archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
devel
stable-2.15
stable-2.16
stable-2.14
stable-2.18
stable-2.17
milestone
stable-2.12
stable-2.13
stable-2.9
stable-2.11
stable-2.3
stable-2.10
stable-2.8
stable-2.4
stable-2.5
stable-2.6
stable-2.7
temp-2.10-devel
mazer_role_loader
stable-2.2
threading_plus_forking
threading_instead_of_forking
stable-2.1
stable-1.9
stable-2.0
stable-2.0.0.1
stable-2.0-network
release1.8.4
release1.8.3
release1.8.2
release1.8.1
release1.8.0
release1.7.2
release1.7.1
release1.7.0
release1.6.8
release1.6.10
release1.6.9
release1.6.7
release1.6.6
release1.6.5
release1.6.4
release1.6.3
release1.6.2
release1.6.1
release1.6.0
release1.5.5
release1.5.4
release1.5.3
release1.5.2
release1.5.1
release1.5.0
v2.14.3
v2.13.8
v2.14.3rc1
v2.13.8rc1
v2.14.2
v2.14.2rc1
v2.14.1
v2.13.7
v2.13.7rc1
v2.14.1rc1
v2.13.6
v2.14.0
v2.14.0rc2
v2.13.6rc1
v2.14.0rc1
v2.14.0b3
v2.13.5
v2.12.10
v2.14.0b2
v2.13.5rc1
v2.12.10rc1
v2.14.0b1
v2.12.9
v2.13.4
v2.13.4rc1
v2.12.9rc1
v2.13.3
v2.12.8
v2.12.8rc1
v2.13.3rc1
v2.13.2
v2.13.2rc1
v2.12.7
v2.13.1
v2.12.7rc1
v2.13.1rc1
v2.12.6
v2.11.12
v2.12.6rc1
v2.11.12rc1
v2.13.0
v2.13.0rc1
v2.13.0b1
v2.12.5
v2.11.11
v2.12.5rc1
v2.11.11rc1
v2.13.0b0
v2.12.4
v2.11.10
v2.12.4rc1
v2.11.10rc1
v2.11.9
v2.12.3
v2.12.3rc1
v2.11.9rc1
v2.12.2
v2.11.8
v2.10.17
v2.12.2rc1
v2.11.8rc1
v2.10.17rc1
v2.12.1
v2.11.7
v2.10.16
v2.10.16rc1
v2.11.7rc1
v2.12.1rc1
v2.12.0
v2.12.0rc1
v2.12.0b2
v2.11.6
v2.10.15
v2.9.27
v2.9.27rc1
v2.10.15rc1
v2.11.6rc1
v2.12.0b1
v2.11.5
v2.10.14
v2.9.26
v2.11.5rc1
v2.10.14rc1
v2.9.26rc1
v2.11.4
v2.10.13
v2.9.25
v2.9.25rc1
v2.10.13rc1
v2.11.4rc1
v2.11.3
v2.10.12
v2.9.24
v2.11.3rc1
v2.10.12rc1
v2.9.24rc1
v2.9.23
v2.10.11
v2.11.2
v2.11.2rc1
v2.10.11rc1
v2.9.23rc1
v2.11.1
v2.10.10
v2.9.22
v2.9.22rc1
v2.10.10rc1
v2.11.1rc1
v2.10.9
v2.9.21
v2.10.9rc1
v2.9.21rc1
v2.11.0
v2.8.20
v2.9.20
v2.10.8
v2.11.0rc2
v2.8.20rc1
v2.9.20rc1
v2.10.8rc1
v2.11.0rc1
stable-2.11-branchpoint
v2.11.0b4
v2.11.0b3
v2.11.0b2
v2.10.7
v2.9.19
v2.10.7rc1
v2.9.19rc1
v2.11.0b1
v2.8.19
v2.9.18
v2.10.6
v2.8.19rc1
v2.9.18rc1
v2.10.6rc1
v2.9.17
v2.10.5
v2.10.5rc1
v2.9.17rc1
v2.8.18
v2.9.16
v2.10.4
v2.8.18rc1
v2.9.16rc1
v2.10.4rc1
v2.8.17
v2.9.15
v2.10.3
v2.8.17rc1
v2.9.15rc1
v2.10.3rc1
v2.10.2
v2.9.14
v2.8.16
v2.8.16rc1
v2.9.14rc1
v2.10.2rc1
v2.10.1
v2.10.1rc3
v2.10.1rc2
v2.8.15
v2.9.13
v2.10.0
v2.9.12
v2.8.14
v2.10.0rc4
v2.10.0rc3
v2.10.0rc2
v2.10.0rc1
v2.9.11
v2.8.13
v2.9.10
v2.10.0b1
stable-2.10-branchpoint
v2.9.9
v2.7.18
v2.8.12
v2.9.8
v2.9.7
v2.8.11
v2.7.17
pre-ansible-base
v2.8.10
v2.8.9
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.8.8
v2.7.16
v2.9.2
v2.9.1
v2.8.7
v2.7.15
v2.9.0
v2.9.0rc5
v2.8.6
v2.7.14
v2.9.0rc4
v2.6.20
v2.9.0rc3
v2.9.0rc2
v2.9.0rc1
v2.8.5
v2.9.0b1
stable-2.9-branchpoint
v2.6.19
v2.7.13
v2.8.4
v2.8.3
v2.6.18
v2.7.12
v2.8.2
v2.8.1
v2.7.11
v2.6.17
v2.8.0
v2.8.0rc3
v2.8.0rc2
v2.8.0rc1
v2.8.0b1
v2.8.0a1
v2.6.16
v2.7.10
v2.6.15
v2.7.9
v2.7.8
v2.6.14
v2.5.15
v2.7.7
v2.6.13
v2.6.12
v2.7.6
v2.5.14
v2.7.5
v2.6.11
v2.6.10
v2.7.4
v2.5.13
v2.7.3
v2.6.9
v2.5.12
v2.6.8
v2.7.2
v2.6.7
v2.5.11
v2.7.1
v2.6.6
v2.7.0
v2.6.5
v2.7.0rc4
v2.5.10
v2.7.0rc3
v2.7.0rc2
v2.5.9
v2.6.4
v2.7.0rc1
v2.7.0b1
