mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-04-27 04:41:26 -07:00
Run postgresql tests on FreeBSD. (#20676)
* Use vars for user, group and locale suffix. * Switch tests from `es_MX` to `es_ES`. * Enable postgresql tests on freebsd. * Work-arounds for service restart on freebsd.
This commit is contained in:
Matt Clay
GitHub
parent
5d5e5e25a2
commit
31d6b6ef67
6 changed files with 210 additions and 108 deletions
|
|
@ -3,5 +3,4 @@ posix/ci/group1
|
|||
postgresql_db
|
||||
postgresql_privs
|
||||
postgresql_user
|
||||
skip/freebsd
|
||||
skip/osx
|
||||
|
|
|
|||
|
|
@ -2,11 +2,12 @@
|
|||
# Create and destroy db
|
||||
#
|
||||
- name: Create DB
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
- name: assert that module reports the db was created
|
||||
|
|
@ -16,9 +17,9 @@
|
|||
- "result.db =='{{ db_name }}'"
|
||||
|
||||
- name: Check that database created
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
|
||||
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
|
@ -26,11 +27,12 @@
|
|||
- "result.stdout_lines[-1] == '(1 row)'"
|
||||
|
||||
- name: Run create on an already created db
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
- name: assert that module reports the db was unchanged
|
||||
|
|
@ -39,11 +41,12 @@
|
|||
- "result.changed == false"
|
||||
|
||||
- name: Destroy DB
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_db:
|
||||
state: absent
|
||||
name: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
- name: assert that module reports the db was changed
|
||||
|
|
@ -52,9 +55,9 @@
|
|||
- "result.changed == true"
|
||||
|
||||
- name: Check that database was destroyed
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
|
||||
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
|
@ -62,11 +65,12 @@
|
|||
- "result.stdout_lines[-1] == '(0 rows)'"
|
||||
|
||||
- name: Destroy DB
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_db:
|
||||
state: absent
|
||||
name: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
- name: assert that removing an alreaady removed db makes no change
|
||||
|
|
@ -100,20 +104,21 @@
|
|||
# Test encoding, collate, ctype, template options
|
||||
#
|
||||
- name: Create a DB with encoding, collate, ctype, and template options
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_db:
|
||||
name: '{{ db_name }}'
|
||||
state: 'present'
|
||||
encoding: 'LATIN1'
|
||||
lc_collate: 'pt_BR'
|
||||
lc_ctype: 'es_MX'
|
||||
lc_collate: 'pt_BR{{ locale_latin_suffix }}'
|
||||
lc_ctype: 'es_ES{{ locale_latin_suffix }}'
|
||||
template: 'template0'
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Check that the DB has all of our options
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql
|
||||
shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
|
@ -121,20 +126,21 @@
|
|||
- "result.stdout_lines[-1] == '(1 row)'"
|
||||
- "'LATIN1' in result.stdout_lines[-2]"
|
||||
- "'pt_BR' in result.stdout_lines[-2]"
|
||||
- "'es_MX' in result.stdout_lines[-2]"
|
||||
- "'es_ES' in result.stdout_lines[-2]"
|
||||
- "'UTF8' not in result.stdout_lines[-2]"
|
||||
- "'en_US' not in result.stdout_lines[-2]"
|
||||
|
||||
- name: Check that running db cration with options a second time does nothing
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_db:
|
||||
name: '{{ db_name }}'
|
||||
state: 'present'
|
||||
encoding: 'LATIN1'
|
||||
lc_collate: 'pt_BR'
|
||||
lc_ctype: 'es_MX'
|
||||
lc_collate: 'pt_BR{{ locale_latin_suffix }}'
|
||||
lc_ctype: 'es_ES{{ locale_latin_suffix }}'
|
||||
template: 'template0'
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
|
@ -143,15 +149,16 @@
|
|||
|
||||
|
||||
- name: Check that attempting to change encoding returns an error
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_db:
|
||||
name: '{{ db_name }}'
|
||||
state: 'present'
|
||||
encoding: 'UTF8'
|
||||
lc_collate: 'pt_BR'
|
||||
lc_ctype: 'es_MX'
|
||||
lc_collate: 'pt_BR{{ locale_utf8_suffix }}'
|
||||
lc_ctype: 'es_ES{{ locale_utf8_suffix }}'
|
||||
template: 'template0'
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
ignore_errors: True
|
||||
|
||||
|
|
@ -160,14 +167,15 @@
|
|||
- 'result.failed == True'
|
||||
|
||||
- name: Cleanup test DB
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_db:
|
||||
name: '{{ db_name }}'
|
||||
state: 'absent'
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql
|
||||
become_user: postgres
|
||||
- shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
register: result
|
||||
|
||||
|
|
@ -179,12 +187,14 @@
|
|||
# Create and destroy user
|
||||
#
|
||||
- name: Create a user
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
encrypted: 'yes'
|
||||
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
register: result
|
||||
|
||||
- name: Check that ansible reports they were created
|
||||
|
|
@ -193,9 +203,9 @@
|
|||
- "result.changed == True"
|
||||
|
||||
- name: Check that they were created
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
|
||||
