From 40f65a54ecb64f53eeccc716b95650aa426ed57b Mon Sep 17 00:00:00 2001 From: Andrey Klychkov Date: Tue, 2 Apr 2019 18:48:35 +0300 Subject: [PATCH] Postgresql privs reformat (#54717) * postgresql_privs: fix doc format, pgutils * postgresql_privs: added pgutils, ret value * postgresql_privs: fix test * postgresql_privs: fixes * postgresql_privs: fixes * postgresql_privs: fixed CI --- lib/ansible/module_utils/postgres.py | 4 +- .../database/postgresql/postgresql_db.py | 9 +- .../database/postgresql/postgresql_idx.py | 8 +- .../database/postgresql/postgresql_ping.py | 8 +- .../database/postgresql/postgresql_privs.py | 359 ++++++++++-------- .../database/postgresql/postgresql_query.py | 8 +- .../postgresql/tasks/postgresql_query.yml | 15 +- test/sanity/validate-modules/ignore.txt | 1 - 8 files changed, 241 insertions(+), 171 deletions(-) diff --git a/lib/ansible/module_utils/postgres.py b/lib/ansible/module_utils/postgres.py index 7b1356257ec..1066b5693fb 100644 --- a/lib/ansible/module_utils/postgres.py +++ b/lib/ansible/module_utils/postgres.py @@ -55,7 +55,7 @@ def postgres_common_argument_spec(): login_password=dict(default='', no_log=True), login_host=dict(default=''), login_unix_socket=dict(default=''), - port=dict(type='int', default=5432), - ssl_mode=dict(default='prefer', choices=['disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']), + port=dict(type='int', default=5432, aliases=['login_port']), + ssl_mode=dict(default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']), ca_cert=dict(aliases=['ssl_rootcert']), ) diff --git a/lib/ansible/modules/database/postgresql/postgresql_db.py b/lib/ansible/modules/database/postgresql/postgresql_db.py index 1b4e92d068c..9a529da86f8 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_db.py +++ b/lib/ansible/modules/database/postgresql/postgresql_db.py @@ -21,10 +21,17 @@ version_added: "0.6" options: name: description: - - name of the database to add or remove + - Name of the database to add or remove type: str required: true aliases: [ db ] + port: + description: + - Database port to connect (if needed) + type: int + default: 5432 + aliases: + - login_port owner: description: - Name of the role to set as owner of the database diff --git a/lib/ansible/modules/database/postgresql/postgresql_idx.py b/lib/ansible/modules/database/postgresql/postgresql_idx.py index e1d11611534..ebc48dc84db 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_idx.py +++ b/lib/ansible/modules/database/postgresql/postgresql_idx.py @@ -33,11 +33,15 @@ options: description: - Name of database where the index will be created/dropped. type: str + aliases: + - login_db port: description: - Database port to connect. type: int default: 5432 + aliases: + - login_port login_user: description: - User (role) used to authenticate with PostgreSQL. @@ -432,9 +436,7 @@ def main(): argument_spec = postgres_common_argument_spec() argument_spec.update( idxname=dict(type='str', required=True, aliases=['name']), - db=dict(type='str'), - ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']), - ca_cert=dict(type='str', aliases=['ssl_rootcert']), + db=dict(type='str', aliases=['login_db']), state=dict(type='str', default='present', choices=['absent', 'present']), concurrent=dict(type='bool', default=True), table=dict(type='str'), diff --git a/lib/ansible/modules/database/postgresql/postgresql_ping.py b/lib/ansible/modules/database/postgresql/postgresql_ping.py index 582b194b5a7..91e88e04392 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_ping.py +++ b/lib/ansible/modules/database/postgresql/postgresql_ping.py @@ -25,11 +25,15 @@ options: description: - Name of database to connect. type: str + aliases: + - login_db port: description: - Database port to connect. type: int default: 5432 + aliases: + - login_port login_user: description: - User (role) used to authenticate with PostgreSQL. @@ -171,9 +175,7 @@ class PgPing(object): def main(): argument_spec = postgres_common_argument_spec() argument_spec.update( - db=dict(type='str'), - ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']), - ca_cert=dict(type='str', aliases=['ssl_rootcert']), + db=dict(type='str', aliases=['login_db']), ) module = AnsibleModule( argument_spec=argument_spec, diff --git a/lib/ansible/modules/database/postgresql/postgresql_privs.py b/lib/ansible/modules/database/postgresql/postgresql_privs.py index c9b83270fc6..557511c241b 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_privs.py +++ b/lib/ansible/modules/database/postgresql/postgresql_privs.py @@ -11,160 +11,190 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['stableinterface'], 'supported_by': 'community'} -DOCUMENTATION = """ +DOCUMENTATION = r''' --- module: postgresql_privs -version_added: "1.2" -short_description: Grant or revoke privileges on PostgreSQL database objects. +version_added: '1.2' +short_description: Grant or revoke privileges on PostgreSQL database objects description: - - Grant or revoke privileges on PostgreSQL database objects. - - This module is basically a wrapper around most of the functionality of - PostgreSQL's GRANT and REVOKE statements with detection of changes - (GRANT/REVOKE I(privs) ON I(type) I(objs) TO/FROM I(roles)) +- Grant or revoke privileges on PostgreSQL database objects. +- This module is basically a wrapper around most of the functionality of + PostgreSQL's GRANT and REVOKE statements with detection of changes + (GRANT/REVOKE I(privs) ON I(type) I(objs) TO/FROM I(roles)). options: database: description: - - Name of database to connect to. - - 'Alias: I(db)' + - Name of database to connect to. required: yes + type: str + aliases: + - db + - login_db state: description: - - If C(present), the specified privileges are granted, if C(absent) they - are revoked. + - If C(present), the specified privileges are granted, if C(absent) they are revoked. + type: str default: present - choices: [present, absent] + choices: [ absent, present ] privs: description: - - Comma separated list of privileges to grant/revoke. - - 'Alias: I(priv)' + - Comma separated list of privileges to grant/revoke. + type: str + aliases: + - priv type: description: - - Type of database object to set privileges on. - - The `default_prives` choice is available starting at version 2.7. - - The 'foreign_data_wrapper' and 'foreign_server' object types are available from Ansible version '2.8'. + - Type of database object to set privileges on. + - The `default_prives` choice is available starting at version 2.7. + - The 'foreign_data_wrapper' and 'foreign_server' object types are available from Ansible version '2.8'. + type: str default: table - choices: [table, sequence, function, database, - schema, language, tablespace, group, - default_privs, foreign_data_wrapper, foreign_server] + choices: [ database, default_privs, foreign_data_wrapper, foreign_server, function, + group, language, table, tablespace, schema, sequence ] objs: description: - - Comma separated list of database objects to set privileges on. - - If I(type) is C(table), C(sequence) or C(function), the special value - C(ALL_IN_SCHEMA) can be provided instead to specify all database - objects of type I(type) in the schema specified via I(schema). (This - also works with PostgreSQL < 9.0.) (C(ALL_IN_SCHEMA) is available for - C(function) from version 2.8) - - If I(type) is C(database), this parameter can be omitted, in which case - privileges are set for the database specified via I(database). - - 'If I(type) is I(function), colons (":") in object names will be - replaced with commas (needed to specify function signatures, see - examples)' - - 'Alias: I(obj)' + - Comma separated list of database objects to set privileges on. + - If I(type) is C(table), C(sequence) or C(function), the special value + C(ALL_IN_SCHEMA) can be provided instead to specify all database + objects of type I(type) in the schema specified via I(schema). (This + also works with PostgreSQL < 9.0.) (C(ALL_IN_SCHEMA) is available for + C(function) from version 2.8) + - If I(type) is C(database), this parameter can be omitted, in which case + privileges are set