DB + postgresql_db: + state: absent + name: "{{ db_name }}" + login_user: "{{ db_user1 }}" + login_password: "password" + login_host: "localhost" + +- name: Check that database was destroyed + become: yes + become_user: "{{ pg_user }}" + shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres + register: result + +- assert: + that: + - "result.stdout_lines[-1] == '(0 rows)'" diff --git a/test/integration/targets/setup_postgresql_db/tasks/main.yml b/test/integration/targets/setup_postgresql_db/tasks/main.yml index 0fad4c44208..25b7b4bccda 100644 --- a/test/integration/targets/setup_postgresql_db/tasks/main.yml +++ b/test/integration/targets/setup_postgresql_db/tasks/main.yml @@ -29,7 +29,9 @@ ignore_errors: True - name: remove old db (RedHat or Suse) - command: rm -rf "{{ pg_dir }}" + file: + path: "{{ pg_dir }}" + state: absent ignore_errors: True when: ansible_os_family == "RedHat" or ansible_os_family == "Suse" @@ -37,18 +39,21 @@ file: path: "{{ pg_dir }}" state: absent - when: ansible_os_family == "FreeBSD" - -# Theoretically, pg_dropcluster should work but it doesn't so rm files -- name: remove old db config (debian) - command: rm -rf /etc/postgresql ignore_errors: True - when: ansible_os_family == "Debian" + when: ansible_os_family == "FreeBSD" -- name: remove old db files (debian) - command: rm -rf /var/lib/postgresql +# Theoretically, pg_dropcluster should work but it doesn't so remove files +- name: remove old db config and files (debian) + file: + path: '{{ loop_item }}' + state: absent ignore_errors: True when: ansible_os_family == "Debian" + loop: + - /etc/postgresql + - /var/lib/postgresql + loop_control: + loop_var: loop_item - name: install dependencies for postgresql test package: name={{ postgresql_package_item }} state=present @@ -175,3 +180,13 @@ - dummy--1.0--2.0.sql - dummy--2.0--3.0.sql when: ansible_os_family == 'Debian' + +- name: Get PostgreSQL version + become_user: "{{ pg_user }}" + become: yes + shell: "echo 'SHOW SERVER_VERSION' | psql --tuples-only --no-align --dbname postgres" + register: postgres_version_resp + +- name: Print PostgreSQL server version + debug: + msg: "{{ postgres_version_resp.stdout }}"