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
|
@ -203,12 +213,14 @@
|
|||
- "result.stdout_lines[-1] == '(1 row)'"
|
||||
|
||||
- name: Check that creating user a second time does nothing
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
encrypted: 'yes'
|
||||
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
register: result
|
||||
|
||||
- name: Check that ansible reports no change
|
||||
|
|
@ -217,11 +229,13 @@
|
|||
- "result.changed == False"
|
||||
|
||||
- name: Remove user
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
state: 'absent'
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
register: result
|
||||
|
||||
- name: Check that ansible reports they were removed
|
||||
|
|
@ -230,9 +244,9 @@
|
|||
- "result.changed == True"
|
||||
|
||||
- name: Check that they were removed
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
|
||||
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
|
@ -240,11 +254,13 @@
|
|||
- "result.stdout_lines[-1] == '(0 rows)'"
|
||||
|
||||
- name: Check that removing user a second time does nothing
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
state: 'absent'
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
register: result
|
||||
|
||||
- name: Check that ansible reports no change
|
||||
|
|
@ -253,17 +269,19 @@
|
|||
- "result.changed == False"
|
||||
|
||||
- name: Create a user with all role attributes
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
state: "present"
|
||||
role_attr_flags: "SUPERUSER,CREATEROLE,CREATEDB,INHERIT,login"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
|
||||
- name: Check that the user has the requested role attributes
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql
|
||||
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
|
@ -276,12 +294,14 @@
|
|||
- "'login:t' in result.stdout_lines[-2]"
|
||||
|
||||
- name: Modify a user to have no role attributes
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
state: "present"
|
||||
role_attr_flags: "NOSUPERUSER,NOCREATEROLE,NOCREATEDB,noinherit,NOLOGIN"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
register: result
|
||||
|
||||
- name: Check that ansible reports it modified the role
|
||||
|
|
@ -290,9 +310,9 @@
|
|||
- "result.changed == True"
|
||||
|
||||
- name: Check that the user has the requested role attributes
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql
|
||||
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
|
@ -305,12 +325,14 @@
|
|||
- "'login:f' in result.stdout_lines[-2]"
|
||||
|
||||
- name: Modify a single role attribute on a user
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
state: "present"
|
||||
role_attr_flags: "LOGIN"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
register: result
|
||||
|
||||
- name: Check that ansible reports it modified the role
|
||||
|
|
@ -319,9 +341,9 @@
|
|||
- "result.changed == True"
|
||||
|
||||
- name: Check that the user has the requested role attributes
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql
|
||||
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
|
@ -334,16 +356,18 @@
|
|||
- "'login:t' in result.stdout_lines[-2]"
|
||||
|
||||
- name: Cleanup the user
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
state: 'absent'
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
|
||||
- name: Check that they were removed
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
|
||||
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
|
@ -356,25 +380,28 @@
|
|||
# Test db ownership
|
||||
#
|
||||
- name: Create an unprivileged user to own a DB
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
encrypted: 'yes'
|
||||
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
|
||||
- name: Create db with user ownership
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_db:
|
||||
name: "{{ db_name }}"
|
||||
state: "present"
|
||||
owner: "{{ db_user1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Check that the user owns the newly created DB
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql
|
||||
shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
|
@ -383,12 +410,13 @@
|
|||
- "'{{ db_user1 }}' == '{{ result.stdout_lines[-2] | trim }}'"
|
||||
|
||||
- name: Change the owner on an existing db
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_db:
|
||||
name: "{{ db_name }}"
|
||||
state: "present"
|
||||
owner: "postgres"
|
||||
owner: "{{ pg_user }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
- name: assert that ansible says it changed the db
|
||||
|
|
@ -397,27 +425,28 @@
|
|||
- "result.changed == True"
|
||||
|
||||
- name: Check that the user owns the newly created DB
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql
|
||||
shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result.stdout_lines[-1] == '(1 row)'"
|
||||
- "'postgres' == '{{ result.stdout_lines[-2] | trim }}'"
|
||||
- "'{{ pg_user }}' == '{{ result.stdout_lines[-2] | trim }}'"
|
||||
|
||||