v2.7.0.a1
v2.6.3
v2.5.8
v2.6.2
v2.5.7
v2.6.1
v2.5.6
v2.4.6.0-1
v2.6.0
v2.6.0rc5
v2.6.0rc4
v2.4.5.0-1
v2.6.0rc3
v2.5.5
v2.4.5.0-0.1.rc1
v2.6.0rc2
v2.6.0rc1
v2.5.4
v2.6.0a2
v2.6.0a1
v2.5.3
v2.5.2
v2.5.1
v2.4.4.0-1
v2.4.4.0-0.3.rc2
v2.5.0
v2.5.0rc3
v2.5.0rc2
v2.4.4-0.2.rc1
v2.3.4.0-0.1.rc1
v2.5.0rc1
v2.4.4-0.1.beta1
v2.5.0b1
v2.5.0a1
v2.4.3.0-1
v2.4.3.0-0.6.rc3
v2.4.3.0-0.5.rc2
v2.4.3.0-0.4.rc1
v2.4.3-0.3.beta3
v2.4.3.0-0.2.beta2
v2.3.3.0-1
v2.4.3.0-0.1.beta1
v2.4.2.0-1
v2.4.2.0-0.5.rc1
v2.4.2.0-0.4.beta4
v2.3.3.0-0.3.rc3
v2.4.2.0-0.3.beta3
v2.4.2.0-0.2.beta2
v2.4.2.0-0.1.beta1
v2.4.1.0-1
v2.4.1.0-0.4.rc2
v2.3.3.0-0.2.rc2
v2.4.1.0-0.3.rc1
v2.4.1.0-0.2.beta2
v2.3.3.0-0.1.rc1
v2.4.1.0-0.1.beta1
v2.4.0.0-1
v2.4.0.0-0.5.rc5
v2.4.0.0-0.4.rc4
v2.4.0.0-0.3.rc3
v2.4.0.0-0.2.rc2
v2.4.0.0-0.1.rc1
v2.3.2.0-1
v2.3.2.0-0.5.rc5
v2.3.2.0-0.4.rc4
v2.3.2.0-0.3.rc3
v2.3.2.0-0.2.rc2
v2.3.2.0-0.1.rc1
v2.1.6.0-1
v2.3.1.0-1
v2.3.1.0-0.2.rc2
v2.2.3.0-1
v2.1.6.0-0.1.rc1
v2.3.1.0-0.1.rc1
v2.3.0.0-1
v2.3.0.0-0.6.rc6
v2.3.0.0-0.5.rc5
v2.3.0.0-0.4.rc4
v2.2.3.0-0.1.rc1
v2.3.0.0-0.3.rc3
v2.3.0.0-0.2.rc2
v2.2.2.0-1
v2.1.5.0-1
v2.3.0.0-0.1.rc1
v2.1.5.0-0.2.rc2
v2.2.2.0-0.2.rc2
v2.1.5.0-0.1.rc1
v2.2.2.0-0.1.rc1
v2.1.4.0-1
v2.2.1.0-1
v2.1.4.0-0.3.rc3
v2.2.1.0-0.5.rc5
v2.1.4.0-0.2.rc2
v2.2.1.0-0.4.rc4
v2.1.4.0-0.1.rc1
v2.2.1.0-0.3.rc3
v2.2.1.0-0.2.rc2
v2.2.1.0-0.1.rc1
v2.1.3.0-1
v2.2.0.0-1
v2.2.0.0-0.4.rc4
v2.1.3.0-0.3.rc3
v2.1.3.0-0.2.rc2
v2.2.0.0-0.3.rc3
v2.1.3.0-0.1.rc1
v2.2.0.0-0.2.rc2
v2.2.0.0-0.1.rc1
v2.1.2.0-1
v2.1.2.0-0.5.rc5
v2.1.2.0-0.4.rc4
v2.1.2.0-0.3.rc3
v2.1.2.0-0.2.rc2
v2.1.2.0-0.1.rc1
v2.1.1.0-1
v2.1.1.0-0.5.rc5
v2.1.1.0-0.4.rc4
v2.1.1.0-0.3.rc3
v2.1.1.0-0.2.rc2
v2.1.1.0-0.1.rc1
v2.1.0.0-1
v2.1.0.0-0.4.rc4
v2.1.0.0-0.2.rc2
v2.1.0.0-0.3.rc3
v2.1.0.0-0.1.rc1
v2.0.2.0-1
v1.9.6-1
v2.0.2.0-0.4.rc4
v2.0.2.0-0.3.rc3
v1.9.6-0.1.rc1
v2.0.2.0-0.2.rc2
v2.0.2.0-0.1.rc1
v1.9.5-1
v1.9.5-0.1.rc1
v2.0.1.0-1
v2.0.1.0-0.2.rc2
v2.0.1.0-0.1.rc1
v2.0.0.2-1
v2.0.0.1-1
v2.0.0.0-1
v2.0.0-0.9.rc4
v2.0.0-0.8.rc3
v2.0.0-0.7.rc2
v2.0.0-0.6.rc1
v2.0.0-0.5.beta3
v2.0.0-0.4.beta2
v1.9.4-1
v2.0.0-0.3.beta1
v1.9.4-0.3.rc3
v1.9.4-0.2.rc2
v1.9.4-0.1.rc1
v2.0.0-0.2.alpha2
v1.9.3-1
v2.0.0-0.1.alpha1
v1.9.3-0.3.rc3
v1.9.3-0.2.rc2
v1.9.3-0.1.rc1
v1.9.2-1
v1.9.2-0.2.rc2
v1_last
v1.9.2-0.1.rc1
v1.9.1-1
v1.9.1-0.4.rc4
v1.9.1-0.3.rc3
v1.9.1-0.2.rc2
v1.9.1-0.1.rc1
v1.9.0.1-1
v1.9.0-2
v1.9.0-1
v1.9.0-0.2.rc2
v1.9.0-0.1.rc1
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.2
v1.7.1
v1.7.0
v1.6.10
v1.6.9
v1.6.8
v1.6.7
v1.6.6
v1.6.5
v1.6.4
v1.6.3
v1.6.2
v1.6.1
v1.6.0
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.2.3
v1.2.2
v1.2.1
v1.2
v1.1
v1.0
0.8
0.7.2
0.7
0.6
0.5
0.4.1
0.4
0.3.1
0.3
0.01
0.0.1
0.0.2
0.7.1
v0.9
v2.13.10
v2.13.10rc1
v2.13.11
v2.13.11rc1
v2.13.12
v2.13.12rc1
v2.13.13
v2.13.13rc1
v2.13.9
v2.13.9rc1
v2.14.10
v2.14.10rc1
v2.14.11
v2.14.11rc1
v2.14.12
v2.14.12rc1
v2.14.13
v2.14.14
v2.14.14rc1
v2.14.15
v2.14.15rc1
v2.14.16
v2.14.16rc1
v2.14.17
v2.14.17rc1
v2.14.18
v2.14.18rc1
v2.14.4
v2.14.4rc1
v2.14.5
v2.14.5rc1
v2.14.6
v2.14.6rc1
v2.14.7
v2.14.7rc1
v2.14.8
v2.14.8rc1
v2.14.9
v2.14.9rc1
v2.15.0
v2.15.0b1
v2.15.0b2
v2.15.0b3
v2.15.0rc1
v2.15.0rc2
v2.15.1
v2.15.10
v2.15.10rc1