for the database specified via I(database). + - 'If I(type) is I(function), colons (":") in object names will be + replaced with commas (needed to specify function signatures, see examples)' + type: str + aliases: + - obj schema: description: - - Schema that contains the database objects specified via I(objs). - - May only be provided if I(type) is C(table), C(sequence), C(function) - or C(default_privs). Defaults to C(public) in these cases. + - Schema that contains the database objects specified via I(objs). + - May only be provided if I(type) is C(table), C(sequence), C(function) + or C(default_privs). Defaults to C(public) in these cases. + type: str roles: description: - - Comma separated list of role (user/group) names to set permissions for. - - The special value C(PUBLIC) can be provided instead to set permissions - for the implicitly defined PUBLIC group. - - 'Alias: I(role)' + - Comma separated list of role (user/group) names to set permissions for. + - The special value C(PUBLIC) can be provided instead to set permissions + for the implicitly defined PUBLIC group. + type: str required: yes + aliases: + - role fail_on_role: - version_added: "2.8" + version_added: '2.8' description: - - If C(yes), fail when target role (for whom privs need to be granted) does not exist. - Otherwise just warn and continue. + - If C(yes), fail when target role (for whom privs need to be granted) does not exist. + Otherwise just warn and continue. default: yes type: bool session_role: - version_added: "2.8" - description: | - Switch to session_role after connecting. The specified session_role must be a role that the current login_user is a member of. - Permissions checking for SQL commands is carried out as though the session_role were the one that had logged in originally. + version_added: '2.8' + description: + - Switch to session_role after connecting. + - The specified session_role must be a role that the current login_user is a member of. + - Permissions checking for SQL commands is carried out as though the session_role were the one that had logged in originally. + type: str target_roles: description: - A list of existing role (user/group) names to set as the default permissions for database objects subsequently created by them. - Parameter I(target_roles) is only available with C(type=default_privs). + type: str version_added: '2.8' grant_option: description: - - Whether C(role) may grant/revoke the specified privileges/group - memberships to others. - - Set to C(no) to revoke GRANT OPTION, leave unspecified to - make no changes. - - I(grant_option) only has an effect if I(state) is C(present). - - 'Alias: I(admin_option)' + - Whether C(role) may grant/revoke the specified privileges/group memberships to others. + - Set to C(no) to revoke GRANT OPTION, leave unspecified to make no changes. + - I(grant_option) only has an effect if I(state) is C(present). type: bool + aliases: + - admin_option host: description: - - Database host address. If unspecified, connect via Unix socket. - - 'Alias: I(login_host)' + - Database host address. If unspecified, connect via Unix socket. + type: str + aliases: + - login_host port: description: - - Database port to connect to. + - Database port to connect to. + type: int default: 5432 + aliases: + - login_port unix_socket: description: - - Path to a Unix domain socket for local connections. - - 'Alias: I(login_unix_socket)' + - Path to a Unix domain socket for local connections. + type: str + aliases: + - login_unix_socket login: description: - - The username to authenticate with. - - 'Alias: I(login_user)' + - The username to authenticate with. + type: str default: postgres + aliases: + - login_user password: description: - - The password to authenticate with. - - 'Alias: I(login_password))' + - The password to authenticate with. + type: str + aliases: + - login_password ssl_mode: description: - - Determines whether or with what priority a secure SSL TCP/IP connection will be negotiated with the server. - - See https://www.postgresql.org/docs/current/static/libpq-ssl.html