archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

New integration tests for postgresql

Browse Source
pull/9689/merge
Toshio Kuratomi 10 years ago
parent 6570a6c6de
commit 7329bcde99
10 changed files with 1009 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
test/integration/destructive.yml
Unescape Escape View File

@ -9,6 +9,7 @@
- { role: test_yum, tags: test_yum }
- { role: test_apt, tags: test_apt }
- { role: test_apt_repository, tags: test_apt_repository }
- { role: test_postgresql, tags: test_postgresql}
- { role: test_mysql_db, tags: test_mysql_db}
- { role: test_mysql_user, tags: test_mysql_user}
- { role: test_mysql_variables, tags: test_mysql_variables}

5
test/integration/roles/setup_postgresql_db/defaults/main.yml
Unescape Escape View File

@ -0,0 +1,5 @@
postgresql_service: postgresql
postgresql_packages:
- postgresql-server
- python-psycopg2

10
test/integration/roles/setup_postgresql_db/files/pg_hba.conf
Unescape Escape View File

@ -0,0 +1,10 @@
# !!! This file managed by Ansible. Any local changes may be overwritten. !!!
# Database administrative login by UNIX sockets
# note: you may wish to restrict this further later
local all postgres trust
# TYPE DATABASE USER CIDR-ADDRESS METHOD
local all all md5
host all all 127.0.0.1/32 md5
host all all ::1/128 md5

71
test/integration/roles/setup_postgresql_db/tasks/main.yml
Unescape Escape View File

@ -0,0 +1,71 @@
- include_vars: '{{ item }}'
with_first_found:
- files:
- '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml'
- '{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml'
- '{{ ansible_os_family }}.yml'
- 'default.yml'
paths: '../vars'
# Make sure we start fresh
- name: remove rpm dependencies for postgresql test
yum: name={{ item }} state=absent
with_items: postgresql_packages
when: ansible_pkg_mgr == 'yum'
- name: remove dpkg dependencies for postgresql test
apt: name={{ item }} state=absent
with_items: postgresql_packages
when: ansible_pkg_mgr == 'apt'
- name: remove old db (red hat)
command: rm -rf "{{ pg_dir }}"
ignore_errors: True
when: ansible_os_family == "RedHat"
# Theoretically, pg_dropcluster should work but it doesn't so rm files
- name: remove old db config (debian)
command: rm -rf /etc/postgresql
ignore_errors: True
when: ansible_os_family == "Debian"
- name: remove old db files (debian)
command: rm -rf /var/lib/postgresql
ignore_errors: True
when: ansible_os_family == "Debian"
- name: install rpm dependencies for postgresql test
yum: name={{ item }} state=latest
with_items: postgresql_packages
when: ansible_pkg_mgr == 'yum'
- name: install dpkg dependencies for postgresql test
apt: name={{ item }} state=latest
with_items: postgresql_packages
when: ansible_pkg_mgr == 'apt'
- name: Initialize postgres (systemd)
command: postgresql-setup initdb
when: ansible_distribution == "Fedora" or (ansible_os_family == "RedHat" and ansible_distribution_major_version|int >= 7)
- name: Initialize postgres (sysv)
command: /sbin/service postgresql initdb
when: ansible_os_family == "RedHat" and ansible_distribution_major_version|int <= 6
- name: Iniitalize postgres (upstart)
command: /usr/bin/pg_createcluster {{ pg_ver }} main
when: ansible_os_family == 'Debian'
- name: Copy pg_hba into place
copy: src=pg_hba.conf dest="{{ pg_hba_location }}" owner="postgres" group="root" mode="0644"
- name: Generate locale on Debian systems
command: locale-gen pt_BR
when: ansible_os_family == 'Debian'
- name: Generate locale on Debian systems
command: locale-gen es_MX
when: ansible_os_family == 'Debian'
- name: restart postgresql service
service: name={{ postgresql_service }} state=restarted

11
test/integration/roles/setup_postgresql_db/vars/Ubuntu-12.yml
Unescape Escape View File

@ -0,0 +1,11 @@
postgresql_service: "postgresql"
postgresql_packages:
- "postgresql"
- "postgresql-common"
- "python-psycopg2"
pg_hba_location: "/etc/postgresql/9.1/main/pg_hba.conf"
pg_dir: "/var/lib/postgresql/9.1/main"
pg_ver: 9.1

10
test/integration/roles/setup_postgresql_db/vars/Ubuntu-14.yml
Unescape Escape View File

