archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove postgresql_shared integration test (#65133)

Browse Source 
Move test tasks into appropriate integration test
pull/65191/head
Sam Doran 6 years ago committed by GitHub
parent 315cc2f3ea
commit d3f6943446
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
38 changed files with 398 additions and 338 deletions
Show Stats Download Patch File Download Diff File

1
test/integration/targets/postgresql_copy/meta/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
dependencies: dependencies:
- setup_postgresql_db - setup_postgresql_db

2
test/integration/targets/postgresql_db/defaults/main.yml
Unescape Escape View File

@ -2,3 +2,5 @@ db_name: 'ansible_db'
db_user1: 'ansible.db.user1' db_user1: 'ansible.db.user1'
db_user2: 'ansible.db.user2' db_user2: 'ansible.db.user2'
tmp_dir: '/tmp' tmp_dir: '/tmp'
db_session_role1: 'session_role1'
db_session_role2: 'session_role2'

1
test/integration/targets/postgresql_db/meta/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
dependencies: dependencies:
- setup_postgresql_db - setup_postgresql_db

2
test/integration/targets/postgresql_db/tasks/main.yml
Unescape Escape View File

@ -1,3 +1,5 @@
- import_tasks: postgresql_db_session_role.yml
# Initial tests of postgresql_db module: # Initial tests of postgresql_db module:
- import_tasks: postgresql_db_initial.yml - import_tasks: postgresql_db_initial.yml

80
test/integration/targets/postgresql_db/tasks/postgresql_db_session_role.yml
Unescape Escape View File

@ -0,0 +1,80 @@
- name: Check that becoming an non-existing user throws an error
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: must_fail
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
register: result
ignore_errors: yes
- assert:
that:
- result is failed
- name: Create a high privileged user
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ db_session_role1 }}"
state: "present"
password: "password"
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
login_user: "{{ pg_user }}"
db: postgres
- name: Create a low privileged user using the newly created user
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ db_session_role2 }}"
state: "present"
password: "password"
role_attr_flags: "LOGIN"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
db: postgres
- name: Create DB as session_role
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
register: result
- name: Check that database created and is owned by correct user
become_user: "{{ pg_user }}"
become: yes
shell: echo "select rolname from pg_database join pg_roles on datdba = pg_roles.oid where datname = '{{ db_session_role1 }}';" | psql -AtXq postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '{{ db_session_role1 }}'"
- name: Fail when creating database as low privileged user
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: "{{ db_session_role2 }}"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role2 }}"
register: result
ignore_errors: yes
- assert:
that:
- result is failed
- name: Drop test db
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: absent
name: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"

4
test/integration/targets/postgresql_shared/defaults/main.yml → test/integration/targets/postgresql_ext/defaults/main.yml
Unescape Escape View File

@ -1,6 +1,2 @@
db_name: 'ansible_db'
db_user1: 'ansible_db_user1'
tmp_dir: '/tmp'
db_session_role1: 'session_role1' db_session_role1: 'session_role1'
db_session_role2: 'session_role2' db_session_role2: 'session_role2'

1
test/integration/targets/postgresql_ext/meta/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
dependencies: dependencies:
- setup_postgresql_db - setup_postgresql_db

2
test/integration/targets/postgresql_ext/tasks/main.yml
Unescape Escape View File

@ -1,3 +1,5 @@
- import_tasks: postgresql_ext_session_role.yml
# Initial CI tests of postgresql_ext module. # Initial CI tests of postgresql_ext module.
# pg_extension system view is available from PG 9.1. # pg_extension system view is available from PG 9.1.
# The tests are restricted by Fedora because there will be errors related with # The tests are restricted by Fedora because there will be errors related with

112
test/integration/targets/postgresql_ext/tasks/postgresql_ext_session_role.yml
Unescape Escape View File

