@ -1,43 +1,58 @@
---
# Setup
######################################################
# Test foreign data wrapper and foreign server privs #
######################################################
- name : Create DB
- name : Create DB
become_user : "{{ pg_user }}"
become_user : "{{ pg_user }}"
become : True
become : yes
postgresql_db:
postgresql_db:
state : present
state : present
name : "{{ db_name }}"
name : "{{ db_name }}"
login_user : "{{ pg_user }}"
login_user : "{{ pg_user }}"
register : result
- name : Create test role
- name : Create a user to be owner of objects
become : True
postgresql_user:
become_user : "{{ pg_user }}"
name : "{{ db_user3 }}"
shell : echo "CREATE ROLE fdw_test" | psql -d "{{ db_name }}"
state : present
encrypted : yes
password : password
role_attr_flags : CREATEDB,LOGIN
db : "{{ db_name }}"
login_user : "{{ pg_user }}"
- name : Create a user to be given permissions and other tests
postgresql_user:
name : "{{ db_user2 }}"
state : present
encrypted : yes
password : password
role_attr_flags : LOGIN
db : "{{ db_name }}"
login_user : "{{ pg_user }}"
######################################################
# Test foreign data wrapper and foreign server privs #
######################################################
- name : Create fdw extension
# Foreign data wrapper setup
become : True
- name : Create foreign data wrapper extension
become : yes
become_user : "{{ pg_user }}"
become_user : "{{ pg_user }}"
shell : echo "CREATE EXTENSION postgres_fdw" | psql -d "{{ db_name }}"
shell : echo "CREATE EXTENSION postgres_fdw" | psql -d "{{ db_name }}"
- name : Create foreign data wrapper
- name : Create dummy foreign data wrapper
become : True
become : yes
become_user : "{{ pg_user }}"
become_user : "{{ pg_user }}"
shell : echo "CREATE FOREIGN DATA WRAPPER dummy" | psql -d "{{ db_name }}"
shell : echo "CREATE FOREIGN DATA WRAPPER dummy" | psql -d "{{ db_name }}"
- name : Create foreign server
- name : Create foreign server
become : True
become : yes
become_user : "{{ pg_user }}"
become_user : "{{ pg_user }}"
shell : echo "CREATE SERVER dummy_server FOREIGN DATA WRAPPER dummy" | psql -d "{{ db_name }}"
shell : echo "CREATE SERVER dummy_server FOREIGN DATA WRAPPER dummy" | psql -d "{{ db_name }}"
# Test
- name : Grant foreign data wrapper privileges
- name : Grant foreign data wrapper privileges
postgresql_privs:
postgresql_privs:
state : present
state : present
type : foreign_data_wrapper
type : foreign_data_wrapper
roles : fdw_test
roles : "{{ db_user2 }}"
privs : ALL
privs : ALL
objs : dummy
objs : dummy
db : "{{ db_name }}"
db : "{{ db_name }}"
@ -45,12 +60,13 @@
register : result
register : result
ignore_errors : yes
ignore_errors : yes
# Checks
- assert:
- assert:
that:
that:
- "result.changed == true"
- "result.changed == true"
- name : Get foreign data wrapper privileges
- name : Get foreign data wrapper privileges
become : True
become : yes
become_user : "{{ pg_user }}"
become_user : "{{ pg_user }}"
shell : echo "{{ fdw_query }}" | psql -d "{{ db_name }}"
shell : echo "{{ fdw_query }}" | psql -d "{{ db_name }}"
vars:
vars:
@ -62,13 +78,14 @@
- assert:
- assert:
that:
that:
- "fdw_result.stdout_lines[-1] == '(1 row)'"
- "fdw_result.stdout_lines[-1] == '(1 row)'"
- "' fdw_test ' in fdw_result.stdout_lines[-2]"
- "' {{ db_user2 }} ' in fdw_result.stdout_lines[-2]"
# Test
- name : Grant foreign data wrapper privileges second time
- name : Grant foreign data wrapper privileges second time
postgresql_privs:
postgresql_privs:
state : present
state : present
type : foreign_data_wrapper
type : foreign_data_wrapper
roles : fdw_test
roles : "{{ db_user2 }}"
privs : ALL
privs : ALL
objs : dummy
objs : dummy
db : "{{ db_name }}"
db : "{{ db_name }}"
@ -76,15 +93,17 @@
register : result
register : result
ignore_errors : yes
ignore_errors : yes
# Checks
- assert:
- assert:
that:
that:
- "result.changed == false"
- "result.changed == false"
# Test
- name : Revoke foreign data wrapper privileges
- name : Revoke foreign data wrapper privileges
postgresql_privs:
postgresql_privs:
state : absent
state : absent
type : foreign_data_wrapper