@ -0,0 +1,10 @@
postgresql_service: "postgresql"
postgresql_packages:
- "postgresql"
- "postgresql-common"
- "python-psycopg2"
pg_hba_location: "/etc/postgresql/9.3/main/pg_hba.conf"
pg_dir: "/var/lib/postgresql/9.3/main"
pg_ver: 9.3

8
test/integration/roles/setup_postgresql_db/vars/default.yml
Unescape Escape View File

@ -0,0 +1,8 @@
postgresql_service: "postgresql"
postgresql_packages:
- "postgresql-server"
- "python-psycopg2"
pg_hba_location: "/var/lib/pgsql/data/pg_hba.conf"
pg_dir: "/var/lib/pgsql/data"

8
test/integration/roles/test_postgresql/defaults/main.yml
Unescape Escape View File

@ -0,0 +1,8 @@
---
# defaults file for test_postgresql_db
db_name: 'ansible_db'
db_user1: 'ansible_db_user1'
db_user2: 'ansible_db_user2'
tmp_dir: '/tmp'

3
test/integration/roles/test_postgresql/meta/main.yml
Unescape Escape View File

@ -0,0 +1,3 @@
---
dependencies:
- setup_postgresql_db

882
test/integration/roles/test_postgresql/tasks/main.yml
Unescape Escape View File

