postgresql_db: add trust_input parameter (#184)

2025-07-22 12:50:22 -07:00 · 2020-04-20 09:38:35 +03:00 · 2020-04-20 09:38:35 +03:00 · 5b1652e8fa
commit 5b1652e8fa
parent 764cae9f33
3 changed files with 99 additions and 14 deletions
--- a/tests/integration/targets/postgresql_db/defaults/main.yml
+++ b/tests/integration/targets/postgresql_db/defaults/main.yml
@ -4,3 +4,8 @@ db_user2: 'ansible.db.user2'
 tmp_dir: '/tmp'
 db_session_role1: 'session_role1'
 db_session_role2: 'session_role2'
+
+# To test trust_input parameter and
+# possibility to create a database with dots in its name
+db_name_with_dot: 'db.name'
+suspicious_db_name: '{{ db_name_with_dot }}"; --'
--- a/tests/integration/targets/postgresql_db/tasks/state_dump_restore.yml
+++ b/tests/integration/targets/postgresql_db/tasks/state_dump_restore.yml
@ -140,6 +140,77 @@
       - "'47' in result.stdout"
       - "'Joe Smith' in result.stdout"

+############################
+# 1. Test trust_input parameter
+# 2. Test db name containing dots
+
+- name: state dump/restore - create database, trust_input no
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_db:
+    state: present
+    name: "{{ suspicious_db_name }}"
+    owner: "{{ db_user1 }}"
+    login_user: "{{ pg_user }}"
+    trust_input: no
+  register: result
+  ignore_errors: yes
+
+- assert:
+    that:
+    - result is failed
+    - result.msg == 'Passed input \'{{ suspicious_db_name }}\' is potentially dangerous'
+
+- name: state dump/restore - create database, trust_input yes explicitly
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_db:
+    state: present
+    name: "{{ suspicious_db_name }}"
+    owner: "{{ db_user1 }}"
+    login_user: "{{ pg_user }}"
+    trust_input: yes
+  register: result
+
+- assert:
+    that:
+    - result is changed
+
+- name: test state=restore to restore the database (expect changed=true)
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_db:
+    name: "{{ db_name_with_dot }}"
+    target: "{{ db_file_name }}"
+    owner: "{{ db_user1 }}"
+    login_user: '{{(test_fixture == "user")|ternary(db_user1, pg_user)}}'
+    target_opts: '{{(test_fixture == "user")|ternary("-n public", omit)}}'
+    login_host:  '{{(test_fixture == "user")|ternary("localhost", omit)}}'
+    login_password: '{{(test_fixture == "user")|ternary("password", omit)}}'
+    state: restore
+  register: result
+
+- name: assert output message restore the database
+  assert:
+    that:
+    - result is changed
+
+- name: state dump/restore - remove databases
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_db:
+    state: absent
+    name: "{{ db_name_with_dot }}"
+    owner: "{{ db_user1 }}"
+    login_user: "{{ pg_user }}"
+    trust_input: yes
+  register: result
+
+- assert:
+    that:
+    - result is changed
+
+# Clean up
 - name: state dump/restore - remove database name
  postgresql_db:
    name: "{{ db_name }}"