Commit Graph

33 Commits (fa821881472037291ec2225ddef327f98ca1f7db)

Author SHA1 Message Date
Christian Rohmann 90c092a104 Allow configuration of connection_limit per postgresql database (postgresql_db) (#40345)
Fixes #40060

* Fix coding style errors
* Use CONNECTION LIMIT (no underscore)
* From review done by amenonsen and bcoca - Set default at None, make the change detection less confusing
* Added EXAMPLE on how to apply a database specific connection limit
* Added some basic tests for conn_limit applied to a database
* Check that conn_limit has actually been set / updated to 200
* Add changelog fragment regarding postgresql_db conn_limit parameter
6 years ago
Andrey Klychkov 76f1f96163 postgresql_ext: Update param handling, fix doc formatting, added: CI tests, examples, a return value (#54027)
* postgresql_ext: instead_of_3196, initial

* postgresql_ext: fixes

* postgresql_ext: fixes
6 years ago
tcraxs bb61d7527f #50877: add support to postgresql_privs to use "FOR { ROLE | USER } target_role" in "ALTER DEFAULT PRIVILEGES" (#51073)
* #50877:
* add support to postgresql_privs to use "FOR { ROLE | USER } target_role"
   in "ALTER DEFAULT PRIVILEGES"

* fix sanity errors

* #50877: fix documentation and add a check for correct usage
of target_roles

*  #50877: fix missing absent option for default privs with target_role

* #50877: add clear description, when target_roles can be used

* #50877: fix conflicts, formatting, and add a changelog fragment

* #50877: fix sanity error E335

* #50877: swap conditions and fix error to warning msg

*  #50877: add tests for default privileges

* #50877: fix tests for default privileges

* #50877: fix tests for default privileges on centos 6
6 years ago
Andrey Klychkov cf5aceb482 New module postgresql_set - Change a PostgreSQL server configuration parameter (#51875)
* New module postgresql_set - Change a PostgreSQL server configuration parameter

* New module postgresql_set - fix

* New module postgresql_set - fix tests

* New module postgresql_set - fix tests

* New module postgresql_set - fix tests

* New module postgresql_set - fix tests

* New module postgresql_set - fix tests

* New module postgresql_set - fix tests

* New module postgresql_set - fix tests

* Various cosmetic and docs changes

* New module postgresql_set - add returned value

* New module postgresql_set - add returned value

* New module postgresql_set - add check mode

* New module postgresql_set - fix comment

* New module postgresql_set - added CI tests for check_mode

* New module postgresql_set - added aliases, fix typos

* New module postgresql_set - fix

* New module postgresql_set - fix sanity

* New module postgresql_set - fixes

* New module postgresql_set - fixes

* New module postgresql_set - fixes
6 years ago
Andrey Klychkov db17e88fd2 New module postgresql_facts: Gathers facts about PostgreSQL servers. (#51164)
* New module postgresql_facts: Gathers facts about remote PostgreSQL instances

* New module postgresql_facts: fix default values of function

* New module postgresql_facts: add extension support

* New module postgresql_facts: fixed typo

* New module postgresql_facts: added integration test

* New module postgresql_facts: fix test error

* New module postgresql_facts: add info about min server version

* New module postgresql_facts: fix

* New module postgresql_facts: fix

* New module postgresql_facts: added repl stat tables checks

* New module postgresql_facts: fix

* New module postgresql_facts: fix

* New module postgresql_facts: fix

* New module postgresql_facts: fix

* New module postgresql_facts: fix

* New module postgresql_facts: fix

* New module postgresql_facts: fix

* New module postgresql_facts: ansible_facts -> postgresql_facts

* New module postgresql_facts: fix ci

New module postgresql_facts: revision for review

New module postgresql_facts: revision for review, fix

* fix doc

* New module postgresql_facts: add data types to param dict

* New module postgresql_facts: code refactoring

* # This is a combination of 3 commits.
# The first commit's message is:
New module postgresql_facts: incl_subset => filter

