archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
stable-2.16
stable-2.15
stable-2.14
stable-2.18
stable-2.17
devel
milestone
stable-2.12
stable-2.13
stable-2.9
stable-2.11
stable-2.3
stable-2.10
stable-2.8
stable-2.4
stable-2.5
stable-2.6
stable-2.7
temp-2.10-devel
mazer_role_loader
stable-2.2
threading_plus_forking
threading_instead_of_forking
stable-2.1
stable-1.9
stable-2.0
stable-2.0.0.1
stable-2.0-network
release1.8.4
release1.8.3
release1.8.2
release1.8.1
release1.8.0
release1.7.2
release1.7.1
release1.7.0
release1.6.8
release1.6.10
release1.6.9
release1.6.7
release1.6.6
release1.6.5
release1.6.4
release1.6.3
release1.6.2
release1.6.1
release1.6.0
release1.5.5
release1.5.4
release1.5.3
release1.5.2
release1.5.1
release1.5.0
v2.14.3
v2.13.8
v2.14.3rc1
v2.13.8rc1
v2.14.2
v2.14.2rc1
v2.14.1
v2.13.7
v2.13.7rc1
v2.14.1rc1
v2.13.6
v2.14.0
v2.14.0rc2
v2.13.6rc1
v2.14.0rc1
v2.14.0b3
v2.13.5
v2.12.10
v2.14.0b2
v2.13.5rc1
v2.12.10rc1
v2.14.0b1
v2.12.9
v2.13.4
v2.13.4rc1
v2.12.9rc1
v2.13.3
v2.12.8
v2.12.8rc1
v2.13.3rc1
v2.13.2
v2.13.2rc1
v2.12.7
v2.13.1
v2.12.7rc1
v2.13.1rc1
v2.12.6
v2.11.12
v2.12.6rc1
v2.11.12rc1
v2.13.0
v2.13.0rc1
v2.13.0b1
v2.12.5
v2.11.11
v2.12.5rc1
v2.11.11rc1
v2.13.0b0
v2.12.4
v2.11.10
v2.12.4rc1
v2.11.10rc1
v2.11.9
v2.12.3
v2.12.3rc1
v2.11.9rc1
v2.12.2
v2.11.8
v2.10.17
v2.12.2rc1
v2.11.8rc1
v2.10.17rc1
v2.12.1
v2.11.7
v2.10.16
v2.10.16rc1
v2.11.7rc1
v2.12.1rc1
v2.12.0
v2.12.0rc1
v2.12.0b2
v2.11.6
v2.10.15
v2.9.27
v2.9.27rc1
v2.10.15rc1
v2.11.6rc1
v2.12.0b1
v2.11.5
v2.10.14
v2.9.26
v2.11.5rc1
v2.10.14rc1
v2.9.26rc1
v2.11.4
v2.10.13
v2.9.25
v2.9.25rc1
v2.10.13rc1
v2.11.4rc1
v2.11.3
v2.10.12
v2.9.24
v2.11.3rc1
v2.10.12rc1
v2.9.24rc1
v2.9.23
v2.10.11
v2.11.2
v2.11.2rc1
v2.10.11rc1
v2.9.23rc1
v2.11.1
v2.10.10
v2.9.22
v2.9.22rc1
v2.10.10rc1
v2.11.1rc1
v2.10.9
v2.9.21
v2.10.9rc1
v2.9.21rc1
v2.11.0
v2.8.20
v2.9.20
v2.10.8
v2.11.0rc2
v2.8.20rc1
v2.9.20rc1
v2.10.8rc1
v2.11.0rc1
stable-2.11-branchpoint
v2.11.0b4
v2.11.0b3
v2.11.0b2
v2.10.7
v2.9.19
v2.10.7rc1
v2.9.19rc1
v2.11.0b1
v2.8.19
v2.9.18
v2.10.6
v2.8.19rc1
v2.9.18rc1
v2.10.6rc1
v2.9.17
v2.10.5
v2.10.5rc1
v2.9.17rc1
v2.8.18
v2.9.16
v2.10.4
v2.8.18rc1
v2.9.16rc1
v2.10.4rc1
v2.8.17
v2.9.15
v2.10.3
v2.8.17rc1
v2.9.15rc1
v2.10.3rc1
v2.10.2
v2.9.14
v2.8.16