@ -0,0 +1,112 @@
- name: Create a high privileged user
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ db_session_role1 }}"
state: "present"
password: "password"
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
login_user: "{{ pg_user }}"
db: postgres
- name: Create DB as session_role
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
register: result
- name: Check that pg_extension exists (PostgreSQL >= 9.1)
become_user: "{{ pg_user }}"
become: yes
shell: echo "select count(*) from pg_class where relname='pg_extension' and relkind='r'" | psql -AtXq postgres
register: pg_extension
- name: Remove plpgsql from testdb using postgresql_ext
become_user: "{{ pg_user }}"
become: yes
postgresql_ext:
name: plpgsql
db: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
state: absent
when:
"pg_extension.stdout_lines[-1] == '1'"
- name: Fail when trying to create an extension as a mere mortal user
become_user: "{{ pg_user }}"
become: yes
postgresql_ext:
name: plpgsql
db: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role2 }}"
ignore_errors: yes
register: result
when:
"pg_extension.stdout_lines[-1] == '1'"
- assert:
that:
- result is failed
when:
"pg_extension.stdout_lines[-1] == '1'"
- name: Install extension as session_role
become_user: "{{ pg_user }}"
become: yes
postgresql_ext:
name: plpgsql
db: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
when:
"pg_extension.stdout_lines[-1] == '1'"
- name: Check that extension is created and is owned by session_role
become_user: "{{ pg_user }}"
become: yes
shell: echo "select rolname from pg_extension join pg_roles on extowner=pg_roles.oid where extname='plpgsql';" | psql -AtXq "{{ db_session_role1 }}"
register: result
when:
"pg_extension.stdout_lines[-1] == '1'"
- assert:
that:
- "result.stdout_lines[-1] == '{{ db_session_role1 }}'"
when:
"pg_extension.stdout_lines[-1] == '1'"
- name: Remove plpgsql from testdb using postgresql_ext
become_user: "{{ pg_user }}"
become: yes
postgresql_ext:
name: plpgsql
db: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
state: absent
when:
"pg_extension.stdout_lines[-1] == '1'"
- name: Drop test db
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: absent
name: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
- name: Drop test users
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ item }}"
state: absent
login_user: "{{ pg_user }}"
db: postgres
with_items:
- "{{ db_session_role1 }}"
- "{{ db_session_role2 }}"

1
test/integration/targets/postgresql_idx/meta/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
dependencies: dependencies:
- setup_postgresql_db - setup_postgresql_db

1
test/integration/targets/postgresql_info/meta/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
dependencies: dependencies:
- setup_postgresql_db - setup_postgresql_db

1
test/integration/targets/postgresql_lang/meta/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
dependencies: dependencies:
- setup_postgresql_db - setup_postgresql_db

1
test/integration/targets/postgresql_membership/meta/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
dependencies: dependencies:
- setup_postgresql_db - setup_postgresql_db

1
test/integration/targets/postgresql_owner/meta/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
dependencies: dependencies:
- setup_postgresql_db - setup_postgresql_db

1
test/integration/targets/postgresql_pg_hba/meta/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
dependencies: dependencies:
- setup_postgresql_db - setup_postgresql_db

1
test/integration/targets/postgresql_ping/meta/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
dependencies: dependencies:
- setup_postgresql_db - setup_postgresql_db

2
test/integration/targets/postgresql_privs/defaults/main.yml
Unescape Escape View File

@ -4,3 +4,5 @@ db_user2: ansible_db_user2
db_user3: ansible_db_user3 db_user3: ansible_db_user3
db_user_with_dots1: role.with.dots1 db_user_with_dots1: role.with.dots1
db_user_with_dots2: role.with.dots2 db_user_with_dots2: role.with.dots2
db_session_role1: session_role1
db_session_role2: session_role2

1
test/integration/targets/postgresql_privs/meta/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
dependencies: dependencies:
- setup_postgresql_db - setup_postgresql_db

9
test/integration/targets/postgresql_privs/tasks/main.yml
Unescape Escape View File

@ -1,11 +1,14 @@
- include_tasks: postgresql_privs_session_role.yml
when: postgres_version_resp.stdout is version('9.4', '>=')
# Initial CI tests of postgresql_privs module: # Initial CI tests of postgresql_privs module:
- import_tasks: postgresql_privs_initial.yml - include_tasks: postgresql_privs_initial.yml
when: postgres_version_resp.stdout is version('9.4', '>=') when: postgres_version_resp.stdout is version('9.4', '>=')
# General tests: # General tests:
- import_tasks: postgresql_privs_general.yml - include_tasks: postgresql_privs_general.yml
when: postgres_version_resp.stdout is version('9.4', '>=') when: postgres_version_resp.stdout is version('9.4', '>=')
# Tests default_privs with target_role: # Tests default_privs with target_role:
- import_tasks: test_target_role.yml - include_tasks: test_target_role.yml
when: postgres_version_resp.stdout is version('9.4', '>=') when: postgres_version_resp.stdout is version('9.4', '>=')

79
test/integration/targets/postgresql_privs/tasks/postgresql_privs_session_role.yml
Unescape Escape View File

@ -0,0 +1,79 @@
- name: Create a high privileged user
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ db_session_role1 }}"
state: "present"
password: "password"
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
login_user: "{{ pg_user }}"
db: postgres
- name: Create a low privileged user using the newly created user
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ db_session_role2 }}"
state: "present"
password: "password"
role_attr_flags: "LOGIN"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
db: postgres
- name: Create DB as session_role
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
register: result
- name: Create table to be able to grant privileges
become_user: "{{ pg_user }}"
become: yes
shell: echo "CREATE TABLE test(i int); CREATE TABLE test2(i int);" | psql -AtXq "{{ db_session_role1 }}"
- name: Grant all privileges on test1 table to low privileged user
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
db: "{{ db_session_role1 }}"
type: table
objs: test
roles: "{{ db_session_role2 }}"
login_user: "{{ pg_user }}"
privs: select
admin_option: yes
- name: Verify admin option was successful for grants
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
db: "{{ db_session_role1 }}"
type: table
objs: test
roles: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
privs: select
session_role: "{{ db_session_role2 }}"
- name: Verify no grants can be granted for test2 table
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
db: "{{ db_session_role1 }}"
type: table
objs: test2
roles: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
privs: update
session_role: "{{ db_session_role2 }}"
ignore_errors: yes
register: result
- assert:
that:
- result is failed

15
test/integration/targets/postgresql_privs/tasks/test_target_role.yml
Unescape Escape View File

@ -95,19 +95,26 @@
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
- name: Destroy DB - name: Destroy DBs
become_user: "{{ pg_user }}" become_user: "{{ pg_user }}"
become: yes become: yes
postgresql_db: postgresql_db:
state: absent state: absent
name: "{{ db_name }}" name: "{{ item }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
loop:
- "{{ db_name }}"
- "{{ db_session_role1 }}"
- name: Remove test user - name: Remove test users
become_user: "{{ pg_user }}" become_user: "{{ pg_user }}"
become: yes become: yes
postgresql_user: postgresql_user:
name: "{{ db_user1 }}" name: "{{ item }}"
state: absent state: absent
db: postgres db: postgres
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
loop:
- "{{ db_user1 }}"
- "{{ db_session_role1 }}"
- "{{ db_session_role2 }}"

1
test/integration/targets/postgresql_publication/meta/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
dependencies: dependencies:
- setup_postgresql_db - setup_postgresql_db

1
test/integration/targets/postgresql_query/meta/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
dependencies: dependencies:
- setup_postgresql_db - setup_postgresql_db

2
test/integration/targets/postgresql_schema/defaults/main.yml
Unescape Escape View File

@ -2,3 +2,5 @@
db_name: 'ansible_db' db_name: 'ansible_db'
db_user1: 'ansible_db_user1' db_user1: 'ansible_db_user1'
db_user2: 'ansible_db_user2' db_user2: 'ansible_db_user2'
db_session_role1: 'session_role1'
db_session_role2: 'session_role2'

1
test/integration/targets/postgresql_schema/meta/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
dependencies: dependencies:
- setup_postgresql_db - setup_postgresql_db

2
test/integration/targets/postgresql_schema/tasks/main.yml
Unescape Escape View File

@ -1,2 +1,4 @@
- import_tasks: postgresql_schema_session_role.yml
# Initial CI tests of postgresql_schema module # Initial CI tests of postgresql_schema module
- import_tasks: postgresql_schema_initial.yml - import_tasks: postgresql_schema_initial.yml

78
test/integration/targets/postgresql_schema/tasks/postgresql_schema_session_role.yml
Unescape Escape View File

