archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

postgresql_user: add tests with hashed password

Browse Source
pull/24680/head
Pierre-Louis Bonicoli 8 years ago committed by Toshio Kuratomi
parent 69edd9e0bb
commit ce856c2123
2 changed files with 174 additions and 82 deletions
Show Stats Download Patch File Download Diff File

90
test/integration/targets/postgresql/tasks/main.yml
Unescape Escape View File

@ -186,87 +186,13 @@
#
# Create and destroy user
#
- name: Create a user
become_user: "{{ pg_user }}"
become: True
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
login_user: "{{ pg_user }}"
db: postgres
register: result
- name: Check that ansible reports they were created
assert:
that:
- "result.changed == True"
- name: Check that they were created
become_user: "{{ pg_user }}"
become: True
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- name: Check that creating user a second time does nothing
become_user: "{{ pg_user }}"
become: True
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
login_user: "{{ pg_user }}"
db: postgres
register: result
- name: Check that ansible reports no change
assert:
that:
- "result.changed == False"
- name: Remove user
become_user: "{{ pg_user }}"
become: True
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
login_user: "{{ pg_user }}"
db: postgres
register: result
- name: Check that ansible reports they were removed
assert:
that:
- "result.changed == True"
- name: Check that they were removed
become_user: "{{ pg_user }}"
become: True
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Check that removing user a second time does nothing
become_user: "{{ pg_user }}"
become: True
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
login_user: "{{ pg_user }}"
db: postgres
register: result
- name: Check that ansible reports no change
assert:
that:
- "result.changed == False"
- include: test_user.yml
vars:
encrypted: '{{ item.user_creation_encrypted_value }}'
db_password1: 'secretù' # use UTF-8
with_items:
- user_creation_encrypted_value: 'yes'
- user_creation_encrypted_value: 'no'
# BYPASSRLS role attribute was introduced in Postgres 9.5, so
# we want to test atrribute management differently depending
@ -875,7 +801,7 @@
login_password: "password"
login_host: "localhost"
- name: Check that they were created
- name: Check that it was created
become: True
become_user: "{{ pg_user }}"
shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres

166
test/integration/targets/postgresql/tasks/test_user.yml
Unescape Escape View File

@ -0,0 +1,166 @@
- vars:
task_parameters: &task_parameters
become_user: "{{ pg_user }}"
become: True
register: result
task_parameters_readonly: &task_parameters_readonly
become_user: "{{ pg_user }}"
become: True
register: result
environment:
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
postgresql_parameters: &parameters
db: postgres
name: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
block: # block is only used here in order to be able to define YAML anchors at the beginning in 'vars' section
- name: 'Check that PGOPTIONS environment variable is effective (1/2)'
<<: *task_parameters_readonly
postgresql_user:
<<: *parameters
password: '{{ db_password1 }}'
ignore_errors: true
- name: 'Check that PGOPTIONS environment variable is effective (2/2)'
assert:
that:
- "{{ result|failed }}"
- name: 'Create a user (password encrypted: {{ encrypted }})'
<<: *task_parameters
postgresql_user:
<<: *parameters
password: '{{ db_password1 }}'
encrypted: '{{ encrypted }}'
- block: &changed # block is only used here in order to be able to define YAML anchor
- name: Check that ansible reports it was created
assert:
that:
- "{{ result|changed }}"
- name: Check that it was created
<<: *task_parameters
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- name: Check that creating user a second time does nothing
<<: *task_parameters_readonly
postgresql_user:
<<: *parameters
password: '{{ db_password1 }}'
encrypted: '{{ encrypted }}'
- block: &not_changed # block is only used here in order to be able to define YAML anchor
- name: Check that ansible reports no change
assert:
that:
- "{{ not result|changed }}"
- block:
- name: 'Using MD5-hashed password: check that password not changed when using cleartext password'
<<: *task_parameters_readonly
postgresql_user:
<<: *parameters
password: '{{ db_password1 }}'
encrypted: 'yes'
- <<: *not_changed
- name: "Using MD5-hashed password: check that password not changed when using md5 hash with 'ENCRYPTED'"
<<: *task_parameters_readonly
postgresql_user:
<<: *parameters
password: "md5{{ (db_password1 ~ db_user1) | hash('md5')}}"
encrypted: 'yes'
- <<: *not_changed
- name: "Using MD5-hashed password: check that password not changed when using md5 hash with 'UNENCRYPTED'"
<<: *task_parameters_readonly
postgresql_user:
<<: *parameters
password: "md5{{ (db_password1 ~ db_user1) | hash('md5')}}"
encrypted: 'no'
- <<: *not_changed
- name: 'Using MD5-hashed password: check that password changed when using another cleartext password'
<<: *task_parameters
postgresql_user:
<<: *parameters
password: 'prefix{{ db_password1 }}'
encrypted: 'yes'
- <<: *changed
- name: "Using MD5-hashed password: check that password changed when using another md5 hash with 'ENCRYPTED'"
<<: *task_parameters
postgresql_user:
<<: *parameters
password: "md5{{ ('prefix1' ~ db_password1 ~ db_user1) | hash('md5')}}"
encrypted: 'yes'
- <<: *changed
- name: "Using MD5-hashed password: check that password changed when using md5 hash with 'UNENCRYPTED'"
<<: *task_parameters
postgresql_user:
<<: *parameters
password: "md5{{ ('prefix2' ~ db_password1 ~ db_user1) | hash('md5')}}"
encrypted: 'no'
- <<: *changed
when: encrypted == 'yes'
- block:
- name: 'Using cleartext password: check that password not changed when using cleartext password'
<<: *task_parameters_readonly
postgresql_user:
<<: *parameters
password: "{{ db_password1 }}"
encrypted: 'no'
- <<: *not_changed
- name: 'Using cleartext password: check that password changed when using another cleartext password'
<<: *task_parameters
postgresql_user:
<<: *parameters
password: "changed{{ db_password1 }}"
encrypted: 'no'
- <<: *changed
when: encrypted == 'no'
- name: Remove user
<<: *task_parameters
postgresql_user:
state: 'absent'
<<: *parameters
- <<: *changed
- name: Check that they were removed
<<: *task_parameters_readonly
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Check that removing user a second time does nothing
<<: *task_parameters_readonly
postgresql_user:
state: 'absent'
<<: *parameters
- <<: *not_changed
Write Preview
Loading…
Cancel
Save