v2.8.16rc1
v2.9.14rc1
v2.10.2rc1
v2.10.1
v2.10.1rc3
v2.10.1rc2
v2.8.15
v2.9.13
v2.10.0
v2.9.12
v2.8.14
v2.10.0rc4
v2.10.0rc3
v2.10.0rc2
v2.10.0rc1
v2.9.11
v2.8.13
v2.9.10
v2.10.0b1
stable-2.10-branchpoint
v2.9.9
v2.7.18
v2.8.12
v2.9.8
v2.9.7
v2.8.11
v2.7.17
pre-ansible-base
v2.8.10
v2.8.9
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.8.8
v2.7.16
v2.9.2
v2.9.1
v2.8.7
v2.7.15
v2.9.0
v2.9.0rc5
v2.8.6
v2.7.14
v2.9.0rc4
v2.6.20
v2.9.0rc3
v2.9.0rc2
v2.9.0rc1
v2.8.5
v2.9.0b1
stable-2.9-branchpoint
v2.6.19
v2.7.13
v2.8.4
v2.8.3
v2.6.18
v2.7.12
v2.8.2
v2.8.1
v2.7.11
v2.6.17
v2.8.0
v2.8.0rc3
v2.8.0rc2
v2.8.0rc1
v2.8.0b1
v2.8.0a1
v2.6.16
v2.7.10
v2.6.15
v2.7.9
v2.7.8
v2.6.14
v2.5.15
v2.7.7
v2.6.13
v2.6.12
v2.7.6
v2.5.14
v2.7.5
v2.6.11
v2.6.10
v2.7.4
v2.5.13
v2.7.3
v2.6.9
v2.5.12
v2.6.8
v2.7.2
v2.6.7
v2.5.11
v2.7.1
v2.6.6
v2.7.0
v2.6.5
v2.7.0rc4
v2.5.10
v2.7.0rc3
v2.7.0rc2
v2.5.9
v2.6.4
v2.7.0rc1
v2.7.0b1
v2.7.0.a1
v2.6.3
v2.5.8
v2.6.2
v2.5.7
v2.6.1
v2.5.6
v2.4.6.0-1
v2.6.0
v2.6.0rc5
v2.6.0rc4
v2.4.5.0-1
v2.6.0rc3
v2.5.5
v2.4.5.0-0.1.rc1
v2.6.0rc2
v2.6.0rc1
v2.5.4
v2.6.0a2
v2.6.0a1
v2.5.3
v2.5.2
v2.5.1
v2.4.4.0-1
v2.4.4.0-0.3.rc2
v2.5.0
v2.5.0rc3
v2.5.0rc2
v2.4.4-0.2.rc1
v2.3.4.0-0.1.rc1
v2.5.0rc1
v2.4.4-0.1.beta1
v2.5.0b1
v2.5.0a1
v2.4.3.0-1
v2.4.3.0-0.6.rc3
v2.4.3.0-0.5.rc2
v2.4.3.0-0.4.rc1
v2.4.3-0.3.beta3
v2.4.3.0-0.2.beta2
v2.3.3.0-1
v2.4.3.0-0.1.beta1
v2.4.2.0-1
v2.4.2.0-0.5.rc1
v2.4.2.0-0.4.beta4
v2.3.3.0-0.3.rc3
v2.4.2.0-0.3.beta3
v2.4.2.0-0.2.beta2
v2.4.2.0-0.1.beta1
v2.4.1.0-1
v2.4.1.0-0.4.rc2
v2.3.3.0-0.2.rc2
v2.4.1.0-0.3.rc1
v2.4.1.0-0.2.beta2
v2.3.3.0-0.1.rc1
v2.4.1.0-0.1.beta1
v2.4.0.0-1
v2.4.0.0-0.5.rc5
v2.4.0.0-0.4.rc4
v2.4.0.0-0.3.rc3
v2.4.0.0-0.2.rc2
v2.4.0.0-0.1.rc1
v2.3.2.0-1
v2.3.2.0-0.5.rc5
v2.3.2.0-0.4.rc4
v2.3.2.0-0.3.rc3
v2.3.2.0-0.2.rc2
v2.3.2.0-0.1.rc1
v2.1.6.0-1
v2.3.1.0-1
v2.3.1.0-0.2.rc2
v2.2.3.0-1
v2.1.6.0-0.1.rc1
v2.3.1.0-0.1.rc1
v2.3.0.0-1
v2.3.0.0-0.6.rc6
v2.3.0.0-0.5.rc5
v2.3.0.0-0.4.rc4
v2.2.3.0-0.1.rc1
v2.3.0.0-0.3.rc3
v2.3.0.0-0.2.rc2
v2.2.2.0-1
v2.1.5.0-1
v2.3.0.0-0.1.rc1
v2.1.5.0-0.2.rc2
v2.2.2.0-0.2.rc2
v2.1.5.0-0.1.rc1
v2.2.2.0-0.1.rc1
v2.1.4.0-1
v2.2.1.0-1
v2.1.4.0-0.3.rc3
v2.2.1.0-0.5.rc5
v2.1.4.0-0.2.rc2
v2.2.1.0-0.4.rc4
v2.1.4.0-0.1.rc1
v2.2.1.0-0.3.rc3
v2.2.1.0-0.2.rc2
v2.2.1.0-0.1.rc1