# This is the 2nd commit message:

New module postgresql_facts: fix a typo

# This is the 3rd commit message:

New module postgresql_facts: fixes

* New module postgresql_facts: incl_subset => filter

New module postgresql_facts: fix a typo

New module postgresql_facts: fixes

Various cosmetic and doc changes

* New module postgresql_facts: fix filter type

* New module postgresql_facts: fix sanity

* New module postgresql_facts: change ansible_facts to postgresql_facts

* New module postgresql_facts: fix tests

* New module postgresql_facts: fixes

* New module postgresql_facts: fixes

* New module postgresql_facts: fixes

* New module postgresql_facts: doc fixes

* New module postgresql_facts: added pretty_val

* New module postgresql_facts: added pending restart

* New module postgresql_facts: fix documentation

* New module postgresql_facts: fix documentation

* New module postgresql_facts: fixes by KN

* New module postgresql_facts: fixed sanity

* New module postgresql_facts: fixed tests
6 years ago
Matt Clay 906427caba
Add shippable/posix/group4/ for CI. (#53816) 6 years ago
Matteo Ferrando 86405b8fe4 (postgresql_privs) accept 'ALL_IN_SCHEMA' objs for 'function' type (#35331)
* avoid using Postgres formatting function
* add tests for ALL FUNCTIONS IN SCHEMA
* documentation and changelog
* requested changes in tests
* fixed changelog
6 years ago
Bartosz Licheński 6e198487c9 postgresql_privs: Support FOREIGN DATA WRAPPER and FOREIGN SERVER (#38803)
* Support FOREIGN DATA WRAPPER and FOREIGN SERVER in postgresql_privs module
* Added available from note to fdw and fs object types
* Integration tests, examples in documentation
* Complete integration tests
6 years ago
Andrey Klychkov b41027b6cd New module postgresql_tablespace (#52914)
* New module postgresql_tablespace
6 years ago
Andrey Klychkov e246e74843 New module postgresql_ping: Checks remote PostgreSQL server availability. (#51477)
* New module postgresql_ping: simple module to check remote PostgreSQL server availability.

* New module postgresql_ping: simple module to check remote PostgreSQL server availability, doc fixes

* postgresql_ping: added integration tests

* New module postgresql_ping: misc changes

* New module postgresql_ping: change return suit

* New module postgresql_ping: tests reformatting, return value

* Various cosmetic/documentation fixes

* A few more fixes

* And even more cleanups

* Fix PEP8 issue
6 years ago
Andrey Klychkov be75c79941 New module postgresql_query (#52555)
* New module postgresql_query

* New module postgresql_query: added tests

* New module postgresql_query: added path_to_script

* New module postgresql_query: fix doc

* New module postgresql_query: fix autocommit

* New module postgresql_query: added exception for centos6 tests

* New module postgresql_query: fixes

* New module postgresql_query: add psycopg2 check

* New module postgresql_query: add psycopg2 check, fix

* New module postgresql_query: add psycopg2 check, fix

* New module postgresql_query: add psycopg2 check, fix

* New module postgresql_query: fix a type
6 years ago
Andrey Klychkov 8e0f95951d Module postgresql_idx: added ci tests, new params, returned values, code refactoring (#52230)
* postgresql_idx: ci tests, refactoring, return values

* postgresql_idx: ci tests, new params, return values

* postgresql_idx: ci tests, fix

* postgresql_idx: ci tests, fix

* postgresql_idx: ci tests, fix

* postgresql_idx: ci tests, fix

* postgresql_idx: ci tests, fix

* postgresql_idx: ci tests, fix

* postgresql_idx: ci tests, fix

* postgresql_idx: ci tests, fix

* postgresql_idx: ci tests, fix

* New module postgresql_table - fix tests

* New module postgresql_table - fix tests

* New module postgresql_table - fix tests

* New module postgresql_table - fix state choices order
6 years ago
Feike Steenbergen 38e70ea317 Add session_role to postgresql modules (#43650)
* Allow session_role to be set for PostgreSQL

By implementing session_role it becomes possible to run the specific
PostgreSQL commands as a different role.
The usecase that is immediately served by this, is the one that one
ansible playbook can be shared by multiple users, which all have
their
own PostgreSQL login_user. They do not need to share login
credentials,
as they can share the role within the PostgreSQL database.