v2.15.11
v2.15.11rc1
v2.15.12
v2.15.12rc1
v2.15.13
v2.15.13rc1
v2.15.1rc1
v2.15.2
v2.15.2rc1
v2.15.3
v2.15.3rc1
v2.15.4
v2.15.4rc1
v2.15.5
v2.15.5rc1
v2.15.6
v2.15.6rc1
v2.15.7
v2.15.7rc1
v2.15.8
v2.15.9
v2.15.9rc1
v2.16.0
v2.16.0b1
v2.16.0b2
v2.16.0rc1
v2.16.1
v2.16.10
v2.16.10rc1
v2.16.11
v2.16.11rc1
v2.16.12
v2.16.12rc1
v2.16.13
v2.16.13rc1
v2.16.1rc1
v2.16.2
v2.16.3
v2.16.3rc1
v2.16.4
v2.16.4rc1
v2.16.5
v2.16.5rc1
v2.16.6
v2.16.7
v2.16.7rc1
v2.16.8
v2.16.8rc1
v2.16.9
v2.16.9rc1
v2.17.0
v2.17.0b1
v2.17.0rc1
v2.17.0rc2
v2.17.1
v2.17.1rc1
v2.17.2
v2.17.2rc1
v2.17.2rc2
v2.17.3
v2.17.3rc1
v2.17.4
v2.17.4rc1
v2.17.5
v2.17.5rc1
v2.17.6
v2.17.6rc1
v2.18.0
v2.18.0b1
v2.18.0rc1
v2.18.0rc2
v2.5.0b2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2fbc226509'
${ noResults }
ansible/test/integration/targets/postgresql/tasks/postgresql_user.yml

539 lines
12 KiB
YAML
Raw Blame History

# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# Integration tests for postgresql_user module.
- vars:
test_user: hello_user
test_table: test
task_parameters: &task_parameters
become_user: '{{ pg_user }}'
become: yes
register: result
pg_parameters: &pg_parameters
login_user: '{{ pg_user }}'
login_db: postgres
block:
#
# Common tests
#
- name: Create role in check_mode
<<: *task_parameters
check_mode: yes
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
- name: check that the user doesn't exist
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_user }}'"
- assert:
that:
- result.rowcount == 0
- name: Create role in actual mode
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
- name: check that the user exists
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_user }}'"
- assert:
that:
- result.rowcount == 1
- name: Try to create role again in check_mode
<<: *task_parameters
check_mode: yes
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
- assert:
that:
- result is not changed
- result.user == '{{ test_user }}'
- name: check that the user exists
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_user }}'"
- assert:
that:
- result.rowcount == 1
- name: Try to create role again
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
- assert:
that:
- result is not changed
- result.user == '{{ test_user }}'
- name: check that the user exists
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_user }}'"
- assert:
that:
- result.rowcount == 1
- name: Drop role in check_mode
<<: *task_parameters
check_mode: yes
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
state: absent
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
- name: check that the user actually exists
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_user }}'"
- assert:
that:
- result.rowcount == 1
- name: Drop role in actual mode
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
state: absent
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
- name: check that the user doesn't exist
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_user }}'"
- assert:
that:
- result.rowcount == 0
- name: Try to drop role in check mode again
<<: *task_parameters
check_mode: yes
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
state: absent
- assert:
that:
- result is not changed
- result.user == '{{ test_user }}'
- name: Try to drop role in actual mode again
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
state: absent
- assert:
that:
- result is not changed
- result.user == '{{ test_user }}'
#
# password, no_password_changes, encrypted, expires parameters
#
- name: Create role with password, passed as hashed md5
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
password: md59543f1d82624df2b31672ec0f7050460
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
- name: Check that the user exist with a proper password
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}' and rolpassword = 'md59543f1d82624df2b31672ec0f7050460'"
- assert:
that:
- result.rowcount == 1
- name: Test no_password_changes
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
password: u123
no_password_changes: yes
- assert:
that:
- result is not changed
- result.user == '{{ test_user }}'
- name: Check that nothing changed
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}' and rolpassword = 'md59543f1d82624df2b31672ec0f7050460'"
- assert:
that:
- result.rowcount == 1
# Storing unencrypted passwords is not available from PostgreSQL 10
- name: Change password, passed as unencrypted
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
password: myunencryptedpass
encrypted: no
when: postgres_version_resp.stdout is version('10', '<')
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
when: postgres_version_resp.stdout is version('10', '<')
- name: Check that the user exist with the unencrypted password
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}' and rolpassword = 'myunencryptedpass'"
when: postgres_version_resp.stdout is version('10', '<')
- assert:
that:
- result.rowcount == 1
when: postgres_version_resp.stdout is version('10', '<')
- name: Change password, explicit encrypted=yes
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
password: myunencryptedpass
encrypted: yes
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
- name: Check that the user exist with encrypted password
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}' and rolpassword != 'myunencryptedpass'"
- assert:
that:
- result.rowcount == 1
- name: Change rolvaliduntil attribute
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
expires: 'Jan 31 2020'
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
- name: Check the prev step
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}'
AND rolvaliduntil::text like '2020-01-31%'
- assert:
that:
- result.rowcount == 1
- name: Try to set the same rolvaliduntil value again
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
expires: 'Jan 31 2020'
- assert:
that:
- result is not changed
- result.user == '{{ test_user }}'
- name: Check that nothing changed
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}'
AND rolvaliduntil::text like '2020-01-31%'
- assert:
that:
- result.rowcount == 1
#
# role_attr_flags
#
- name: Set role attributes
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
role_attr_flags: CREATEROLE,CREATEDB
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
- name: Check the prev step
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}'