@ -0,0 +1,78 @@
- name: Create a high privileged user
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ db_session_role1 }}"
state: "present"
password: "password"
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
login_user: "{{ pg_user }}"
db: postgres
- name: Create DB as session_role
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
register: result
- name: Create schema in own database
become_user: "{{ pg_user }}"
become: yes
postgresql_schema:
database: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
name: "{{ db_session_role1 }}"
session_role: "{{ db_session_role1 }}"
- name: Create schema in own database, should be owned by session_role
become_user: "{{ pg_user }}"
become: yes
postgresql_schema:
database: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
name: "{{ db_session_role1 }}"
owner: "{{ db_session_role1 }}"
register: result
- assert:
that:
- result is not changed
- name: Fail when creating schema in postgres database as a regular user
become_user: "{{ pg_user }}"
become: yes
postgresql_schema:
database: postgres
login_user: "{{ pg_user }}"
name: "{{ db_session_role1 }}"
session_role: "{{ db_session_role1 }}"
ignore_errors: yes
register: result
- assert:
that:
- result is failed
- name: Drop test db
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: absent
name: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
- name: Drop test users
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ item }}"
state: absent
login_user: "{{ pg_user }}"
db: postgres
with_items:
- "{{ db_session_role1 }}"
- "{{ db_session_role2 }}"

1
test/integration/targets/postgresql_sequence/meta/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
dependencies: dependencies:
- setup_postgresql_db - setup_postgresql_db

1
test/integration/targets/postgresql_set/meta/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
dependencies: dependencies:
- setup_postgresql_db - setup_postgresql_db

24
test/integration/targets/postgresql_shared/aliases
Unescape Escape View File

@ -1,24 +0,0 @@
destructive
shippable/posix/group4
postgresql_db
postgresql_copy
postgresql_ext
postgresql_idx
postgresql_info
postgresql_lang
postgresql_membership
postgresql_owner
postgresql_pg_hba
postgresql_ping
postgresql_privs
postgresql_publication
postgresql_query
postgresql_schema
postgresql_sequence
postgresql_set
postgresql_shared
postgresql_slot
postgresql_table
postgresql_tablespace
postgresql_user
skip/osx

3
test/integration/targets/postgresql_shared/meta/main.yml
Unescape Escape View File

@ -1,3 +0,0 @@
---
dependencies:
- setup_postgresql_db

6
test/integration/targets/postgresql_shared/tasks/main.yml
Unescape Escape View File

@ -1,6 +0,0 @@
# This test role is for testing general (non-specific) functionality
# that's presented in all modules (or in a part of them).
# If you want to add tests make a new test file and include here.
# Verify different session_role scenarios:
- import_tasks: session_role.yml

254
test/integration/targets/postgresql_shared/tasks/session_role.yml
Unescape Escape View File

