mirror of https://github.com/ansible/ansible.git
Remove postgresql_shared integration test (#65133)
Move test tasks into appropriate integration testpull/65191/head
parent
315cc2f3ea
commit
d3f6943446
@ -1,3 +1,2 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
||||
- setup_postgresql_db
|
||||
|
@ -1,3 +1,2 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
||||
|
@ -0,0 +1,80 @@
|
||||
- name: Check that becoming an non-existing user throws an error
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: must_fail
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
|
||||
- name: Create a high privileged user
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ db_session_role1 }}"
|
||||
state: "present"
|
||||
password: "password"
|
||||
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
|
||||
- name: Create a low privileged user using the newly created user
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ db_session_role2 }}"
|
||||
state: "present"
|
||||
password: "password"
|
||||
role_attr_flags: "LOGIN"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
db: postgres
|
||||
|
||||
- name: Create DB as session_role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
register: result
|
||||
|
||||
- name: Check that database created and is owned by correct user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select rolname from pg_database join pg_roles on datdba = pg_roles.oid where datname = '{{ db_session_role1 }}';" | psql -AtXq postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result.stdout_lines[-1] == '{{ db_session_role1 }}'"
|
||||
|
||||
- name: Fail when creating database as low privileged user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_session_role2 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role2 }}"
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
|
||||
- name: Drop test db
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: absent
|
||||
name: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
@ -1,6 +1,2 @@
|
||||
db_name: 'ansible_db'
|
||||
db_user1: 'ansible_db_user1'
|
||||
tmp_dir: '/tmp'
|
||||
|
||||
db_session_role1: 'session_role1'
|
||||
db_session_role2: 'session_role2'
|
@ -1,3 +1,2 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
||||
- setup_postgresql_db
|
||||
|
@ -0,0 +1,112 @@
|
||||
- name: Create a high privileged user
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ db_session_role1 }}"
|
||||
state: "present"
|
||||
password: "password"
|
||||
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
|
||||
- name: Create DB as session_role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
register: result
|
||||
|
||||
- name: Check that pg_extension exists (PostgreSQL >= 9.1)
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select count(*) from pg_class where relname='pg_extension' and relkind='r'" | psql -AtXq postgres
|
||||
register: pg_extension
|
||||
|
||||
- name: Remove plpgsql from testdb using postgresql_ext
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_ext:
|
||||
name: plpgsql
|
||||
db: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
state: absent
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
- name: Fail when trying to create an extension as a mere mortal user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_ext:
|
||||
name: plpgsql
|
||||
db: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role2 }}"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
- name: Install extension as session_role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_ext:
|
||||
name: plpgsql
|
||||
db: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
- name: Check that extension is created and is owned by session_role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select rolname from pg_extension join pg_roles on extowner=pg_roles.oid where extname='plpgsql';" | psql -AtXq "{{ db_session_role1 }}"
|
||||
register: result
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result.stdout_lines[-1] == '{{ db_session_role1 }}'"
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
- name: Remove plpgsql from testdb using postgresql_ext
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_ext:
|
||||
name: plpgsql
|
||||
db: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
state: absent
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
- name: Drop test db
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: absent
|
||||
name: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Drop test users
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ item }}"
|
||||
state: absent
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
with_items:
|
||||
- "{{ db_session_role1 }}"
|
||||
- "{{ db_session_role2 }}"
|
@ -1,3 +1,2 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
||||
- setup_postgresql_db
|
||||
|
@ -1,3 +1,2 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
||||
- setup_postgresql_db
|
||||
|
@ -1,3 +1,2 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
||||
- setup_postgresql_db
|
||||
|
@ -1,3 +1,2 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
||||
- setup_postgresql_db