for more information on the modes. - - Default of C(prefer) matches libpq default. + - Determines whether or with what priority a secure SSL TCP/IP connection will be negotiated with the server. + - See https://www.postgresql.org/docs/current/static/libpq-ssl.html for more information on the modes. + - Default of C(prefer) matches libpq default. + type: str default: prefer - choices: [disable, allow, prefer, require, verify-ca, verify-full] + choices: [ allow, disable, prefer, require, verify-ca, verify-full ] version_added: '2.3' ca_cert: description: - - Specifies the name of a file containing SSL certificate authority (CA) certificate(s). If the file exists, the server's certificate will be - verified to be signed by one of these authorities. + - Specifies the name of a file containing SSL certificate authority (CA) certificate(s). + - If the file exists, the server's certificate will be verified to be signed by one of these authorities. version_added: '2.3' - aliases: [ ssl_rootcert ] + type: str + aliases: + - ssl_rootcert + notes: - - Default authentication assumes that postgresql_privs is run by the - C(postgres) user on the remote host. (Ansible's C(user) or C(sudo-user)). - - This module requires Python package I(psycopg2) to be installed on the - remote host. In the default case of the remote host also being the - PostgreSQL server, PostgreSQL has to be installed there as well, obviously. - For Debian/Ubuntu-based systems, install packages I(postgresql) and - I(python-psycopg2). - - Parameters that accept comma separated lists (I(privs), I(objs), I(roles)) - have singular alias names (I(priv), I(obj), I(role)). - - To revoke only C(GRANT OPTION) for a specific object, set I(state) to - C(present) and I(grant_option) to C(no) (see examples). - - Note that when revoking privileges from a role R, this role may still have - access via privileges granted to any role R is a member of including - C(PUBLIC). - - Note that when revoking privileges from a role R, you do so as the user - specified via I(login). If R has been granted the same privileges by - another user also, R can still access database objects via these privileges. - - When revoking privileges, C(RESTRICT) is assumed (see PostgreSQL docs). - - The ca_cert parameter requires at least Postgres version 8.4 and I(psycopg2) version 2.4.3. -requirements: [psycopg2] +- Default authentication assumes that postgresql_privs is run by the + C(postgres) user on the remote host. (Ansible's C(user) or C(sudo-user)). +- This module requires Python package I(psycopg2) to be installed on the + remote host. In the default case of the remote host also being the + PostgreSQL server, PostgreSQL has to be installed there as well, obviously. + For Debian/Ubuntu-based systems, install packages I(postgresql) and I(python-psycopg2). +- Parameters that accept comma separated lists (I(privs), I(objs), I(roles)) + have singular alias names (I(priv), I(obj), I(role)). +- To revoke only C(GRANT OPTION) for a specific object, set I(state) to + C(present) and I(grant_option) to C(no) (see examples). +- Note that when revoking privileges from a role R, this role may still have + access via privileges granted to any role R is a member of including C(PUBLIC). +- Note that when revoking privileges from a role R, you do so as the user + specified via I(login). If R has been granted the same privileges by + another user also, R can still access database objects via these privileges. +- When revoking privileges, C(RESTRICT) is assumed (see PostgreSQL docs). +- The ca_cert parameter requires at least Postgres version 8.4 and I(psycopg2) version 2.4.3. + +requirements: +- psycopg2 + extends_documentation_fragment: - - postgres -author: "Bernhard Weitzhofer (@b6d)" -""" +- postgres -EXAMPLES = """ +author: +- Bernhard Weitzhofer (@b6d) +''' + +EXAMPLES = r''' # On database "library": # GRANT SELECT, INSERT, UPDATE ON TABLE public.books, public.authors # TO librarian, reader WITH GRANT OPTION -- postgresql_privs: +- name: Grant privs