From f543e72d0ab76c63f8cdd751a45dda3aab554d2d Mon Sep 17 00:00:00 2001 From: Andrey Klychkov Date: Tue, 26 Nov 2019 14:19:41 +0300 Subject: [PATCH] postgres.PgMembership: use query params in cursor.execute method (#65164) * postgres.PgMembership: use query params in cursor.execute method * changelog fragment --- .../fragments/65164-postgres_use_query_params_with_cursor.yml | 2 ++ lib/ansible/module_utils/postgres.py | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/65164-postgres_use_query_params_with_cursor.yml diff --git a/changelogs/fragments/65164-postgres_use_query_params_with_cursor.yml b/changelogs/fragments/65164-postgres_use_query_params_with_cursor.yml new file mode 100644 index 00000000000..5ec1150daa2 --- /dev/null +++ b/changelogs/fragments/65164-postgres_use_query_params_with_cursor.yml @@ -0,0 +1,2 @@ +bugfixes: +- postgres - use query params with cursor.execute in module_utils.postgres.PgMembership class (https://github.com/ansible/ansible/pull/65164). diff --git a/lib/ansible/module_utils/postgres.py b/lib/ansible/module_utils/postgres.py index 81808a16a1a..63811c30559 100644 --- a/lib/ansible/module_utils/postgres.py +++ b/lib/ansible/module_utils/postgres.py @@ -276,9 +276,9 @@ class PgMembership(object): "JOIN pg_catalog.pg_roles b ON (m.roleid = b.oid) " "WHERE m.member = r.oid) " "FROM pg_catalog.pg_roles r " - "WHERE r.rolname = '%s'" % dst_role) + "WHERE r.rolname = %(dst_role)s") - res = exec_sql(self, query, add_to_executed=False) + res = exec_sql(self, query, query_params={'dst_role': dst_role}, add_to_executed=False) membership = [] if res: membership = res[0][0]