The following example may give some insight:

$ psql -U jdoe -X -d postgres

postgres=> CREATE DATABASE abc;
ERROR:  permission denied to create database
postgres=> set role postgres;
SET
postgres=# CREATE DATABASE abc;
CREATE DATABASE

fixes #43592

* Tests for session_role in PostgreSQL

* Bump version_added for session_role feature

* Remove explicit encrypted parameter from tests
6 years ago
Adam Miller 2d83db7036 update/enable postgresql integration test target for rhel8 beta
Signed-off-by: Adam Miller <admiller@redhat.com>
6 years ago
Matt Clay a41c0405a7
Add CI platform: rhel/8.0 (#48835) 6 years ago
Jordan Borean dd46f953f6
postgresql_user: fix test errors on newer Fedora versions (#47166) 6 years ago
Brian Coca af6b9799aa fixed test using removed feature 6 years ago
Matt Clay 4e489d1be8
Update Shippable integration test groups. (#43118)
* Update Shippable integration test groups.
* Update integration test group aliases.
* Rebalance AWS and Azure tests with extra group.
* Rebalance Windows tests with another group.
6 years ago
Strahinja Kustudic 32d6a354d7 postgresql_user: set encrypted as default and fix empty password reporting changed (#36931)
* Set encrypted as default and fix empty password reporting changed

* Starting with Postgres 10 `UNENCRYPTED` passwords are removed and
because of that this module fails with the default `encrypted=no`.
Also encrypted passwords are suported since version 7.2
(https://www.postgresql.org/docs/7.2/static/sql-createuser.html) which
went EOL in 2007 and since 7.3 it is the default. Because of this it
makes a lot more sense to make `encrypted=yes` the default. This won't
break backward compatibility, the module would just update the user's
password in the DB in the hashed format and everything else will work
like before. It's also a security bad practice to store passwords in
plain text. fixes #25823
* There was also a bug with `encrypted=yes` and an empty password always
reported as changed.
* Improved documentation for `encrypted`/`password` parameters, and
removed some obsolete notes about passlib.

* Fix clearing user's password to work with all versions of Postgres

* Add tests for clearing the user password

* Fix documentation atfer rebase

* Add changelog fragment
7 years ago
Matt Martz 4fe08441be Deprecate tests used as filters (#32361)
* Warn on tests used as filters

* Update docs, add aliases for tests that fit more gramatically with test syntax

* Fix rst formatting

* Add successful filter, alias of success

* Remove renamed_deprecation, it was overkill

* Make directory alias for is_dir

* Update tests to use proper jinja test syntax

* Update additional documentation, living outside of YAML files, to reflect proper jinja test syntax

* Add conversion script, porting guide updates, and changelog updates

* Update newly added uses of tests as filters

* No underscore variable

* Convert recent tests as filter changes to win_stat

* Fix some changes related to rebasing a few integration tests

* Make tests_as_filters_warning explicitly accept the name of the test, instead of inferring the name

* Add test for tests_as_filters_warning

* Update tests as filters in newly added/modified tests

* Address recent changes to several integration tests

* Address recent changes in cs_vpc
7 years ago
Josh Moore d5ae6cc585 postgres_db: add dump and restore support (#20627)
* Feature #2731: added postgres import and dump

* Feature #2731: be more permissive of arguments

```
hacking/test-module -m ./ppostgresql_db.py -a "db=example state=dump target=/tmp/out"`
```

failed previously since host, user, and port were required as keywords
in the pg_dump / pg_import methods.

* Feature #2731: fixed doc string for validate-modules

```
$ ansible-validate-modules database/postgresql/
```

now passes.

* Feature #2731: disable 'password' for dump/restore

* Feature #2731: bump added version to 2.3

* Feature #2731: replace db_import with db_restore

* Feature #2731: add missing version description

* Feature #2731: fix 'state' description

* Feature #2731: fix pep8 issues

* Feature #2731: put state documentation in a single string

* Bump added version from 2.3 to 2.4

* Fix pep8 and pylint errors

* Attempt yaml formatting of documentation string

* Add integration tests for postgres_db:dump/restore

* Update dump/restore logic to support new kw-args

Also attempt to support password; integration tests are
still failing.

* Revert to postgres user for dump/restore

Passing PGPASSWORD is not working for subprocesses. For the
moment, reverting to the strategy of failing if login_password
is set and using `postgres` for all testing of dump/restore.

* Various cleanups to have tests passing

* Working tests for {sql,tar} x {,bz2,gz,xz}

* Use pg_user to support FreeBSD

* Revert login_ prefixes and re-enable password support

All `login_` keywords are mapped to their non-prefix versions
so the previous changes were effectively using `postgres` for
all actions. With the proper keywords, PGPASSWORD-passing to
the subprocess is now working.

* Optionally add password

environ_update doesn't handle None values in the
dictionary to be added to the environment. Adding
check.

