mirror of https://github.com/ansible/ansible.git
postgresql_user: fix bugs related to 'expires' option (#23862)
* Factorize tests related to no_password_change using an include task * Refactor: deduplicate tasks * postgresql_user: test 'expires' parameter * Change 'valid until' even it's the only updated field * value is changed when another value is provided * value isn't returned when unset * Remove unused variable * psycopg2.extras.DictRow is able to handle comparison * postgresql_user: simplify helper method * postgresql_user: define variable just before using it * Fix comparison between user input and applied configuration * new test: adding an invalid attribute * Refactor, add cleaning task * Check that using same attribute a 2nd time does nothing * Always try to remove created user * postgresql_user: fix pep8pull/25589/head
parent
301cbc1f5b
commit
460d932aa8
@ -1,90 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Create a user with all role attributes
|
|
||||||
become_user: "{{ pg_user }}"
|
|
||||||
become: True
|
|
||||||
postgresql_user:
|
|
||||||
name: "{{ db_user1 }}"
|
|
||||||
state: "present"
|
|
||||||
role_attr_flags: "SUPERUSER,CREATEROLE,CREATEDB,INHERIT,login,BYPASSRLS"
|
|
||||||
login_user: "{{ pg_user }}"
|
|
||||||
db: postgres
|
|
||||||
|
|
||||||
- name: Check that the user has the requested role attributes
|
|
||||||
become_user: "{{ pg_user }}"
|
|
||||||
become: True
|
|
||||||
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin, 'bypassrls:'||rolbypassrls from pg_roles where rolname='{{ db_user1 }}';" | psql -d postgres
|
|
||||||
register: result
|
|
||||||
|
|
||||||
- assert:
|
|
||||||
that:
|
|
||||||
- "result.stdout_lines[-1] == '(1 row)'"
|
|
||||||
- "'super:t' in result.stdout_lines[-2]"
|
|
||||||
- "'createrole:t' in result.stdout_lines[-2]"
|
|
||||||
- "'create:t' in result.stdout_lines[-2]"
|
|
||||||
- "'inherit:t' in result.stdout_lines[-2]"
|
|
||||||
- "'login:t' in result.stdout_lines[-2]"
|
|
||||||
- "'bypassrls:t' in result.stdout_lines[-2]"
|
|
||||||
|
|
||||||
- name: Modify a user to have no role attributes
|
|
||||||
become_user: "{{ pg_user }}"
|
|
||||||
become: True
|
|
||||||
postgresql_user:
|
|
||||||
name: "{{ db_user1 }}"
|
|
||||||
state: "present"
|
|
||||||
role_attr_flags: "NOSUPERUSER,NOCREATEROLE,NOCREATEDB,noinherit,NOLOGIN,NOBYPASSRLS"
|
|
||||||
login_user: "{{ pg_user }}"
|
|
||||||
db: postgres
|
|
||||||
register: result
|
|
||||||
|
|
||||||
- name: Check that ansible reports it modified the role
|
|
||||||
assert:
|
|
||||||
that:
|
|
||||||
- "result.changed == True"
|
|
||||||
|
|
||||||
- name: Check that the user has the requested role attributes
|
|
||||||
become_user: "{{ pg_user }}"
|
|
||||||
become: True
|
|
||||||
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin, 'bypassrls:'||rolbypassrls from pg_roles where rolname='{{ db_user1 }}';" | psql -d postgres
|
|
||||||
register: result
|
|
||||||
|
|
||||||
- assert:
|
|
||||||
that:
|
|
||||||
- "result.stdout_lines[-1] == '(1 row)'"
|
|
||||||
- "'super:f' in result.stdout_lines[-2]"
|
|
||||||
- "'createrole:f' in result.stdout_lines[-2]"
|
|
||||||
- "'create:f' in result.stdout_lines[-2]"
|
|
||||||
- "'inherit:f' in result.stdout_lines[-2]"
|
|
||||||
- "'login:f' in result.stdout_lines[-2]"
|
|
||||||
- "'bypassrls:f' in result.stdout_lines[-2]"
|
|
||||||
|
|
||||||
- name: Modify a single role attribute on a user
|
|
||||||
become_user: "{{ pg_user }}"
|
|
||||||
become: True
|
|
||||||
postgresql_user:
|
|
||||||
name: "{{ db_user1 }}"
|
|
||||||
state: "present"
|
|
||||||
role_attr_flags: "LOGIN"
|
|
||||||
login_user: "{{ pg_user }}"
|
|
||||||
db: postgres
|
|
||||||
register: result
|
|
||||||
|
|
||||||
- name: Check that ansible reports it modified the role
|
|
||||||
assert:
|
|
||||||
that:
|
|
||||||
- "result.changed == True"
|
|
||||||
|
|
||||||
- name: Check that the user has the requested role attributes
|
|
||||||
become_user: "{{ pg_user }}"
