postgresql: move CI test to separate targets (#62855)

5 years ago · 5b1c047a56
parent 992b81e8fc
commit 5b1c047a56
31 changed files with 938 additions and 875 deletions
--- a/test/integration/targets/postgresql_db/aliases
+++ b/test/integration/targets/postgresql_db/aliases
@ -0,0 +1,4 @@
+destructive
+shippable/posix/group4
+postgresql_db
+skip/osx
--- a/test/integration/targets/postgresql_db/defaults/main.yml
+++ b/test/integration/targets/postgresql_db/defaults/main.yml
@ -0,0 +1,3 @@
+db_name: 'ansible_db'
+db_user1: 'ansible_db_user1'
+tmp_dir: '/tmp'
--- a/test/integration/targets/postgresql_db_user_privs/meta/main.yml
+++ b/test/integration/targets/postgresql_db_user_privs/meta/main.yml
--- a/test/integration/targets/postgresql_db/tasks/main.yml
+++ b/test/integration/targets/postgresql_db/tasks/main.yml
@ -0,0 +1,28 @@
+# Initial tests of postgresql_db module:
+- import_tasks: postgresql_db_initial.yml
+
+# General tests:
+- import_tasks: postgresql_db_general.yml
+
+# Dump/restore tests per format:
+- include_tasks: state_dump_restore.yml
+  vars:
+    test_fixture: user
+    file: '{{ loop_item }}'
+  loop:
+  - dbdata.sql
+  - dbdata.sql.gz
+  - dbdata.sql.bz2
+  - dbdata.sql.xz
+  - dbdata.tar
+  - dbdata.tar.gz
+  - dbdata.tar.bz2
+  - dbdata.tar.xz
+  loop_control:
+    loop_var: loop_item
+
+# Dump/restore tests per other logins:
+- import_tasks: state_dump_restore.yml
+  vars:
+    file: dbdata.tar
+    test_fixture: admin
--- a/test/integration/targets/postgresql_db_user_privs/tasks/postgresql_db.yml
+++ b/test/integration/targets/postgresql_db_user_privs/tasks/postgresql_db.yml
--- a/test/integration/targets/postgresql_db/tasks/postgresql_db_initial.yml
+++ b/test/integration/targets/postgresql_db/tasks/postgresql_db_initial.yml
@ -0,0 +1,312 @@
+#
+# Create and destroy db
+#
+- name: Create DB
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_db:
+    state: present
+    name: "{{ db_name }}"
+    login_user: "{{ pg_user }}"
+  register: result
+
+- name: assert that module reports the db was created
+  assert:
+    that:
+       - result is changed
+       - "result.db == db_name"
+
+- name: Check that database created
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(1 row)'"
+
+- name: Run create on an already created db
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_db:
+    state: present
+    name: "{{ db_name }}"
+    login_user: "{{ pg_user }}"
+  register: result
+
+- name: assert that module reports the db was unchanged
+  assert:
+    that:
+       - result is not changed
+
+- name: Destroy DB
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_db:
+    state: absent
+    name: "{{ db_name }}"
+    login_user: "{{ pg_user }}"
+  register: result
+
+- name: assert that module reports the db was changed
+  assert:
+    that:
+       - result is changed
+
+- name: Check that database was destroyed
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(0 rows)'"
+
+- name: Destroy DB
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_db:
+    state: absent
+    name: "{{ db_name }}"
+    login_user: "{{ pg_user }}"
+  register: result
+
+- name: assert that removing an already removed db makes no change
+  assert:
+    that:
+       - result is not changed
+
+
+# This corner case works to add but not to drop.  This is sufficiently crazy
+# that I'm not going to attempt to fix it unless someone lets me know that they
+# need the functionality
+#
+#    - postgresql_db:
+#        state: 'present'
+#        name: '"silly.""name"'
+#    - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql
+#      register: result
+#
+#    - assert:
+#        that: "result.stdout_lines[-1] == '(1 row)'"
+#    - postgresql_db:
+#        state: absent
+#        name: '"silly.""name"'
+#    - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql
+#      register: result
+#
+#    - assert:
+#        that: "result.stdout_lines[-1] == '(0 rows)'"
+
+#
+# Test conn_limit, encoding, collate, ctype, template options
+#
+- name: Create a DB with conn_limit, encoding, collate, ctype, and template options
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_db:
+    name: '{{ db_name }}'
+    state: 'present'
+    conn_limit: '100'
+    encoding: 'LATIN1'
+    lc_collate: 'pt_BR{{ locale_latin_suffix }}'
+    lc_ctype: 'es_ES{{ locale_latin_suffix }}'
+    template: 'template0'
+    login_user: "{{ pg_user }}"
+
+- name: Check that the DB has all of our options
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select datname, datconnlimit, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(1 row)'"
+      - "'LATIN1' in result.stdout_lines[-2]"
+      - "'pt_BR' in result.stdout_lines[-2]"
+      - "'es_ES' in result.stdout_lines[-2]"
+      - "'UTF8' not in result.stdout_lines[-2]"
+      - "'en_US' not in result.stdout_lines[-2]"
+      - "'100' in result.stdout_lines[-2]"
+
+- name: Check that running db creation with options a second time does nothing
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_db:
+    name: '{{ db_name }}'
+    state: 'present'
+    conn_limit: '100'
+    encoding: 'LATIN1'
+    lc_collate: 'pt_BR{{ locale_latin_suffix }}'
+    lc_ctype: 'es_ES{{ locale_latin_suffix }}'
+    template: 'template0'
+    login_user: "{{ pg_user }}"
+  register: result
+
+- assert:
+    that:
+      - result is not changed
+
+
+- name: Check that attempting to change encoding returns an error
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_db:
+    name: '{{ db_name }}'
+    state: 'present'
+    encoding: 'UTF8'
+    lc_collate: 'pt_BR{{ locale_utf8_suffix }}'
+    lc_ctype: 'es_ES{{ locale_utf8_suffix }}'
+    template: 'template0'
+    login_user: "{{ pg_user }}"
+  register: result
+  ignore_errors: yes
+
+- assert:
+    that:
+      - result is failed
+
+- name: Check that changing the conn_limit actually works
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_db:
+    name: '{{ db_name }}'
+    state: 'present'
+    conn_limit: '200'
+    encoding: 'LATIN1'
+    lc_collate: 'pt_BR{{ locale_latin_suffix }}'
+    lc_ctype: 'es_ES{{ locale_latin_suffix }}'