v2.1.3.0-1
v2.2.0.0-1
v2.2.0.0-0.4.rc4
v2.1.3.0-0.3.rc3
v2.1.3.0-0.2.rc2
v2.2.0.0-0.3.rc3
v2.1.3.0-0.1.rc1
v2.2.0.0-0.2.rc2
v2.2.0.0-0.1.rc1
v2.1.2.0-1
v2.1.2.0-0.5.rc5
v2.1.2.0-0.4.rc4
v2.1.2.0-0.3.rc3
v2.1.2.0-0.2.rc2
v2.1.2.0-0.1.rc1
v2.1.1.0-1
v2.1.1.0-0.5.rc5
v2.1.1.0-0.4.rc4
v2.1.1.0-0.3.rc3
v2.1.1.0-0.2.rc2
v2.1.1.0-0.1.rc1
v2.1.0.0-1
v2.1.0.0-0.4.rc4
v2.1.0.0-0.2.rc2
v2.1.0.0-0.3.rc3
v2.1.0.0-0.1.rc1
v2.0.2.0-1
v1.9.6-1
v2.0.2.0-0.4.rc4
v2.0.2.0-0.3.rc3
v1.9.6-0.1.rc1
v2.0.2.0-0.2.rc2
v2.0.2.0-0.1.rc1
v1.9.5-1
v1.9.5-0.1.rc1
v2.0.1.0-1
v2.0.1.0-0.2.rc2
v2.0.1.0-0.1.rc1
v2.0.0.2-1
v2.0.0.1-1
v2.0.0.0-1
v2.0.0-0.9.rc4
v2.0.0-0.8.rc3
v2.0.0-0.7.rc2
v2.0.0-0.6.rc1
v2.0.0-0.5.beta3
v2.0.0-0.4.beta2
v1.9.4-1
v2.0.0-0.3.beta1
v1.9.4-0.3.rc3
v1.9.4-0.2.rc2
v1.9.4-0.1.rc1
v2.0.0-0.2.alpha2
v1.9.3-1
v2.0.0-0.1.alpha1
v1.9.3-0.3.rc3
v1.9.3-0.2.rc2
v1.9.3-0.1.rc1
v1.9.2-1
v1.9.2-0.2.rc2
v1_last
v1.9.2-0.1.rc1
v1.9.1-1
v1.9.1-0.4.rc4
v1.9.1-0.3.rc3
v1.9.1-0.2.rc2
v1.9.1-0.1.rc1
v1.9.0.1-1
v1.9.0-2
v1.9.0-1
v1.9.0-0.2.rc2
v1.9.0-0.1.rc1
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.2
v1.7.1
v1.7.0
v1.6.10
v1.6.9
v1.6.8
v1.6.7
v1.6.6
v1.6.5
v1.6.4
v1.6.3
v1.6.2
v1.6.1
v1.6.0
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.2.3
v1.2.2
v1.2.1
v1.2
v1.1
v1.0
0.8
0.7.2
0.7
0.6
0.5
0.4.1
0.4
0.3.1
0.3
0.01
0.0.1
0.0.2
0.7.1
v0.9
v2.13.10
v2.13.10rc1
v2.13.11
v2.13.11rc1
v2.13.12
v2.13.12rc1
v2.13.13
v2.13.13rc1
v2.13.9
v2.13.9rc1
v2.14.10
v2.14.10rc1
v2.14.11
v2.14.11rc1
v2.14.12
v2.14.12rc1
v2.14.13
v2.14.14
v2.14.14rc1
v2.14.15
v2.14.15rc1
v2.14.16
v2.14.16rc1
v2.14.17
v2.14.17rc1
v2.14.18
v2.14.18rc1
v2.14.4
v2.14.4rc1
v2.14.5
v2.14.5rc1
v2.14.6
v2.14.6rc1
v2.14.7
v2.14.7rc1
v2.14.8
v2.14.8rc1
v2.14.9
v2.14.9rc1
v2.15.0
v2.15.0b1
v2.15.0b2
v2.15.0b3
v2.15.0rc1
v2.15.0rc2
v2.15.1
v2.15.10
v2.15.10rc1
v2.15.11
v2.15.11rc1
v2.15.12
v2.15.12rc1
v2.15.13
v2.15.13rc1
v2.15.1rc1
v2.15.2
v2.15.2rc1
v2.15.3
v2.15.3rc1
v2.15.4
v2.15.4rc1
v2.15.5
v2.15.5rc1
v2.15.6
v2.15.6rc1
v2.15.7
v2.15.7rc1
v2.15.8
v2.15.9
v2.15.9rc1
v2.16.0
v2.16.0b1
v2.16.0b2
v2.16.0rc1
v2.16.1
v2.16.10
v2.16.10rc1
v2.16.11
v2.16.11rc1
v2.16.12
v2.16.12rc1
v2.16.13
v2.16.13rc1
v2.16.1rc1
v2.16.2
v2.16.3
v2.16.3rc1
v2.16.4
v2.16.4rc1
v2.16.5
v2.16.5rc1
