diff --git a/changelogs/fragments/65862-postgresql_modules_use_query_params_with_cursor.yml b/changelogs/fragments/65862-postgresql_modules_use_query_params_with_cursor.yml new file mode 100644 index 00000000000..1a1b69c7ca4 --- /dev/null +++ b/changelogs/fragments/65862-postgresql_modules_use_query_params_with_cursor.yml @@ -0,0 +1,4 @@ +bugfixes: +- postgresql_table - use query parameters with cursor object (https://github.com/ansible/ansible/pull/65862). +- postgresql_tablespace - use query parameters with cursor object (https://github.com/ansible/ansible/pull/65862). +- postgresql_user - use query parameters with cursor object (https://github.com/ansible/ansible/pull/65862). diff --git a/lib/ansible/modules/database/postgresql/postgresql_table.py b/lib/ansible/modules/database/postgresql/postgresql_table.py index 75b5d3bb4a9..02d5538db6a 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_table.py +++ b/lib/ansible/modules/database/postgresql/postgresql_table.py @@ -288,9 +288,10 @@ class Table(object): "FROM pg_tables AS t " "INNER JOIN pg_class AS c ON c.relname = t.tablename " "INNER JOIN pg_namespace AS n ON c.relnamespace = n.oid " - "WHERE t.tablename = '%s' " - "AND n.nspname = '%s'" % (tblname, schema)) - res = exec_sql(self, query, add_to_executed=False) + "WHERE t.tablename = %(tblname)s " + "AND n.nspname = %(schema)s") + res = exec_sql(self, query, query_params={'tblname': tblname, 'schema': schema}, + add_to_executed=False) if res: self.exists = True self.info = dict( diff --git a/lib/ansible/modules/database/postgresql/postgresql_tablespace.py b/lib/ansible/modules/database/postgresql/postgresql_tablespace.py index b1baf2d534e..f643c941515 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_tablespace.py +++ b/lib/ansible/modules/database/postgresql/postgresql_tablespace.py @@ -248,16 +248,15 @@ class PgTablespace(object): query = ("SELECT r.rolname, (SELECT Null), %s " "FROM pg_catalog.pg_tablespace AS t " "JOIN pg_catalog.pg_roles AS r " - "ON t.spcowner = r.oid " - "WHERE t.spcname = '%s'" % (location, self.name)) + "ON t.spcowner = r.oid " % location) else: query = ("SELECT r.rolname, t.spcoptions, %s " "FROM pg_catalog.pg_tablespace AS t " "JOIN pg_catalog.pg_roles AS r " - "ON t.spcowner = r.oid " - "WHERE t.spcname = '%s'" % (location, self.name)) + "ON t.spcowner = r.oid " % location) - res = exec_sql(self, query, add_to_executed=False) + res = exec_sql(self, query + "WHERE t.spcname = %(name)s", + query_params={'name': self.name}, add_to_executed=False) if not res: self.exists = False diff --git a/lib/ansible/modules/database/postgresql/postgresql_user.py b/lib/ansible/modules/database/postgresql/postgresql_user.py index 28d9d3c34a8..29e35356c50 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_user.py +++ b/lib/ansible/modules/database/postgresql/postgresql_user.py @@ -541,8 +541,8 @@ def get_table_privileges(cursor, user, table): else: schema = 'public' query = ("SELECT privilege_type FROM information_schema.role_table_grants " - "WHERE grantee='%s' AND table_name='%s' AND table_schema='%s'" % (user, table, schema)) - cursor.execute(query) + "WHERE grantee=%(user)s AND table_name=%(table)s AND table_schema=%(schema)s") + cursor.execute(query, {'user': user, 'table': table, 'schema': schema}) return frozenset([x[0] for x in cursor.fetchall()])