@ -0,0 +1,882 @@
#
# Create and destroy db
#
- name: Create DB
sudo_user: postgres
sudo: True
postgresql_db:
state: present
name: "{{ db_name }}"
register: result
- name: assert that module reports the db was created
assert:
that:
- "result.changed == true"
- "result.db =='{{ db_name }}'"
- name: Check that database created
sudo_user: postgres
sudo: True
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- name: Run create on an already created db
sudo_user: postgres
sudo: True
postgresql_db:
state: present
name: "{{ db_name }}"
register: result
- name: assert that module reports the db was unchanged
assert:
that:
- "result.changed == false"
- name: Destroy DB
sudo_user: postgres
sudo: True
postgresql_db:
state: absent
name: "{{ db_name }}"
register: result
- name: assert that module reports the db was changed
assert:
that:
- "result.changed == true"
- name: Check that database was destroyed
sudo_user: postgres
sudo: True
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Destroy DB
sudo_user: postgres
sudo: True
postgresql_db:
state: absent
name: "{{ db_name }}"
register: result
- name: assert that removing an alreaady removed db makes no change
assert:
that:
- "result.changed == false"
# This corner case works to add but not to drop. This is sufficiently crazy
# that I'm not going to attempt to fix it unless someone lets me know that they
# need the functionality
#
# - postgresql_db:
# state: 'present'
# name: '"silly.""name"'
# - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql
# register: result
#
# - assert:
# that: "result.stdout_lines[-1] == '(1 row)'"
# - postgresql_db:
# state: absent
# name: '"silly.""name"'
# - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql
# register: result
#
# - assert:
# that: "result.stdout_lines[-1] == '(0 rows)'"
#
# Test encoding, collate, ctype, template options
#
- name: Create a DB with encoding, collate, ctype, and template options
sudo_user: postgres
sudo: True
postgresql_db:
name: '{{ db_name }}'
state: 'present'
encoding: 'LATIN1'
lc_collate: 'pt_BR'
lc_ctype: 'es_MX'
template: 'template0'
- name: Check that the DB has all of our options
sudo_user: postgres
sudo: True
shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- "'LATIN1' in result.stdout_lines[-2]"
- "'pt_BR' in result.stdout_lines[-2]"
- "'es_MX' in result.stdout_lines[-2]"
- "'UTF8' not in result.stdout_lines[-2]"
- "'en_US' not in result.stdout_lines[-2]"
- name: Check that running db cration with options a second time does nothing
sudo_user: postgres
sudo: True
postgresql_db:
name: '{{ db_name }}'
state: 'present'
encoding: 'LATIN1'
lc_collate: 'pt_BR'
lc_ctype: 'es_MX'
template: 'template0'
register: result
- assert:
that:
- 'result.changed == False'
- name: Check that attempting to change encoding returns an error
sudo_user: postgres
sudo: True
postgresql_db:
name: '{{ db_name }}'
state: 'present'
encoding: 'UTF8'
lc_collate: 'pt_BR'
lc_ctype: 'es_MX'
template: 'template0'
register: result
ignore_errors: True
- assert:
that:
- 'result.failed == True'
- name: Cleanup test DB
sudo_user: postgres
sudo: True
postgresql_db:
name: '{{ db_name }}'
state: 'absent'
- shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql
sudo_user: postgres
sudo: True
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
#
# Create and destroy user
#
- name: Create a user
sudo_user: postgres
sudo: True
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
register: result
- name: Check that ansible reports they were created
assert:
that:
- "result.changed == True"
- name: Check that they were created
sudo_user: postgres
sudo: True
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- name: Check that creating user a second time does nothing
sudo_user: postgres
sudo: True
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
register: result
- name: Check that ansible reports no change
assert:
that:
- "result.changed == False"
- name: Remove user
sudo_user: postgres
sudo: True
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
register: result
- name: Check that ansible reports they were removed
assert:
that:
- "result.changed == True"
- name: Check that they were removed
sudo_user: postgres
sudo: True
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Check that removing user a second time does nothing
sudo_user: postgres
sudo: True
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
register: result
- name: Check that ansible reports no change
assert:
that:
- "result.changed == False"
- name: Create a user with all role attributes
sudo_user: postgres
sudo: True
postgresql_user:
name: "{{ db_user1 }}"
state: "present"
role_attr_flags: "SUPERUSER,CREATEROLE,CREATEDB,INHERIT,login"
- name: Check that the user has the requested role attributes
sudo_user: postgres
sudo: True
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- "'super:t' in result.stdout_lines[-2]"
- "'createrole:t' in result.stdout_lines[-2]"
- "'create:t' in result.stdout_lines[-2]"
- "'inherit:t' in result.stdout_lines[-2]"
- "'login:t' in result.stdout_lines[-2]"
- name: Modify a user to have no role attributes
sudo_user: postgres
sudo: True
postgresql_user:
name: "{{ db_user1 }}"
state: "present"
role_attr_flags: "NOSUPERUSER,NOCREATEROLE,NOCREATEDB,noinherit,NOLOGIN"
register: result
- name: Check that ansible reports it modified the role
assert:
that:
- "result.changed == True"
- name: Check that the user has the requested role attributes
sudo_user: postgres
sudo: True
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- "'super:f' in result.stdout_lines[-2]"
- "'createrole:f' in result.stdout_lines[-2]"
- "'create:f' in result.stdout_lines[-2]"
- "'inherit:f' in result.stdout_lines[-2]"
- "'login:f' in result.stdout_lines[-2]"
- name: Modify a single role attribute on a user