v2.16.6
v2.16.7
v2.16.7rc1
v2.16.8
v2.16.8rc1
v2.16.9
v2.16.9rc1
v2.17.0
v2.17.0b1
v2.17.0rc1
v2.17.0rc2
v2.17.1
v2.17.1rc1
v2.17.2
v2.17.2rc1
v2.17.2rc2
v2.17.3
v2.17.3rc1
v2.17.4
v2.17.4rc1
v2.17.5
v2.17.5rc1
v2.17.6
v2.17.6rc1
v2.18.0
v2.18.0b1
v2.18.0rc1
v2.18.0rc2
v2.5.0b2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c8d8bfc2'
${ noResults }
ansible/test/integration/targets/postgresql/tasks/main.yml

793 lines
22 KiB
YAML
Raw Blame History

#
# Create and destroy db
#
- name: Create DB
become_user: "{{ pg_user }}"
become: True
postgresql_db:
state: present
name: "{{ db_name }}"
login_user: "{{ pg_user }}"
register: result
- name: assert that module reports the db was created
assert:
that:
- "result.changed == true"
- "result.db =='{{ db_name }}'"
- name: Check that database created
become_user: "{{ pg_user }}"
become: True
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- name: Run create on an already created db
become_user: "{{ pg_user }}"
become: True
postgresql_db:
state: present
name: "{{ db_name }}"
login_user: "{{ pg_user }}"
register: result
- name: assert that module reports the db was unchanged
assert:
that:
- "result.changed == false"
- name: Destroy DB
become_user: "{{ pg_user }}"
become: True
postgresql_db:
state: absent
name: "{{ db_name }}"
login_user: "{{ pg_user }}"
register: result
- name: assert that module reports the db was changed
assert:
that:
- "result.changed == true"
- name: Check that database was destroyed
become_user: "{{ pg_user }}"
become: True
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Destroy DB
become_user: "{{ pg_user }}"
become: True
postgresql_db:
state: absent
name: "{{ db_name }}"
login_user: "{{ pg_user }}"
register: result
- name: assert that removing an alreaady removed db makes no change
assert:
that:
- "result.changed == false"
# This corner case works to add but not to drop. This is sufficiently crazy
# that I'm not going to attempt to fix it unless someone lets me know that they
# need the functionality
#
# - postgresql_db:
# state: 'present'
# name: '"silly.""name"'
# - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql
# register: result
#
# - assert:
# that: "result.stdout_lines[-1] == '(1 row)'"
# - postgresql_db:
# state: absent
# name: '"silly.""name"'
# - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql
# register: result
#
# - assert:
# that: "result.stdout_lines[-1] == '(0 rows)'"
#
# Test encoding, collate, ctype, template options
#
- name: Create a DB with encoding, collate, ctype, and template options
