# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #################### # Prepare for tests: # Create test roles: - name: postgresql_membership - create test roles become_user: "{{ pg_user }}" become: yes postgresql_user: login_user: "{{ pg_user }}" db: postgres name: "{{ item }}" ignore_errors: yes with_items: - group1 - group2 - user1 - user2 ################ # Do main tests: ### Test check_mode # Grant group1 to user1 in check_mode: - name: postgresql_membership - grant group1 to user1 in check_mode become_user: "{{ pg_user }}" become: yes postgresql_membership: login_user: "{{ pg_user }}" db: postgres group: group1 user: user1 state: present register: result ignore_errors: yes check_mode: yes - assert: that: - result.changed == true - result.groups == ["group1"] - result.queries == ["GRANT \"group1\" TO \"user1\""] - result.granted.group1 == ["user1"] - result.state == "present" - result.target_roles == ["user1"] # Try to revoke group1 from user1 to check that # nothing actually changed in check_mode at the previous step: - name: postgresql_membership - try to revoke group1 from user1 for checking check_mode become_user: "{{ pg_user }}" become: yes postgresql_membership: login_user: "{{ pg_user }}" db: postgres group: group1 user: user1 state: absent register: result ignore_errors: yes check_mode: yes - assert: that: - result.changed == false - result.groups == ["group1"] - result.queries == [] - result.revoked.group1 == [] - result.state == "absent" - result.target_roles == ["user1"] ### End of test check_mode # Grant group1 to user1: - name: postgresql_membership - grant group1 to user1 become_user: "{{ pg_user }}" become: yes postgresql_membership: login_user: "{{ pg_user }}" db: postgres group: group1 user: user1 state: present register: result ignore_errors: yes - assert: that: - result.changed == true - result.groups == ["group1"] - result.queries == ["GRANT \"group1\" TO \"user1\""] - result.granted.group1 == ["user1"] - result.state == "present" - result.target_roles == ["user1"] # Grant group1 to user1 againt to check that nothing changes: - name: postgresql_membership - grant group1 to user1 again become_user: "{{ pg_user }}" become: yes postgresql_membership: login_user: "{{ pg_user }}" db: postgres group: group1 user: user1 state: present register: result ignore_errors: yes - assert: that: - result.changed == false - result.groups == ["group1"] - result.queries == [] - result.granted.group1 == [] - result.state == "present" - result.target_roles == ["user1"] # Revoke group1 from user1: - name: postgresql_membership - revoke group1 from user1 become_user: "{{ pg_user }}" become: yes postgresql_membership: login_user: "{{ pg_user }}" db: postgres group: group1 user: user1 state: absent register: result ignore_errors: yes - assert: that: - result.changed == true - result.groups == ["group1"] - result.queries == ["REVOKE \"group1\" FROM \"user1\""] - result.revoked.group1 == ["user1"] - result.state == "absent" - result.target_roles == ["user1"] # Revoke group1 from user1 again to check that nothing changes: - name: postgresql_membership - revoke group1 from user1 again become_user: "{{ pg_user }}" become: yes postgresql_membership: login_user: "{{ pg_user }}" db: postgres group: group1 user: user1 state: absent register: result ignore_errors: yes - assert: that: - result.changed == false - result.groups == ["group1"] - result.queries == [] - result.revoked.group1 == [] - result.state == "absent" - result.target_roles == ["user1"] # Grant group1 and group2 to user1 and user2: - name: postgresql_membership - grant two groups to two users become_user: "{{ pg_user }}" become: yes postgresql_membership: login_user: "{{ pg_user }}" db: postgres group: - group1 - group2 user: - user1 - user2 state: present register: result ignore_errors: yes - assert: that: - result.changed == true - result.groups == ["group1", "group2"] - result.queries == ["GRANT \"group1\" TO \"user1\"", "GRANT \"group1\" TO \"user2\"", "GRANT \"group2\" TO \"user1\"", "GRANT \"group2\" TO \"user2\""] - result.granted.group1 == ["user1", "user2"] - result.granted.group2 == ["user1", "user2"] - result.state == "present" - result.target_roles == ["user1", "user2"] # Grant group1 and group2 to user1 and user2 again to check that nothing changes: - name: postgresql_membership - grant two groups to two users again become_user: "{{ pg_user }}" become: yes postgresql_membership: login_user: "{{ pg_user }}" db: postgres group: - group1 - group2 user: - user1 - user2 state: present register: result ignore_errors: yes - assert: that: - result.changed == false - result.groups == ["group1", "group2"] - result.queries == [] - result.granted.group1 == [] - result.granted.group2 == [] - result.state == "present" - result.target_roles == ["user1", "user2"] # Revoke only group1 from user1: - name: postgresql_membership - revoke one group from one user become_user: "{{ pg_user }}" become: yes postgresql_membership: login_user: "{{ pg_user }}" db: postgres group: group1 user: user1 state: absent register: result ignore_errors: yes - assert: that: - result.changed == true - result.groups == ["group1"] - result.queries == ["REVOKE \"group1\" FROM \"user1\""] - result.revoked.group1 == ["user1"] - result.state == "absent" - result.target_roles == ["user1"] # Try to grant group1 and group2 to user1 and user2 again to check that nothing changes with user2: - name: postgresql_membership - grant two groups to two users again become_user: "{{ pg_user }}" become: yes postgresql_membership: login_user: "{{ pg_user }}" db: postgres group: - group1 - group2 user: - user1 - user2 state: present register: result ignore_errors: yes - assert: that: - result.changed == true - result.groups == ["group1", "group2"] - result.queries == ["GRANT \"group1\" TO \"user1\""] - result.granted.group1 == ["user1"] - result.granted.group2 == [] - result.state == "present" - result.target_roles == ["user1", "user2"] ##################### # Check fail_on_role: # Try to grant non existent group to non existent role with fail_on_role=yes: - name: postgresql_membership - grant group1 to user1 become_user: "{{ pg_user }}" become: yes postgresql_membership: login_user: "{{ pg_user }}" db: postgres group: fake_group user: fake_user state: present fail_on_role: yes register: result ignore_errors: yes - assert: that: - result.changed == false # Try to grant non existent group to non existent role with fail_on_role=no: - name: postgresql_membership - grant group1 to user1 become_user: "{{ pg_user }}" become: yes postgresql_membership: login_user: "{{ pg_user }}" db: postgres group: fake_group user: fake_user state: present fail_on_role: no register: result ignore_errors: yes - assert: that: - result.changed == false - result.granted == {} - result.groups == [] - result.target_roles == [] - result.state == 'present' # Try to revoke non existent group from non existent role with fail_on_role=no: - name: postgresql_membership - grant group1 to user1 become_user: "{{ pg_user }}" become: yes postgresql_membership: login_user: "{{ pg_user }}" db: postgres group: fake_group user: fake_user state: absent fail_on_role: no register: result ignore_errors: yes - assert: that: - result.changed == false - result.revoked == {} - result.groups == [] - result.target_roles == [] - result.state == 'absent'