|
||||
|
@ -1,3 +1,2 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
||||
- setup_postgresql_db
|
||||
|
@ -1,3 +1,2 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
||||
- setup_postgresql_db
|
||||
|
@ -1,3 +1,2 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
||||
- setup_postgresql_db
|
||||
|
@ -1,3 +1,2 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
||||
- setup_postgresql_db
|
||||
|
@ -1,11 +1,14 @@
|
||||
- include_tasks: postgresql_privs_session_role.yml
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
||||
# Initial CI tests of postgresql_privs module:
|
||||
- import_tasks: postgresql_privs_initial.yml
|
||||
- include_tasks: postgresql_privs_initial.yml
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
||||
# General tests:
|
||||
- import_tasks: postgresql_privs_general.yml
|
||||
- include_tasks: postgresql_privs_general.yml
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
||||
# Tests default_privs with target_role:
|
||||
- import_tasks: test_target_role.yml
|
||||
- include_tasks: test_target_role.yml
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
@ -0,0 +1,79 @@
|
||||
- name: Create a high privileged user
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ db_session_role1 }}"
|
||||
state: "present"
|
||||
password: "password"
|
||||
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
|
||||
- name: Create a low privileged user using the newly created user
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ db_session_role2 }}"
|
||||
state: "present"
|
||||
password: "password"
|
||||
role_attr_flags: "LOGIN"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
db: postgres
|
||||
|
||||
- name: Create DB as session_role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
register: result
|
||||
|
||||
- name: Create table to be able to grant privileges
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "CREATE TABLE test(i int); CREATE TABLE test2(i int);" | psql -AtXq "{{ db_session_role1 }}"
|
||||
|
||||
- name: Grant all privileges on test1 table to low privileged user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
db: "{{ db_session_role1 }}"
|
||||
type: table
|
||||
objs: test
|
||||
roles: "{{ db_session_role2 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
privs: select
|
||||
admin_option: yes
|
||||
|
||||
- name: Verify admin option was successful for grants
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
db: "{{ db_session_role1 }}"
|
||||
type: table
|
||||
objs: test
|
||||
roles: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
privs: select
|
||||
session_role: "{{ db_session_role2 }}"
|
||||
|
||||
- name: Verify no grants can be granted for test2 table
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
db: "{{ db_session_role1 }}"
|
||||
type: table
|
||||
objs: test2
|
||||
roles: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
privs: update
|
||||
session_role: "{{ db_session_role2 }}"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
@ -1,3 +1,2 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
||||
- setup_postgresql_db
|
||||
|
@ -1,3 +1,2 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
||||
- setup_postgresql_db
|
||||
|
@ -1,3 +1,2 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
||||
- setup_postgresql_db
|
||||
|
@ -1,2 +1,4 @@
|
||||
- import_tasks: postgresql_schema_session_role.yml
|
||||
|
||||
# Initial CI tests of postgresql_schema module
|
||||
- import_tasks: postgresql_schema_initial.yml
|
||||
|
@ -0,0 +1,78 @@
|
||||
- name: Create a high privileged user
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ db_session_role1 }}"
|
||||
state: "present"
|
||||
password: "password"
|
||||
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
|
||||
- name: Create DB as session_role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
register: result
|
||||
|
||||
- name: Create schema in own database
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_schema:
|
||||
database: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: "{{ db_session_role1 }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
|
||||
- name: Create schema in own database, should be owned by session_role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_schema:
|
||||
database: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: "{{ db_session_role1 }}"
|
||||
owner: "{{ db_session_role1 }}"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
|
||||
- name: Fail when creating schema in postgres database as a regular user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_schema:
|
||||
database: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
name: "{{ db_session_role1 }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
|
||||
- name: Drop test db
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: absent
|
||||
name: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Drop test users
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ item }}"
|
||||
state: absent
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
with_items:
|
||||
- "{{ db_session_role1 }}"
|
||||
- "{{ db_session_role2 }}"
|
@ -1,3 +1,2 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
||||
- setup_postgresql_db
|
||||
|
@ -1,3 +1,2 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
||||
- setup_postgresql_db
|
||||
|
@ -1,24 +0,0 @@
|
||||
destructive
|
||||
shippable/posix/group4
|
||||
postgresql_db
|
||||
postgresql_copy
|
||||
postgresql_ext
|
||||
postgresql_idx
|
||||
postgresql_info
|
||||
postgresql_lang
|
||||
postgresql_membership
|
||||
postgresql_owner
|
||||
postgresql_pg_hba
|
||||
postgresql_ping
|
||||
postgresql_privs
|
||||
postgresql_publication
|
||||
postgresql_query
|
||||
postgresql_schema
|
||||
postgresql_sequence
|
||||
postgresql_set
|
||||
postgresql_shared
|
||||
postgresql_slot
|
||||
postgresql_table
|
||||
postgresql_tablespace
|
||||
postgresql_user
|
||||
skip/osx
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
@ -1,6 +0,0 @@
|
||||
# This test role is for testing general (non-specific) functionality
|
||||
# that's presented in all modules (or in a part of them).
|
||||
# If you want to add tests make a new test file and include here.
|
||||
|
||||
# Verify different session_role scenarios:
|
||||
- import_tasks: session_role.yml
|
@ -1,254 +0,0 @@
|
||||
- name: Check that becoming an non-existing user throws an error
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: must_fail
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
|
||||
- name: Create a high privileged user
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ db_session_role1 }}"
|
||||
state: "present"
|
||||
password: "password"
|
||||
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
|
||||
- name: Create a low privileged user using the newly created user
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ db_session_role2 }}"
|
||||
state: "present"
|
||||
password: "password"
|
||||
role_attr_flags: "LOGIN"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
db: postgres
|
||||
|
||||
- name: Create DB as session_role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
register: result
|
||||
|
||||
- name: Check that database created and is owned by correct user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select rolname from pg_database join pg_roles on datdba = pg_roles.oid where datname = '{{ db_session_role1 }}';" | psql -AtXq postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result.stdout_lines[-1] == '{{ db_session_role1 }}'"
|
||||
|
||||
- name: Fail when creating database as low privileged user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_session_role2 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role2 }}"
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
|
||||
- name: Create schema in own database
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_schema:
|
||||
database: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: "{{ db_session_role1 }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
|
||||
- name: Create schema in own database, should be owned by session_role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_schema:
|
||||
database: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: "{{ db_session_role1 }}"
|
||||
owner: "{{ db_session_role1 }}"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
|
||||
- name: Fail when creating schema in postgres database as a regular user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_schema:
|
||||
database: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
name: "{{ db_session_role1 }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
|
||||
# PostgreSQL introduced extensions in 9.1, some checks are still run against older versions, therefore we need to ensure
|
||||
# we only run these tests against supported PostgreSQL databases
|
||||
|
||||
- name: Check that pg_extension exists (postgresql >= 9.1)
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select count(*) from pg_class where relname='pg_extension' and relkind='r'" | psql -AtXq postgres
|
||||
register: pg_extension
|
||||
|
||||
- name: Remove plpgsql from testdb using postgresql_ext
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_ext:
|
||||
name: plpgsql
|
||||
db: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
state: absent
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
- name: Fail when trying to create an extension as a mere mortal user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_ext:
|
||||
name: plpgsql
|
||||
db: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role2 }}"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
- name: Install extension as session_role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_ext:
|
||||
name: plpgsql
|
||||
db: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
- name: Check that extension is created and is owned by session_role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select rolname from pg_extension join pg_roles on extowner=pg_roles.oid where extname='plpgsql';" | psql -AtXq "{{ db_session_role1 }}"
|
||||
register: result
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result.stdout_lines[-1] == '{{ db_session_role1 }}'"
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
- name: Remove plpgsql from testdb using postgresql_ext
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_ext:
|
||||
name: plpgsql
|
||||
db: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
state: absent
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
# End of postgresql_ext conditional tests against PostgreSQL 9.1+
|
||||
|
||||
- name: Create table to be able to grant privileges
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "CREATE TABLE test(i int); CREATE TABLE test2(i int);" | psql -AtXq "{{ db_session_role1 }}"
|
||||
|
||||
- name: Grant all privileges on test1 table to low privileged user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
db: "{{ db_session_role1 }}"
|
||||
type: table
|
||||
objs: test
|
||||
roles: "{{ db_session_role2 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
privs: select
|
||||
admin_option: yes
|
||||
|
||||
- name: Verify admin option was successful for grants
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
db: "{{ db_session_role1 }}"
|
||||
type: table
|
||||
objs: test
|
||||
roles: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
privs: select
|
||||
session_role: "{{ db_session_role2 }}"
|
||||
|
||||
- name: Verify no grants can be granted for test2 table
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
db: "{{ db_session_role1 }}"
|
||||
type: table
|
||||
objs: test2
|
||||
roles: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
privs: update
|
||||
session_role: "{{ db_session_role2 }}"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
|
||||
- name: Drop test db
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: absent
|
||||
name: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Drop test users
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ item }}"
|
||||
state: absent
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
with_items:
|
||||
- "{{ db_session_role1 }}"
|
||||
- "{{ db_session_role2 }}"
|
@ -1,3 +1,2 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
||||
- setup_postgresql_db
|
||||
|
@ -1,2 +1,2 @@
|
||||
dependencies:
|
||||
- setup_postgresql_replication
|
||||
- setup_postgresql_replication
|
||||
|
@ -1,3 +1,2 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
||||
- setup_postgresql_db
|
||||
|
@ -1,3 +1,2 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
||||
- setup_postgresql_db
|
||||
|
@ -1,3 +1,2 @@
|
||||
---
|
||||
dependencies:
|
||||
- setup_postgresql_db
|
||||
- setup_postgresql_db
|
||||
|
Loading…
Reference in New Issue