to librarian and reader on database library + postgresql_privs: database: library state: present privs: SELECT,INSERT,UPDATE @@ -174,8 +204,8 @@ EXAMPLES = """ roles: librarian,reader grant_option: yes -# Same as above leveraging default values: -- postgresql_privs: +- name: Same as above leveraging default values + postgresql_privs: db: library privs: SELECT,INSERT,UPDATE objs: books,authors @@ -185,7 +215,8 @@ EXAMPLES = """ # REVOKE GRANT OPTION FOR INSERT ON TABLE books FROM reader # Note that role "reader" will be *granted* INSERT privilege itself if this # isn't already the case (since state: present). -- postgresql_privs: +- name: Revoke privs from reader + postgresql_privs: db: library state: present priv: INSERT @@ -193,26 +224,26 @@ EXAMPLES = """ role: reader grant_option: no -# REVOKE INSERT, UPDATE ON ALL TABLES IN SCHEMA public FROM reader # "public" is the default schema. This also works for PostgreSQL 8.x. -- postgresql_privs: +- name: REVOKE INSERT, UPDATE ON ALL TABLES IN SCHEMA public FROM reader + postgresql_privs: db: library state: absent privs: INSERT,UPDATE objs: ALL_IN_SCHEMA role: reader -# GRANT ALL PRIVILEGES ON SCHEMA public, math TO librarian -- postgresql_privs: +- name: GRANT ALL PRIVILEGES ON SCHEMA public, math TO librarian + postgresql_privs: db: library privs: ALL type: schema objs: public,math role: librarian -# GRANT ALL PRIVILEGES ON FUNCTION math.add(int, int) TO librarian, reader # Note the separation of arguments with colons. -- postgresql_privs: +- name: GRANT ALL PRIVILEGES ON FUNCTION math.add(int, int) TO librarian, reader + postgresql_privs: db: library privs: ALL type: function @@ -220,41 +251,41 @@ EXAMPLES = """ schema: math roles: librarian,reader -# GRANT librarian, reader TO alice, bob WITH ADMIN OPTION # Note that group role memberships apply cluster-wide and therefore are not # restricted to database "library" here. -- postgresql_privs: +- name: GRANT librarian, reader TO alice, bob WITH ADMIN OPTION + postgresql_privs: db: library type: group objs: librarian,reader roles: alice,bob admin_option: yes -# GRANT ALL PRIVILEGES ON DATABASE library TO librarian # Note that here "db: postgres" specifies the database to connect to, not the # database to grant privileges on (which is specified via the "objs" param) -- postgresql_privs: +- name: GRANT ALL PRIVILEGES ON DATABASE library TO librarian + postgresql_privs: db: postgres privs: ALL type: database obj: library role: librarian -# GRANT ALL PRIVILEGES ON DATABASE library TO librarian # If objs is omitted for type "database", it defaults to the database # to which the connection is established -- postgresql_privs: +- name: GRANT ALL PRIVILEGES ON DATABASE library TO librarian + postgresql_privs: db: library privs: ALL type: database role: librarian # Available since version 2.7 -# ALTER DEFAULT PRIVILEGES ON DATABASE library TO librarian # Objs must be set, ALL_DEFAULT to TABLES/SEQUENCES/TYPES/FUNCTIONS # ALL_DEFAULT works only with privs=ALL # For specific -- postgresql_privs: +- name: ALTER DEFAULT PRIVILEGES ON DATABASE library TO librarian + postgresql_privs: db: library objs: ALL_DEFAULT privs: ALL @@ -263,18 +294,19 @@ EXAMPLES = """ grant_option: yes # Available since version 2.7 -# ALTER DEFAULT PRIVILEGES ON DATABASE library TO reader # Objs must be set, ALL_DEFAULT to TABLES/SEQUENCES/TYPES/FUNCTIONS # ALL_DEFAULT works only with privs=ALL # For specific -- postgresql_privs: +- name: ALTER DEFAULT PRIVILEGES ON DATABASE library TO reader, step 1 + postgresql_privs: db: library objs: TABLES,SEQUENCES privs: SELECT type: default_privs role: reader -- postgresql_privs: +- name: ALTER DEFAULT PRIVILEGES ON DATABASE library TO reader, step 2 + postgresql_privs: db: library objs: TYPES privs: USAGE @@ -282,8 +314,8 @@ EXAMPLES = """ role: reader # Available since version 2.8 -# GRANT ALL PRIVILEGES ON FOREIGN DATA WRAPPER fdw TO reader -- postgresql_privs: +- name: GRANT ALL PRIVILEGES ON FOREIGN DATA WRAPPER fdw TO reader + postgresql_privs: db: test objs: fdw privs: ALL @@ -291,8 +323,8 @@ EXAMPLES = """ role: reader # Available since version 2.8 -# GRANT ALL PRIVILEGES ON FOREIGN SERVER fdw_server TO reader -- postgresql_privs: +- name: GRANT ALL PRIVILEGES ON FOREIGN SERVER fdw_server TO reader + postgresql_privs: db: test objs: fdw_server privs: ALL @@ -300,9 +332,9 @@ EXAMPLES = """ role: reader # Available since version 2.8 -# GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA common TO caller # Grant 'execute' permissions on all functions in schema 'common' to role 'caller' -- postgresql_privs: +- name: GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA common TO caller + postgresql_privs: type: function state: present privs: EXECUTE @@ -315,7 +347,8 @@ EXAMPLES = """ # GRANT SELECT privileges for new TABLES objects created by librarian as # default to the role reader. # For specific -- postgresql_privs: +- name: ALTER privs + postgresql_privs: db: library schema: library objs: TABLES @@ -329,7 +362,8 @@ EXAMPLES = """ # REVOKE SELECT privileges for new TABLES objects created by librarian as # default from the role reader. # For specific -- postgresql_privs: +- name: ALTER privs + postgresql_privs: db: library state: absent schema: library @@ -338,8 +372,16 @@ EXAMPLES = """ type: default_privs role: reader target_roles: librarian +''' -""" +RETURN = r''' +queries: + description: List of executed queries. + returned: always + type: list + sample: ['REVOKE GRANT OPTION FOR INSERT ON TABLE "books" FROM "reader";'] + version_added: '2.8' +''' import traceback @@ -354,6 +396,7 @@ except ImportError: # import module snippets from ansible.module_utils.basic import AnsibleModule, missing_required_lib from ansible.module_utils.database import pg_quote_identifier +from ansible.module_utils.postgres import postgres_common_argument_spec from ansible.module_utils._text import to_native VALID_PRIVS = frozenset(('SELECT', 'INSERT', 'UPDATE', 'DELETE', 'TRUNCATE', @@ -364,6 +407,8 @@ VALID_DEFAULT_OBJS = {'TABLES': ('ALL', 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'FUNCTIONS': ('ALL', 'EXECUTE'), 'TYPES': ('ALL', 'USAGE')} +executed_queries = [] + class Error(Exception): pass @@ -695,6 +740,7 @@ class Connection(object): .for_objs(objs) \ .build() + executed_queries.append(query) self.cursor.execute(query) status_after = get_status(objs) return status_before != status_after @@ -826,41 +872,40 @@ class QueryBuilder(object): def main(): + argument_spec = postgres_common_argument_spec() + argument_spec.update( + database=dict(required=True, aliases=['db', 'login_db']), + state=dict(default='present', choices=['present', 'absent']), + privs=dict(required=False, aliases=['priv']), + type=dict(default='table', + choices=['table', + 'sequence', + 'function', + 'database', + 'schema', + 'language', + 'tablespace', + 'group', + 'default_privs', + 'foreign_data_wrapper', + 'foreign_server']), + objs=dict(required=False, aliases=['obj']), + schema=dict(required=False), + roles=dict(required=True, aliases=['role']), + session_role=dict(required=False), + target_roles=dict(required=False), + grant_option=dict(required=False, type='bool', + aliases=['admin_option']), + host=dict(default='', aliases=['login_host']), + unix_socket=dict(default='', aliases=['login_unix_socket']), + login=dict(default='postgres', aliases=['login_user']), + password=dict(default='', aliases=['login_password'], no_log=True), + fail_on_role=dict(type='bool', default=True), + ) + module = AnsibleModule( - argument_spec=dict( - database=dict(required=True, aliases=['db']), - state=dict(default='present', choices=['present', 'absent']), - privs=dict(required=False, aliases=['priv']), - type=dict(default='table', - choices=['table', - 'sequence', - 'function', - 'database', - 'schema', - 'language', - 'tablespace', - 'group', - 'default_privs', - 'foreign_data_wrapper', - 