sudo_user: postgres
sudo: True
postgresql_user:
name: "{{ db_user1 }}"
state: "present"
role_attr_flags: "LOGIN"
register: result
- name: Check that ansible reports it modified the role
assert:
that:
- "result.changed == True"
- name: Check that the user has the requested role attributes
sudo_user: postgres
sudo: True
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- "'super:f' in result.stdout_lines[-2]"
- "'createrole:f' in result.stdout_lines[-2]"
- "'create:f' in result.stdout_lines[-2]"
- "'inherit:f' in result.stdout_lines[-2]"
- "'login:t' in result.stdout_lines[-2]"
- name: Cleanup the user
sudo_user: postgres
sudo: True
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
- name: Check that they were removed
sudo_user: postgres
sudo: True
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
### TODO: test expires, fail_on_user
#
# Test db ownership
#
- name: Create an unprivileged user to own a DB
sudo_user: postgres
sudo: True
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
- name: Create db with user ownership
sudo_user: postgres
sudo: True
postgresql_db:
name: "{{ db_name }}"
state: "present"
owner: "{{ db_user1 }}"
- name: Check that the user owns the newly created DB
sudo_user: postgres
sudo: True
shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- "'{{ db_user1 }}' == '{{ result.stdout_lines[-2] | trim }}'"
- name: Change the owner on an existing db
sudo_user: postgres
sudo: True
postgresql_db:
name: "{{ db_name }}"
state: "present"
owner: "postgres"
register: result
- name: assert that ansible says it changed the db
assert:
that:
- "result.changed == True"
- name: Check that the user owns the newly created DB
sudo_user: postgres
sudo: True
shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- "'postgres' == '{{ result.stdout_lines[-2] | trim }}'"
- name: Cleanup db
sudo_user: postgres
sudo: True
postgresql_db:
name: "{{ db_name }}"
state: "absent"
- name: Check that database was destroyed
sudo_user: postgres
sudo: True
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Cleanup test user
sudo_user: postgres
sudo: True
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
- name: Check that they were removed
sudo_user: postgres
sudo: True
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
#
# Test settings privleges
#
- name: Create db
sudo_user: postgres
sudo: True
postgresql_db:
name: "{{ db_name }}"
state: "present"
- name: Create some tables on the db
sudo_user: postgres
sudo: True
shell: echo "create table test_table1 (field text);" | psql {{ db_name }}
- sudo_user: postgres
sudo: True
shell: echo "create table test_table2 (field text);" | psql {{ db_name }}
- name: Create a user with some permissions on the db
sudo_user: postgres
sudo: True
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
db: "{{ db_name }}"
priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP'
- name: Check that the user has the requested permissions (table1)
sudo_user: postgres
sudo: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
register: result_table1
- name: Check that the user has the requested permissions (table2)
sudo_user: postgres
sudo: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- name: Check that the user has the requested permissions (database)
sudo_user: postgres
sudo: True
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
register: result_database
- assert:
that:
- "result_table1.stdout_lines[-1] == '(7 rows)'"
- "'INSERT' in result_table1.stdout"
- "'SELECT' in result_table1.stdout"
- "'UPDATE' in result_table1.stdout"
- "'DELETE' in result_table1.stdout"
- "'TRUNCATE' in result_table1.stdout"
- "'REFERENCES' in result_table1.stdout"
- "'TRIGGER' in result_table1.stdout"
- "result_table2.stdout_lines[-1] == '(1 row)'"
- "'INSERT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
- "result_database.stdout_lines[-1] == '(1 row)'"
- "'{{ db_user1 }}=CTc/postgres' in result_database.stdout_lines[-2]"
- name: Add another permission for the user
sudo_user: postgres
sudo: True
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
db: "{{ db_name }}"
priv: 'test_table2:select'
register: results
- name: Check that ansible reports it changed the user
assert:
that:
- "results.changed == True"
- name: Check that the user has the requested permissions (table2)
sudo_user: postgres
sudo: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- assert:
that:
- "result_table2.stdout_lines[-1] == '(2 rows)'"
- "'INSERT' in result_table2.stdout"
- "'SELECT' in result_table2.stdout"
#
# Test priv setting via postgresql_privs module
# (Depends on state from previous _user privs tests)
#
- name: Revoke a privilege
sudo_user: postgres
sudo: True
postgresql_privs:
type: "table"
state: "absent"
roles: "{{ db_user1 }}"
privs: "INSERT"
objs: "test_table2"
db: "{{ db_name }}"
register: results
- name: Check that ansible reports it changed the user
assert:
that:
- "results.changed == True"
- name: Check that the user has the requested permissions (table2)
sudo_user: postgres
sudo: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- assert:
that:
- "result_table2.stdout_lines[-1] == '(1 row)'"
- "'SELECT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
- name: Revoke many privileges on multiple tables
sudo_user: postgres
sudo: True
postgresql_privs:
state: "absent"
roles: "{{ db_user1 }}"
privs: "INSERT,select,UPDATE,TRUNCATE,REFERENCES,TRIGGER,delete"
objs: "test_table2,test_table1"
db: "{{ db_name }}"
register: results
- name: Check that ansible reports it changed the user
assert:
that:
- "results.changed == True"
- name: Check that permissions were revoked (table1)
sudo_user: postgres
sudo: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
register: result_table1
- name: Check that permissions were revoked (table2)