AND rolcreaterole = 't' and rolcreatedb = 't'
- assert:
that:
- result.rowcount == 1
- name: Set the same role attributes again
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
role_attr_flags: CREATEROLE,CREATEDB
- assert:
that:
- result is not changed
- result.user == '{{ test_user }}'
- name: Check the prev step
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}'
AND rolcreaterole = 't' and rolcreatedb = 't'
- name: Set role attributes
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
role_attr_flags: NOCREATEROLE,NOCREATEDB
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
- name: Check the prev step
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}'
AND rolcreaterole = 'f' and rolcreatedb = 'f'
- assert:
that:
- result.rowcount == 1
- name: Set role attributes
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
role_attr_flags: NOCREATEROLE,NOCREATEDB
- assert:
that:
- result is not changed
- result.user == '{{ test_user }}'
- name: Check the prev step
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}'
AND rolcreaterole = 'f' and rolcreatedb = 'f'
#
# priv
#
- name: Create test table
<<: *task_parameters
postgresql_table:
<<: *pg_parameters
name: '{{ test_table }}'
columns:
- id int
- name: Insert data to test table
<<: *task_parameters
postgresql_query:
query: "INSERT INTO {{ test_table }} (id) VALUES ('1')"
<<: *pg_parameters
- name: Check that test_user is not allowed to read the data
<<: *task_parameters
postgresql_query:
db: postgres
login_user: '{{ pg_user }}'
session_role: '{{ test_user }}'
query: 'SELECT * FROM {{ test_table }}'
ignore_errors: yes
- assert:
that:
- result is failed
- "'permission denied' in result.msg"
- name: Grant privileges
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
priv: '{{ test_table }}:SELECT'
- assert:
that:
- result is changed
- name: Check that test_user is allowed to read the data
<<: *task_parameters
postgresql_query:
db: postgres
login_user: '{{ pg_user }}'
session_role: '{{ test_user }}'
query: 'SELECT * FROM {{ test_table }}'
- assert:
that:
- result.rowcount == 1
- name: Grant the same privileges again
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
priv: '{{ test_table }}:SELECT'
- assert:
that:
- result is not changed
- name: Remove test table
<<: *task_parameters
postgresql_table:
<<: *pg_parameters
name: '{{ test_table }}'
state: absent
#
# fail_on_user
#
- name: Create test table, set owner as test_user
<<: *task_parameters
postgresql_table:
<<: *pg_parameters
name: '{{ test_table }}'
owner: '{{ test_user }}'
- name: Test fail_on_user
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
state: absent
ignore_errors: yes
- assert:
that:
- result is failed
- result.msg == 'Unable to remove user'
- name: Test fail_on_user
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
fail_on_user: no
- assert:
that:
- result is not changed
always:
#
# Clean up
#
- name: Drop test table
<<: *task_parameters
postgresql_table:
<<: *pg_parameters
name: '{{ test_table }}'
state: absent
- name: Drop test user
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
state: absent
Reference in New Issue View Git Blame Copy Permalink