@ -3,12 +3,6 @@
become_user : "{{ pg_user }}"
become_user : "{{ pg_user }}"
become : True
become : True
register : result
register : result
task_parameters_readonly : &task_parameters_readonly
become_user : "{{ pg_user }}"
become : True
register : result
environment:
PGOPTIONS : '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
postgresql_parameters : ¶meters
postgresql_parameters : ¶meters
db : postgres
db : postgres
name : "{{ db_user1 }}"
name : "{{ db_user1 }}"
@ -16,11 +10,14 @@
block : # block is only used here in order to be able to define YAML anchors at the beginning in 'vars' section
block : # block is only used here in order to be able to define YAML anchors at the beginning in 'vars' section
- name : 'Check that PGOPTIONS environment variable is effective (1/2)'
- name : 'Check that PGOPTIONS environment variable is effective (1/2)'
<< : *task_parameters _readonly
<< : *task_parameters
postgresql_user:
postgresql_user:
<< : *parameters
<< : *parameters
password : '{{ db_password1 }}'
password : '{{ db_password1 }}'
ignore_errors : true
ignore_errors : true
environment:
PGCLIENTENCODING : 'UTF8'
PGOPTIONS : '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- name : 'Check that PGOPTIONS environment variable is effective (2/2)'
- name : 'Check that PGOPTIONS environment variable is effective (2/2)'
assert:
assert:
@ -33,6 +30,8 @@
<< : *parameters
<< : *parameters
password : '{{ db_password1 }}'
password : '{{ db_password1 }}'
encrypted : '{{ encrypted }}'
encrypted : '{{ encrypted }}'
environment:
PGCLIENTENCODING : 'UTF8'
- block : &changed # block is only used here in order to be able to define YAML anchor
- block : &changed # block is only used here in order to be able to define YAML anchor
- name : Check that ansible reports it was created
- name : Check that ansible reports it was created
@ -49,11 +48,14 @@
- "result.stdout_lines[-1] == '(1 row)'"
- "result.stdout_lines[-1] == '(1 row)'"
- name : Check that creating user a second time does nothing
- name : Check that creating user a second time does nothing
<< : *task_parameters _readonly
<< : *task_parameters
postgresql_user:
postgresql_user:
<< : *parameters
<< : *parameters
password : '{{ db_password1 }}'
password : '{{ db_password1 }}'
encrypted : '{{ encrypted }}'
encrypted : '{{ encrypted }}'
environment:
PGCLIENTENCODING : 'UTF8'
PGOPTIONS : '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- block : ¬_changed # block is only used here in order to be able to define YAML anchor
- block : ¬_changed # block is only used here in order to be able to define YAML anchor
- name : Check that ansible reports no change
- name : Check that ansible reports no change
@ -64,29 +66,36 @@
- block:
- block:
- name: 'Using MD5-hashed password : check that password not changed when using cleartext password'
- name: 'Using MD5-hashed password : check that password not changed when using cleartext password'
<< : *task_parameters _readonly
<< : *task_parameters
postgresql_user:
postgresql_user:
<< : *parameters
<< : *parameters
password : '{{ db_password1 }}'
password : '{{ db_password1 }}'
encrypted : 'yes'
encrypted : 'yes'
environment:
# PGCLIENTENCODING: 'UTF8'
PGOPTIONS : '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- << : *not_changed
- << : *not_changed
- name : "Using MD5-hashed password: check that password not changed when using md5 hash with 'ENCRYPTED'"
- name : "Using MD5-hashed password: check that password not changed when using md5 hash with 'ENCRYPTED'"
<< : *task_parameters _readonly
<< : *task_parameters
postgresql_user:
postgresql_user:
<< : *parameters
<< : *parameters
password : "md5{{ (db_password1 ~ db_user1) | hash('md5')}}"
password : "md5{{ (db_password1 ~ db_user1) | hash('md5')}}"
encrypted : 'yes'
encrypted : 'yes'
environment:
PGOPTIONS : '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- << : *not_changed
- << : *not_changed
- name : "Using MD5-hashed password: check that password not changed when using md5 hash with 'UNENCRYPTED'"
- name : "Using MD5-hashed password: check that password not changed when using md5 hash with 'UNENCRYPTED'"
<< : *task_parameters _readonly
<< : *task_parameters
postgresql_user:
postgresql_user:
<< : *parameters
<< : *parameters
password : "md5{{ (db_password1 ~ db_user1) | hash('md5')}}"
password : "md5{{ (db_password1 ~ db_user1) | hash('md5')}}"
encrypted : 'no'
encrypted : 'no'
environment:
PGOPTIONS : '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- << : *not_changed
- << : *not_changed
@ -96,6 +105,8 @@
<< : *parameters
<< : *parameters
password : 'prefix{{ db_password1 }}'
password : 'prefix{{ db_password1 }}'
encrypted : 'yes'
encrypted : 'yes'
environment:
PGCLIENTENCODING : 'UTF8'
- << : *changed
- << : *changed
@ -122,11 +133,14 @@
- block:
- block:
- name: 'Using cleartext password : check that password not changed when using cleartext password'
- name: 'Using cleartext password : check that password not changed when using cleartext password'
<< : *task_parameters _readonly
<< : *task_parameters
postgresql_user:
postgresql_user:
<< : *parameters
<< : *parameters
password : "{{ db_password1 }}"
password : "{{ db_password1 }}"
encrypted : 'no'
encrypted : 'no'
environment:
PGCLIENTENCODING : 'UTF8'
PGOPTIONS : '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- << : *not_changed
- << : *not_changed
@ -136,6 +150,8 @@
<< : *parameters
<< : *parameters
password : "changed{{ db_password1 }}"
password : "changed{{ db_password1 }}"
encrypted : 'no'
encrypted : 'no'
environment:
PGCLIENTENCODING : 'UTF8'
- << : *changed
- << : *changed
@ -150,17 +166,21 @@
- << : *changed
- << : *changed
- name : Check that they were removed
- name : Check that they were removed
<< : *task_parameters _readonly
<< : *task_parameters
shell : echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
shell : echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
environment:
PGOPTIONS : '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- assert:
- assert:
that:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- "result.stdout_lines[-1] == '(0 rows)'"
- name : Check that removing user a second time does nothing
- name : Check that removing user a second time does nothing
<< : *task_parameters _readonly
<< : *task_parameters
postgresql_user:
postgresql_user:
state : 'absent'
state : 'absent'
<< : *parameters
<< : *parameters
environment:
PGOPTIONS : '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- << : *not_changed
- << : *not_changed