become_user: "{{ pg_user }}"
become: True
postgresql_db:
name: '{{ db_name }}'
state: 'present'
encoding: 'LATIN1'
lc_collate: 'pt_BR{{ locale_latin_suffix }}'
lc_ctype: 'es_ES{{ locale_latin_suffix }}'
template: 'template0'
login_user: "{{ pg_user }}"
- name: Check that the DB has all of our options
become_user: "{{ pg_user }}"
become: True
shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- "'LATIN1' in result.stdout_lines[-2]"
- "'pt_BR' in result.stdout_lines[-2]"
- "'es_ES' in result.stdout_lines[-2]"
- "'UTF8' not in result.stdout_lines[-2]"
- "'en_US' not in result.stdout_lines[-2]"
- name: Check that running db cration with options a second time does nothing
become_user: "{{ pg_user }}"
become: True
postgresql_db:
name: '{{ db_name }}'
state: 'present'
encoding: 'LATIN1'
lc_collate: 'pt_BR{{ locale_latin_suffix }}'
lc_ctype: 'es_ES{{ locale_latin_suffix }}'
template: 'template0'
login_user: "{{ pg_user }}"
register: result
- assert:
that:
- 'result.changed == False'
- name: Check that attempting to change encoding returns an error
become_user: "{{ pg_user }}"
become: True
postgresql_db:
name: '{{ db_name }}'
state: 'present'
encoding: 'UTF8'
lc_collate: 'pt_BR{{ locale_utf8_suffix }}'
lc_ctype: 'es_ES{{ locale_utf8_suffix }}'
template: 'template0'
login_user: "{{ pg_user }}"
register: result
ignore_errors: True
- assert:
that:
- 'result.failed == True'
- name: Cleanup test DB
become_user: "{{ pg_user }}"
become: True
postgresql_db:
name: '{{ db_name }}'
state: 'absent'
login_user: "{{ pg_user }}"
- shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres
become_user: "{{ pg_user }}"
become: True
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
#
# Create and destroy user, test 'password' and 'encrypted' parameters
#
- include: test_password.yml
vars:
encrypted: '{{ item.user_creation_encrypted_value }}'
db_password1: 'secretù' # use UTF-8
with_items:
- user_creation_encrypted_value: 'yes'
- user_creation_encrypted_value: 'no'