+    template: 'template0'
+    login_user: "{{ pg_user }}"
+  register: result
+
+- assert:
+    that:
+      - result is changed
+
+- name: Check that conn_limit has actually been set / updated to 200
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "SELECT datconnlimit AS conn_limit FROM pg_database WHERE datname = '{{ db_name }}';" | psql -d postgres
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(1 row)'"
+      - "'200' == '{{ result.stdout_lines[-2] | trim }}'"
+
+- name: Cleanup test DB
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_db:
+    name: '{{ db_name }}'
+    state: 'absent'
+    login_user: "{{ pg_user }}"
+
+- shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres
+  become_user: "{{ pg_user }}"
+  become: yes
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(0 rows)'"
+
+#
+# Test db ownership
+#
+- name: Create an unprivileged user to own a DB
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    encrypted: 'yes'
+    password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
+    login_user: "{{ pg_user }}"
+    db: postgres
+
+- name: Create db with user ownership
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_db:
+    name: "{{ db_name }}"
+    state: "present"
+    owner: "{{ db_user1 }}"
+    login_user: "{{ pg_user }}"
+
+- name: Check that the user owns the newly created DB
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql -d postgres
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(1 row)'"
+      - "'{{ db_user1 }}' == '{{ result.stdout_lines[-2] | trim }}'"
+
+- name: Change the owner on an existing db
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_db:
+    name: "{{ db_name }}"
+    state: "present"
+    owner: "{{ pg_user }}"
+    login_user: "{{ pg_user }}"
+  register: result
+
+- name: assert that ansible says it changed the db
+  assert:
+    that:
+      - result is changed
+
+- name: Check that the user owns the newly created DB
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql -d postgres
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(1 row)'"
+      - "'{{ pg_user }}' == '{{ result.stdout_lines[-2] | trim }}'"
+
+- name: Cleanup db
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_db:
+    name: "{{ db_name }}"
+    state: "absent"
+    login_user: "{{ pg_user }}"
+
+- name: Check that database was destroyed
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(0 rows)'"
+
+- name: Cleanup test user
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    state: 'absent'
+    login_user: "{{ pg_user }}"
+    db: postgres
+
+- name: Check that they were removed
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(0 rows)'"
--- a/test/integration/targets/postgresql_db_user_privs/tasks/state_dump_restore.yml
+++ b/test/integration/targets/postgresql_db_user_privs/tasks/state_dump_restore.yml
@ -18,6 +18,19 @@
 # along with Ansible.  If not, see <http://www.gnu.org/licenses/>.

 # ============================================================
+
+- name: Create a test user
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    state: "present"
+    encrypted: 'yes'
+    password: "password"
+    role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
+    login_user: "{{ pg_user }}"
+    db: postgres
+
 - set_fact: db_file_name="{{tmp_dir}}/{{file}}"

 - set_fact:
@ -138,3 +151,12 @@

 - name: remove file name
  file: name={{ db_file_name }}  state=absent
+
+- name: Remove the test user
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    state: "absent"
+    login_user: "{{ pg_user }}"
+    db: postgres
--- a/test/integration/targets/postgresql_db_user_privs/defaults/main.yml
+++ b/test/integration/targets/postgresql_db_user_privs/defaults/main.yml
@ -1,34 +0,0 @@
---
-# defaults file for test_postgresql_db
-db_name: 'ansible_db'
-db_user1: 'ansible_db_user1'
-db_user2: 'ansible_db_user2'
-db_user3: 'ansible_db_user3'
-db_default: 'postgres'
-
-tmp_dir: '/tmp'
-db_session_role1: 'session_role1'
-db_session_role2: 'session_role2'
-
-pg_hba_test_ips:
- contype: local
-  users: 'all,postgres,test'
- source: '0000:ffff::'
-  netmask: 'ffff:fff0::'
- source: '192.168.0.0/24'
-  netmask: ''
-  databases: 'all,replication'
- source: '192.168.1.0/24'
-  netmask: ''
-  databases: 'all'
-  method: reject
- source: '127.0.0.1/32'
-  netmask: ''
- source: '::1/128'
-  netmask: ''
- source: '0000:ff00::'
-  netmask: 'ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00'
-  method: scram-sha-256
- source: '172.16.0.0'
-  netmask: '255.255.0.0'
-  method: trust
--- a/test/integration/targets/postgresql_db_user_privs/tasks/main.yml
+++ b/test/integration/targets/postgresql_db_user_privs/tasks/main.yml
@ -1,47 +0,0 @@
-# Unsorted tests that were moved from here to unsorted.yml
- import_tasks: unsorted.yml
-
- include_tasks: '{{ loop_item }}'
-  loop:
-  # Test postgresql_user module
-  - postgresql_user.yml
-
-  # Verify different session_role scenarios
-  - session_role.yml
-
-  # Test postgresql_db module, specific options
-  - postgresql_db.yml
-
-  # Test postgresql_privs
-  - postgresql_privs.yml
-  loop_control:
-    loop_var: loop_item
-
-# Test default_privs with target_role
- import_tasks: test_target_role.yml
-  when: postgres_version_resp.stdout is version('9.1', '>=')
-
-# dump/restore tests per format
-# ============================================================
- include_tasks: state_dump_restore.yml
-  vars:
-    test_fixture: user
-    file: '{{ loop_item }}'
-  loop:
-  - dbdata.sql
-  - dbdata.sql.gz
-  - dbdata.sql.bz2
-  - dbdata.sql.xz
-  - dbdata.tar
-  - dbdata.tar.gz
-  - dbdata.tar.bz2
-  - dbdata.tar.xz
-  loop_control:
-    loop_var: loop_item
-
-# dump/restore tests per other logins
-# ============================================================
- import_tasks: state_dump_restore.yml
-  vars:
-    file: dbdata.tar
-    test_fixture: admin
--- a/test/integration/targets/postgresql_db_user_privs/tasks/unsorted.yml
+++ b/test/integration/targets/postgresql_db_user_privs/tasks/unsorted.yml
@ -1,789 +0,0 @@
-#
-# Create and destroy db
-#
- name: Create DB
