postgresql_user: add trust_input parameter (#116)

* postgresql: add input checks for potentially dangerous substrings

* postgresql_user: add trust_input parameter

* add CI, add changelog fragment

* fix CI

* moved input patterns outside is_input_dangerous function

* Update plugins/module_utils/database.py

Co-Authored-By: Thomas O'Donnell <andytom@users.noreply.github.com>

* Update plugins/module_utils/database.py

Co-Authored-By: Thomas O'Donnell <andytom@users.noreply.github.com>

* fix

Co-authored-by: Thomas O'Donnell <andytom@users.noreply.github.com>

tests/integration/targets/postgresql_user/defaults/main.yml

@@ -1,3 +1,4 @@
 db_name: 'ansible_db'
 db_user1: 'ansible_db_user1'
 db_user2: 'ansible_db_user2'
+dangerous_name: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'

tests/integration/targets/postgresql_user/tasks/postgresql_user_general.yml

@@ -717,6 +717,32 @@
       that:
       - result.rowcount == 2
 
+  ########################
+  # Test trust_input param
+
+  - name: Create role with potentially dangerous name, don't trust
+    <<: *task_parameters
+    postgresql_user:
+      <<: *pg_parameters
+      name: '{{ dangerous_name }}'
+      trust_input: no
+    ignore_errors: yes
+
+  - assert:
+      that:
+      - result is failed
+      - result.msg == 'Passed input \'{{ dangerous_name }}\' is potentially dangerous'
+
+  - name: Create role with potentially dangerous name, trust
+    <<: *task_parameters
+    postgresql_user:
+      <<: *pg_parameters
+      name: '{{ dangerous_name }}'
+
+  - assert:
+      that:
+      - result is changed
+
   always:
   #
   # Clean up
@@ -739,3 +765,4 @@
     - '{{ test_user2 }}'
     - '{{ test_group1 }}'
     - '{{ test_group2 }}'
+    - '{{ dangerous_name }}'