You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible/test/integration/targets/postgresql_privs/tasks/test_target_role.yml

121 lines
2.7 KiB
YAML

# Setup
- name: Create a test user
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
name: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
db: postgres
- name: Create DB
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: "{{ db_name }}"
owner: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
- name: Create a user to be given permissions and other tests
postgresql_user:
name: "{{ db_user2 }}"
state: present
encrypted: yes
password: password
role_attr_flags: LOGIN
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
#######################################
# Test default_privs with target_role #
#######################################
# Test
- name: Grant default privileges for new table objects
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
db: "{{ db_name }}"
objs: TABLES
privs: SELECT
type: default_privs
role: "{{ db_user2 }}"
target_roles: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
register: result
# Checks
- assert:
that: result is changed
- name: Check that default privileges are set
become: yes
become_user: "{{ pg_user }}"
shell: psql {{ db_name }} -c "SELECT defaclrole, defaclobjtype, defaclacl FROM pg_default_acl a JOIN pg_roles b ON a.defaclrole=b.oid;" -t
register: result
- assert:
that: "'{{ db_user2 }}=r/{{ db_user1 }}' in '{{ result.stdout_lines[0] }}'"
# Test
- name: Revoke default privileges for new table objects
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
db: "{{ db_name }}"
state: absent
objs: TABLES
privs: SELECT
type: default_privs
role: "{{ db_user2 }}"
target_roles: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
register: result
# Checks
- assert:
that: result is changed
# Cleanup
- name: Remove user given permissions
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
name: "{{ db_user2 }}"
state: absent
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
- name: Remove user owner of objects
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
name: "{{ db_user3 }}"
state: absent
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
- name: Destroy DBs
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: absent
name: "{{ item }}"
login_user: "{{ pg_user }}"
loop:
- "{{ db_name }}"
- "{{ db_session_role1 }}"
- name: Remove test users
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
name: "{{ item }}"
state: absent
db: postgres
login_user: "{{ pg_user }}"
loop:
- "{{ db_user1 }}"
- "{{ db_session_role1 }}"
- "{{ db_session_role2 }}"