* Quick fixes

* Refactor login arguments after fixes from pchauncey

The fixes introduced by pchaunchy pointed to further issues
(like no --dbname on PG<=9.2) with the login parameters. This
refactors them and adds further tests.

Note: this will still not pass integration tests due to a further
      issue with pg_dump as a non-admin user:

      pg_restore: [archiver (db)] Error while PROCESSING TOC:
      pg_restore: [archiver (db)] Error from TOC entry 1925; 0 0 COMMENT EXTENSION plpgsql
      pg_restore: [archiver (db)] could not execute query: ERROR:  must be owner of extension plpgsql

* Introduce target_opts for passing limiting dumped/restored schemas

The current integration tests (PG version and template DBs) don't
permit a regular user (`{{ db_user1 }}`) access to plpgsql causing
restores to fail. By adding an option for passing arbitrary args to
pg_dump and pg_restore, testing is made easier. This also paves the
way for `-j` usage, once the PG version is bumped.
7 years ago
Michael De La Rue 3c4db1e8dd Mdd psql user aws fix (#23988)
* postgresql_user module - transaction logic hacks to allow recovery from failed select

* postgresql_user - PEP8 and style fixes to make debugging easier

* postgresql_user - move password changing logic to separate function

* postgresql_user - trap failure in case where there is no access to pg_authid

* postgresql_user - further PEP8 fixes

* postgresql_user - Simplify password change logic and improve imports according to suggestions from PR review

* postgresql_user - Eliminate pep8/blank line errors introduced in merge

* Check behaviour when pg_authid relation isn't readable

TASK [postgresql : Normal user isn't allowed to access pg_authid relation:
      password comparison will fail, password will be updated] ***
An exception occurred during task execution. To see the full traceback,
use -vvv. The error was: psycopg2.ProgrammingError: permission denied
for relation pg_authid

* Don't reintroduce passlib, remove useless query
7 years ago
Pilou 460d932aa8 postgresql_user: fix bugs related to 'expires' option (#23862)
* Factorize tests related to no_password_change using an include task

* Refactor: deduplicate tasks

* postgresql_user: test 'expires' parameter

* Change 'valid until' even it's the only updated field

* value is changed when another value is provided

* value isn't returned when unset

* Remove unused variable

* psycopg2.extras.DictRow is able to handle comparison

* postgresql_user: simplify helper method

* postgresql_user: define variable just before using it

* Fix comparison between user input and applied configuration

* new test: adding an invalid attribute

* Refactor, add cleaning task

* Check that using same attribute a 2nd time does nothing

* Always try to remove created user

* postgresql_user: fix pep8
8 years ago
Pierre-Louis Bonicoli a4131197e0 PostgreSQL tests: enforce UTF8
By default, client encoding is determined either from the LANG_*/LC_*
environment variables or using encoding of the database.

Containers used in the CI don't define a default locale, then encoding
of default databases was SQL_ASCII.
8 years ago
Pierre-Louis Bonicoli ce856c2123 postgresql_user: add tests with hashed password 8 years ago
Reilly Herrewig-Pope 723c8f06ab Allow setting/unsetting BYPASSRLS Postgres role attribute (#24625)
* Allow setting/unsetting BYPASSRLS role attr

* Build valid role attrs against version

* Add integration tests
8 years ago
Adrian Likins 499d3a1b53 add a intg test for issue #19835 (#21487)
(postgresql_user changing role_attr_flags with no_password_checks
fails)
8 years ago
Matt Clay 31d6b6ef67 Run postgresql tests on FreeBSD. (#20676)
* Use vars for user, group and locale suffix.
* Switch tests from `es_MX` to `es_ES`.
* Enable postgresql tests on freebsd.
* Work-arounds for service restart on freebsd.
8 years ago
Matt Clay 95b59cd76c Remove `needs/privileged` from postgresql test. (#19907)
* Remove `needs/privileged` from postgresql test.
* Add python 3 support to postgresql tests.
8 years ago
Carlos E. Garcia 0b8011436d minor spelling changes 8 years ago
Matt Clay 6bbd92e422 Initial ansible-test implementation. (#18556) 8 years ago
Adrien Vergé 0e834fc9e4 Fix cosmetic problems in YAML source
This change corrects problems reported by the `yamllint` linter.

Since key duplication problems were removed in 4d48711, this commit
mainly fixes trailing spaces and extra empty lines at beginning/end of
files.
8 years ago
Matt Clay 75e4645ee7 Migrate Linux CI roles to test targets. (#17997) 8 years ago