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_db:
-    state: present
-    name: "{{ db_name }}"
-    login_user: "{{ pg_user }}"
-  register: result
-
- name: assert that module reports the db was created
-  assert:
-    that:
-       - result is changed
-       - "result.db == db_name"
-
- name: Check that database created
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
-  register: result
-
- assert:
-    that:
-      - "result.stdout_lines[-1] == '(1 row)'"
-
- name: Run create on an already created db
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_db:
-    state: present
-    name: "{{ db_name }}"
-    login_user: "{{ pg_user }}"
-  register: result
-
- name: assert that module reports the db was unchanged
-  assert:
-    that:
-       - result is not changed
-
- name: Destroy DB
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_db:
-    state: absent
-    name: "{{ db_name }}"
-    login_user: "{{ pg_user }}"
-  register: result
-
- name: assert that module reports the db was changed
-  assert:
-    that:
-       - result is changed
-
- name: Check that database was destroyed
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
-  register: result
-
- assert:
-    that:
-      - "result.stdout_lines[-1] == '(0 rows)'"
-
- name: Destroy DB
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_db:
-    state: absent
-    name: "{{ db_name }}"
-    login_user: "{{ pg_user }}"
-  register: result
-
- name: assert that removing an already removed db makes no change
-  assert:
-    that:
-       - result is not changed
-
-
-# This corner case works to add but not to drop.  This is sufficiently crazy
-# that I'm not going to attempt to fix it unless someone lets me know that they
-# need the functionality
-#
-#    - postgresql_db:
-#        state: 'present'
-#        name: '"silly.""name"'
-#    - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql
-#      register: result
-#
-#    - assert:
-#        that: "result.stdout_lines[-1] == '(1 row)'"
-#    - postgresql_db:
-#        state: absent
-#        name: '"silly.""name"'
-#    - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql
-#      register: result
-#
-#    - assert:
-#        that: "result.stdout_lines[-1] == '(0 rows)'"
-
-#
-# Test conn_limit, encoding, collate, ctype, template options
-#
- name: Create a DB with conn_limit, encoding, collate, ctype, and template options
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_db:
-    name: '{{ db_name }}'
-    state: 'present'
-    conn_limit: '100'
-    encoding: 'LATIN1'
-    lc_collate: 'pt_BR{{ locale_latin_suffix }}'
-    lc_ctype: 'es_ES{{ locale_latin_suffix }}'
-    template: 'template0'
-    login_user: "{{ pg_user }}"
-
- name: Check that the DB has all of our options
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select datname, datconnlimit, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres
-  register: result
-
- assert:
-    that:
-      - "result.stdout_lines[-1] == '(1 row)'"
-      - "'LATIN1' in result.stdout_lines[-2]"
-      - "'pt_BR' in result.stdout_lines[-2]"
-      - "'es_ES' in result.stdout_lines[-2]"
-      - "'UTF8' not in result.stdout_lines[-2]"
-      - "'en_US' not in result.stdout_lines[-2]"
-      - "'100' in result.stdout_lines[-2]"
-
- name: Check that running db creation with options a second time does nothing
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_db:
-    name: '{{ db_name }}'
-    state: 'present'
-    conn_limit: '100'
-    encoding: 'LATIN1'
-    lc_collate: 'pt_BR{{ locale_latin_suffix }}'
-    lc_ctype: 'es_ES{{ locale_latin_suffix }}'
-    template: 'template0'
-    login_user: "{{ pg_user }}"
-  register: result
-
- assert:
-    that:
-      - result is not changed
-
-
- name: Check that attempting to change encoding returns an error
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_db:
-    name: '{{ db_name }}'
-    state: 'present'
-    encoding: 'UTF8'
-    lc_collate: 'pt_BR{{ locale_utf8_suffix }}'
-    lc_ctype: 'es_ES{{ locale_utf8_suffix }}'
-    template: 'template0'
-    login_user: "{{ pg_user }}"
-  register: result
-  ignore_errors: yes
-
- assert:
-    that:
-      - result is failed
-
- name: Check that changing the conn_limit actually works
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_db:
-    name: '{{ db_name }}'
-    state: 'present'
-    conn_limit: '200'
-    encoding: 'LATIN1'
-    lc_collate: 'pt_BR{{ locale_latin_suffix }}'
-    lc_ctype: 'es_ES{{ locale_latin_suffix }}'
-    template: 'template0'
-    login_user: "{{ pg_user }}"
-  register: result
-
- assert:
-    that:
-      - result is changed
-
- name: Check that conn_limit has actually been set / updated to 200
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "SELECT datconnlimit AS conn_limit FROM pg_database WHERE datname = '{{ db_name }}';" | psql -d postgres
-  register: result
-
- assert:
-    that:
-      - "result.stdout_lines[-1] == '(1 row)'"
-      - "'200' == '{{ result.stdout_lines[-2] | trim }}'"
-
- name: Cleanup test DB
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_db:
-    name: '{{ db_name }}'
-    state: 'absent'
-    login_user: "{{ pg_user }}"
-
- shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres
-  become_user: "{{ pg_user }}"
-  become: yes
-  register: result
-
- assert:
-    that:
-      - "result.stdout_lines[-1] == '(0 rows)'"
-
-#
-# Create and destroy user, test 'password' and 'encrypted' parameters
-#
-# unencrypted values are not supported on newer versions
-# do not run the encrypted: no tests if on 10+
- set_fact:
-    encryption_values:
-    - 'yes'
-
- set_fact:
-    encryption_values: '{{ encryption_values + ["no"]}}'
-  when: postgres_version_resp.stdout is version('10', '<=')
-
- include_tasks: test_password.yml
-  vars:
-    encrypted: '{{ loop_item }}'
-    db_password1: 'secretù' # use UTF-8
-  loop: '{{ encryption_values }}'
-  loop_control:
-    loop_var: loop_item
-
-# BYPASSRLS role attribute was introduced in PostgreSQL 9.5, so
-# we want to test attribute management differently depending
-# on the version.