type : foreign_data_wrapper
roles : fdw_test
roles : "{{ db_user2 }}"
privs : ALL
privs : ALL
objs : dummy
objs : dummy
db : "{{ db_name }}"
db : "{{ db_name }}"
@ -92,12 +111,13 @@
register : result
register : result
ignore_errors : yes
ignore_errors : yes
# Checks
- assert:
- assert:
that:
that:
- "result.changed == true"
- "result.changed == true"
- name : Get foreign data wrapper privileges
- name : Get foreign data wrapper privileges
become : True
become : yes
become_user : "{{ pg_user }}"
become_user : "{{ pg_user }}"
shell : echo "{{ fdw_query }}" | psql -d "{{ db_name }}"
shell : echo "{{ fdw_query }}" | psql -d "{{ db_name }}"
vars:
vars:
@ -109,13 +129,14 @@
- assert:
- assert:
that:
that:
- "fdw_result.stdout_lines[-1] == '(1 row)'"
- "fdw_result.stdout_lines[-1] == '(1 row)'"
- "' fdw_test ' not in fdw_result.stdout_lines[-2]"
- "' {{ db_user2 }} ' not in fdw_result.stdout_lines[-2]"
# Test
- name : Revoke foreign data wrapper privileges for second time
- name : Revoke foreign data wrapper privileges for second time
postgresql_privs:
postgresql_privs:
state : absent
state : absent
type : foreign_data_wrapper
type : foreign_data_wrapper
roles : fdw_test
roles : "{{ db_user2 }}"
privs : ALL
privs : ALL
objs : dummy
objs : dummy
db : "{{ db_name }}"
db : "{{ db_name }}"
@ -123,15 +144,17 @@
register : result
register : result
ignore_errors : yes
ignore_errors : yes
# Checks
- assert:
- assert:
that:
that:
- "result.changed == false"
- "result.changed == false"
# Test
- name : Grant foreign server privileges
- name : Grant foreign server privileges
postgresql_privs:
postgresql_privs:
state : present
state : present
type : foreign_server
type : foreign_server
roles : fdw_test
roles : "{{ db_user2 }}"
privs : ALL
privs : ALL
objs : dummy_server
objs : dummy_server
db : "{{ db_name }}"
db : "{{ db_name }}"
@ -139,12 +162,13 @@
register : result
register : result
ignore_errors : yes
ignore_errors : yes
# Checks
- assert:
- assert:
that:
that:
- "result.changed == true"
- "result.changed == true"
- name : Get foreign server privileges
- name : Get foreign server privileges
become : True
become : yes
become_user : "{{ pg_user }}"
become_user : "{{ pg_user }}"
shell : echo "{{ fdw_query }}" | psql -d "{{ db_name }}"
shell : echo "{{ fdw_query }}" | psql -d "{{ db_name }}"
vars:
vars:
@ -156,13 +180,14 @@
- assert:
- assert:
that:
that:
- "fs_result.stdout_lines[-1] == '(1 row)'"
- "fs_result.stdout_lines[-1] == '(1 row)'"
- "' fdw_test ' in fs_result.stdout_lines[-2]"
- "' {{ db_user2 }} ' in fs_result.stdout_lines[-2]"
# Test
- name : Grant foreign server privileges for second time
- name : Grant foreign server privileges for second time
postgresql_privs:
postgresql_privs:
state : present
state : present
type : foreign_server
type : foreign_server
roles : fdw_test
roles : "{{ db_user2 }}"
privs : ALL
privs : ALL
objs : dummy_server
objs : dummy_server
db : "{{ db_name }}"
db : "{{ db_name }}"
@ -170,15 +195,17 @@
register : result
register : result
ignore_errors : yes
ignore_errors : yes
# Checks
- assert:
- assert:
that:
that:
- "result.changed == false"
- "result.changed == false"
# Test
- name : Revoke foreign server privileges
- name : Revoke foreign server privileges
postgresql_privs:
postgresql_privs:
state : absent
state : absent
type : foreign_server
type : foreign_server
roles : fdw_test
roles : "{{ db_user2 }}"
privs : ALL
privs : ALL
objs : dummy_server
objs : dummy_server
db : "{{ db_name }}"
db : "{{ db_name }}"
@ -186,12 +213,13 @@
register : result
register : result
ignore_errors : yes
ignore_errors : yes
# Checks
- assert:
- assert:
that:
that:
- "result.changed == true"
- "result.changed == true"
- name : Get foreign server privileges
- name : Get foreign server privileges
become : True
become : yes
become_user : "{{ pg_user }}"
become_user : "{{ pg_user }}"
shell : echo "{{ fdw_query }}" | psql -d "{{ db_name }}"
shell : echo "{{ fdw_query }}" | psql -d "{{ db_name }}"
vars:
vars:
@ -203,13 +231,14 @@
- assert:
- assert:
that:
that:
- "fs_result.stdout_lines[-1] == '(1 row)'"
- "fs_result.stdout_lines[-1] == '(1 row)'"