# BYPASSRLS role attribute was introduced in PostgreSQL 9.5, so
# we want to test atrribute management differently depending
# on the version.
- name: Get PostgreSQL version
become_user: "{{ pg_user }}"
become: True
shell: "echo 'SHOW SERVER_VERSION' | psql --tuples-only --no-align --dbname postgres"
register: postgres_version_resp
- name: Print PostgreSQL server version
debug:
msg: "{{ postgres_version_resp.stdout }}"
- set_fact:
bypassrls_supported: "{{ postgres_version_resp.stdout is version('9.5.0', '>=') }}"
# test 'no_password_change' and 'role_attr_flags' parameters
- include: test_no_password_change.yml
vars:
no_password_changes: '{{ item }}'
with_items:
- 'yes'
- 'no'
### TODO: fail_on_user
#
# Test db ownership
#
- name: Create an unprivileged user to own a DB
become_user: "{{ pg_user }}"
become: True
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
login_user: "{{ pg_user }}"
db: postgres
- name: Create db with user ownership
become_user: "{{ pg_user }}"
become: True
postgresql_db:
name: "{{ db_name }}"
state: "present"
owner: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
- name: Check that the user owns the newly created DB
become_user: "{{ pg_user }}"
become: True
shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- "'{{ db_user1 }}' == '{{ result.stdout_lines[-2] | trim }}'"
- name: Change the owner on an existing db
become_user: "{{ pg_user }}"
become: True
postgresql_db:
name: "{{ db_name }}"
state: "present"
owner: "{{ pg_user }}"
login_user: "{{ pg_user }}"
register: result
- name: assert that ansible says it changed the db
assert:
that:
- "result.changed == True"
- name: Check that the user owns the newly created DB
become_user: "{{ pg_user }}"
become: True
shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- "'{{ pg_user }}' == '{{ result.stdout_lines[-2] | trim }}'"
- name: Cleanup db
become_user: "{{ pg_user }}"
become: True
postgresql_db:
name: "{{ db_name }}"
state: "absent"
login_user: "{{ pg_user }}"
- name: Check that database was destroyed
become_user: "{{ pg_user }}"
become: True
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Cleanup test user
become_user: "{{ pg_user }}"
become: True
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
login_user: "{{ pg_user }}"
db: postgres
- name: Check that they were removed
become_user: "{{ pg_user }}"
become: True
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
#
# Test settings privileges
#
- name: Create db
become_user: "{{ pg_user }}"
become: True
postgresql_db:
name: "{{ db_name }}"
state: "present"
login_user: "{{ pg_user }}"
- name: Create some tables on the db
become_user: "{{ pg_user }}"
become: True
shell: echo "create table test_table1 (field text);" | psql {{ db_name }}
- become_user: "{{ pg_user }}"
become: True
shell: echo "create table test_table2 (field text);" | psql {{ db_name }}
- vars:
db_password: 'secretù' # use UTF-8
block:
- name: Create a user with some permissions on the db
become_user: "{{ pg_user }}"
become: True
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
password: "md5{{ (db_password ~ db_user1) | hash('md5')}}"
db: "{{ db_name }}"
priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP'
login_user: "{{ pg_user }}"
- include: pg_authid_not_readable.yml
- name: Check that the user has the requested permissions (table1)
become_user: "{{ pg_user }}"
become: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
register: result_table1
- name: Check that the user has the requested permissions (table2)
become_user: "{{ pg_user }}"
become: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- name: Check that the user has the requested permissions (database)
become_user: "{{ pg_user }}"
become: True
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
register: result_database
- assert:
that:
- "result_table1.stdout_lines[-1] == '(7 rows)'"
- "'INSERT' in result_table1.stdout"
- "'SELECT' in result_table1.stdout"
- "'UPDATE' in result_table1.stdout"
- "'DELETE' in result_table1.stdout"
- "'TRUNCATE' in result_table1.stdout"
- "'REFERENCES' in result_table1.stdout"
- "'TRIGGER' in result_table1.stdout"
- "result_table2.stdout_lines[-1] == '(1 row)'"
- "'INSERT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
- "result_database.stdout_lines[-1] == '(1 row)'"
- "'{{ db_user1 }}=CTc/{{ pg_user }}' in result_database.stdout_lines[-2]"
- name: Add another permission for the user
become_user: "{{ pg_user }}"
become: True
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