- set_fact:
-    bypassrls_supported: "{{ postgres_version_resp.stdout is version('9.5.0', '>=') }}"
-
-# test 'no_password_change' and 'role_attr_flags' parameters
- include_tasks: test_no_password_change.yml
-  vars:
-    no_password_changes: '{{ loop_item }}'
-  loop:
-    - 'yes'
-    - 'no'
-  loop_control:
-    loop_var: loop_item
-
-### TODO: fail_on_user
-
-#
-# Test db ownership
-#
- name: Create an unprivileged user to own a DB
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_user:
-    name: "{{ db_user1 }}"
-    encrypted: 'yes'
-    password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
-    login_user: "{{ pg_user }}"
-    db: postgres
-
- name: Create db with user ownership
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_db:
-    name: "{{ db_name }}"
-    state: "present"
-    owner: "{{ db_user1 }}"
-    login_user: "{{ pg_user }}"
-
- name: Check that the user owns the newly created DB
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql -d postgres
-  register: result
-
- assert:
-    that:
-      - "result.stdout_lines[-1] == '(1 row)'"
-      - "'{{ db_user1 }}' == '{{ result.stdout_lines[-2] | trim }}'"
-
- name: Change the owner on an existing db
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_db:
-    name: "{{ db_name }}"
-    state: "present"
-    owner: "{{ pg_user }}"
-    login_user: "{{ pg_user }}"
-  register: result
-
- name: assert that ansible says it changed the db
-  assert:
-    that:
-      - result is changed
-
- name: Check that the user owns the newly created DB
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql -d postgres
-  register: result
-
- assert:
-    that:
-      - "result.stdout_lines[-1] == '(1 row)'"
-      - "'{{ pg_user }}' == '{{ result.stdout_lines[-2] | trim }}'"
-
- name: Cleanup db
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_db:
-    name: "{{ db_name }}"
-    state: "absent"
-    login_user: "{{ pg_user }}"
-
- name: Check that database was destroyed
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
-  register: result
-
- assert:
-    that:
-      - "result.stdout_lines[-1] == '(0 rows)'"
-
- name: Cleanup test user
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_user:
-    name: "{{ db_user1 }}"
-    state: 'absent'
-    login_user: "{{ pg_user }}"
-    db: postgres
-
- name: Check that they were removed
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
-  register: result
-
- assert:
-    that:
-      - "result.stdout_lines[-1] == '(0 rows)'"
-
-#
-# Test settings privileges
-#
- name: Create db
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_db:
-    name: "{{ db_name }}"
-    state: "present"
-    login_user: "{{ pg_user }}"
-
- name: Create some tables on the db
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "create table test_table1 (field text);" | psql {{ db_name }}
-
- become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "create table test_table2 (field text);" | psql {{ db_name }}
-
- vars:
-    db_password: 'secretù' # use UTF-8
-  block:
-    - name: Create a user with some permissions on the db
-      become_user: "{{ pg_user }}"
-      become: yes
-      postgresql_user:
-        name: "{{ db_user1 }}"
-        encrypted: 'yes'
-        password: "md5{{ (db_password ~ db_user1) | hash('md5')}}"
-        db: "{{ db_name }}"
-        priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP'
-        login_user: "{{ pg_user }}"
-
-    - include_tasks: pg_authid_not_readable.yml
-
- name: Check that the user has the requested permissions (table1)
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
-  register: result_table1
-
- name: Check that the user has the requested permissions (table2)
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
-  register: result_table2
-
- name: Check that the user has the requested permissions (database)
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
-  register: result_database
-
- assert:
-    that:
-      - "result_table1.stdout_lines[-1] == '(7 rows)'"
-      - "'INSERT' in result_table1.stdout"
-      - "'SELECT' in result_table1.stdout"
-      - "'UPDATE' in result_table1.stdout"
-      - "'DELETE' in result_table1.stdout"
-      - "'TRUNCATE' in result_table1.stdout"
-      - "'REFERENCES' in result_table1.stdout"
-      - "'TRIGGER' in result_table1.stdout"
-      - "result_table2.stdout_lines[-1] == '(1 row)'"
-      - "'INSERT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
-      - "result_database.stdout_lines[-1] == '(1 row)'"
-      - "'{{ db_user1 }}=CTc/{{ pg_user }}' in result_database.stdout_lines[-2]"
-
- name: Add another permission for the user
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_user:
-    name: "{{ db_user1 }}"
-    encrypted: 'yes'
-    password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
-    db: "{{ db_name }}"
-    priv: 'test_table2:select'
-    login_user: "{{ pg_user }}"
-  register: result
-
- name: Check that ansible reports it changed the user
-  assert:
-    that:
-      - result is changed
-
- name: Check that the user has the requested permissions (table2)
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
-  register: result_table2
-
- assert:
-    that:
-      - "result_table2.stdout_lines[-1] == '(2 rows)'"
-      - "'INSERT' in result_table2.stdout"
-      - "'SELECT' in result_table2.stdout"
-
-
-#
-# Test priv setting via postgresql_privs module
-# (Depends on state from previous _user privs tests)
-#
-
- name: Revoke a privilege
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_privs:
-    type: "table"
-    state: "absent"
-    roles: "{{ db_user1 }}"
-    privs: "INSERT"
-    objs: "test_table2"
-    db: "{{ db_name }}"
-    login_user: "{{ pg_user }}"
-  register: result
-
- name: Check that ansible reports it changed the user
-  assert:
-    that:
-      - result is changed
-
- name: Check that the user has the requested permissions (table2)
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
-  register: result_table2
-
- assert:
-    that:
-      - "result_table2.stdout_lines[-1] == '(1 row)'"
-      - "'SELECT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
-
- name: Revoke many privileges on multiple tables
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_privs:
-    state: "absent"
-    roles: "{{ db_user1 }}"
-    privs: "INSERT,select,UPDATE,TRUNCATE,REFERENCES,TRIGGER,delete"
-    objs: "test_table2,test_table1"
-    db: "{{ db_name }}"
-    login_user: "{{ pg_user }}"
-  register: result
-
- name: Check that ansible reports it changed the user
-  assert:
-    that:
-      - result is changed
-
- name: Check that permissions were revoked (table1)
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
-  register: result_table1
-
- name: Check that permissions were revoked (table2)
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
-  register: result_table2
-
- assert:
-    that:
-      - "result_table1.stdout_lines[-1] == '(0 rows)'"
-      - "result_table2.stdout_lines[-1] == '(0 rows)'"
-
- name: Revoke database privileges
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_privs:
-    type: "database"
-    state: "absent"
-    roles: "{{ db_user1 }}"
-    privs: "Create,connect,TEMP"
-    objs: "{{ db_name }}"
-    db: "{{ db_name }}"
-    login_user: "{{ pg_user }}"
-
- name: Check that the user has the requested permissions (database)
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
-  register: result_database
-
- assert:
-    that:
-      - "result_database.stdout_lines[-1] == '(1 row)'"
-      - "'{{ db_user1 }}' not in result_database.stdout"
-
- name: Grant database privileges
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_privs:
-    type: "database"
-    state: "present"
-    roles: "{{ db_user1 }}"
-    privs: "CREATE,connect"
-    objs: "{{ db_name }}"
-    db: "{{ db_name }}"
-    login_user: "{{ pg_user }}"
-  register: result
-
- name: Check that ansible reports it changed the user
-  assert:
-    that:
-      - result is changed
-
- name: Check that the user has the requested permissions (database)
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
-  register: result_database
-
- assert:
-    that:
-      - "result_database.stdout_lines[-1] == '(1 row)'"
-      - "'{{ db_user1 }}=Cc' in result_database.stdout"
-
- name: Grant a single privilege on a table
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_privs:
-    state: "present"
-    roles: "{{ db_user1 }}"
-    privs: "INSERT"
-    objs: "test_table1"
-    db: "{{ db_name }}"
-    login_user: "{{ pg_user }}"
-
- name: Check that permissions were added (table1)
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
-  register: result_table1
-
- assert:
-    that:
-      - "result_table1.stdout_lines[-1] == '(1 row)'"
-      - "'{{ result_table1.stdout_lines[-2] | trim }}' == 'INSERT'"
-
- name: Grant many privileges on multiple tables
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_privs:
-    state: "present"
-    roles: "{{ db_user1 }}"
-    privs: 'INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,trigger'
-    objs: "test_table2,test_table1"
-    db: "{{ db_name }}"
-    login_user: "{{ pg_user }}"
-
- name: Check that permissions were added (table1)
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
-  register: result_table1
-
- name: Check that permissions were added (table2)
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
-  register: result_table2
-
- assert:
-    that:
-      - "result_table1.stdout_lines[-1] == '(7 rows)'"
-      - "'INSERT' in result_table1.stdout"
-      - "'SELECT' in result_table1.stdout"
-      - "'UPDATE' in result_table1.stdout"
-      - "'DELETE' in result_table1.stdout"
-      - "'TRUNCATE' in result_table1.stdout"
-      - "'REFERENCES' in result_table1.stdout"
-      - "'TRIGGER' in result_table1.stdout"
-      - "result_table2.stdout_lines[-1] == '(7 rows)'"
-      - "'INSERT' in result_table2.stdout"
-      - "'SELECT' in result_table2.stdout"
-      - "'UPDATE' in result_table2.stdout"
-      - "'DELETE' in result_table2.stdout"
-      - "'TRUNCATE' in result_table2.stdout"
-      - "'REFERENCES' in result_table2.stdout"
-      - "'TRIGGER' in result_table2.stdout"
-
-#
-# Cleanup
-#
- name: Cleanup db
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_db:
-    name: "{{ db_name }}"
-    state: "absent"
-    login_user: "{{ pg_user }}"
-
- name: Check that database was destroyed
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
-  register: result
-
- assert:
-    that:
-      - "result.stdout_lines[-1] == '(0 rows)'"
-
- name: Cleanup test user
-  become_user: "{{ pg_user }}"
-  become: yes
-  postgresql_user:
-    name: "{{ db_user1 }}"
-    state: 'absent'
-    login_user: "{{ pg_user }}"
-    db: postgres
-
- name: Check that they were removed
-  become_user: "{{ pg_user }}"
-  become: yes
-  shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
-  register: result
-
- assert:
-    that:
-      - "result.stdout_lines[-1] == '(0 rows)'"
-
-#
-# Test login_user functionality
-#
- name: Create a user to test login module parameters
-  become: yes
-  become_user: "{{ pg_user }}"
-  postgresql_user:
-    name: "{{ db_user1 }}"
-    state: "present"
-    encrypted: 'yes'
-    password: "password"
-    role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
-    login_user: "{{ pg_user }}"
-    db: postgres
-
- name: Create db
-  postgresql_db:
-    name: "{{ db_name }}"
-    state: "present"
-    login_user: "{{ db_user1 }}"
-    login_password: "password"
-    login_host: "localhost"
-
- name: Check that database created
-  become: yes
-  become_user: "{{ pg_user }}"
-  shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
-  register: result
-
- assert:
-    that:
-      - "result.stdout_lines[-1] == '(1 row)'"
-
- name: Create a user
-  postgresql_user:
-    name: "{{ db_user2 }}"
-    state: "present"
-    encrypted: 'yes'
-    password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
-    db: "{{ db_name }}"
-    login_user: "{{ db_user1 }}"
-    login_password: "password"
-    login_host: "localhost"
-
- name: Check that it was created
-  become: yes
-  become_user: "{{ pg_user }}"
-  shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres
-  register: result
-
- assert:
-    that:
-      - "result.stdout_lines[-1] == '(1 row)'"
-
- name: Grant database privileges
-  postgresql_privs:
-    type: "database"
-    state: "present"
-    roles: "{{ db_user2 }}"
-    privs: "CREATE,connect"
-    objs: "{{ db_name }}"
-    db: "{{ db_name }}"
-    login: "{{ db_user1 }}"
-    password: "password"
-    host: "localhost"
-
- name: Check that the user has the requested permissions (database)
-  become: yes
-  become_user: "{{ pg_user }}"
-  shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
-  register: result_database
-
- assert:
-    that:
-      - "result_database.stdout_lines[-1] == '(1 row)'"
-      - "db_user2 ~ '=Cc' in result_database.stdout"
-
- name: Remove user
-  postgresql_user:
-    name: "{{ db_user2 }}"
-    state: 'absent'
-    priv: "ALL"
-    db: "{{ db_name }}"
-    login_user: "{{ db_user1 }}"
-    login_password: "password"