'foreign_server']), - objs=dict(required=False, aliases=['obj']), - schema=dict(required=False), - roles=dict(required=True, aliases=['role']), - session_role=dict(required=False), - target_roles=dict(required=False), - grant_option=dict(required=False, type='bool', - aliases=['admin_option']), - host=dict(default='', aliases=['login_host']), - port=dict(type='int', default=5432), - unix_socket=dict(default='', aliases=['login_unix_socket']), - login=dict(default='postgres', aliases=['login_user']), - password=dict(default='', aliases=['login_password'], no_log=True), - ssl_mode=dict(default="prefer", - choices=['disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']), - ca_cert=dict(default=None, aliases=['ssl_rootcert']), - fail_on_role=dict(type='bool', default=True), - ), - supports_check_mode=True + argument_spec=argument_spec, + supports_check_mode=True, ) fail_on_role = module.params['fail_on_role'] @@ -997,7 +1042,7 @@ def main(): conn.rollback() else: conn.commit() - module.exit_json(changed=changed) + module.exit_json(changed=changed, queries=executed_queries) if __name__ == '__main__': diff --git a/lib/ansible/modules/database/postgresql/postgresql_query.py b/lib/ansible/modules/database/postgresql/postgresql_query.py index 8c0ac3dd653..aa5bab7b588 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_query.py +++ b/lib/ansible/modules/database/postgresql/postgresql_query.py @@ -54,11 +54,15 @@ options: description: - Name of database to connect to and run queries against. type: str + aliases: + - login_db port: description: - Database port to connect. type: int default: 5432 + aliases: + - login_port login_user: description: - User (role) used to authenticate with PostgreSQL. @@ -219,9 +223,7 @@ def main(): argument_spec = postgres_common_argument_spec() argument_spec.update( query=dict(type='str'), - db=dict(type='str'), - ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']), - ca_cert=dict(type='str', aliases=['ssl_rootcert']), + db=dict(type='str', aliases=['login_db']), positional_args=dict(type='list'), named_args=dict(type='dict'), session_role=dict(type='str'), diff --git a/test/integration/targets/postgresql/tasks/postgresql_query.yml b/test/integration/targets/postgresql/tasks/postgresql_query.yml index 5a8cb82f68a..88a04e87471 100644 --- a/test/integration/targets/postgresql/tasks/postgresql_query.yml +++ b/test/integration/targets/postgresql/tasks/postgresql_query.yml @@ -23,13 +23,23 @@ # Prepare SQL script: - name: postgresql_query - remove SQL script if exists - become_user: "{{ pg_user }}" become: yes file: path: '~{{ pg_user}}/test.sql' state: absent ignore_errors: yes +- name: postgresql_query - create an empty file to check permission + become: yes + file: + path: '~{{ pg_user}}/test.sql' + state: touch + owner: '{{ pg_user }}' + group: '{{ pg_user }}' + mode: 0644 + register: sql_file_created + ignore_errors: yes + - name: postgresql_query - prepare SQL script become_user: "{{ pg_user }}" become: yes @@ -39,6 +49,7 @@ - SELECT version(); - SELECT story FROM test_table - WHERE id = %s; + when: sql_file_created ############## # Start tests: @@ -75,6 +86,7 @@ - 1 register: result ignore_errors: yes + when: sql_file_created - assert: that: @@ -83,6 +95,7 @@ - result.rowcount == 1 - result.statusmessage == 'SELECT 1' or result.statusmessage == 'SELECT' - result.query_result[0].story == 'first' + when: sql_file_created # Simple select query: - name: postgresql_query - simple select query to test_table diff --git a/test/sanity/validate-modules/ignore.txt b/test/sanity/validate-modules/ignore.txt index c5bf3ddf9bd..451f09bfd4c 100644 --- a/test/sanity/validate-modules/ignore.txt +++ b/test/sanity/validate-modules/ignore.txt @@ -337,7 +337,6 @@ lib/ansible/modules/database/postgresql/postgresql_db.py E210 lib/ansible/modules/database/postgresql/postgresql_ext.py E322 lib/ansible/modules/database/postgresql/postgresql_ext.py E324 lib/ansible/modules/database/postgresql/postgresql_lang.py E324 -lib/ansible/modules/database/postgresql/postgresql_privs.py E322 lib/ansible/modules/database/postgresql/postgresql_schema.py E322 lib/ansible/modules/database/postgresql/postgresql_schema.py E324 lib/ansible/modules/database/postgresql/postgresql_user.py E322