db: "{{ db_name }}"
priv: 'test_table2:select'
login_user: "{{ pg_user }}"
register: results
- name: Check that ansible reports it changed the user
assert:
that:
- "results.changed == True"
- name: Check that the user has the requested permissions (table2)
become_user: "{{ pg_user }}"
become: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- assert:
that:
- "result_table2.stdout_lines[-1] == '(2 rows)'"
- "'INSERT' in result_table2.stdout"
- "'SELECT' in result_table2.stdout"
#
# Test priv setting via postgresql_privs module
# (Depends on state from previous _user privs tests)
#
- name: Revoke a privilege
become_user: "{{ pg_user }}"
become: True
postgresql_privs:
type: "table"
state: "absent"
roles: "{{ db_user1 }}"
privs: "INSERT"
objs: "test_table2"
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
register: results
- name: Check that ansible reports it changed the user
assert:
that:
- "results.changed == True"
- name: Check that the user has the requested permissions (table2)
become_user: "{{ pg_user }}"
become: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- assert:
that:
- "result_table2.stdout_lines[-1] == '(1 row)'"
- "'SELECT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
- name: Revoke many privileges on multiple tables
become_user: "{{ pg_user }}"
become: True
postgresql_privs:
state: "absent"
roles: "{{ db_user1 }}"
privs: "INSERT,select,UPDATE,TRUNCATE,REFERENCES,TRIGGER,delete"
objs: "test_table2,test_table1"
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
register: results
- name: Check that ansible reports it changed the user
assert:
that:
- "results.changed == True"
- name: Check that permissions were revoked (table1)
become_user: "{{ pg_user }}"
become: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
register: result_table1
- name: Check that permissions were revoked (table2)
become_user: "{{ pg_user }}"
become: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- assert:
that:
- "result_table1.stdout_lines[-1] == '(0 rows)'"
- "result_table2.stdout_lines[-1] == '(0 rows)'"
- name: Revoke database privileges
become_user: "{{ pg_user }}"
become: True
postgresql_privs:
type: "database"
state: "absent"
roles: "{{ db_user1 }}"
privs: "Create,connect,TEMP"
objs: "{{ db_name }}"
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
- name: Check that the user has the requested permissions (database)
become_user: "{{ pg_user }}"
become: True
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
register: result_database
- assert:
that:
- "result_database.stdout_lines[-1] == '(1 row)'"
- "'{{ db_user1 }}' not in result_database.stdout"
- name: Grant database privileges
become_user: "{{ pg_user }}"
become: True
postgresql_privs:
type: "database"
state: "present"
roles: "{{ db_user1 }}"
privs: "CREATE,connect"
objs: "{{ db_name }}"
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
register: results
- name: Check that ansible reports it changed the user
assert:
that:
- "results.changed == True"
- name: Check that the user has the requested permissions (database)
become_user: "{{ pg_user }}"
become: True
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
register: result_database
- assert:
that:
- "result_database.stdout_lines[-1] == '(1 row)'"
- "'{{ db_user1 }}=Cc' in result_database.stdout"
- name: Grant a single privilege on a table
become_user: "{{ pg_user }}"
become: True
postgresql_privs:
state: "present"
roles: "{{ db_user1 }}"
privs: "INSERT"
objs: "test_table1"
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
- name: Check that permissions were added (table1)
become_user: "{{ pg_user }}"
become: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
register: result_table1
- assert:
that:
- "result_table1.stdout_lines[-1] == '(1 row)'"
- "'{{ result_table1.stdout_lines[-2] | trim }}' == 'INSERT'"
- name: Grant many privileges on multiple tables
become_user: "{{ pg_user }}"
become: True
postgresql_privs:
state: "present"
roles: "{{ db_user1 }}"
privs: 'INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,trigger'
objs: "test_table2,test_table1"
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
- name: Check that permissions were added (table1)
become_user: "{{ pg_user }}"
become: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
register: result_table1
- name: Check that permissions were added (table2)
become_user: "{{ pg_user }}"
become: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- assert:
that:
- "result_table1.stdout_lines[-1] == '(7 rows)'"
- "'INSERT' in result_table1.stdout"
- "'SELECT' in result_table1.stdout"
- "'UPDATE' in result_table1.stdout"
- "'DELETE' in result_table1.stdout"
- "'TRUNCATE' in result_table1.stdout"
- "'REFERENCES' in result_table1.stdout"
- "'TRIGGER' in result_table1.stdout"
- "result_table2.stdout_lines[-1] == '(7 rows)'"
- "'INSERT' in result_table2.stdout"
- "'SELECT' in result_table2.stdout"
- "'UPDATE' in result_table2.stdout"
- "'DELETE' in result_table2.stdout"
- "'TRUNCATE' in result_table2.stdout"
- "'REFERENCES' in result_table2.stdout"
- "'TRIGGER' in result_table2.stdout"
#
# Cleanup
#
- name: Cleanup db
become_user: "{{ pg_user }}"
become: True
postgresql_db:
name: "{{ db_name }}"
state: "absent"
login_user: "{{ pg_user }}"
- name: Check that database was destroyed
become_user: "{{ pg_user }}"
become: True
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Cleanup test user
become_user: "{{ pg_user }}"
become: True
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
login_user: "{{ pg_user }}"
db: postgres
- name: Check that they were removed
become_user: "{{ pg_user }}"
become: True
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
#
# Test login_user functionality
#
- name: Create a user to test login module parameters
become: True
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ db_user1 }}"
state: "present"
encrypted: 'no'
password: "password"
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
login_user: "{{ pg_user }}"
db: postgres
- name: Create db
postgresql_db:
name: "{{ db_name }}"
state: "present"
login_user: "{{ db_user1 }}"
login_password: "password"
login_host: "localhost"
- name: Check that database created
become: True
become_user: "{{ pg_user }}"
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- name: Create a user
postgresql_user:
name: "{{ db_user2 }}"
state: "present"
encrypted: 'yes'
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
db: "{{ db_name }}"
login_user: "{{ db_user1 }}"
login_password: "password"
login_host: "localhost"
- name: Check that it was created
become: True
become_user: "{{ pg_user }}"
shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- name: Grant database privileges
postgresql_privs:
type: "database"
state: "present"
roles: "{{ db_user2 }}"
privs: "CREATE,connect"
objs: "{{ db_name }}"
db: "{{ db_name }}"
login: "{{ db_user1 }}"
password: "password"
host: "localhost"
- name: Check that the user has the requested permissions (database)
become: True
become_user: "{{ pg_user }}"
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
register: result_database
- assert:
that:
- "result_database.stdout_lines[-1] == '(1 row)'"
- "'{{ db_user2 }}=Cc' in result_database.stdout"
- name: Remove user
postgresql_user:
name: "{{ db_user2 }}"
state: 'absent'
priv: "ALL"
db: "{{ db_name }}"
login_user: "{{ db_user1 }}"
login_password: "password"
login_host: "localhost"
- name: Check that they were removed
become: True
become_user: "{{ pg_user }}"
shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Destroy DB
postgresql_db:
state: absent
name: "{{ db_name }}"
login_user: "{{ db_user1 }}"
login_password: "password"
login_host: "localhost"
- name: Check that database was destroyed
become: True
become_user: "{{ pg_user }}"
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
# dump/restore tests per format
# ============================================================
- include: state_dump_restore.yml test_fixture=user file=dbdata.sql
- include: state_dump_restore.yml test_fixture=user file=dbdata.sql.gz
- include: state_dump_restore.yml test_fixture=user file=dbdata.sql.bz2
- include: state_dump_restore.yml test_fixture=user file=dbdata.sql.xz
- include: state_dump_restore.yml test_fixture=user file=dbdata.tar
- include: state_dump_restore.yml test_fixture=user file=dbdata.tar.gz
- include: state_dump_restore.yml test_fixture=user file=dbdata.tar.bz2
- include: state_dump_restore.yml test_fixture=user file=dbdata.tar.xz
# dump/restore tests per other logins
# ============================================================
- include: state_dump_restore.yml file=dbdata.tar test_fixture=admin
#
# Cleanup
#
- name: Cleanup test user
become: True
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
db: postgres
login_user: "{{ pg_user }}"
- name: Check that they were removed
become: True
become_user: "{{ pg_user }}"
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
Reference in New Issue View Git Blame Copy Permalink