-    login_host: "localhost"
-
- name: Check that they were removed
-  become: yes
-  become_user: "{{ pg_user }}"
-  shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres
-  register: result
-
- assert:
-    that:
-      - "result.stdout_lines[-1] == '(0 rows)'"
-
- name: Destroy DB
-  postgresql_db:
-    state: absent
-    name: "{{ db_name }}"
-    login_user: "{{ db_user1 }}"
-    login_password: "password"
-    login_host: "localhost"
-
- name: Check that database was destroyed
-  become: yes
-  become_user: "{{ pg_user }}"
-  shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
-  register: result
-
- assert:
-    that:
-      - "result.stdout_lines[-1] == '(0 rows)'"
--- a/test/integration/targets/postgresql_db_user_privs/aliases
+++ b/test/integration/targets/postgresql_db_user_privs/aliases
@ -1,6 +1,4 @@
 destructive
 shippable/posix/group4
-postgresql_db
-postgresql_privs
 postgresql_user
 skip/osx
--- a/test/integration/targets/postgresql_privs/defaults/main.yml
+++ b/test/integration/targets/postgresql_privs/defaults/main.yml
@ -0,0 +1,4 @@
+db_name: ansible_db
+db_user1: ansible_db_user1
+db_user2: ansible_db_user2
+db_user3: ansible_db_user3
--- a/test/integration/targets/postgresql_privs/meta/main.yml
+++ b/test/integration/targets/postgresql_privs/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+- setup_postgresql_db
--- a/test/integration/targets/postgresql_privs/tasks/main.yml
+++ b/test/integration/targets/postgresql_privs/tasks/main.yml
@ -0,0 +1,9 @@
+# Initial CI tests of postgresql_privs module:
+- import_tasks: postgresql_privs_initial.yml
+
+# General tests:
+- import_tasks: postgresql_privs_general.yml
+
+# Tests default_privs with target_role:
+- import_tasks: test_target_role.yml
+  when: postgres_version_resp.stdout is version('9.1', '>=')
--- a/test/integration/targets/postgresql_db_user_privs/tasks/pg_authid_not_readable.yml
+++ b/test/integration/targets/postgresql_db_user_privs/tasks/pg_authid_not_readable.yml
--- a/test/integration/targets/postgresql_privs/tasks/postgresql_privs_general.yml
+++ b/test/integration/targets/postgresql_privs/tasks/postgresql_privs_general.yml
--- a/test/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml
+++ b/test/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml
@ -0,0 +1,325 @@
+# The tests below were added initially and moved here
+# from the shared target called ``postgresql`` by @Andersson007 <aaklychkov@mail.ru>.
+# You can see modern examples of CI tests in postgresql_publication directory, for example.
+
+#
+# Test settings privileges
+#
+- name: Create db
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_db:
+    name: "{{ db_name }}"
+    state: "present"
+    login_user: "{{ pg_user }}"
+
+- name: Create some tables on the db
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "create table test_table1 (field text);" | psql {{ db_name }}
+
+- become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "create table test_table2 (field text);" | psql {{ db_name }}
+
+- vars:
+    db_password: 'secretù' # use UTF-8
+  block:
+    - name: Create a user with some permissions on the db
+      become_user: "{{ pg_user }}"
+      become: yes
+      postgresql_user:
+        name: "{{ db_user1 }}"
+        encrypted: 'yes'
+        password: "md5{{ (db_password ~ db_user1) | hash('md5')}}"
+        db: "{{ db_name }}"
+        priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP'
+        login_user: "{{ pg_user }}"
+
+    - include_tasks: pg_authid_not_readable.yml
+
+- name: Check that the user has the requested permissions (table1)
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
+  register: result_table1
+
+- name: Check that the user has the requested permissions (table2)
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
+  register: result_table2
+
+- name: Check that the user has the requested permissions (database)
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
+  register: result_database
+
+- assert:
+    that:
+      - "result_table1.stdout_lines[-1] == '(7 rows)'"
+      - "'INSERT' in result_table1.stdout"
+      - "'SELECT' in result_table1.stdout"
+      - "'UPDATE' in result_table1.stdout"
+      - "'DELETE' in result_table1.stdout"
+      - "'TRUNCATE' in result_table1.stdout"
+      - "'REFERENCES' in result_table1.stdout"
+      - "'TRIGGER' in result_table1.stdout"
+      - "result_table2.stdout_lines[-1] == '(1 row)'"
+      - "'INSERT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
+      - "result_database.stdout_lines[-1] == '(1 row)'"
+      - "'{{ db_user1 }}=CTc/{{ pg_user }}' in result_database.stdout_lines[-2]"
+
+- name: Add another permission for the user
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    encrypted: 'yes'
+    password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
+    db: "{{ db_name }}"
+    priv: 'test_table2:select'
+    login_user: "{{ pg_user }}"
+  register: result
+
+- name: Check that ansible reports it changed the user
+  assert:
+    that:
+      - result is changed
+
+- name: Check that the user has the requested permissions (table2)
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
+  register: result_table2
+
+- assert:
+    that:
+      - "result_table2.stdout_lines[-1] == '(2 rows)'"
+      - "'INSERT' in result_table2.stdout"
+      - "'SELECT' in result_table2.stdout"
+
+#
+# Test priv setting via postgresql_privs module
+# (Depends on state from previous _user privs tests)
+#
+
+- name: Revoke a privilege
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_privs:
+    type: "table"
+    state: "absent"
+    roles: "{{ db_user1 }}"
+    privs: "INSERT"
+    objs: "test_table2"
+    db: "{{ db_name }}"
+    login_user: "{{ pg_user }}"
+  register: result
+
+- name: Check that ansible reports it changed the user
+  assert:
+    that:
+      - result is changed
+
+- name: Check that the user has the requested permissions (table2)
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
+  register: result_table2
+
+- assert:
+    that:
+      - "result_table2.stdout_lines[-1] == '(1 row)'"
+      - "'SELECT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
+
+- name: Revoke many privileges on multiple tables
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_privs:
+    state: "absent"
+    roles: "{{ db_user1 }}"
+    privs: "INSERT,select,UPDATE,TRUNCATE,REFERENCES,TRIGGER,delete"
+    objs: "test_table2,test_table1"
+    db: "{{ db_name }}"
+    login_user: "{{ pg_user }}"
+  register: result
+
+- name: Check that ansible reports it changed the user
+  assert:
+    that:
+      - result is changed
+
+- name: Check that permissions were revoked (table1)
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
+  register: result_table1
+
+- name: Check that permissions were revoked (table2)
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
+  register: result_table2
+
+- assert:
+    that:
+      - "result_table1.stdout_lines[-1] == '(0 rows)'"
+      - "result_table2.stdout_lines[-1] == '(0 rows)'"
+
+- name: Revoke database privileges
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_privs:
+    type: "database"
+    state: "absent"
+    roles: "{{ db_user1 }}"
+    privs: "Create,connect,TEMP"
+    objs: "{{ db_name }}"
+    db: "{{ db_name }}"
+    login_user: "{{ pg_user }}"
+
+- name: Check that the user has the requested permissions (database)
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
+  register: result_database
+
+- assert:
+    that:
+      - "result_database.stdout_lines[-1] == '(1 row)'"
+      - "'{{ db_user1 }}' not in result_database.stdout"
+
+- name: Grant database privileges
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_privs:
+    type: "database"
+    state: "present"
+    roles: "{{ db_user1 }}"
+    privs: "CREATE,connect"
+    objs: "{{ db_name }}"
+    db: "{{ db_name }}"
+    login_user: "{{ pg_user }}"
+  register: result
+
+- name: Check that ansible reports it changed the user
+  assert:
+    that:
+      - result is changed
+
+- name: Check that the user has the requested permissions (database)
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
+  register: result_database
+
+- assert:
+    that:
+      - "result_database.stdout_lines[-1] == '(1 row)'"
+      - "'{{ db_user1 }}=Cc' in result_database.stdout"
+
+- name: Grant a single privilege on a table
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_privs:
+    state: "present"
+    roles: "{{ db_user1 }}"
+    privs: "INSERT"
+    objs: "test_table1"
+    db: "{{ db_name }}"
+    login_user: "{{ pg_user }}"
+
+- name: Check that permissions were added (table1)
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
+  register: result_table1
+
+- assert:
+    that:
+      - "result_table1.stdout_lines[-1] == '(1 row)'"
+      - "'{{ result_table1.stdout_lines[-2] | trim }}' == 'INSERT'"
+
+- name: Grant many privileges on multiple tables
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_privs:
+    state: "present"
+    roles: "{{ db_user1 }}"
+    privs: 'INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,trigger'
+    objs: "test_table2,test_table1"
+    db: "{{ db_name }}"
+    login_user: "{{ pg_user }}"
+
+- name: Check that permissions were added (table1)
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
+  register: result_table1
+
+- name: Check that permissions were added (table2)
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
+  register: result_table2
+
+- assert:
+    that:
+      - "result_table1.stdout_lines[-1] == '(7 rows)'"
+      - "'INSERT' in result_table1.stdout"
+      - "'SELECT' in result_table1.stdout"
+      - "'UPDATE' in result_table1.stdout"
+      - "'DELETE' in result_table1.stdout"
+      - "'TRUNCATE' in result_table1.stdout"
+      - "'REFERENCES' in result_table1.stdout"
+      - "'TRIGGER' in result_table1.stdout"
+      - "result_table2.stdout_lines[-1] == '(7 rows)'"
+      - "'INSERT' in result_table2.stdout"
+      - "'SELECT' in result_table2.stdout"
+      - "'UPDATE' in result_table2.stdout"
+      - "'DELETE' in result_table2.stdout"
+      - "'TRUNCATE' in result_table2.stdout"
+      - "'REFERENCES' in result_table2.stdout"
+      - "'TRIGGER' in result_table2.stdout"
+
+#
+# Cleanup
+#
+- name: Cleanup db
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_db:
+    name: "{{ db_name }}"
+    state: "absent"
+    login_user: "{{ pg_user }}"
+
+- name: Check that database was destroyed
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(0 rows)'"
+
+- name: Cleanup test user
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    state: 'absent'
+    login_user: "{{ pg_user }}"
+    db: postgres
+
+- name: Check that they were removed
+  become_user: "{{ pg_user }}"
+  become: yes
+  shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(0 rows)'"
--- a/test/integration/targets/postgresql_db_user_privs/tasks/test_target_role.yml
+++ b/test/integration/targets/postgresql_db_user_privs/tasks/test_target_role.yml
@ -1,6 +1,12 @@
---
-
 # Setup
+- name: Create a test user
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    login_user: "{{ pg_user }}"
+    db: postgres
+
 - name: Create DB
  become_user: "{{ pg_user }}"
  become: yes
@ -72,6 +78,8 @@

 # Cleanup
 - name: Remove user given permissions
+  become_user: "{{ pg_user }}"
+  become: yes
  postgresql_user:
    name: "{{ db_user2 }}"
    state: absent
@ -79,6 +87,8 @@
    login_user: "{{ pg_user }}"

 - name: Remove user owner of objects
+  become_user: "{{ pg_user }}"
+  become: yes
  postgresql_user:
    name: "{{ db_user3 }}"
    state: absent
@ -92,3 +102,12 @@
    state: absent
    name: "{{ db_name }}"
    login_user: "{{ pg_user }}"
+
+- name: Remove test user
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    state: absent
+    db: postgres
+    login_user: "{{ pg_user }}"
--- a/test/integration/targets/postgresql_shared/aliases
+++ b/test/integration/targets/postgresql_shared/aliases
@ -0,0 +1,24 @@
+destructive
+shippable/posix/group4
+postgresql_db
+postgresql_copy
+postgresql_ext
+postgresql_idx
+postgresql_info
+postgresql_lang
+postgresql_membership
+postgresql_owner
+postgresql_pg_hba
+postgresql_ping
+postgresql_privs
+postgresql_publication
+postgresql_query
+postgresql_schema
+postgresql_sequence
+postgresql_set
+postgresql_shared
+postgresql_slot
+postgresql_table
+postgresql_tablespace
+postgresql_user
+skip/osx
--- a/test/integration/targets/postgresql_shared/defaults/main.yml
+++ b/test/integration/targets/postgresql_shared/defaults/main.yml
@ -0,0 +1,6 @@
+db_name: 'ansible_db'
+db_user1: 'ansible_db_user1'
+tmp_dir: '/tmp'
+
+db_session_role1: 'session_role1'
+db_session_role2: 'session_role2'
--- a/test/integration/targets/postgresql_shared/meta/main.yml
+++ b/test/integration/targets/postgresql_shared/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - setup_postgresql_db
--- a/test/integration/targets/postgresql_shared/tasks/main.yml
+++ b/test/integration/targets/postgresql_shared/tasks/main.yml
@ -0,0 +1,6 @@
+# This test role is for testing general (non-specific) functionality
+# that's presented in all modules (or in a part of them).
+# If you want to add tests make a new test file and include here.
+
+# Verify different session_role scenarios:
+- import_tasks: session_role.yml
--- a/test/integration/targets/postgresql_db_user_privs/tasks/session_role.yml
+++ b/test/integration/targets/postgresql_db_user_privs/tasks/session_role.yml
@ -3,7 +3,7 @@
  become: yes
  postgresql_db:
    state: present
-    name: "{{ db_name }}"
+    name: must_fail
    login_user: "{{ pg_user }}"
    session_role: "{{ db_session_role1 }}"
  register: result
--- a/test/integration/targets/postgresql_user/aliases
+++ b/test/integration/targets/postgresql_user/aliases
@ -0,0 +1,3 @@
+destructive
+shippable/posix/group4
+skip/osx
--- a/test/integration/targets/postgresql_user/defaults/main.yml
+++ b/test/integration/targets/postgresql_user/defaults/main.yml
@ -0,0 +1,3 @@
+db_name: 'ansible_db'
+db_user1: 'ansible_db_user1'
+db_user2: 'ansible_db_user2'
--- a/test/integration/targets/postgresql_user/meta/main.yml
+++ b/test/integration/targets/postgresql_user/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+- setup_postgresql_db
--- a/test/integration/targets/postgresql_user/tasks/main.yml
+++ b/test/integration/targets/postgresql_user/tasks/main.yml
@ -0,0 +1,5 @@
+# Initial CI tests of postgresql_user module
+- import_tasks: postgresql_user_initial.yml
+
+# General tests:
+- import_tasks: postgresql_user_general.yml
--- a/test/integration/targets/postgresql_db_user_privs/tasks/postgresql_user.yml
+++ b/test/integration/targets/postgresql_db_user_privs/tasks/postgresql_user.yml
--- a/test/integration/targets/postgresql_user/tasks/postgresql_user_initial.yml
+++ b/test/integration/targets/postgresql_user/tasks/postgresql_user_initial.yml
@ -0,0 +1,153 @@
+#
+# Create and destroy user, test 'password' and 'encrypted' parameters
+#
+# unencrypted values are not supported on newer versions
+# do not run the encrypted: no tests if on 10+
+- set_fact:
+    encryption_values:
+    - 'yes'
+
+- set_fact:
+    encryption_values: '{{ encryption_values + ["no"]}}'
+  when: postgres_version_resp.stdout is version('10', '<=')
+
+- include_tasks: test_password.yml
+  vars:
+    encrypted: '{{ loop_item }}'
+    db_password1: 'secretù' # use UTF-8
+  loop: '{{ encryption_values }}'
+  loop_control:
+    loop_var: loop_item
+
+# BYPASSRLS role attribute was introduced in PostgreSQL 9.5, so
+# we want to test attribute management differently depending
+# on the version.
+- set_fact:
+    bypassrls_supported: "{{ postgres_version_resp.stdout is version('9.5.0', '>=') }}"
+
+# test 'no_password_change' and 'role_attr_flags' parameters
+- include_tasks: test_no_password_change.yml
+  vars:
+    no_password_changes: '{{ loop_item }}'
+  loop:
+    - 'yes'
+    - 'no'
+  loop_control:
+    loop_var: loop_item
+
+### TODO: fail_on_user
+
+#
+# Test login_user functionality
+#
+- name: Create a user to test login module parameters
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    state: "present"
+    encrypted: 'yes'
+    password: "password"
+    role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
+    login_user: "{{ pg_user }}"
+    db: postgres
+
+- name: Create db
+  postgresql_db:
+    name: "{{ db_name }}"
+    state: "present"
+    login_user: "{{ db_user1 }}"
+    login_password: "password"
+    login_host: "localhost"
+
+- name: Check that database created
+  become: yes
+  become_user: "{{ pg_user }}"
+  shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(1 row)'"
+
+- name: Create a user
+  postgresql_user:
+    name: "{{ db_user2 }}"
+    state: "present"
+    encrypted: 'yes'
+    password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
+    db: "{{ db_name }}"
+    login_user: "{{ db_user1 }}"
+    login_password: "password"
+    login_host: "localhost"
+
+- name: Check that it was created
+  become: yes
+  become_user: "{{ pg_user }}"
+  shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(1 row)'"
+
+- name: Grant database privileges
+  postgresql_privs:
+    type: "database"
+    state: "present"
+    roles: "{{ db_user2 }}"
+    privs: "CREATE,connect"
+    objs: "{{ db_name }}"
+    db: "{{ db_name }}"
+    login: "{{ db_user1 }}"
+    password: "password"
+    host: "localhost"
+
+- name: Check that the user has the requested permissions (database)
+  become: yes
+  become_user: "{{ pg_user }}"
+  shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
+  register: result_database
+
+- assert:
+    that:
+      - "result_database.stdout_lines[-1] == '(1 row)'"
+      - "db_user2 ~ '=Cc' in result_database.stdout"
+
+- name: Remove user
+  postgresql_user:
+    name: "{{ db_user2 }}"
+    state: 'absent'
+    priv: "ALL"
+    db: "{{ db_name }}"
+    login_user: "{{ db_user1 }}"
+    login_password: "password"
+    login_host: "localhost"
+
+- name: Check that they were removed
+  become: yes
+  become_user: "{{ pg_user }}"
+  shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(0 rows)'"
+
+- name: Destroy DB
+  postgresql_db:
+    state: absent
+    name: "{{ db_name }}"
+    login_user: "{{ db_user1 }}"
+    login_password: "password"
+    login_host: "localhost"
+
+- name: Check that database was destroyed
+  become: yes
+  become_user: "{{ pg_user }}"
+  shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(0 rows)'"
--- a/test/integration/targets/postgresql_db_user_privs/tasks/test_no_password_change.yml
+++ b/test/integration/targets/postgresql_db_user_privs/tasks/test_no_password_change.yml
--- a/test/integration/targets/postgresql_db_user_privs/tasks/test_password.yml
+++ b/test/integration/targets/postgresql_db_user_privs/tasks/test_password.yml