- "' fdw_test ' not in fs_result.stdout_lines[-2]"
- "' {{ db_user2 }} ' not in fs_result.stdout_lines[-2]"
# Test
- name : Revoke foreign server privileges for second time
- name : Revoke foreign server privileges for second time
postgresql_privs:
postgresql_privs:
state : absent
state : absent
type : foreign_server
type : foreign_server
roles : fdw_test
roles : "{{ db_user2 }}"
privs : ALL
privs : ALL
objs : dummy_server
objs : dummy_server
db : "{{ db_name }}"
db : "{{ db_name }}"
@ -217,22 +246,149 @@
register : result
register : result
ignore_errors : yes
ignore_errors : yes
# Checks
- assert:
- assert:
that:
that:
- "result.changed == false"
- "result.changed == false"
- name : Cleanup
# Foreign data wrapper cleanup
become : True
- name : Drop foreign server
become : yes
become_user : "{{ pg_user }}"
become_user : "{{ pg_user }}"
shell : echo "{{ item }}" | psql -d "{{ db_name }}"
shell : echo "DROP SERVER dummy_server" | psql -d "{{ db_name }}"
with_items:
- DROP ROLE fdw_test
- name : Drop dummy foreign data wrapper
- DROP FOREIGN DATA WRAPPER dummy
become : yes
- DROP SERVER dummy_server
become_user : "{{ pg_user }}"
shell : echo "DROP FOREIGN DATA WRAPPER dummy" | psql -d "{{ db_name }}"
- name : Drop foreign data wrapper extension
become : yes
become_user : "{{ pg_user }}"
shell : echo "DROP EXTENSION postgres_fdw" | psql -d "{{ db_name }}"
##########################################
# Test ALL_IN_SCHEMA for 'function' type #
##########################################
# Function ALL_IN_SCHEMA Setup
- name : Create function for test
postgresql_query:
query : CREATE FUNCTION public.a() RETURNS integer LANGUAGE SQL AS 'SELECT 2';
db : "{{ db_name }}"
login_user : "{{ db_user3 }}"
login_password : password
# Test
- name : Grant execute to all functions
postgresql_privs:
type : function
state : present
privs : EXECUTE
roles : "{{ db_user2 }}"
objs : ALL_IN_SCHEMA
schema : public
db : "{{ db_name }}"
login_user : "{{ db_user3 }}"
login_password : password
register : result
ignore_errors : yes
# Checks
- assert:
that : result.changed == true
- name : Check that all functions have execute privileges
become : yes
become_user : "{{ pg_user }}"
shell : psql {{ db_name }} -c "SELECT proacl FROM pg_proc WHERE proname = 'a'" -t
register : result
- assert:
that : "'{{ db_user2 }}=X/{{ db_user3 }}' in '{{ result.stdout_lines[0] }}'"
# Test
- name : Grant execute to all functions again
postgresql_privs:
type : function
state : present
privs : EXECUTE
roles : "{{ db_user2 }}"
objs : ALL_IN_SCHEMA
schema : public
db : "{{ db_name }}"
login_user : "{{ db_user3 }}"
login_password : password
register : result
ignore_errors : yes
# Checks
- assert:
that : result.changed == false
# Test
- name : Revoke execute to all functions
postgresql_privs:
type : function
state : absent
privs : EXECUTE
roles : "{{ db_user2 }}"
objs : ALL_IN_SCHEMA
schema : public
db : "{{ db_name }}"
login_user : "{{ db_user3 }}"
login_password : password
register : result
ignore_errors : yes
# Checks
- assert:
that : result.changed == true
# Test
- name : Revoke execute to all functions again
postgresql_privs:
type : function
state : absent
privs : EXECUTE
roles : "{{ db_user2 }}"
objs : ALL_IN_SCHEMA
schema : public
db : "{{ db_name }}"
login_user : "{{ db_user3 }}"
login_password : password
register : result
ignore_errors : yes
- assert:
that : result.changed == false
# Function ALL_IN_SCHEMA cleanup
- name : Remove function for test
postgresql_query:
query : DROP FUNCTION public.a();
db : "{{ db_name }}"
login_user : "{{ db_user3 }}"
login_password : password
# Cleanup
- name : Remove user given permissions
postgresql_user:
name : "{{ db_user2 }}"
state : absent
db : "{{ db_name }}"
login_user : "{{ pg_user }}"
- name : Remove user owner of objects
postgresql_user:
name : "{{ db_user3 }}"
state : absent
db : "{{ db_name }}"
login_user : "{{ pg_user }}"
- name : Destroy DB
- name : Destroy DB
become_user : "{{ pg_user }}"
become_user : "{{ pg_user }}"
become : True
become : yes
postgresql_db:
postgresql_db:
state : absent
state : absent
name : "{{ db_name }}"
name : "{{ db_name }}"