- name: Cleanup db
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_db:
|
||||
name: "{{ db_name }}"
|
||||
state: "absent"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Check that database was destroyed
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
|
||||
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
|
@ -425,16 +454,18 @@
|
|||
- "result.stdout_lines[-1] == '(0 rows)'"
|
||||
|
||||
- name: Cleanup test user
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
state: 'absent'
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
|
||||
- name: Check that they were removed
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
|
||||
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
|
@ -445,23 +476,24 @@
|
|||
# Test settings privileges
|
||||
#
|
||||
- name: Create db
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_db:
|
||||
name: "{{ db_name }}"
|
||||
state: "present"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Create some tables on the db
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "create table test_table1 (field text);" | psql {{ db_name }}
|
||||
|
||||
- become_user: postgres
|
||||
- become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "create table test_table2 (field text);" | psql {{ db_name }}
|
||||
|
||||
- name: Create a user with some permissions on the db
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
|
|
@ -469,21 +501,22 @@
|
|||
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
|
||||
db: "{{ db_name }}"
|
||||
priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP'
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Check that the user has the requested permissions (table1)
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
|
||||
register: result_table1
|
||||
|
||||
- name: Check that the user has the requested permissions (table2)
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
|
||||
register: result_table2
|
||||
|
||||
- name: Check that the user has the requested permissions (database)
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
|
||||
register: result_database
|
||||
|
|
@ -501,10 +534,10 @@
|
|||
- "result_table2.stdout_lines[-1] == '(1 row)'"
|
||||
- "'INSERT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
|
||||
- "result_database.stdout_lines[-1] == '(1 row)'"
|
||||
- "'{{ db_user1 }}=CTc/postgres' in result_database.stdout_lines[-2]"
|
||||
- "'{{ db_user1 }}=CTc/{{ pg_user }}' in result_database.stdout_lines[-2]"
|
||||
|
||||
- name: Add another permission for the user
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
|
|
@ -512,6 +545,7 @@
|
|||
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
|
||||
db: "{{ db_name }}"
|
||||
priv: 'test_table2:select'
|
||||
login_user: "{{ pg_user }}"
|
||||
register: results
|
||||
|
||||
- name: Check that ansible reports it changed the user
|
||||
|
|
@ -520,7 +554,7 @@
|
|||
- "results.changed == True"
|
||||
|
||||
- name: Check that the user has the requested permissions (table2)
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
|
||||
register: result_table2
|
||||
|
|
@ -538,7 +572,7 @@
|
|||
#
|
||||
|
||||
- name: Revoke a privilege
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_privs:
|
||||
type: "table"
|
||||
|
|
@ -547,6 +581,7 @@
|
|||
privs: "INSERT"
|
||||
objs: "test_table2"
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
register: results
|
||||
|
||||
- name: Check that ansible reports it changed the user
|
||||
|
|
@ -555,7 +590,7 @@
|
|||
- "results.changed == True"
|
||||
|
||||
- name: Check that the user has the requested permissions (table2)
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
|
||||
register: result_table2
|
||||
|
|
@ -566,7 +601,7 @@
|
|||
- "'SELECT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
|
||||
|
||||
- name: Revoke many privileges on multiple tables
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_privs:
|
||||
state: "absent"
|
||||
|
|
@ -574,6 +609,7 @@
|
|||
privs: "INSERT,select,UPDATE,TRUNCATE,REFERENCES,TRIGGER,delete"
|
||||
objs: "test_table2,test_table1"
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
register: results
|
||||
|
||||
- name: Check that ansible reports it changed the user
|
||||
|
|
@ -582,13 +618,13 @@
|
|||
- "results.changed == True"
|
||||
|
||||
- name: Check that permissions were revoked (table1)
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
|
||||
register: result_table1
|
||||
|
||||
- name: Check that permissions were revoked (table2)
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
|
||||
register: result_table2
|
||||
|
|
@ -599,7 +635,7 @@
|
|||
- "result_table2.stdout_lines[-1] == '(0 rows)'"
|
||||
|
||||
- name: Revoke database privileges
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_privs:
|
||||
type: "database"
|
||||
|
|
@ -608,9 +644,10 @@
|
|||
privs: "Create,connect,TEMP"
|
||||
objs: "{{ db_name }}"
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Check that the user has the requested permissions (database)
