From 278c59b17e9ff781e61017ca6fdcc2b86288d146 Mon Sep 17 00:00:00 2001
From: Andrey Klychkov <aaklychkov@mail.ru>
Date: Mon, 24 Jun 2019 15:38:12 +0300
Subject: [PATCH] postgresql_privs: bugfix of 27327 - incorrect views handling
 (#58272)

---
 ...72_postgresql_privs-fix-views-handling.yml |   2 +
 .../database/postgresql/postgresql_privs.py   |   2 +-
 .../postgresql/tasks/postgresql_privs.yml     | 124 ++++++++++++++++++
 3 files changed, 127 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/fragments/58272_postgresql_privs-fix-views-handling.yml

diff --git a/changelogs/fragments/58272_postgresql_privs-fix-views-handling.yml b/changelogs/fragments/58272_postgresql_privs-fix-views-handling.yml
new file mode 100644
index 00000000000..662802562ce
--- /dev/null
+++ b/changelogs/fragments/58272_postgresql_privs-fix-views-handling.yml
@@ -0,0 +1,2 @@
+bugfixes:
+- postgresql_privs - Fix incorrect views handling (https://github.com/ansible/ansible/issues/27327).
diff --git a/lib/ansible/modules/database/postgresql/postgresql_privs.py b/lib/ansible/modules/database/postgresql/postgresql_privs.py
index 4bd321748d8..4d50f9844d6 100644
--- a/lib/ansible/modules/database/postgresql/postgresql_privs.py
+++ b/lib/ansible/modules/database/postgresql/postgresql_privs.py
@@ -541,7 +541,7 @@ class Connection(object):
         query = """SELECT relacl
                    FROM pg_catalog.pg_class c
                    JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace
-                   WHERE nspname = %s AND relkind in ('r','p') AND relname = ANY (%s)
+                   WHERE nspname = %s AND relkind in ('r','p','v','m') AND relname = ANY (%s)
                    ORDER BY relname"""
         self.cursor.execute(query, (schema, tables))
         return [t[0] for t in self.cursor.fetchall()]
diff --git a/test/integration/targets/postgresql/tasks/postgresql_privs.yml b/test/integration/targets/postgresql/tasks/postgresql_privs.yml
index a9a22c6a35d..588d747cea2 100644
--- a/test/integration/targets/postgresql/tasks/postgresql_privs.yml
+++ b/test/integration/targets/postgresql/tasks/postgresql_privs.yml
@@ -27,6 +27,130 @@
     db: "{{ db_name }}"
     login_user: "{{ pg_user }}"
 
+#############################
+# Test of solving bug 27327 #
+#############################
+
+# Create the test table and view:
+- name: Create table
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_table:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    name: test_table1
+    columns:
+    - id int
+
+- name: Create view
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_query:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    query: "CREATE VIEW test_view AS SELECT id FROM test_table1"
+
+# Test check_mode:
+- name: Grant SELECT on test_view, check_mode
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_privs:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    state: present
+    privs: SELECT
+    type: table
+    objs: test_view
+    roles: "{{ db_user2 }}"
+  check_mode: yes
+  register: result
+
+- assert:
+    that:
+    - result.changed == true
+
+# Check:
+- name: Check that nothing was changed after the prev step
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_query:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    query: "SELECT grantee FROM information_schema.role_table_grants WHERE table_name='test_view' AND grantee = '{{ db_user2 }}'"
+  register: result
+
+- assert:
+    that:
+    - result.rowcount == 0
+
+# Test true mode:
+- name: Grant SELECT on test_view
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_privs:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    state: present
+    privs: SELECT
+    type: table
+    objs: test_view
+    roles: "{{ db_user2 }}"
+  register: result
+
+- assert:
+    that:
+    - result.changed == true
+
+# Check:
+- name: Check that nothing was changed after the prev step
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_query:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    query: "SELECT grantee FROM information_schema.role_table_grants WHERE table_name='test_view' AND grantee = '{{ db_user2 }}'"
+  register: result
+
+- assert:
+    that:
+    - result.rowcount == 1
+
+# Test true mode:
+- name: Try to grant SELECT again
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_privs:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    state: present
+    privs: SELECT
+    type: table
+    objs: test_view
+    roles: "{{ db_user2 }}"
+  register: result
+
+- assert:
+    that:
+    - result.changed == false
+
+# Cleanup:
+- name: Drop test view
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_query:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    query: "DROP VIEW test_view"
+
+- name: Drop test table
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_table:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    name: test_table1
+    state: absent
+
 ######################################################
 # Test foreign data wrapper and foreign server privs #
 ######################################################