sudo_user: postgres
sudo: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- assert:
that:
- "result_table1.stdout_lines[-1] == '(0 rows)'"
- "result_table2.stdout_lines[-1] == '(0 rows)'"
- name: Revoke database privileges
sudo_user: postgres
sudo: True
postgresql_privs:
type: "database"
state: "absent"
roles: "{{ db_user1 }}"
privs: "Create,connect,TEMP"
objs: "{{ db_name }}"
db: "{{ db_name }}"
- name: Check that the user has the requested permissions (database)
sudo_user: postgres
sudo: True
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
register: result_database
- assert:
that:
- "result_database.stdout_lines[-1] == '(1 row)'"
- "'{{ db_user1 }}' not in result_database.stdout"
- name: Grant database privileges
sudo_user: postgres
sudo: True
postgresql_privs:
type: "database"
state: "present"
roles: "{{ db_user1 }}"
privs: "CREATE,connect"
objs: "{{ db_name }}"
db: "{{ db_name }}"
register: results
- name: Check that ansible reports it changed the user
assert:
that:
- "results.changed == True"
- name: Check that the user has the requested permissions (database)
sudo_user: postgres
sudo: True
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
register: result_database
- assert:
that:
- "result_database.stdout_lines[-1] == '(1 row)'"
- "'{{ db_user1 }}=Cc' in result_database.stdout"
- name: Grant a single privilege on a table
sudo_user: postgres
sudo: True
postgresql_privs:
state: "present"
roles: "{{ db_user1 }}"
privs: "INSERT"
objs: "test_table1"
db: "{{ db_name }}"
- name: Check that permissions were added (table1)
sudo_user: postgres
sudo: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
register: result_table1
- assert:
that:
- "result_table1.stdout_lines[-1] == '(1 row)'"
- "'{{ result_table1.stdout_lines[-2] | trim }}' == 'INSERT'"
- name: Grant many privileges on multiple tables
sudo_user: postgres
sudo: True
postgresql_privs:
state: "present"
roles: "{{ db_user1 }}"
privs: 'INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,trigger'
objs: "test_table2,test_table1"
db: "{{ db_name }}"
- name: Check that permissions were added (table1)
sudo_user: postgres
sudo: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
register: result_table1
- name: Check that permissions were added (table2)
sudo_user: postgres
sudo: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- assert:
that:
- "result_table1.stdout_lines[-1] == '(7 rows)'"
- "'INSERT' in result_table1.stdout"
- "'SELECT' in result_table1.stdout"
- "'UPDATE' in result_table1.stdout"
- "'DELETE' in result_table1.stdout"
- "'TRUNCATE' in result_table1.stdout"
- "'REFERENCES' in result_table1.stdout"
- "'TRIGGER' in result_table1.stdout"
- "result_table2.stdout_lines[-1] == '(7 rows)'"
- "'INSERT' in result_table2.stdout"
- "'SELECT' in result_table2.stdout"
- "'UPDATE' in result_table2.stdout"
- "'DELETE' in result_table2.stdout"
- "'TRUNCATE' in result_table2.stdout"
- "'REFERENCES' in result_table2.stdout"
- "'TRIGGER' in result_table2.stdout"
#
# Cleanup
#
- name: Cleanup db
sudo_user: postgres
sudo: True
postgresql_db:
name: "{{ db_name }}"
state: "absent"
- name: Check that database was destroyed
sudo_user: postgres
sudo: True
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Cleanup test user
sudo_user: postgres
sudo: True
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
- name: Check that they were removed
sudo_user: postgres
sudo: True
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
#
# Test login_user functionality
#
- name: Create a user to test login module parameters
sudo: True
sudo_user: postgres
postgresql_user:
name: "{{ db_user1 }}"
state: "present"
encrypted: 'no'
password: "password"
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
- name: Create db
postgresql_db:
name: "{{ db_name }}"
state: "present"
login_user: "{{ db_user1 }}"
login_password: "password"
login_host: "localhost"
- name: Check that database created
sudo: True
sudo_user: postgres
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- name: Create a user
postgresql_user:
name: "{{ db_user2 }}"
state: "present"
encrypted: 'yes'
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
db: "{{ db_name }}"
login_user: "{{ db_user1 }}"
login_password: "password"
login_host: "localhost"
- name: Check that they were created
sudo: True
sudo_user: postgres
shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- name: Grant database privileges
postgresql_privs:
type: "database"
state: "present"
roles: "{{ db_user2 }}"
privs: "CREATE,connect"
objs: "{{ db_name }}"
db: "{{ db_name }}"
login: "{{ db_user1 }}"
password: "password"
host: "localhost"
- name: Check that the user has the requested permissions (database)
sudo: True
sudo_user: postgres
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
register: result_database
- assert:
that:
- "result_database.stdout_lines[-1] == '(1 row)'"
- "'{{ db_user2 }}=Cc' in result_database.stdout"
- name: Remove user
postgresql_user:
name: "{{ db_user2 }}"
state: 'absent'
priv: "ALL"
db: "{{ db_name }}"
login_user: "{{ db_user1 }}"
login_password: "password"
login_host: "localhost"
- name: Check that they were removed
sudo: True
sudo_user: postgres
shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Destroy DB
postgresql_db:
state: absent
name: "{{ db_name }}"
login_user: "{{ db_user1 }}"
login_password: "password"
login_host: "localhost"
- name: Check that database was destroyed
sudo: True
sudo_user: postgres
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
#
# Cleanup
#
- name: Cleanup test user
sudo: True
sudo_user: postgres
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
- name: Check that they were removed
sudo: True
sudo_user: postgres
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
Write Preview
Loading…
Cancel
Save