mirror of https://github.com/ansible/ansible.git
postgresql_privs: Support FOREIGN DATA WRAPPER and FOREIGN SERVER (#38803)
* Support FOREIGN DATA WRAPPER and FOREIGN SERVER in postgresql_privs module * Added available from note to fdw and fs object types * Integration tests, examples in documentation * Complete integration testspull/53514/head
parent
f5faf8211d
commit
6e198487c9
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
minor_changes:
|
||||||
|
- "postgresql_privs - introduces support for FOREIGN DATA WRAPPER and FOREIGN SERVER as object types in postgresql_privs module. (https://github.com/ansible/ansible/issues/38801)"
|
@ -0,0 +1,239 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
######################################################
|
||||||
|
# Test foreign data wrapper and foreign server privs #
|
||||||
|
######################################################
|
||||||
|
|
||||||
|
- name: Create DB
|
||||||
|
become_user: "{{ pg_user }}"
|
||||||
|
become: True
|
||||||
|
postgresql_db:
|
||||||
|
state: present
|
||||||
|
name: "{{ db_name }}"
|
||||||
|
login_user: "{{ pg_user }}"
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- name: Create test role
|
||||||
|
become: True
|
||||||
|
become_user: "{{ pg_user }}"
|
||||||
|
shell: echo "CREATE ROLE fdw_test" | psql -d "{{ db_name }}"
|
||||||
|
|
||||||
|
- name: Create fdw extension
|
||||||
|
become: True
|
||||||
|
become_user: "{{ pg_user }}"
|
||||||
|
shell: echo "CREATE EXTENSION postgres_fdw" | psql -d "{{ db_name }}"
|
||||||
|
|
||||||
|
- name: Create foreign data wrapper
|
||||||
|
become: True
|
||||||
|
become_user: "{{ pg_user }}"
|
||||||
|
shell: echo "CREATE FOREIGN DATA WRAPPER dummy" | psql -d "{{ db_name }}"
|
||||||
|
|
||||||
|
- name: Create foreign server
|
||||||
|
become: True
|
||||||
|
become_user: "{{ pg_user }}"
|
||||||
|
shell: echo "CREATE SERVER dummy_server FOREIGN DATA WRAPPER dummy" | psql -d "{{ db_name }}"
|
||||||
|
|
||||||
|
- name: Grant foreign data wrapper privileges
|
||||||
|
postgresql_privs:
|
||||||
|
state: present
|
||||||
|
type: foreign_data_wrapper
|
||||||
|
roles: fdw_test
|
||||||
|
privs: ALL
|
||||||
|
objs: dummy
|
||||||
|
db: "{{ db_name }}"
|
||||||
|
login_user: "{{ pg_user }}"
|
||||||
|
register: result
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- "result.changed == true"
|
||||||
|
|
||||||
|
- name: Get foreign data wrapper privileges
|
||||||
|
become: True
|
||||||
|
become_user: "{{ pg_user }}"
|
||||||
|
shell: echo "{{ fdw_query }}" | psql -d "{{ db_name }}"
|
||||||
|
vars:
|
||||||
|
fdw_query: >
|
||||||
|
SELECT fdwacl FROM pg_catalog.pg_foreign_data_wrapper
|
||||||
|
WHERE fdwname = ANY (ARRAY['dummy']) ORDER BY fdwname
|
||||||
|
register: fdw_result
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- "fdw_result.stdout_lines[-1] == '(1 row)'"
|
||||||
|
- "'fdw_test' in fdw_result.stdout_lines[-2]"
|
||||||
|
|
||||||
|
- name: Grant foreign data wrapper privileges second time
|
||||||
|
postgresql_privs:
|
||||||
|
state: present
|
||||||
|
type: foreign_data_wrapper
|
||||||
|
roles: fdw_test
|
||||||
|
privs: ALL
|
||||||
|
objs: dummy
|
||||||
|
db: "{{ db_name }}"
|
||||||
|
login_user: "{{ pg_user }}"
|
||||||
|
register: result
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- "result.changed == false"
|
||||||
|
|
||||||
|
- name: Revoke foreign data wrapper privileges
|
||||||
|
postgresql_privs:
|
||||||
|
state: absent
|
||||||
|
type: foreign_data_wrapper
|
||||||
|
roles: fdw_test
|
||||||
|
privs: ALL
|
||||||
|
objs: dummy
|
||||||
|
db: "{{ db_name }}"
|
||||||
|
login_user: "{{ pg_user }}"
|
||||||
|
register: result
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- "result.changed == true"
|
||||||
|
|
||||||
|
- name: Get foreign data wrapper privileges
|
||||||
|
become: True
|
||||||
|
become_user: "{{ pg_user }}"
|
||||||
|
shell: echo "{{ fdw_query }}" | psql -d "{{ db_name }}"
|
||||||
|
vars:
|
||||||
|
fdw_query: >
|
||||||
|
SELECT fdwacl FROM pg_catalog.pg_foreign_data_wrapper
|
||||||
|
WHERE fdwname = ANY (ARRAY['dummy']) ORDER BY fdwname
|
||||||
|
register: fdw_result
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- "fdw_result.stdout_lines[-1] == '(1 row)'"
|
||||||
|
- "'fdw_test' not in fdw_result.stdout_lines[-2]"
|
||||||
|
|
||||||
|
- name: Revoke foreign data wrapper privileges for second time
|
||||||
|
postgresql_privs:
|
||||||
|
state: absent
|
||||||
|
type: foreign_data_wrapper
|
||||||
|
roles: fdw_test
|
||||||
|
privs: ALL
|
||||||
|
objs: dummy
|
||||||
|
db: "{{ db_name }}"
|
||||||
|
login_user: "{{ pg_user }}"
|
||||||
|
register: result
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- "result.changed == false"
|
||||||
|
|
||||||
|
- name: Grant foreign server privileges
|
||||||
|
postgresql_privs:
|
||||||
|
state: present
|
||||||
|
type: foreign_server
|
||||||
|
roles: fdw_test
|
||||||
|
privs: ALL
|
||||||
|
objs: dummy_server
|
||||||
|
db: "{{ db_name }}"
|
||||||
|
login_user: "{{ pg_user }}"
|
||||||
|
register: result
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- "result.changed == true"
|
||||||
|
|
||||||
|
- name: Get foreign server privileges
|
||||||
|
become: True
|
||||||
|
become_user: "{{ pg_user }}"
|
||||||
|
shell: echo "{{ fdw_query }}" | psql -d "{{ db_name }}"
|
||||||
|
vars:
|
||||||
|
fdw_query: >
|
||||||
|
SELECT srvacl FROM pg_catalog.pg_foreign_server
|
||||||
|
WHERE srvname = ANY (ARRAY['dummy_server']) ORDER BY srvname
|
||||||
|
register: fs_result
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- "fs_result.stdout_lines[-1] == '(1 row)'"
|
||||||
|
- "'fdw_test' in fs_result.stdout_lines[-2]"
|
||||||
|
|
||||||
|
- name: Grant foreign server privileges for second time
|
||||||
|
postgresql_privs:
|
||||||
|
state: present
|
||||||
|
type: foreign_server
|
||||||
|
roles: fdw_test
|
||||||
|
privs: ALL
|
||||||
|
objs: dummy_server
|
||||||
|
db: "{{ db_name }}"
|
||||||
|
login_user: "{{ pg_user }}"
|
||||||
|
register: result
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- "result.changed == false"
|
||||||
|
|
||||||
|
- name: Revoke foreign server privileges
|
||||||
|
postgresql_privs:
|
||||||
|
state: absent
|
||||||
|
type: foreign_server
|
||||||
|
roles: fdw_test
|
||||||
|
privs: ALL
|
||||||
|
objs: dummy_server
|
||||||
|
db: "{{ db_name }}"
|
||||||
|
login_user: "{{ pg_user }}"
|
||||||
|
register: result
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- "result.changed == true"
|
||||||
|
|
||||||
|
- name: Get foreign server privileges
|
||||||
|
become: True
|
||||||
|
become_user: "{{ pg_user }}"
|
||||||
|
shell: echo "{{ fdw_query }}" | psql -d "{{ db_name }}"
|
||||||
|
vars:
|
||||||
|
fdw_query: >
|
||||||
|
SELECT srvacl FROM pg_catalog.pg_foreign_server
|
||||||
|
WHERE srvname = ANY (ARRAY['dummy_server']) ORDER BY srvname
|
||||||
|
register: fs_result
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- "fs_result.stdout_lines[-1] == '(1 row)'"
|
||||||
|
- "'fdw_test' not in fs_result.stdout_lines[-2]"
|
||||||
|
|
||||||
|
- name: Revoke foreign server privileges for second time
|
||||||
|
postgresql_privs:
|
||||||
|
state: absent
|
||||||
|
type: foreign_server
|
||||||
|
roles: fdw_test
|
||||||
|
privs: ALL
|
||||||
|
objs: dummy_server
|
||||||
|
db: "{{ db_name }}"
|
||||||
|
login_user: "{{ pg_user }}"
|
||||||
|
register: result
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- "result.changed == false"
|
||||||
|
|
||||||
|
- name: Cleanup
|
||||||
|
become: True
|
||||||
|
become_user: "{{ pg_user }}"
|
||||||
|
shell: echo "{{ item }}" | psql -d "{{ db_name }}"
|
||||||
|
with_items:
|
||||||
|
- DROP ROLE fdw_test
|
||||||
|
- DROP FOREIGN DATA WRAPPER dummy
|
||||||
|
- DROP SERVER dummy_server
|
||||||
|
|
||||||
|
- name: Destroy DB
|
||||||
|
become_user: "{{ pg_user }}"
|
||||||
|
become: True
|
||||||
|
postgresql_db:
|
||||||
|
state: absent
|
||||||
|
name: "{{ db_name }}"
|
||||||
|
login_user: "{{ pg_user }}"
|
Loading…
Reference in New Issue