@ -1,254 +0,0 @@
- name: Check that becoming an non-existing user throws an error
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: must_fail
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
register: result
ignore_errors: yes
- assert:
that:
- result is failed
- name: Create a high privileged user
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ db_session_role1 }}"
state: "present"
password: "password"
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
login_user: "{{ pg_user }}"
db: postgres
- name: Create a low privileged user using the newly created user
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ db_session_role2 }}"
state: "present"
password: "password"
role_attr_flags: "LOGIN"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
db: postgres
- name: Create DB as session_role
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
register: result
- name: Check that database created and is owned by correct user
become_user: "{{ pg_user }}"
become: yes
shell: echo "select rolname from pg_database join pg_roles on datdba = pg_roles.oid where datname = '{{ db_session_role1 }}';" | psql -AtXq postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '{{ db_session_role1 }}'"
- name: Fail when creating database as low privileged user
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: "{{ db_session_role2 }}"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role2 }}"
register: result
ignore_errors: yes
- assert:
that:
- result is failed
- name: Create schema in own database
become_user: "{{ pg_user }}"
become: yes
postgresql_schema:
database: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
name: "{{ db_session_role1 }}"
session_role: "{{ db_session_role1 }}"
- name: Create schema in own database, should be owned by session_role
become_user: "{{ pg_user }}"
become: yes
postgresql_schema:
database: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
name: "{{ db_session_role1 }}"
owner: "{{ db_session_role1 }}"
register: result
- assert:
that:
- result is not changed
- name: Fail when creating schema in postgres database as a regular user
become_user: "{{ pg_user }}"
become: yes
postgresql_schema:
database: postgres
login_user: "{{ pg_user }}"
name: "{{ db_session_role1 }}"
session_role: "{{ db_session_role1 }}"
ignore_errors: yes
register: result
- assert:
that:
- result is failed
# PostgreSQL introduced extensions in 9.1, some checks are still run against older versions, therefore we need to ensure
# we only run these tests against supported PostgreSQL databases
- name: Check that pg_extension exists (postgresql >= 9.1)
become_user: "{{ pg_user }}"
become: yes
shell: echo "select count(*) from pg_class where relname='pg_extension' and relkind='r'" | psql -AtXq postgres
register: pg_extension
- name: Remove plpgsql from testdb using postgresql_ext
become_user: "{{ pg_user }}"
become: yes
postgresql_ext:
name: plpgsql
db: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
state: absent
when:
"pg_extension.stdout_lines[-1] == '1'"
- name: Fail when trying to create an extension as a mere mortal user
become_user: "{{ pg_user }}"
become: yes
postgresql_ext:
name: plpgsql
db: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role2 }}"
ignore_errors: yes
register: result
when:
"pg_extension.stdout_lines[-1] == '1'"
- assert:
that:
- result is failed
when:
"pg_extension.stdout_lines[-1] == '1'"
- name: Install extension as session_role
become_user: "{{ pg_user }}"
become: yes
postgresql_ext:
name: plpgsql
db: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
when:
"pg_extension.stdout_lines[-1] == '1'"
- name: Check that extension is created and is owned by session_role
become_user: "{{ pg_user }}"
become: yes
shell: echo "select rolname from pg_extension join pg_roles on extowner=pg_roles.oid where extname='plpgsql';" | psql -AtXq "{{ db_session_role1 }}"
register: result
when:
"pg_extension.stdout_lines[-1] == '1'"
- assert:
that:
- "result.stdout_lines[-1] == '{{ db_session_role1 }}'"
when:
"pg_extension.stdout_lines[-1] == '1'"
- name: Remove plpgsql from testdb using postgresql_ext
become_user: "{{ pg_user }}"
become: yes
postgresql_ext:
name: plpgsql
db: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
state: absent
when:
"pg_extension.stdout_lines[-1] == '1'"
# End of postgresql_ext conditional tests against PostgreSQL 9.1+
- name: Create table to be able to grant privileges
become_user: "{{ pg_user }}"
become: yes
shell: echo "CREATE TABLE test(i int); CREATE TABLE test2(i int);" | psql -AtXq "{{ db_session_role1 }}"
- name: Grant all privileges on test1 table to low privileged user
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
db: "{{ db_session_role1 }}"
type: table
objs: test
roles: "{{ db_session_role2 }}"
login_user: "{{ pg_user }}"
privs: select
admin_option: yes
- name: Verify admin option was successful for grants
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
db: "{{ db_session_role1 }}"
type: table
objs: test
roles: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
privs: select
session_role: "{{ db_session_role2 }}"
- name: Verify no grants can be granted for test2 table
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
db: "{{ db_session_role1 }}"
type: table
objs: test2
roles: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
privs: update
session_role: "{{ db_session_role2 }}"
ignore_errors: yes
register: result
- assert:
that:
- result is failed
- name: Drop test db
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: absent
name: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
- name: Drop test users
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ item }}"
state: absent
login_user: "{{ pg_user }}"
db: postgres
with_items:
- "{{ db_session_role1 }}"
- "{{ db_session_role2 }}"

1
test/integration/targets/postgresql_slot/meta/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
dependencies: dependencies:
- setup_postgresql_db - setup_postgresql_db

1
test/integration/targets/postgresql_table/meta/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
dependencies: dependencies:
- setup_postgresql_db - setup_postgresql_db

1
test/integration/targets/postgresql_tablespace/meta/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
dependencies: dependencies:
- setup_postgresql_db - setup_postgresql_db

1
test/integration/targets/postgresql_user/meta/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
dependencies: dependencies:
- setup_postgresql_db - setup_postgresql_db

Write Preview
Loading…
Cancel
Save