|
|
||||||
become: True
|
|
||||||
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin, 'bypassrls:'||rolbypassrls from pg_roles where rolname='{{ db_user1 }}';" | psql -d postgres
|
|
||||||
register: result
|
|
||||||
|
|
||||||
- assert:
|
|
||||||
that:
|
|
||||||
- "result.stdout_lines[-1] == '(1 row)'"
|
|
||||||
- "'super:f' in result.stdout_lines[-2]"
|
|
||||||
- "'createrole:f' in result.stdout_lines[-2]"
|
|
||||||
- "'create:f' in result.stdout_lines[-2]"
|
|
||||||
- "'inherit:f' in result.stdout_lines[-2]"
|
|
||||||
- "'login:t' in result.stdout_lines[-2]"
|
|
||||||
- "'bypassrls:f' in result.stdout_lines[-2]"
|
|
@ -1,87 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Create a user with all role attributes
|
|
||||||
become_user: "{{ pg_user }}"
|
|
||||||
become: True
|
|
||||||
postgresql_user:
|
|
||||||
name: "{{ db_user1 }}"
|
|
||||||
state: "present"
|
|
||||||
role_attr_flags: "SUPERUSER,CREATEROLE,CREATEDB,INHERIT,login"
|
|
||||||
login_user: "{{ pg_user }}"
|
|
||||||
db: postgres
|
|
||||||
|
|
||||||
- name: Check that the user has the requested role attributes
|
|
||||||
become_user: "{{ pg_user }}"
|
|
||||||
become: True
|
|
||||||
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql -d postgres
|
|
||||||
register: result
|
|
||||||
|
|
||||||
- assert:
|
|
||||||
that:
|
|
||||||
- "result.stdout_lines[-1] == '(1 row)'"
|
|
||||||
- "'super:t' in result.stdout_lines[-2]"
|
|
||||||
- "'createrole:t' in result.stdout_lines[-2]"
|
|
||||||
- "'create:t' in result.stdout_lines[-2]"
|
|
||||||
- "'inherit:t' in result.stdout_lines[-2]"
|
|
||||||
- "'login:t' in result.stdout_lines[-2]"
|
|
||||||
|
|
||||||
- name: Modify a user to have no role attributes
|
|
||||||
become_user: "{{ pg_user }}"
|
|
||||||
become: True
|
|
||||||
postgresql_user:
|
|
||||||
name: "{{ db_user1 }}"
|
|
||||||
state: "present"
|
|
||||||
role_attr_flags: "NOSUPERUSER,NOCREATEROLE,NOCREATEDB,noinherit,NOLOGIN"
|
|
||||||
login_user: "{{ pg_user }}"
|
|
||||||
db: postgres
|
|
||||||
register: result
|
|
||||||
|
|
||||||
- name: Check that ansible reports it modified the role
|
|
||||||
assert:
|
|
||||||
that:
|
|
||||||
- "result.changed == True"
|
|
||||||
|
|
||||||
- name: Check that the user has the requested role attributes
|
|
||||||
become_user: "{{ pg_user }}"
|
|
||||||
become: True
|
|
||||||
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql -d postgres
|
|
||||||
register: result
|
|
||||||
|
|
||||||
- assert:
|
|
||||||
that:
|
|
||||||
- "result.stdout_lines[-1] == '(1 row)'"
|
|
||||||
- "'super:f' in result.stdout_lines[-2]"
|
|
||||||
- "'createrole:f' in result.stdout_lines[-2]"
|
|
||||||
- "'create:f' in result.stdout_lines[-2]"
|
|
||||||
- "'inherit:f' in result.stdout_lines[-2]"
|
|
||||||
- "'login:f' in result.stdout_lines[-2]"
|
|
||||||
|
|
||||||
- name: Modify a single role attribute on a user
|
|
||||||
become_user: "{{ pg_user }}"
|
|
||||||
become: True
|
|
||||||
postgresql_user:
|
|
||||||
name: "{{ db_user1 }}"
|
|
||||||
state: "present"
|
|
||||||
role_attr_flags: "LOGIN"
|
|
||||||
login_user: "{{ pg_user }}"
|
|
||||||
db: postgres
|
|
||||||
register: result
|
|
||||||
|
|
||||||
- name: Check that ansible reports it modified the role
|
|
||||||
assert:
|
|
||||||
that:
|
|
||||||
- "result.changed == True"
|
|
||||||
|
|
||||||
- name: Check that the user has the requested role attributes
|
|
||||||
become_user: "{{ pg_user }}"
|
|
||||||
become: True
|
|
||||||
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql -d postgres
|
|
||||||
register: result
|
|
||||||
|
|
||||||
- assert:
|
|
||||||
that:
|
|
||||||
- "result.stdout_lines[-1] == '(1 row)'"
|
|
||||||
- "'super:f' in result.stdout_lines[-2]"
|
|
||||||
- "'createrole:f' in result.stdout_lines[-2]"
|
|
||||||
- "'create:f' in result.stdout_lines[-2]"
|
|
||||||
- "'inherit:f' in result.stdout_lines[-2]"
|
|
||||||
- "'login:t' in result.stdout_lines[-2]"
|
|
Loading…
Reference in New Issue