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
|
||||
register: result_database
|
||||
|
|
@ -621,7 +658,7 @@
|
|||
- "'{{ db_user1 }}' not in result_database.stdout"
|
||||
|
||||
- name: Grant database privileges
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_privs:
|
||||
type: "database"
|
||||
|
|
@ -630,6 +667,7 @@
|
|||
privs: "CREATE,connect"
|
||||
objs: "{{ db_name }}"
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
register: results
|
||||
|
||||
- name: Check that ansible reports it changed the user
|
||||
|
|
@ -638,7 +676,7 @@
|
|||
- "results.changed == True"
|
||||
|
||||
- name: Check that the user has the requested permissions (database)
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
|
||||
register: result_database
|
||||
|
|
@ -649,7 +687,7 @@
|
|||
- "'{{ db_user1 }}=Cc' in result_database.stdout"
|
||||
|
||||
- name: Grant a single privilege on a table
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_privs:
|
||||
state: "present"
|
||||
|
|
@ -657,9 +695,10 @@
|
|||
privs: "INSERT"
|
||||
objs: "test_table1"
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Check that permissions were added (table1)
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
|
||||
register: result_table1
|
||||
|
|
@ -670,7 +709,7 @@
|
|||
- "'{{ result_table1.stdout_lines[-2] | trim }}' == 'INSERT'"
|
||||
|
||||
- name: Grant many privileges on multiple tables
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_privs:
|
||||
state: "present"
|
||||
|
|
@ -678,15 +717,16 @@
|
|||
privs: 'INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,trigger'
|
||||
objs: "test_table2,test_table1"
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Check that permissions were added (table1)
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
|
||||
register: result_table1
|
||||
|
||||
- name: Check that permissions were added (table2)
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
|
||||
register: result_table2
|
||||
|
|
@ -714,16 +754,17 @@
|
|||
# Cleanup
|
||||
#
|
||||
- name: Cleanup db
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_db:
|
||||
name: "{{ db_name }}"
|
||||
state: "absent"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Check that database was destroyed
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
|
||||
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
|
@ -731,16 +772,18 @@
|
|||
- "result.stdout_lines[-1] == '(0 rows)'"
|
||||
|
||||
- name: Cleanup test user
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
state: 'absent'
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
|
||||
- name: Check that they were removed
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
|
||||
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
|
@ -752,13 +795,15 @@
|
|||
#
|
||||
- name: Create a user to test login module parameters
|
||||
become: True
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
state: "present"
|
||||
encrypted: 'no'
|
||||
password: "password"
|
||||
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
|
||||
- name: Create db
|
||||
postgresql_db:
|
||||
|
|
@ -770,8 +815,8 @@
|
|||
|
||||
- name: Check that database created
|
||||
become: True
|
||||
become_user: postgres
|
||||
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
|
||||
become_user: "{{ pg_user }}"
|
||||
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
|
@ -791,8 +836,8 @@
|
|||
|
||||
- name: Check that they were created
|
||||
become: True
|
||||
become_user: postgres
|
||||
shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql
|
||||
become_user: "{{ pg_user }}"
|
||||
shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
|
@ -813,7 +858,7 @@
|
|||
|
||||
- name: Check that the user has the requested permissions (database)
|
||||
become: True
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
|
||||
register: result_database
|
||||
|
||||
|
|
@ -834,8 +879,8 @@
|
|||
|
||||
- name: Check that they were removed
|
||||
become: True
|
||||
become_user: postgres
|
||||
shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql
|
||||
become_user: "{{ pg_user }}"
|
||||
shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
|
@ -852,8 +897,8 @@
|
|||
|
||||
- name: Check that database was destroyed
|
||||
become: True
|
||||
become_user: postgres
|
||||
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
|
||||
become_user: "{{ pg_user }}"
|
||||
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
|
@ -865,15 +910,17 @@
|
|||
#
|
||||
- name: Cleanup test user
|
||||
become: True
|
||||
become_user: postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
state: 'absent'
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Check that they were removed
|
||||
become: True
|
||||
become_user: postgres
|
||||
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
|
||||
become_user: "{{ pg_user }}"
|
||||
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue