mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-23 13:20:23 -07:00
Remove postgresql content for 2.0.0 (#1355)
* Remove postgresql content * add suggested * Update meta/runtime.yml Co-authored-by: Felix Fontein <felix@fontein.de> * Remove symlinks * Remove a consequence of rebasing * Remove ssl task from setup_postgresql_db Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
parent
31443e57b1
commit
72b59c764e
186 changed files with 61 additions and 27584 deletions
|
@ -37,12 +37,7 @@
|
|||
# Name setup database
|
||||
#
|
||||
- name: Create a user to run the tests with
|
||||
postgresql_user:
|
||||
name: "{{ my_user }}"
|
||||
password: "{{ my_pass }}"
|
||||
encrypted: 'yes'
|
||||
role_attr_flags: "SUPERUSER"
|
||||
db: postgres
|
||||
shell: echo "CREATE USER {{ my_user }} SUPERUSER PASSWORD '{{ my_pass }}'" | psql postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
destructive
|
||||
shippable/posix/group4
|
||||
skip/aix
|
||||
skip/osx
|
||||
skip/macos
|
||||
disabled # tests already running in community.postgresql
|
|
@ -1,2 +0,0 @@
|
|||
dependencies:
|
||||
- setup_postgresql_db
|
|
@ -1,8 +0,0 @@
|
|||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
# Initial CI tests of postgresql_copy module
|
||||
- import_tasks: postgresql_copy_initial.yml
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
|
@ -1,278 +0,0 @@
|
|||
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# The file for testing postgresql_copy module.
|
||||
|
||||
- vars:
|
||||
test_table: acme
|
||||
data_file_txt: /tmp/data.txt
|
||||
data_file_csv: /tmp/data.csv
|
||||
task_parameters: &task_parameters
|
||||
become_user: '{{ pg_user }}'
|
||||
become: yes
|
||||
register: result
|
||||
pg_parameters: &pg_parameters
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
|
||||
block:
|
||||
# Test preparation:
|
||||
- name: postgresql_copy - create test table
|
||||
<<: *task_parameters
|
||||
postgresql_table:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_table }}'
|
||||
columns:
|
||||
- id int
|
||||
- name text
|
||||
|
||||
# Insert the data:
|
||||
- name: postgresql_copy - insert rows into test table
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: "INSERT INTO {{ test_table }} (id, name) VALUES (1, 'first')"
|
||||
|
||||
- name: postgresql_copy - ensure that test data files don't exist
|
||||
<<: *task_parameters
|
||||
file:
|
||||
path: '{{ item }}'
|
||||
state: absent
|
||||
with_items:
|
||||
- '{{ data_file_csv }}'
|
||||
- '{{ data_file_txt }}'
|
||||
|
||||
# ##############
|
||||
# Do main tests:
|
||||
|
||||
# check_mode - if it's OK, must always return changed=True:
|
||||
- name: postgresql_copy - check_mode, copy test table content to data_file_txt
|
||||
check_mode: yes
|
||||
<<: *task_parameters
|
||||
postgresql_copy:
|
||||
<<: *pg_parameters
|
||||
copy_to: '{{ data_file_txt }}'
|
||||
src: '{{ test_table }}'
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
# check that nothing changed after the previous step:
|
||||
- name: postgresql_copy - check that data_file_txt doesn't exist
|
||||
<<: *task_parameters
|
||||
ignore_errors: yes
|
||||
shell: head -n 1 '{{ data_file_txt }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.failed == true
|
||||
- result.rc == 1
|
||||
|
||||
# check_mode - if it's OK, must always return changed=True:
|
||||
- name: postgresql_copy - check_mode, copy test table content from data_file_txt
|
||||
check_mode: yes
|
||||
<<: *task_parameters
|
||||
postgresql_copy:
|
||||
<<: *pg_parameters
|
||||
copy_from: '{{ data_file_txt }}'
|
||||
dst: '{{ test_table }}'
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
# check that nothing changed after the previous step:
|
||||
- name: postgresql_copy - check that test table continue to have one row
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: 'SELECT * FROM {{ test_table }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
# check_mode - test must fail because test table doesn't exist:
|
||||
- name: postgresql_copy - check_mode, copy non existent table to data_file_txt
|
||||
check_mode: yes
|
||||
ignore_errors: yes
|
||||
<<: *task_parameters
|
||||
postgresql_copy:
|
||||
<<: *pg_parameters
|
||||
copy_to: '{{ data_file_txt }}'
|
||||
src: non_existent_table
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.failed == true
|
||||
- result.queries is not defined
|
||||
|
||||
- name: postgresql_copy - check trust_input
|
||||
<<: *task_parameters
|
||||
postgresql_copy:
|
||||
<<: *pg_parameters
|
||||
copy_to: '{{ data_file_txt }}'
|
||||
src: '{{ test_table }}'
|
||||
session_role: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
|
||||
trust_input: no
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
- result.msg is search('is potentially dangerous')
|
||||
|
||||
- name: postgresql_copy - copy test table data to data_file_txt
|
||||
<<: *task_parameters
|
||||
postgresql_copy:
|
||||
<<: *pg_parameters
|
||||
copy_to: '{{ data_file_txt }}'
|
||||
src: '{{ test_table }}'
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["COPY \"{{ test_table }}\" TO '{{ data_file_txt }}'"]
|
||||
- result.src == '{{ test_table }}'
|
||||
- result.dst == '{{ data_file_txt }}'
|
||||
|
||||
# check the prev test
|
||||
- name: postgresql_copy - check data_file_txt exists and not empty
|
||||
<<: *task_parameters
|
||||
shell: 'head -n 1 {{ data_file_txt }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.stdout == '1\tfirst'
|
||||
|
||||
# test different options and columns
|
||||
- name: postgresql_copy - copy test table data to data_file_csv with options and columns
|
||||
<<: *task_parameters
|
||||
postgresql_copy:
|
||||
<<: *pg_parameters
|
||||
copy_to: '{{ data_file_csv }}'
|
||||
src: '{{ test_table }}'
|
||||
columns:
|
||||
- id
|
||||
- name
|
||||
options:
|
||||
format: csv
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["COPY \"{{ test_table }}\" (id,name) TO '{{ data_file_csv }}' (format csv)"]
|
||||
- result.src == '{{ test_table }}'
|
||||
- result.dst == '{{ data_file_csv }}'
|
||||
|
||||
# check the prev test
|
||||
- name: postgresql_copy - check data_file_csv exists and not empty
|
||||
<<: *task_parameters
|
||||
shell: 'head -n 1 {{ data_file_csv }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.stdout == '1,first'
|
||||
|
||||
- name: postgresql_copy - copy from data_file_csv to test table
|
||||
<<: *task_parameters
|
||||
postgresql_copy:
|
||||
<<: *pg_parameters
|
||||
copy_from: '{{ data_file_csv }}'
|
||||
dst: '{{ test_table }}'
|
||||
columns:
|
||||
- id
|
||||
- name
|
||||
options:
|
||||
format: csv
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["COPY \"{{ test_table }}\" (id,name) FROM '{{ data_file_csv }}' (format csv)"]
|
||||
- result.dst == '{{ test_table }}'
|
||||
- result.src == '{{ data_file_csv }}'
|
||||
|
||||
- name: postgresql_copy - check that there are two rows in test table after the prev step
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: "SELECT * FROM {{ test_table }} WHERE id = '1' AND name = 'first'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 2
|
||||
|
||||
- name: postgresql_copy - test program option, copy to program
|
||||
<<: *task_parameters
|
||||
postgresql_copy:
|
||||
<<: *pg_parameters
|
||||
src: '{{ test_table }}'
|
||||
copy_to: '/bin/true'
|
||||
program: yes
|
||||
columns: id, name
|
||||
options:
|
||||
delimiter: '|'
|
||||
trust_input: no
|
||||
when: ansible_distribution != 'FreeBSD'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["COPY \"{{ test_table }}\" (id, name) TO PROGRAM '/bin/true' (delimiter '|')"]
|
||||
- result.src == '{{ test_table }}'
|
||||
- result.dst == '/bin/true'
|
||||
when: ansible_distribution != 'FreeBSD'
|
||||
|
||||
- name: postgresql_copy - test program option, copy from program
|
||||
<<: *task_parameters
|
||||
postgresql_copy:
|
||||
<<: *pg_parameters
|
||||
dst: '{{ test_table }}'
|
||||
copy_from: 'echo 1,first'
|
||||
program: yes
|
||||
columns: id, name
|
||||
options:
|
||||
delimiter: ','
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["COPY \"{{ test_table }}\" (id, name) FROM PROGRAM 'echo 1,first' (delimiter ',')"]
|
||||
- result.dst == '{{ test_table }}'
|
||||
- result.src == 'echo 1,first'
|
||||
when: ansible_distribution != 'FreeBSD'
|
||||
|
||||
- name: postgresql_copy - check that there are three rows in test table after the prev step
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: "SELECT * FROM {{ test_table }} WHERE id = '1' AND name = 'first'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 3
|
||||
|
||||
# clean up
|
||||
- name: postgresql_copy - remove test table
|
||||
<<: *task_parameters
|
||||
postgresql_table:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_table }}'
|
||||
state: absent
|
||||
|
||||
- name: postgresql_copy - remove test data files
|
||||
<<: *task_parameters
|
||||
file:
|
||||
path: '{{ item }}'
|
||||
state: absent
|
||||
with_items:
|
||||
- '{{ data_file_csv }}'
|
||||
- '{{ data_file_txt }}'
|
|
@ -1,7 +0,0 @@
|
|||
destructive
|
||||
shippable/posix/group4
|
||||
postgresql_db
|
||||
skip/aix
|
||||
skip/osx
|
||||
skip/macos
|
||||
disabled # tests already running in community.postgresql
|
|
@ -1,11 +0,0 @@
|
|||
db_name: 'ansible_db'
|
||||
db_user1: 'ansible.db.user1'
|
||||
db_user2: 'ansible.db.user2'
|
||||
tmp_dir: '/tmp'
|
||||
db_session_role1: 'session_role1'
|
||||
db_session_role2: 'session_role2'
|
||||
|
||||
# To test trust_input parameter and
|
||||
# possibility to create a database with dots in its name
|
||||
db_name_with_dot: 'db.name'
|
||||
suspicious_db_name: '{{ db_name_with_dot }}"; --'
|
|
@ -1,2 +0,0 @@
|
|||
dependencies:
|
||||
- setup_postgresql_db
|
|
@ -1,36 +0,0 @@
|
|||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
- import_tasks: postgresql_db_session_role.yml
|
||||
|
||||
# Initial tests of postgresql_db module:
|
||||
- import_tasks: postgresql_db_initial.yml
|
||||
|
||||
# General tests:
|
||||
- import_tasks: postgresql_db_general.yml
|
||||
|
||||
# Dump/restore tests per format:
|
||||
- include_tasks: state_dump_restore.yml
|
||||
vars:
|
||||
test_fixture: user
|
||||
file: '{{ loop_item }}'
|
||||
loop:
|
||||
- dbdata.sql
|
||||
- dbdata.sql.gz
|
||||
- dbdata.sql.bz2
|
||||
- dbdata.sql.xz
|
||||
- dbdata.tar
|
||||
- dbdata.tar.gz
|
||||
- dbdata.tar.bz2
|
||||
- dbdata.tar.xz
|
||||
- dbdata.pgc
|
||||
loop_control:
|
||||
loop_var: loop_item
|
||||
|
||||
# Dump/restore tests per other logins:
|
||||
- import_tasks: state_dump_restore.yml
|
||||
vars:
|
||||
file: dbdata.tar
|
||||
test_fixture: admin
|
|
@ -1,152 +0,0 @@
|
|||
- become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
vars:
|
||||
db_tablespace: bar
|
||||
tblspc_location: /ssd
|
||||
db_name: acme
|
||||
block_parameters:
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
task_parameters:
|
||||
register: result
|
||||
pg_parameters:
|
||||
login_user: '{{ pg_user }}'
|
||||
block:
|
||||
- name: postgresql_db - drop dir for test tablespace
|
||||
become: true
|
||||
become_user: root
|
||||
file:
|
||||
path: '{{ tblspc_location }}'
|
||||
state: absent
|
||||
ignore_errors: true
|
||||
- name: postgresql_db - disable selinux
|
||||
become: true
|
||||
become_user: root
|
||||
shell: setenforce 0
|
||||
ignore_errors: true
|
||||
- name: postgresql_db - create dir for test tablespace
|
||||
become: true
|
||||
become_user: root
|
||||
file:
|
||||
path: '{{ tblspc_location }}'
|
||||
state: directory
|
||||
owner: '{{ pg_user }}'
|
||||
group: '{{ pg_user }}'
|
||||
mode: '0700'
|
||||
- name: postgresql_db_ - create a new tablespace
|
||||
postgresql_tablespace:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
name: '{{ db_tablespace }}'
|
||||
location: '{{ tblspc_location }}'
|
||||
- register: result
|
||||
name: postgresql_db_tablespace - Create DB with tablespace option in check mode
|
||||
check_mode: true
|
||||
postgresql_db:
|
||||
login_user: '{{ pg_user }}'
|
||||
maintenance_db: postgres
|
||||
name: '{{ db_name }}'
|
||||
tablespace: '{{ db_tablespace }}'
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- register: result
|
||||
name: postgresql_db_tablespace - Check actual DB tablespace, rowcount must be 0 because actually nothing changed
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
query: 'SELECT 1 FROM pg_database AS d JOIN pg_tablespace AS t ON d.dattablespace = t.oid WHERE d.datname = ''{{ db_name }}'' AND t.spcname = ''{{ db_tablespace }}''
|
||||
|
||||
'
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
- register: result
|
||||
name: postgresql_db_tablespace - Create DB with tablespace option
|
||||
postgresql_db:
|
||||
login_user: '{{ pg_user }}'
|
||||
maintenance_db: postgres
|
||||
name: '{{ db_name }}'
|
||||
tablespace: '{{ db_tablespace }}'
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.executed_commands == ['CREATE DATABASE "{{ db_name }}" TABLESPACE "{{ db_tablespace }}"']
|
||||
- register: result
|
||||
name: postgresql_db_tablespace - Check actual DB tablespace, rowcount must be 1
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
query: 'SELECT 1 FROM pg_database AS d JOIN pg_tablespace AS t ON d.dattablespace = t.oid WHERE d.datname = ''{{ db_name }}'' AND t.spcname = ''{{ db_tablespace }}''
|
||||
|
||||
'
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
- register: result
|
||||
name: postgresql_db_tablespace - The same DB with tablespace option again
|
||||
postgresql_db:
|
||||
login_user: '{{ pg_user }}'
|
||||
maintenance_db: postgres
|
||||
name: '{{ db_name }}'
|
||||
tablespace: '{{ db_tablespace }}'
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- register: result
|
||||
name: postgresql_db_tablespace - Change tablespace in check_mode
|
||||
check_mode: true
|
||||
postgresql_db:
|
||||
login_user: '{{ pg_user }}'
|
||||
maintenance_db: postgres
|
||||
name: '{{ db_name }}'
|
||||
tablespace: pg_default
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- register: result
|
||||
name: postgresql_db_tablespace - Check actual DB tablespace, rowcount must be 1 because actually nothing changed
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
query: 'SELECT 1 FROM pg_database AS d JOIN pg_tablespace AS t ON d.dattablespace = t.oid WHERE d.datname = ''{{ db_name }}'' AND t.spcname = ''{{ db_tablespace }}''
|
||||
|
||||
'
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
- register: result
|
||||
name: postgresql_db_tablespace - Change tablespace in actual mode
|
||||
postgresql_db:
|
||||
login_user: '{{ pg_user }}'
|
||||
maintenance_db: postgres
|
||||
name: '{{ db_name }}'
|
||||
tablespace: pg_default
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- register: result
|
||||
name: postgresql_db_tablespace - Check actual DB tablespace, rowcount must be 1
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
query: 'SELECT 1 FROM pg_database AS d JOIN pg_tablespace AS t ON d.dattablespace = t.oid WHERE d.datname = ''{{ db_name }}'' AND t.spcname = ''pg_default''
|
||||
|
||||
'
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
- register: result
|
||||
name: postgresql_db_tablespace - Drop test DB
|
||||
postgresql_db:
|
||||
login_user: '{{ pg_user }}'
|
||||
maintenance_db: postgres
|
||||
name: '{{ db_name }}'
|
||||
state: absent
|
||||
- register: result
|
||||
name: postgresql_db_tablespace - Remove tablespace
|
||||
postgresql_tablespace:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
name: '{{ db_tablespace }}'
|
||||
state: absent
|
|
@ -1,366 +0,0 @@
|
|||
#
|
||||
# Create and destroy db
|
||||
#
|
||||
- name: Create DB
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
- name: assert that module reports the db was created
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.db == "{{ db_name }}"
|
||||
- result.executed_commands == ['CREATE DATABASE "{{ db_name }}"']
|
||||
|
||||
- name: Check that database created
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result.stdout_lines[-1] == '(1 row)'"
|
||||
|
||||
- name: Run create on an already created db
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
- name: assert that module reports the db was unchanged
|
||||
assert:
|
||||
that:
|
||||
- result is not changed
|
||||
|
||||
- name: Destroy DB
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: absent
|
||||
name: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
- name: assert that module reports the db was changed
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.executed_commands == ['DROP DATABASE "{{ db_name }}"']
|
||||
|
||||
- name: Check that database was destroyed
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result.stdout_lines[-1] == '(0 rows)'"
|
||||
|
||||
- name: Destroy DB
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: absent
|
||||
name: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
- name: assert that removing an already removed db makes no change
|
||||
assert:
|
||||
that:
|
||||
- result is not changed
|
||||
|
||||
|
||||
# This corner case works to add but not to drop. This is sufficiently crazy
|
||||
# that I'm not going to attempt to fix it unless someone lets me know that they
|
||||
# need the functionality
|
||||
#
|
||||
# - postgresql_db:
|
||||
# state: 'present'
|
||||
# name: '"silly.""name"'
|
||||
# - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql
|
||||
# register: result
|
||||
#
|
||||
# - assert:
|
||||
# that: "result.stdout_lines[-1] == '(1 row)'"
|
||||
# - postgresql_db:
|
||||
# state: absent
|
||||
# name: '"silly.""name"'
|
||||
# - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql
|
||||
# register: result
|
||||
#
|
||||
# - assert:
|
||||
# that: "result.stdout_lines[-1] == '(0 rows)'"
|
||||
|
||||
#
|
||||
# Test conn_limit, encoding, collate, ctype, template options
|
||||
#
|
||||
- name: Create a DB with conn_limit, encoding, collate, ctype, and template options
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
name: '{{ db_name }}'
|
||||
state: 'present'
|
||||
conn_limit: '100'
|
||||
encoding: 'LATIN1'
|
||||
lc_collate: 'pt_BR{{ locale_latin_suffix }}'
|
||||
lc_ctype: 'es_ES{{ locale_latin_suffix }}'
|
||||
template: 'template0'
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.executed_commands == ["CREATE DATABASE \"{{ db_name }}\" TEMPLATE \"template0\" ENCODING 'LATIN1' LC_COLLATE 'pt_BR{{ locale_latin_suffix }}' LC_CTYPE 'es_ES{{ locale_latin_suffix }}' CONNECTION LIMIT 100"] or result.executed_commands == ["CREATE DATABASE \"{{ db_name }}\" TEMPLATE \"template0\" ENCODING E'LATIN1' LC_COLLATE E'pt_BR{{ locale_latin_suffix }}' LC_CTYPE E'es_ES{{ locale_latin_suffix }}' CONNECTION LIMIT 100"]
|
||||
|
||||
- name: Check that the DB has all of our options
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select datname, datconnlimit, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result.stdout_lines[-1] == '(1 row)'"
|
||||
- "'LATIN1' in result.stdout_lines[-2]"
|
||||
- "'pt_BR' in result.stdout_lines[-2]"
|
||||
- "'es_ES' in result.stdout_lines[-2]"
|
||||
- "'UTF8' not in result.stdout_lines[-2]"
|
||||
- "'en_US' not in result.stdout_lines[-2]"
|
||||
- "'100' in result.stdout_lines[-2]"
|
||||
|
||||
- name: Check that running db creation with options a second time does nothing
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
name: '{{ db_name }}'
|
||||
state: 'present'
|
||||
conn_limit: '100'
|
||||
encoding: 'LATIN1'
|
||||
lc_collate: 'pt_BR{{ locale_latin_suffix }}'
|
||||
lc_ctype: 'es_ES{{ locale_latin_suffix }}'
|
||||
template: 'template0'
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
|
||||
|
||||
- name: Check that attempting to change encoding returns an error
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
name: '{{ db_name }}'
|
||||
state: 'present'
|
||||
encoding: 'UTF8'
|
||||
lc_collate: 'pt_BR{{ locale_utf8_suffix }}'
|
||||
lc_ctype: 'es_ES{{ locale_utf8_suffix }}'
|
||||
template: 'template0'
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
|
||||
- name: Check that changing the conn_limit actually works
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
name: '{{ db_name }}'
|
||||
state: 'present'
|
||||
conn_limit: '200'
|
||||
encoding: 'LATIN1'
|
||||
lc_collate: 'pt_BR{{ locale_latin_suffix }}'
|
||||
lc_ctype: 'es_ES{{ locale_latin_suffix }}'
|
||||
template: 'template0'
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.executed_commands == ['ALTER DATABASE "{{ db_name }}" CONNECTION LIMIT 200']
|
||||
|
||||
- name: Check that conn_limit has actually been set / updated to 200
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "SELECT datconnlimit AS conn_limit FROM pg_database WHERE datname = '{{ db_name }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result.stdout_lines[-1] == '(1 row)'"
|
||||
- "'200' == '{{ result.stdout_lines[-2] | trim }}'"
|
||||
|
||||
- name: Cleanup test DB
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
name: '{{ db_name }}'
|
||||
state: 'absent'
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result.stdout_lines[-1] == '(0 rows)'"
|
||||
|
||||
#
|
||||
# Test db ownership
|
||||
#
|
||||
- name: Create an unprivileged user to own a DB
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_user:
|
||||
name: "{{ item }}"
|
||||
encrypted: 'yes'
|
||||
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
loop:
|
||||
- "{{ db_user1 }}"
|
||||
- "{{ db_user2 }}"
|
||||
|
||||
- name: Create db with user ownership
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
name: "{{ db_name }}"
|
||||
state: "present"
|
||||
owner: "{{ db_user1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.executed_commands == ['CREATE DATABASE "{{ db_name }}" OWNER "{{ db_user1 }}"']
|
||||
|
||||
- name: Check that the user owns the newly created DB
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: >
|
||||
SELECT 1 FROM pg_catalog.pg_database
|
||||
WHERE datname = '{{ db_name }}'
|
||||
AND pg_catalog.pg_get_userbyid(datdba) = '{{ db_user1 }}'
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: Change the owner on an existing db, username with dots
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
name: "{{ db_name }}"
|
||||
state: "present"
|
||||
owner: "{{ db_user2 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.executed_commands == ['ALTER DATABASE "{{ db_name }}" OWNER TO "{{ db_user2 }}"']
|
||||
|
||||
- name: Check the previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
query: >
|
||||
SELECT 1 FROM pg_catalog.pg_database
|
||||
WHERE datname = '{{ db_name }}'
|
||||
AND pg_catalog.pg_get_userbyid(datdba) = '{{ db_user2 }}'
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: Change the owner on an existing db
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
name: "{{ db_name }}"
|
||||
state: "present"
|
||||
owner: "{{ pg_user }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
- name: assert that ansible says it changed the db
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
- name: Check that the user owns the newly created DB
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result.stdout_lines[-1] == '(1 row)'"
|
||||
- "'{{ pg_user }}' == '{{ result.stdout_lines[-2] | trim }}'"
|
||||
|
||||
- name: Cleanup db
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
name: "{{ db_name }}"
|
||||
state: "absent"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Check that database was destroyed
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result.stdout_lines[-1] == '(0 rows)'"
|
||||
|
||||
- name: Cleanup test user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
state: 'absent'
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
|
||||
- name: Check that they were removed
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result.stdout_lines[-1] == '(0 rows)'"
|
|
@ -1,80 +0,0 @@
|
|||
- name: Check that becoming an non-existing user throws an error
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: must_fail
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
|
||||
- name: Create a high privileged user
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ db_session_role1 }}"
|
||||
state: "present"
|
||||
password: "password"
|
||||
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
|
||||
- name: Create a low privileged user using the newly created user
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ db_session_role2 }}"
|
||||
state: "present"
|
||||
password: "password"
|
||||
role_attr_flags: "LOGIN"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
db: postgres
|
||||
|
||||
- name: Create DB as session_role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
register: result
|
||||
|
||||
- name: Check that database created and is owned by correct user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select rolname from pg_database join pg_roles on datdba = pg_roles.oid where datname = '{{ db_session_role1 }}';" | psql -AtXq postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result.stdout_lines[-1] == '{{ db_session_role1 }}'"
|
||||
|
||||
- name: Fail when creating database as low privileged user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_session_role2 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role2 }}"
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
|
||||
- name: Drop test db
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: absent
|
||||
name: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
|
@ -1,235 +0,0 @@
|
|||
# test code for state dump and restore for postgresql_db module
|
||||
# copied from mysql_db/tasks/state_dump_import.yml
|
||||
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
|
||||
|
||||
# This file is part of Ansible
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# ============================================================
|
||||
|
||||
- name: Create a test user
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
state: "present"
|
||||
encrypted: 'yes'
|
||||
password: "password"
|
||||
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
|
||||
- set_fact: db_file_name="{{tmp_dir}}/{{file}}"
|
||||
|
||||
- set_fact:
|
||||
admin_str: "psql -U {{ pg_user }}"
|
||||
|
||||
- set_fact:
|
||||
user_str: "env PGPASSWORD=password psql -h localhost -U {{ db_user1 }} {{ db_name }}"
|
||||
when: test_fixture == "user"
|
||||
# "-n public" is required to work around pg_restore issues with plpgsql
|
||||
|
||||
- set_fact:
|
||||
user_str: "psql -U {{ pg_user }} {{ db_name }}"
|
||||
when: test_fixture == "admin"
|
||||
|
||||
|
||||
|
||||
- set_fact:
|
||||
sql_create: "create table employee(id int, name varchar(100));"
|
||||
sql_insert: "insert into employee values (47,'Joe Smith');"
|
||||
sql_select: "select * from employee;"
|
||||
|
||||
- name: state dump/restore - create database
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_name }}"
|
||||
owner: "{{ db_user1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: state dump/restore - create table employee
|
||||
command: '{{ user_str }} -c "{{ sql_create }}"'
|
||||
|
||||
- name: state dump/restore - insert data into table employee
|
||||
command: '{{ user_str }} -c "{{ sql_insert }}"'
|
||||
|
||||
- name: state dump/restore - file name should not exist
|
||||
file: name={{ db_file_name }} state=absent
|
||||
|
||||
- name: test state=dump to backup the database (expect changed=true)
|
||||
postgresql_db:
|
||||
name: "{{ db_name }}"
|
||||
target: "{{ db_file_name }}"
|
||||
owner: "{{ db_user1 }}"
|
||||
login_user: '{{(test_fixture == "user")|ternary(db_user1, pg_user)}}'
|
||||
target_opts: '{{(test_fixture == "user")|ternary("-n public", omit)}}'
|
||||
login_host: '{{(test_fixture == "user")|ternary("localhost", omit)}}'
|
||||
login_password: '{{(test_fixture == "user")|ternary("password", omit)}}'
|
||||
state: dump
|
||||
dump_extra_args: --exclude-table=fake
|
||||
register: result
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
|
||||
- name: assert output message backup the database
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.executed_commands[0] is search("--exclude-table=fake")
|
||||
|
||||
- name: assert database was backed up successfully
|
||||
command: file {{ db_file_name }}
|
||||
register: result
|
||||
|
||||
- name: state dump/restore - remove database for restore
|
||||
postgresql_db:
|
||||
name: "{{ db_name }}"
|
||||
target: "{{ db_file_name }}"
|
||||
owner: "{{ db_user1 }}"
|
||||
login_user: '{{(test_fixture == "user")|ternary(db_user1, pg_user)}}'
|
||||
target_opts: '{{(test_fixture == "user")|ternary("-n public", omit)}}'
|
||||
login_host: '{{(test_fixture == "user")|ternary("localhost", omit)}}'
|
||||
login_password: '{{(test_fixture == "user")|ternary("password", omit)}}'
|
||||
state: absent
|
||||
|
||||
- name: state dump/restore - re-create database
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_name }}"
|
||||
owner: "{{ db_user1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: test state=restore to restore the database (expect changed=true)
|
||||
postgresql_db:
|
||||
name: "{{ db_name }}"
|
||||
target: "{{ db_file_name }}"
|
||||
owner: "{{ db_user1 }}"
|
||||
login_user: '{{(test_fixture == "user")|ternary(db_user1, pg_user)}}'
|
||||
target_opts: '{{(test_fixture == "user")|ternary("-n public", omit)}}'
|
||||
login_host: '{{(test_fixture == "user")|ternary("localhost", omit)}}'
|
||||
login_password: '{{(test_fixture == "user")|ternary("password", omit)}}'
|
||||
state: restore
|
||||
register: result
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
|
||||
- name: assert output message restore the database
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
- name: select data from table employee
|
||||
command: '{{ user_str }} -c "{{ sql_select }}"'
|
||||
register: result
|
||||
|
||||
- name: assert data in database is from the restore database
|
||||
assert:
|
||||
that:
|
||||
- "'47' in result.stdout"
|
||||
- "'Joe Smith' in result.stdout"
|
||||
|
||||
############################
|
||||
# 1. Test trust_input parameter
|
||||
# 2. Test db name containing dots
|
||||
|
||||
- name: state dump/restore - create database, trust_input no
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ suspicious_db_name }}"
|
||||
owner: "{{ db_user1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
trust_input: no
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
- result.msg == 'Passed input \'{{ suspicious_db_name }}\' is potentially dangerous'
|
||||
|
||||
- name: state dump/restore - create database, trust_input yes explicitly
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ suspicious_db_name }}"
|
||||
owner: "{{ db_user1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
trust_input: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
- name: test state=restore to restore the database (expect changed=true)
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_db:
|
||||
name: "{{ db_name_with_dot }}"
|
||||
target: "{{ db_file_name }}"
|
||||
owner: "{{ db_user1 }}"
|
||||
login_user: '{{(test_fixture == "user")|ternary(db_user1, pg_user)}}'
|
||||
target_opts: '{{(test_fixture == "user")|ternary("-n public", omit)}}'
|
||||
login_host: '{{(test_fixture == "user")|ternary("localhost", omit)}}'
|
||||
login_password: '{{(test_fixture == "user")|ternary("password", omit)}}'
|
||||
state: restore
|
||||
register: result
|
||||
|
||||
- name: assert output message restore the database
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
- name: state dump/restore - remove databases
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_db:
|
||||
state: absent
|
||||
name: "{{ db_name_with_dot }}"
|
||||
owner: "{{ db_user1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
trust_input: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
# Clean up
|
||||
- name: state dump/restore - remove database name
|
||||
postgresql_db:
|
||||
name: "{{ db_name }}"
|
||||
target: "{{ db_file_name }}"
|
||||
owner: "{{ db_user1 }}"
|
||||
login_user: '{{(test_fixture == "user")|ternary(db_user1, pg_user)}}'
|
||||
target_opts: '{{(test_fixture == "user")|ternary("-n public", omit)}}'
|
||||
login_host: '{{(test_fixture == "user")|ternary("localhost", omit)}}'
|
||||
login_password: '{{(test_fixture == "user")|ternary("password", omit)}}'
|
||||
state: absent
|
||||
|
||||
- name: remove file name
|
||||
file: name={{ db_file_name }} state=absent
|
||||
|
||||
- name: Remove the test user
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
state: "absent"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
|
@ -1,7 +0,0 @@
|
|||
destructive
|
||||
shippable/posix/group4
|
||||
skip/aix
|
||||
skip/osx
|
||||
skip/macos
|
||||
skip/freebsd
|
||||
disabled # tests already running in community.postgresql
|
|
@ -1,2 +0,0 @@
|
|||
db_session_role1: 'session_role1'
|
||||
db_session_role2: 'session_role2'
|
|
@ -1,3 +0,0 @@
|
|||
dependencies:
|
||||
- setup_pkg_mgr
|
||||
- setup_postgresql_db
|
|
@ -1,26 +0,0 @@
|
|||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
- import_tasks: postgresql_ext_session_role.yml
|
||||
|
||||
# Initial CI tests of postgresql_ext module.
|
||||
# pg_extension system view is available from PG 9.1.
|
||||
# The tests are restricted by Fedora because there will be errors related with
|
||||
# attempts to change the environment during postgis installation or
|
||||
# missing postgis package in repositories.
|
||||
# Anyway, these tests completely depend on Postgres version,
|
||||
# not specific distributions.
|
||||
- import_tasks: postgresql_ext_initial.yml
|
||||
when:
|
||||
- postgres_version_resp.stdout is version('9.1', '>=')
|
||||
- ansible_distribution == 'Fedora'
|
||||
|
||||
# CI tests of "version" option.
|
||||
# It uses a mock extension, see test/integration/targets/setup_postgresql_db/.
|
||||
# TODO: change postgresql_ext_initial.yml to use the mock extension too.
|
||||
- import_tasks: postgresql_ext_version_opt.yml
|
||||
when:
|
||||
- ansible_distribution == 'Ubuntu'
|
||||
- postgres_version_resp.stdout is version('9.1', '>=')
|
|
@ -1,208 +0,0 @@
|
|||
---
|
||||
- name: postgresql_ext - install postgis on Linux
|
||||
package: name=postgis state=present
|
||||
when: ansible_os_family != "Windows"
|
||||
|
||||
- name: postgresql_ext - create schema schema1
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_schema:
|
||||
database: postgres
|
||||
name: schema1
|
||||
state: present
|
||||
|
||||
- name: postgresql_ext - drop extension if exists
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
query: DROP EXTENSION IF EXISTS postgis
|
||||
ignore_errors: true
|
||||
|
||||
- name: postgresql_ext - create extension postgis in check_mode
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_ext:
|
||||
login_db: postgres
|
||||
login_port: 5432
|
||||
name: postgis
|
||||
check_mode: true
|
||||
ignore_errors: true
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == []
|
||||
|
||||
- name: postgresql_ext - check that extension doesn't exist after the previous step
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
query: SELECT extname FROM pg_extension WHERE extname='postgis'
|
||||
ignore_errors: true
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
- name: postgresql_ext - create extension postgis
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_ext:
|
||||
login_db: postgres
|
||||
login_port: 5432
|
||||
name: postgis
|
||||
ignore_errors: true
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ['CREATE EXTENSION "postgis"']
|
||||
|
||||
- name: postgresql_ext - check that extension exists after the previous step
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
query: SELECT extname FROM pg_extension WHERE extname='postgis'
|
||||
ignore_errors: true
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: postgresql_ext - drop extension postgis
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_ext:
|
||||
db: postgres
|
||||
name: postgis
|
||||
state: absent
|
||||
ignore_errors: true
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ['DROP EXTENSION "postgis"']
|
||||
|
||||
- name: postgresql_ext - check that extension doesn't exist after the previous step
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
query: SELECT extname FROM pg_extension WHERE extname='postgis'
|
||||
ignore_errors: true
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
- name: postgresql_ext - create extension postgis
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_ext:
|
||||
db: postgres
|
||||
name: postgis
|
||||
schema: schema1
|
||||
ignore_errors: true
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ['CREATE EXTENSION "postgis" WITH SCHEMA "schema1"']
|
||||
|
||||
- name: postgresql_ext - check that extension exists after the previous step
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
query: "SELECT extname FROM pg_extension AS e LEFT JOIN pg_catalog.pg_namespace AS n \nON n.oid = e.extnamespace WHERE e.extname='postgis' AND n.nspname='schema1'\n"
|
||||
ignore_errors: true
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: postgresql_ext - drop extension postgis cascade
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_ext:
|
||||
db: postgres
|
||||
name: postgis
|
||||
state: absent
|
||||
cascade: true
|
||||
ignore_errors: true
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ['DROP EXTENSION "postgis" CASCADE']
|
||||
|
||||
- name: postgresql_ext - check that extension doesn't exist after the previous step
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
query: SELECT extname FROM pg_extension WHERE extname='postgis'
|
||||
ignore_errors: true
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
- name: postgresql_ext - create extension postgis cascade
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_ext:
|
||||
db: postgres
|
||||
name: postgis
|
||||
cascade: true
|
||||
ignore_errors: true
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('9.6', '<=')
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ['CREATE EXTENSION "postgis" CASCADE"']
|
||||
when: postgres_version_resp.stdout is version('9.6', '<=')
|
||||
|
||||
- name: postgresql_ext - check that extension exists after the previous step
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
query: SELECT extname FROM pg_extension WHERE extname='postgis'
|
||||
ignore_errors: true
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('9.6', '<=')
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
when: postgres_version_resp.stdout is version('9.6', '<=')
|
||||
|
||||
- name: postgresql_ext - check that using a dangerous name fails
|
||||
postgresql_ext:
|
||||
db: postgres
|
||||
name: postgis
|
||||
session_role: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
|
||||
trust_input: no
|
||||
ignore_errors: true
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
- result.msg is search('is potentially dangerous')
|
|
@ -1,114 +0,0 @@
|
|||
- name: Create a high privileged user
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ db_session_role1 }}"
|
||||
state: "present"
|
||||
password: "password"
|
||||
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
|
||||
- name: Create DB as session_role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
register: result
|
||||
|
||||
- name: Check that pg_extension exists (PostgreSQL >= 9.1)
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select count(*) from pg_class where relname='pg_extension' and relkind='r'" | psql -AtXq postgres
|
||||
register: pg_extension
|
||||
|
||||
- name: Remove plpgsql from testdb using postgresql_ext
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_ext:
|
||||
name: plpgsql
|
||||
db: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
state: absent
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
- name: Fail when trying to create an extension as a mere mortal user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_ext:
|
||||
name: plpgsql
|
||||
db: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role2 }}"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
- name: Install extension as session_role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_ext:
|
||||
name: plpgsql
|
||||
db: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
trust_input: no
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
- name: Check that extension is created and is owned by session_role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select rolname from pg_extension join pg_roles on extowner=pg_roles.oid where extname='plpgsql';" | psql -AtXq "{{ db_session_role1 }}"
|
||||
register: result
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result.stdout_lines[-1] == '{{ db_session_role1 }}'"
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
- name: Remove plpgsql from testdb using postgresql_ext
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_ext:
|
||||
name: plpgsql
|
||||
db: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
state: absent
|
||||
trust_input: no
|
||||
when:
|
||||
"pg_extension.stdout_lines[-1] == '1'"
|
||||
|
||||
- name: Drop test db
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: absent
|
||||
name: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Drop test users
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ item }}"
|
||||
state: absent
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
with_items:
|
||||
- "{{ db_session_role1 }}"
|
||||
- "{{ db_session_role2 }}"
|
|
@ -1,364 +0,0 @@
|
|||
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# Tests for postgresql_ext version option
|
||||
|
||||
- vars:
|
||||
test_ext: dummy
|
||||
test_schema: schema1
|
||||
task_parameters: &task_parameters
|
||||
become_user: '{{ pg_user }}'
|
||||
become: yes
|
||||
register: result
|
||||
pg_parameters: &pg_parameters
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
|
||||
block:
|
||||
# Preparation:
|
||||
- name: postgresql_ext_version - create schema schema1
|
||||
<<: *task_parameters
|
||||
postgresql_schema:
|
||||
<<: *pg_parameters
|
||||
name: "{{ test_schema }}"
|
||||
|
||||
# Do tests:
|
||||
- name: postgresql_ext_version - create extension of specific version, check mode
|
||||
<<: *task_parameters
|
||||
postgresql_ext:
|
||||
<<: *pg_parameters
|
||||
name: "{{ test_ext }}"
|
||||
schema: "{{ test_schema }}"
|
||||
version: '1.0'
|
||||
trust_input: no
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
- name: postgresql_ext_version - check that nothing was actually changed
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
- name: postgresql_ext_version - create extension of specific version
|
||||
<<: *task_parameters
|
||||
postgresql_ext:
|
||||
<<: *pg_parameters
|
||||
name: "{{ test_ext }}"
|
||||
schema: "{{ test_schema }}"
|
||||
version: '1.0'
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["CREATE EXTENSION \"{{ test_ext }}\" WITH SCHEMA \"{{ test_schema }}\" VERSION '1.0'"]
|
||||
|
||||
- name: postgresql_ext_version - check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}' AND extversion = '1.0'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: postgresql_ext_version - try to create extension of the same version again in check_mode
|
||||
<<: *task_parameters
|
||||
postgresql_ext:
|
||||
<<: *pg_parameters
|
||||
name: "{{ test_ext }}"
|
||||
schema: "{{ test_schema }}"
|
||||
version: '1.0'
|
||||
trust_input: no
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
|
||||
- name: postgresql_ext_version - check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}' AND extversion = '1.0'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: postgresql_ext_version - try to create extension of the same version again in actual mode
|
||||
<<: *task_parameters
|
||||
postgresql_ext:
|
||||
<<: *pg_parameters
|
||||
name: "{{ test_ext }}"
|
||||
schema: "{{ test_schema }}"
|
||||
version: '1.0'
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
|
||||
- name: postgresql_ext_version - check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}' AND extversion = '1.0'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: postgresql_ext_version - update the extension to the next version in check_mode
|
||||
<<: *task_parameters
|
||||
postgresql_ext:
|
||||
<<: *pg_parameters
|
||||
name: "{{ test_ext }}"
|
||||
schema: "{{ test_schema }}"
|
||||
version: '2.0'
|
||||
trust_input: no
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
- name: postgresql_ext_version - check, the version must be 1.0
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}' AND extversion = '1.0'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: postgresql_ext_version - update the extension to the next version
|
||||
<<: *task_parameters
|
||||
postgresql_ext:
|
||||
<<: *pg_parameters
|
||||
name: "{{ test_ext }}"
|
||||
schema: "{{ test_schema }}"
|
||||
version: '2.0'
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["ALTER EXTENSION \"{{ test_ext }}\" UPDATE TO '2.0'"]
|
||||
|
||||
- name: postgresql_ext_version - check, the version must be 2.0
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}' AND extversion = '2.0'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: postgresql_ext_version - check that version won't be changed if version won't be passed
|
||||
<<: *task_parameters
|
||||
postgresql_ext:
|
||||
<<: *pg_parameters
|
||||
name: "{{ test_ext }}"
|
||||
schema: "{{ test_schema }}"
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
|
||||
- name: postgresql_ext_version - check, the version must be 2.0
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}' AND extversion = '2.0'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: postgresql_ext_version - update the extension to the latest version
|
||||
<<: *task_parameters
|
||||
postgresql_ext:
|
||||
<<: *pg_parameters
|
||||
name: "{{ test_ext }}"
|
||||
schema: "{{ test_schema }}"
|
||||
version: latest
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["ALTER EXTENSION \"{{ test_ext }}\" UPDATE TO '3.0'"]
|
||||
|
||||
- name: postgresql_ext_version - check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}' AND extversion = '3.0'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: postgresql_ext_version - try to update the extension to the latest version again
|
||||
<<: *task_parameters
|
||||
postgresql_ext:
|
||||
<<: *pg_parameters
|
||||
name: "{{ test_ext }}"
|
||||
schema: "{{ test_schema }}"
|
||||
version: latest
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
|
||||
- name: postgresql_ext_version - try to downgrade the extension version, must fail
|
||||
<<: *task_parameters
|
||||
postgresql_ext:
|
||||
<<: *pg_parameters
|
||||
name: "{{ test_ext }}"
|
||||
schema: "{{ test_schema }}"
|
||||
version: '1.0'
|
||||
trust_input: no
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.failed == true
|
||||
|
||||
- name: postgresql_ext_version - drop the extension in check_mode
|
||||
<<: *task_parameters
|
||||
postgresql_ext:
|
||||
<<: *pg_parameters
|
||||
name: "{{ test_ext }}"
|
||||
state: absent
|
||||
trust_input: no
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
- name: postgresql_ext_version - check that extension exists
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}' AND extversion = '3.0'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: postgresql_ext_version - drop the extension in actual mode
|
||||
<<: *task_parameters
|
||||
postgresql_ext:
|
||||
<<: *pg_parameters
|
||||
name: "{{ test_ext }}"
|
||||
state: absent
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
- name: postgresql_ext_version - check that extension doesn't exist after the prev step
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
- name: postgresql_ext_version - try to drop the non-existent extension again
|
||||
<<: *task_parameters
|
||||
postgresql_ext:
|
||||
<<: *pg_parameters
|
||||
name: "{{ test_ext }}"
|
||||
state: absent
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
|
||||
- name: postgresql_ext_version - create the extension without passing version
|
||||
<<: *task_parameters
|
||||
postgresql_ext:
|
||||
<<: *pg_parameters
|
||||
name: "{{ test_ext }}"
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["CREATE EXTENSION \"{{ test_ext }}\""]
|
||||
|
||||
- name: postgresql_ext_version - check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}' AND extversion = '3.0'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: postgresql_ext_version - try to install non-existent version
|
||||
<<: *task_parameters
|
||||
postgresql_ext:
|
||||
<<: *pg_parameters
|
||||
name: non_existent
|
||||
trust_input: no
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.failed == true
|
||||
- result.msg == "Extension non_existent is not installed"
|
||||
|
||||
######################################################################
|
||||
# https://github.com/ansible-collections/community.general/issues/1095
|
||||
- name: Install postgis
|
||||
package:
|
||||
name: postgis
|
||||
|
||||
- name: Create postgis extension
|
||||
<<: *task_parameters
|
||||
postgresql_ext:
|
||||
<<: *pg_parameters
|
||||
name: postgis
|
||||
version: latest
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
# Cleanup:
|
||||
- name: postgresql_ext_version - drop the extension
|
||||
<<: *task_parameters
|
||||
postgresql_ext:
|
||||
<<: *pg_parameters
|
||||
name: "{{ test_ext }}"
|
||||
state: absent
|
||||
trust_input: no
|
||||
|
||||
- name: postgresql_ext_version - drop the schema
|
||||
<<: *task_parameters
|
||||
postgresql_schema:
|
||||
<<: *pg_parameters
|
||||
name: "{{ test_schema }}"
|
||||
state: absent
|
|
@ -1,6 +0,0 @@
|
|||
destructive
|
||||
shippable/posix/group4
|
||||
skip/aix
|
||||
skip/osx
|
||||
skip/macos
|
||||
disabled # tests already running in community.postgresql
|
|
@ -1,2 +0,0 @@
|
|||
dependencies:
|
||||
- setup_postgresql_db
|
|
@ -1,7 +0,0 @@
|
|||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
# Initial CI tests of postgresql_idx module
|
||||
- import_tasks: postgresql_idx_initial.yml
|
|
@ -1,377 +0,0 @@
|
|||
- name: postgresql_idx - create test table called test_table
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
shell: psql postgres -U "{{ pg_user }}" -t -c "CREATE TABLE test_table (id int, story text);"
|
||||
ignore_errors: true
|
||||
|
||||
- name: postgresql_idx - drop test tablespace called ssd if exists
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
shell: psql postgres -U "{{ pg_user }}" -t -c "DROP TABLESPACE IF EXISTS ssd;"
|
||||
ignore_errors: true
|
||||
|
||||
- name: postgresql_idx - drop dir for test tablespace
|
||||
become: true
|
||||
file:
|
||||
path: /mnt/ssd
|
||||
state: absent
|
||||
ignore_errors: true
|
||||
|
||||
- name: postgresql_idx - create dir for test tablespace
|
||||
become: true
|
||||
file:
|
||||
path: /mnt/ssd
|
||||
state: directory
|
||||
owner: '{{ pg_user }}'
|
||||
mode: '0755'
|
||||
ignore_errors: true
|
||||
|
||||
- name: postgresql_idx - create test tablespace called ssd
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
shell: psql postgres -U "{{ pg_user }}" -t -c "CREATE TABLESPACE ssd LOCATION '/mnt/ssd';"
|
||||
ignore_errors: true
|
||||
register: tablespace
|
||||
|
||||
- name: postgresql_idx - create test schema
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
shell: psql postgres -U "{{ pg_user }}" -t -c "CREATE SCHEMA foo;"
|
||||
ignore_errors: true
|
||||
|
||||
- name: postgresql_idx - create table in non-default schema
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
shell: psql postgres -U "{{ pg_user }}" -t -c "CREATE TABLE foo.foo_table (id int, story text);"
|
||||
ignore_errors: true
|
||||
|
||||
- name: postgresql_idx - create btree index in check_mode
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_idx:
|
||||
db: postgres
|
||||
login_user: '{{ pg_user }}'
|
||||
table: test_table
|
||||
columns: id, story
|
||||
idxname: Test0_idx
|
||||
check_mode: true
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.tblname == ''
|
||||
- result.name == 'Test0_idx'
|
||||
- result.state == 'absent'
|
||||
- result.valid != ''
|
||||
- result.tblspace == ''
|
||||
- result.storage_params == []
|
||||
- result.schema == ''
|
||||
- result.query == ''
|
||||
|
||||
- name: postgresql_idx - check nothing changed after the previous step
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: '{{ pg_user }}'
|
||||
query: SELECT 1 FROM pg_indexes WHERE indexname = 'Test0_idx'
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
- name: postgresql_idx - create btree index concurrently
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_idx:
|
||||
db: postgres
|
||||
login_user: '{{ pg_user }}'
|
||||
table: test_table
|
||||
columns: id, story
|
||||
idxname: Test0_idx
|
||||
trust_input: no
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.tblname == 'test_table'
|
||||
- result.name == 'Test0_idx'
|
||||
- result.state == 'present'
|
||||
- result.valid != ''
|
||||
- result.tblspace == ''
|
||||
- result.storage_params == []
|
||||
- result.schema == 'public'
|
||||
- result.query == 'CREATE INDEX CONCURRENTLY "Test0_idx" ON "public"."test_table" USING BTREE (id, story)'
|
||||
|
||||
- name: postgresql_idx - check the index exists after the previous step
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: '{{ pg_user }}'
|
||||
query: SELECT 1 FROM pg_indexes WHERE indexname = 'Test0_idx'
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: postgresql_idx - try to create existing index again
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_idx:
|
||||
db: postgres
|
||||
login_user: '{{ pg_user }}'
|
||||
table: test_table
|
||||
columns: id, story
|
||||
idxname: Test0_idx
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.tblname == 'test_table'
|
||||
- result.name == 'Test0_idx'
|
||||
- result.state == 'present'
|
||||
- result.valid != ''
|
||||
- result.tblspace == ''
|
||||
- result.storage_params == []
|
||||
- result.schema == 'public'
|
||||
- result.query == ''
|
||||
|
||||
- name: postgresql_idx - create btree index - non-default schema, tablespace, storage parameter
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_idx:
|
||||
db: postgres
|
||||
login_user: '{{ pg_user }}'
|
||||
schema: foo
|
||||
table: foo_table
|
||||
columns:
|
||||
- id
|
||||
- story
|
||||
idxname: foo_test_idx
|
||||
tablespace: ssd
|
||||
storage_params: fillfactor=90
|
||||
trust_input: no
|
||||
register: result
|
||||
ignore_errors: true
|
||||
when: tablespace.rc == 0
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.tblname == 'foo_table'
|
||||
- result.name == 'foo_test_idx'
|
||||
- result.state == 'present'
|
||||
- result.valid != ''
|
||||
- result.tblspace == 'ssd'
|
||||
- result.storage_params == [ "fillfactor=90" ]
|
||||
- result.schema == 'foo'
|
||||
- result.query == 'CREATE INDEX CONCURRENTLY "foo_test_idx" ON "foo"."foo_table" USING BTREE (id,story) WITH (fillfactor=90) TABLESPACE "ssd"'
|
||||
when: tablespace.rc == 0
|
||||
|
||||
- name: postgresql_idx - create brin index not concurrently
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_idx:
|
||||
db: postgres
|
||||
login_user: '{{ pg_user }}'
|
||||
schema: public
|
||||
table: test_table
|
||||
state: present
|
||||
type: brin
|
||||
columns: id
|
||||
idxname: test_brin_idx
|
||||
concurrent: false
|
||||
trust_input: no
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.tblname == 'test_table'
|
||||
- result.name == 'test_brin_idx'
|
||||
- result.state == 'present'
|
||||
- result.valid != ''
|
||||
- result.tblspace == ''
|
||||
- result.storage_params == []
|
||||
- result.schema == 'public'
|
||||
- result.query == 'CREATE INDEX "test_brin_idx" ON "public"."test_table" USING brin (id)'
|
||||
when: postgres_version_resp.stdout is version('9.5', '>=')
|
||||
|
||||
- name: postgresql_idx - create index with condition
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_idx:
|
||||
db: postgres
|
||||
login_user: '{{ pg_user }}'
|
||||
table: test_table
|
||||
columns: id
|
||||
idxname: test1_idx
|
||||
cond: id > 1 AND id != 10
|
||||
trust_input: no
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.tblname == 'test_table'
|
||||
- result.name == 'test1_idx'
|
||||
- result.state == 'present'
|
||||
- result.valid != ''
|
||||
- result.tblspace == ''
|
||||
- result.storage_params == []
|
||||
- result.schema == 'public'
|
||||
- result.query == 'CREATE INDEX CONCURRENTLY "test1_idx" ON "public"."test_table" USING BTREE (id) WHERE id > 1 AND id != 10'
|
||||
|
||||
- name: postgresql_idx - create unique index
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_idx:
|
||||
db: postgres
|
||||
login_user: '{{ pg_user }}'
|
||||
table: test_table
|
||||
columns: story
|
||||
idxname: test_unique0_idx
|
||||
unique: true
|
||||
trust_input: no
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.tblname == 'test_table'
|
||||
- result.name == 'test_unique0_idx'
|
||||
- result.state == 'present'
|
||||
- result.valid != ''
|
||||
- result.tblspace == ''
|
||||
- result.storage_params == []
|
||||
- result.schema == 'public'
|
||||
- result.query == 'CREATE UNIQUE INDEX CONCURRENTLY "test_unique0_idx" ON "public"."test_table" USING BTREE (story)'
|
||||
|
||||
- name: postgresql_idx - avoid unique index with type different of btree
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_idx:
|
||||
db: postgres
|
||||
login_user: '{{ pg_user }}'
|
||||
table: test_table
|
||||
columns: story
|
||||
idxname: test_unique0_idx
|
||||
unique: true
|
||||
concurrent: false
|
||||
type: brin
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.msg == 'Only btree currently supports unique indexes'
|
||||
|
||||
- name: postgresql_idx - drop index from specific schema cascade in check_mode
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_idx:
|
||||
db: postgres
|
||||
login_user: '{{ pg_user }}'
|
||||
schema: foo
|
||||
name: foo_test_idx
|
||||
cascade: true
|
||||
state: absent
|
||||
concurrent: false
|
||||
trust_input: yes
|
||||
check_mode: true
|
||||
register: result
|
||||
ignore_errors: true
|
||||
when: tablespace.rc == 0
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.name == 'foo_test_idx'
|
||||
- result.state == 'present'
|
||||
- result.schema == 'foo'
|
||||
- result.query == ''
|
||||
when: tablespace.rc == 0
|
||||
|
||||
- name: postgresql_idx - check the index exists after the previous step
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: '{{ pg_user }}'
|
||||
query: SELECT 1 FROM pg_indexes WHERE indexname = 'foo_test_idx' AND schemaname = 'foo'
|
||||
register: result
|
||||
when: tablespace.rc == 0
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
when: tablespace.rc == 0
|
||||
|
||||
- name: postgresql_idx - drop index from specific schema cascade
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_idx:
|
||||
db: postgres
|
||||
login_user: '{{ pg_user }}'
|
||||
schema: foo
|
||||
name: foo_test_idx
|
||||
cascade: true
|
||||
state: absent
|
||||
concurrent: false
|
||||
register: result
|
||||
ignore_errors: true
|
||||
when: tablespace.rc == 0
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.name == 'foo_test_idx'
|
||||
- result.state == 'absent'
|
||||
- result.schema == 'foo'
|
||||
- result.query == 'DROP INDEX "foo"."foo_test_idx" CASCADE'
|
||||
when: tablespace.rc == 0
|
||||
|
||||
- name: postgresql_idx - check the index doesn't exist after the previous step
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: '{{ pg_user }}'
|
||||
query: SELECT 1 FROM pg_indexes WHERE indexname = 'foo_test_idx' and schemaname = 'foo'
|
||||
register: result
|
||||
when: tablespace.rc == 0
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
when: tablespace.rc == 0
|
||||
|
||||
- name: postgresql_idx - try to drop not existing index
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_idx:
|
||||
db: postgres
|
||||
login_user: '{{ pg_user }}'
|
||||
schema: foo
|
||||
name: foo_test_idx
|
||||
state: absent
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.query == ''
|
|
@ -1,8 +0,0 @@
|
|||
destructive
|
||||
shippable/posix/group1
|
||||
skip/aix
|
||||
skip/osx
|
||||
skip/macos
|
||||
skip/freebsd
|
||||
skip/rhel
|
||||
disabled # tests already running in community.postgresql
|
|
@ -1,15 +0,0 @@
|
|||
---
|
||||
pg_user: postgres
|
||||
db_default: postgres
|
||||
master_port: 5433
|
||||
replica_port: 5434
|
||||
|
||||
test_table1: acme1
|
||||
test_pub: first_publication
|
||||
test_pub2: second_publication
|
||||
replication_role: logical_replication
|
||||
replication_pass: alsdjfKJKDf1#
|
||||
test_db: acme_db
|
||||
test_subscription: test
|
||||
test_subscription2: test2
|
||||
conn_timeout: 100
|
|
@ -1,2 +0,0 @@
|
|||
dependencies:
|
||||
- setup_postgresql_replication
|
|
@ -1,12 +0,0 @@
|
|||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
# For testing getting publication and subscription info
|
||||
- import_tasks: setup_publication.yml
|
||||
when: ansible_distribution == 'Ubuntu' and ansible_distribution_major_version >= '18'
|
||||
|
||||
# Initial CI tests of postgresql_info module
|
||||
- import_tasks: postgresql_info_initial.yml
|
||||
when: ansible_distribution == 'Ubuntu' and ansible_distribution_major_version >= '18'
|
|
@ -1,177 +0,0 @@
|
|||
# Copyright: (c) 2020, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
- vars:
|
||||
task_parameters: &task_parameters
|
||||
become_user: '{{ pg_user }}'
|
||||
become: yes
|
||||
register: result
|
||||
pg_parameters: &pg_parameters
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: '{{ db_default }}'
|
||||
|
||||
block:
|
||||
|
||||
- name: Create test subscription
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
login_db: '{{ test_db }}'
|
||||
state: present
|
||||
publications: '{{ test_pub }}'
|
||||
connparams:
|
||||
host: 127.0.0.1
|
||||
port: '{{ master_port }}'
|
||||
user: '{{ replication_role }}'
|
||||
password: '{{ replication_pass }}'
|
||||
dbname: '{{ test_db }}'
|
||||
|
||||
- name: Create test subscription
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription2 }}'
|
||||
login_db: '{{ test_db }}'
|
||||
state: present
|
||||
publications: '{{ test_pub2 }}'
|
||||
connparams:
|
||||
host: 127.0.0.1
|
||||
port: '{{ master_port }}'
|
||||
user: '{{ replication_role }}'
|
||||
password: '{{ replication_pass }}'
|
||||
dbname: '{{ test_db }}'
|
||||
|
||||
- name: postgresql_info - create role to check session_role
|
||||
<<: *task_parameters
|
||||
postgresql_user:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
login_user: "{{ pg_user }}"
|
||||
name: session_superuser
|
||||
role_attr_flags: SUPERUSER
|
||||
|
||||
- name: postgresql_info - test return values and session_role param
|
||||
<<: *task_parameters
|
||||
postgresql_info:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
session_role: session_superuser
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.version != {}
|
||||
- result.in_recovery == false
|
||||
- result.databases.{{ db_default }}.collate
|
||||
- result.databases.{{ db_default }}.languages
|
||||
- result.databases.{{ db_default }}.namespaces
|
||||
- result.databases.{{ db_default }}.extensions
|
||||
- result.databases.{{ test_db }}.subscriptions.{{ test_subscription }}
|
||||
- result.databases.{{ test_db }}.subscriptions.{{ test_subscription2 }}
|
||||
- result.settings
|
||||
- result.tablespaces
|
||||
- result.roles
|
||||
|
||||
- name: postgresql_info - check filter param passed by list
|
||||
<<: *task_parameters
|
||||
postgresql_info:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
filter:
|
||||
- ver*
|
||||
- rol*
|
||||
- in_recov*
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.version != {}
|
||||
- result.roles
|
||||
- result.in_recovery == false
|
||||
- result.databases == {}
|
||||
- result.repl_slots == {}
|
||||
- result.replications == {}
|
||||
- result.settings == {}
|
||||
- result.tablespaces == {}
|
||||
|
||||
- name: postgresql_info - check filter param passed by string
|
||||
<<: *task_parameters
|
||||
postgresql_info:
|
||||
<<: *pg_parameters
|
||||
filter: ver*,role*
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.version != {}
|
||||
- result.roles
|
||||
- result.databases == {}
|
||||
- result.repl_slots == {}
|
||||
- result.replications == {}
|
||||
- result.settings == {}
|
||||
- result.tablespaces == {}
|
||||
|
||||
- name: postgresql_info - check filter param passed by string
|
||||
<<: *task_parameters
|
||||
postgresql_info:
|
||||
<<: *pg_parameters
|
||||
filter: ver*
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.version
|
||||
- result.roles == {}
|
||||
|
||||
- name: postgresql_info - check excluding filter param passed by list
|
||||
<<: *task_parameters
|
||||
postgresql_info:
|
||||
<<: *pg_parameters
|
||||
filter:
|
||||
- "!ver*"
|
||||
- "!rol*"
|
||||
- "!in_rec*"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.version == {}
|
||||
- result.in_recovery == None
|
||||
- result.roles == {}
|
||||
- result.databases
|
||||
|
||||
- name: postgresql_info - test return publication info
|
||||
<<: *task_parameters
|
||||
postgresql_info:
|
||||
<<: *pg_parameters
|
||||
login_db: '{{ test_db }}'
|
||||
login_port: '{{ master_port }}'
|
||||
trust_input: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.version != {}
|
||||
- result.in_recovery == false
|
||||
- result.databases.{{ db_default }}.collate
|
||||
- result.databases.{{ db_default }}.languages
|
||||
- result.databases.{{ db_default }}.namespaces
|
||||
- result.databases.{{ db_default }}.extensions
|
||||
- result.databases.{{ test_db }}.publications.{{ test_pub }}.ownername == '{{ pg_user }}'
|
||||
- result.databases.{{ test_db }}.publications.{{ test_pub2 }}.puballtables == true
|
||||
- result.settings
|
||||
- result.tablespaces
|
||||
- result.roles
|
||||
|
||||
- name: postgresql_info - test trust_input parameter
|
||||
<<: *task_parameters
|
||||
postgresql_info:
|
||||
<<: *pg_parameters
|
||||
login_db: '{{ test_db }}'
|
||||
login_port: '{{ master_port }}'
|
||||
trust_input: no
|
||||
session_role: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
- result.msg is search('is potentially dangerous')
|
|
@ -1,61 +0,0 @@
|
|||
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# Preparation for further tests of postgresql_subscription module.
|
||||
|
||||
- vars:
|
||||
task_parameters: &task_parameters
|
||||
become_user: '{{ pg_user }}'
|
||||
become: yes
|
||||
register: result
|
||||
pg_parameters: &pg_parameters
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: '{{ test_db }}'
|
||||
|
||||
block:
|
||||
- name: Create test db
|
||||
<<: *task_parameters
|
||||
postgresql_db:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_port: '{{ master_port }}'
|
||||
maintenance_db: '{{ db_default }}'
|
||||
name: '{{ test_db }}'
|
||||
|
||||
- name: Create test role
|
||||
<<: *task_parameters
|
||||
postgresql_user:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ master_port }}'
|
||||
name: '{{ replication_role }}'
|
||||
password: '{{ replication_pass }}'
|
||||
role_attr_flags: LOGIN,REPLICATION
|
||||
|
||||
- name: Create test table
|
||||
<<: *task_parameters
|
||||
postgresql_table:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ master_port }}'
|
||||
name: '{{ test_table1 }}'
|
||||
columns:
|
||||
- id int
|
||||
|
||||
- name: Master - dump schema
|
||||
<<: *task_parameters
|
||||
shell: pg_dumpall -p '{{ master_port }}' -s > /tmp/schema.sql
|
||||
|
||||
- name: Replicat restore schema
|
||||
<<: *task_parameters
|
||||
shell: psql -p '{{ replica_port }}' -f /tmp/schema.sql
|
||||
|
||||
- name: Create publication
|
||||
<<: *task_parameters
|
||||
postgresql_publication:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ master_port }}'
|
||||
name: '{{ test_pub }}'
|
||||
|
||||
- name: Create publication
|
||||
<<: *task_parameters
|
||||
postgresql_publication:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ master_port }}'
|
||||
name: '{{ test_pub2 }}'
|
|
@ -1,6 +0,0 @@
|
|||
destructive
|
||||
shippable/posix/group4
|
||||
skip/aix
|
||||
skip/osx
|
||||
skip/macos
|
||||
disabled # tests already running in community.postgresql
|
|
@ -1,2 +0,0 @@
|
|||
dependencies:
|
||||
- setup_postgresql_db
|
|
@ -1,25 +0,0 @@
|
|||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
- name: Include distribution specific variables
|
||||
include_vars: "{{ lookup('first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- "{{ ansible_facts.distribution }}-{{ ansible_facts.distribution_major_version }}.yml"
|
||||
- default.yml
|
||||
paths:
|
||||
- vars
|
||||
|
||||
# Only run on CentOS 7 because there is a stack trace on CentOS 8 because the module
|
||||
# is looking for the incorrect version of plpython.
|
||||
# https://gist.github.com/samdoran/8fc1b4ae834d3e66d1895d087419b8d8
|
||||
- name: Initial CI tests of postgresql_lang module
|
||||
when:
|
||||
- ansible_facts.distribution == 'CentOS'
|
||||
- ansible_facts.distribution_major_version is version ('7', '==')
|
||||
block:
|
||||
- include_tasks: postgresql_lang_initial.yml
|
||||
- include_tasks: postgresql_lang_add_owner_param.yml
|
|
@ -1,199 +0,0 @@
|
|||
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
- vars:
|
||||
test_user1: alice
|
||||
test_user2: bob
|
||||
test_lang: plperl
|
||||
non_existent_role: fake_role
|
||||
task_parameters: &task_parameters
|
||||
become_user: '{{ pg_user }}'
|
||||
become: yes
|
||||
register: result
|
||||
pg_parameters: &pg_parameters
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
|
||||
block:
|
||||
- name: Create roles for tests
|
||||
<<: *task_parameters
|
||||
postgresql_user:
|
||||
<<: *pg_parameters
|
||||
name: '{{ item }}'
|
||||
loop:
|
||||
- '{{ test_user1 }}'
|
||||
- '{{ test_user2 }}'
|
||||
|
||||
- name: Create lang with owner in check_mode
|
||||
<<: *task_parameters
|
||||
postgresql_lang:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_lang }}'
|
||||
owner: '{{ test_user1 }}'
|
||||
trust_input: no
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == []
|
||||
|
||||
- name: Check that nothing was actually changed
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: >
|
||||
SELECT r.rolname FROM pg_language l
|
||||
JOIN pg_roles r ON l.lanowner = r.oid
|
||||
WHERE l.lanname = '{{ test_lang }}'
|
||||
AND r.rolname = '{{ test_user1 }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
- name: Create lang with owner
|
||||
<<: *task_parameters
|
||||
postgresql_lang:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_lang }}'
|
||||
owner: '{{ test_user1 }}'
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ['CREATE LANGUAGE "{{ test_lang }}"', 'ALTER LANGUAGE "{{ test_lang }}" OWNER TO "{{ test_user1 }}"']
|
||||
|
||||
- name: Check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: >
|
||||
SELECT r.rolname FROM pg_language l
|
||||
JOIN pg_roles r ON l.lanowner = r.oid
|
||||
WHERE l.lanname = '{{ test_lang }}'
|
||||
AND r.rolname = '{{ test_user1 }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: Change lang owner in check_mode
|
||||
<<: *task_parameters
|
||||
postgresql_lang:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_lang }}'
|
||||
owner: '{{ test_user2 }}'
|
||||
trust_input: yes
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ['ALTER LANGUAGE "{{ test_lang }}" OWNER TO "{{ test_user2 }}"']
|
||||
|
||||
- name: Check that nothing was actually changed
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: >
|
||||
SELECT r.rolname FROM pg_language l
|
||||
JOIN pg_roles r ON l.lanowner = r.oid
|
||||
WHERE l.lanname = '{{ test_lang }}'
|
||||
AND r.rolname = '{{ test_user2 }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
- name: Change lang owner
|
||||
<<: *task_parameters
|
||||
postgresql_lang:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_lang }}'
|
||||
owner: '{{ test_user2 }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
# TODO: the first elem of the returned list below
|
||||
# looks like a bug, not related with the option owner, needs to be checked
|
||||
- result.queries == ["UPDATE pg_language SET lanpltrusted = false WHERE lanname = '{{ test_lang }}'", 'ALTER LANGUAGE "{{ test_lang }}" OWNER TO "{{ test_user2 }}"']
|
||||
|
||||
- name: Check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: >
|
||||
SELECT r.rolname FROM pg_language l
|
||||
JOIN pg_roles r ON l.lanowner = r.oid
|
||||
WHERE l.lanname = '{{ test_lang }}'
|
||||
AND r.rolname = '{{ test_user2 }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: Try to change lang owner again to the same role
|
||||
<<: *task_parameters
|
||||
postgresql_lang:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_lang }}'
|
||||
owner: '{{ test_user2 }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.queries == []
|
||||
|
||||
- name: Check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: >
|
||||
SELECT r.rolname FROM pg_language l
|
||||
JOIN pg_roles r ON l.lanowner = r.oid
|
||||
WHERE l.lanname = '{{ test_lang }}'
|
||||
AND r.rolname = '{{ test_user2 }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: Drop test lang with owner, must ignore
|
||||
<<: *task_parameters
|
||||
postgresql_lang:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_lang }}'
|
||||
state: absent
|
||||
owner: '{{ non_existent_role }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["DROP LANGUAGE \"{{ test_lang }}\""]
|
||||
|
||||
- name: Check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: >
|
||||
SELECT r.rolname FROM pg_language l
|
||||
JOIN pg_roles r ON l.lanowner = r.oid
|
||||
WHERE l.lanname = '{{ test_lang }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
# Clean up
|
||||
- name: Drop test roles
|
||||
<<: *task_parameters
|
||||
postgresql_user:
|
||||
<<: *pg_parameters
|
||||
name: '{{ item }}'
|
||||
state: absent
|
||||
loop:
|
||||
- '{{ test_user1 }}'
|
||||
- '{{ test_user2 }}'
|
|
@ -1,231 +0,0 @@
|
|||
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
# Preparation for tests:
|
||||
- name: Install PostgreSQL support packages
|
||||
become: yes
|
||||
action: "{{ ansible_facts.pkg_mgr }}"
|
||||
args:
|
||||
name: "{{ postgresql_lang_packages }}"
|
||||
state: present
|
||||
|
||||
###############
|
||||
# Do main tests
|
||||
#
|
||||
|
||||
# Create language in check_mode:
|
||||
- name: postgresql_lang - create plperl in check_mode
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_lang:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
name: plperl
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == []
|
||||
|
||||
- name: postgresql_lang - check that lang doesn't exist after previous step, rowcount must be 0
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_language WHERE lanname = 'plperl'"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
# Create language:
|
||||
- name: postgresql_lang - create plperl
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_lang:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
name: plperl
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ['CREATE LANGUAGE "plperl"']
|
||||
|
||||
- name: postgresql_lang - check that lang exists after previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_language WHERE lanname = 'plperl'"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
# Drop language in check_mode:
|
||||
- name: postgresql_lang - drop plperl in check_mode
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_lang:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
name: plperl
|
||||
state: absent
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == []
|
||||
|
||||
- name: postgresql_lang - check that lang exists after previous step, rowcount must be 1
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_language WHERE lanname = 'plperl'"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
# Drop language:
|
||||
- name: postgresql_lang - drop plperl
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_lang:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
name: plperl
|
||||
state: absent
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ['DROP LANGUAGE "plperl"']
|
||||
|
||||
- name: postgresql_lang - check that lang doesn't exist after previous step, rowcount must be 0
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_language WHERE lanname = 'plperl'"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
# Check fail_on_drop yes
|
||||
- name: postgresql_lang - drop c language to check fail_on_drop yes
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_lang:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
name: c
|
||||
state: absent
|
||||
fail_on_drop: yes
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.failed == true
|
||||
|
||||
# Check fail_on_drop no
|
||||
- name: postgresql_lang - drop c language to check fail_on_drop no
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_lang:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
name: c
|
||||
state: absent
|
||||
fail_on_drop: no
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.failed == false
|
||||
|
||||
# Create trusted language:
|
||||
- name: postgresql_lang - create plpythonu
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_lang:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
name: plpythonu
|
||||
trust: yes
|
||||
force_trust: yes
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ['CREATE TRUSTED LANGUAGE "plpythonu"', "UPDATE pg_language SET lanpltrusted = true WHERE lanname = 'plpythonu'"]
|
||||
|
||||
- name: postgresql_lang - check that lang exists and it's trusted after previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_language WHERE lanname = 'plpythonu' AND lanpltrusted = 't'"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
# Drop language cascade, tests of aliases:
|
||||
- name: postgresql_lang - drop plpythonu cascade
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_lang:
|
||||
login_db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
login_port: 5432
|
||||
lang: plpythonu
|
||||
state: absent
|
||||
cascade: yes
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ['DROP LANGUAGE "plpythonu" CASCADE']
|
||||
|
||||
- name: postgresql_lang - check that lang doesn't exist after previous step, rowcount must be 0
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_language WHERE lanname = 'plpythonu'"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
|
@ -1,3 +0,0 @@
|
|||
postgresql_lang_packages:
|
||||
- postgresql-plperl
|
||||
- postgresql-plpython
|
|
@ -1,3 +0,0 @@
|
|||
postgresql_lang_packages:
|
||||
- postgresql-plperl
|
||||
- postgresql-plpython3
|
|
@ -1,6 +0,0 @@
|
|||
destructive
|
||||
shippable/posix/group4
|
||||
skip/aix
|
||||
skip/osx
|
||||
skip/macos
|
||||
disabled # tests already running in community.postgresql
|
|
@ -1,6 +0,0 @@
|
|||
test_group1: group1
|
||||
test_group2: group2
|
||||
test_group3: group.with.dots
|
||||
test_user1: user1
|
||||
test_user2: user.with.dots
|
||||
dangerous_name: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
|
|
@ -1,2 +0,0 @@
|
|||
dependencies:
|
||||
- setup_postgresql_db
|
|
@ -1,7 +0,0 @@
|
|||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
# Initial CI tests of postgresql_membership module
|
||||
- import_tasks: postgresql_membership_initial.yml
|
|
@ -1,390 +0,0 @@
|
|||
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
####################
|
||||
# Prepare for tests:
|
||||
|
||||
# Create test roles:
|
||||
- name: postgresql_membership - create test roles
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_user:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: "{{ item }}"
|
||||
ignore_errors: yes
|
||||
with_items:
|
||||
- "{{ test_group1 }}"
|
||||
- "{{ test_group2 }}"
|
||||
- "{{ test_group3 }}"
|
||||
- "{{ test_user1 }}"
|
||||
- "{{ test_user2 }}"
|
||||
|
||||
################
|
||||
# Do main tests:
|
||||
|
||||
### Test check_mode
|
||||
# Grant test_group1 to test_user1 in check_mode:
|
||||
- name: postgresql_membership - grant test_group1 to test_user1 in check_mode
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_membership:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
group: "{{ test_group1 }}"
|
||||
user: "{{ test_user1 }}"
|
||||
state: present
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.groups == ["{{ test_group1 }}"]
|
||||
- result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\""]
|
||||
- result.granted.{{ test_group1 }} == ["{{ test_user1 }}"]
|
||||
- result.state == "present"
|
||||
- result.target_roles == ["{{ test_user1 }}"]
|
||||
|
||||
# Try to revoke test_group1 from test_user1 to check that
|
||||
# nothing actually changed in check_mode at the previous step:
|
||||
- name: postgresql_membership - try to revoke test_group1 from test_user1 for checking check_mode
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_membership:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
group: "{{ test_group1 }}"
|
||||
user: "{{ test_user1 }}"
|
||||
state: absent
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.groups == ["{{ test_group1 }}"]
|
||||
- result.queries == []
|
||||
- result.revoked.{{ test_group1 }} == []
|
||||
- result.state == "absent"
|
||||
- result.target_roles == ["{{ test_user1 }}"]
|
||||
### End of test check_mode
|
||||
|
||||
# Grant test_group1 to test_user1:
|
||||
- name: postgresql_membership - grant test_group1 to test_user1
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_membership:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
group: "{{ test_group1 }}"
|
||||
user: "{{ test_user1 }}"
|
||||
state: present
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.groups == ["{{ test_group1 }}"]
|
||||
- result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\""]
|
||||
- result.granted.{{ test_group1 }} == ["{{ test_user1 }}"]
|
||||
- result.state == "present"
|
||||
- result.target_roles == ["{{ test_user1 }}"]
|
||||
|
||||
# Grant test_group1 to test_user1 again to check that nothing changes:
|
||||
- name: postgresql_membership - grant test_group1 to test_user1 again
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_membership:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
group: "{{ test_group1 }}"
|
||||
user: "{{ test_user1 }}"
|
||||
state: present
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.groups == ["{{ test_group1 }}"]
|
||||
- result.queries == []
|
||||
- result.granted.{{ test_group1 }} == []
|
||||
- result.state == "present"
|
||||
- result.target_roles == ["{{ test_user1 }}"]
|
||||
|
||||
# Revoke test_group1 from test_user1:
|
||||
- name: postgresql_membership - revoke test_group1 from test_user1
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_membership:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
group: "{{ test_group1 }}"
|
||||
user: "{{ test_user1 }}"
|
||||
state: absent
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.groups == ["{{ test_group1 }}"]
|
||||
- result.queries == ["REVOKE \"{{ test_group1 }}\" FROM \"{{ test_user1 }}\""]
|
||||
- result.revoked.{{ test_group1 }} == ["{{ test_user1 }}"]
|
||||
- result.state == "absent"
|
||||
- result.target_roles == ["{{ test_user1 }}"]
|
||||
|
||||
# Revoke test_group1 from test_user1 again to check that nothing changes:
|
||||
- name: postgresql_membership - revoke test_group1 from test_user1 again
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_membership:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
group: "{{ test_group1 }}"
|
||||
user: "{{ test_user1 }}"
|
||||
state: absent
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.groups == ["{{ test_group1 }}"]
|
||||
- result.queries == []
|
||||
- result.revoked.{{ test_group1 }} == []
|
||||
- result.state == "absent"
|
||||
- result.target_roles == ["{{ test_user1 }}"]
|
||||
|
||||
# Grant test_group1 and test_group2 to test_user1 and test_user2:
|
||||
- name: postgresql_membership - grant two groups to two users
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_membership:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
group:
|
||||
- "{{ test_group1 }}"
|
||||
- "{{ test_group2 }}"
|
||||
user:
|
||||
- "{{ test_user1 }}"
|
||||
- "{{ test_user2 }}"
|
||||
state: present
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.groups == ["{{ test_group1 }}", "{{ test_group2 }}"]
|
||||
- result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\"", "GRANT \"{{ test_group1 }}\" TO \"{{ test_user2 }}\"", "GRANT \"{{ test_group2 }}\" TO \"{{ test_user1 }}\"", "GRANT \"{{ test_group2 }}\" TO \"{{ test_user2 }}\""]
|
||||
- result.granted.{{ test_group1 }} == ["{{ test_user1 }}", "{{ test_user2 }}"]
|
||||
- result.granted.{{ test_group2 }} == ["{{ test_user1 }}", "{{ test_user2 }}"]
|
||||
- result.state == "present"
|
||||
- result.target_roles == ["{{ test_user1 }}", "{{ test_user2 }}"]
|
||||
|
||||
# Grant test_group1 and test_group2 to test_user1 and test_user2 again to check that nothing changes:
|
||||
- name: postgresql_membership - grant two groups to two users again
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_membership:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
group:
|
||||
- "{{ test_group1 }}"
|
||||
- "{{ test_group2 }}"
|
||||
user:
|
||||
- "{{ test_user1 }}"
|
||||
- "{{ test_user2 }}"
|
||||
state: present
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.groups == ["{{ test_group1 }}", "{{ test_group2 }}"]
|
||||
- result.queries == []
|
||||
- result.granted.{{ test_group1 }} == []
|
||||
- result.granted.{{ test_group2 }} == []
|
||||
- result.state == "present"
|
||||
- result.target_roles == ["{{ test_user1 }}", "{{ test_user2 }}"]
|
||||
|
||||
# Revoke only test_group1 from test_user1:
|
||||
- name: postgresql_membership - revoke one group from one user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_membership:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
group: "{{ test_group1 }}"
|
||||
user: "{{ test_user1 }}"
|
||||
state: absent
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.groups == ["{{ test_group1 }}"]
|
||||
- result.queries == ["REVOKE \"{{ test_group1 }}\" FROM \"{{ test_user1 }}\""]
|
||||
- result.revoked.{{ test_group1 }} == ["{{ test_user1 }}"]
|
||||
- result.state == "absent"
|
||||
- result.target_roles == ["{{ test_user1 }}"]
|
||||
|
||||
# Try to grant test_group1 and test_group2 to test_user1 and test_user2 again
|
||||
# to check that nothing changes with test_user2:
|
||||
- name: postgresql_membership - grant two groups to two users again
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_membership:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
group:
|
||||
- "{{ test_group1 }}"
|
||||
- "{{ test_group2 }}"
|
||||
user:
|
||||
- "{{ test_user1 }}"
|
||||
- "{{ test_user2 }}"
|
||||
state: present
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.groups == ["{{ test_group1 }}", "{{ test_group2 }}"]
|
||||
- result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\""]
|
||||
- result.granted.{{ test_group1 }} == ["{{ test_user1 }}"]
|
||||
- result.granted.{{ test_group2 }} == []
|
||||
- result.state == "present"
|
||||
- result.target_roles == ["{{ test_user1 }}", "{{ test_user2 }}"]
|
||||
|
||||
#####################
|
||||
# Check fail_on_role:
|
||||
|
||||
# Try to grant non existent group to non existent role with fail_on_role=yes:
|
||||
- name: postgresql_membership - revoke non existen group from non existen role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_membership:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
group: fake_group
|
||||
user: fake_user
|
||||
state: present
|
||||
fail_on_role: yes
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
|
||||
# Try to grant non existent group to non existent role with fail_on_role=no:
|
||||
- name: postgresql_membership - revoke non existen group from non existen role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_membership:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
group: fake_group
|
||||
user: fake_user
|
||||
state: present
|
||||
fail_on_role: no
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.granted == {}
|
||||
- result.groups == []
|
||||
- result.target_roles == []
|
||||
- result.state == 'present'
|
||||
|
||||
# Try to revoke non existent group from non existent role with fail_on_role=no:
|
||||
- name: postgresql_membership - revoke non existen group from non existen role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_membership:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
group: fake_group
|
||||
user: fake_user
|
||||
state: absent
|
||||
fail_on_role: no
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.revoked == {}
|
||||
- result.groups == []
|
||||
- result.target_roles == []
|
||||
- result.state == 'absent'
|
||||
|
||||
# Grant test_group3 with a name containing dots to test_user1.
|
||||
- name: postgresql_membership - grant test_group3 with dots to test_user1
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_membership:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
group: "{{ test_group3 }}"
|
||||
user: "{{ test_user1 }}"
|
||||
state: present
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["GRANT \"{{ test_group3 }}\" TO \"{{ test_user1 }}\""]
|
||||
|
||||
#############################
|
||||
# Check trust_input parameter
|
||||
|
||||
- name: postgresql_membership - try to use dangerous input, don't trust
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_membership:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
group:
|
||||
- "{{ test_group3}}"
|
||||
- "{{ dangerous_name }}"
|
||||
user: "{{ test_user1 }}"
|
||||
state: present
|
||||
trust_input: no
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
- result.msg == 'Passed input \'{{ dangerous_name }}\' is potentially dangerous'
|
||||
|
||||
- name: postgresql_membership - try to use dangerous input, trust explicitly
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_membership:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
group:
|
||||
- "{{ test_group3}}"
|
||||
- "{{ dangerous_name }}"
|
||||
user: "{{ test_user1 }}"
|
||||
state: present
|
||||
trust_input: yes
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
- result.msg == 'Role {{ dangerous_name }} does not exist'
|
|
@ -1,6 +0,0 @@
|
|||
destructive
|
||||
shippable/posix/group4
|
||||
skip/aix
|
||||
skip/osx
|
||||
skip/macos
|
||||
disabled # tests already running in community.postgresql
|
|
@ -1,3 +0,0 @@
|
|||
test_tablespace_path: "/ssd"
|
||||
|
||||
dangerous_name: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
|
|
@ -1,2 +0,0 @@
|
|||
dependencies:
|
||||
- setup_postgresql_db
|
|
@ -1,9 +0,0 @@
|
|||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
# Initial CI tests of postgresql_owner module
|
||||
- import_tasks: postgresql_owner_initial.yml
|
||||
when:
|
||||
- postgres_version_resp.stdout is version('9.4', '>=')
|
File diff suppressed because it is too large
Load diff
|
@ -1,6 +0,0 @@
|
|||
destructive
|
||||
shippable/posix/group4
|
||||
skip/aix
|
||||
skip/osx
|
||||
skip/macos
|
||||
disabled # tests already running in community.postgresql
|
|
@ -1,23 +0,0 @@
|
|||
---
|
||||
pg_hba_test_ips:
|
||||
- contype: local
|
||||
users: 'all,postgres,test'
|
||||
- source: '0000:ffff::'
|
||||
netmask: 'ffff:fff0::'
|
||||
- source: '192.168.0.0/24'
|
||||
netmask: ''
|
||||
databases: 'all,replication'
|
||||
- source: '192.168.1.0/24'
|
||||
netmask: ''
|
||||
databases: 'all'
|
||||
method: reject
|
||||
- source: '127.0.0.1/32'
|
||||
netmask: ''
|
||||
- source: '::1/128'
|
||||
netmask: ''
|
||||
- source: '0000:ff00::'
|
||||
netmask: 'ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00'
|
||||
method: scram-sha-256
|
||||
- source: '172.16.0.0'
|
||||
netmask: '255.255.0.0'
|
||||
method: trust
|
|
@ -1,2 +0,0 @@
|
|||
dependencies:
|
||||
- setup_postgresql_db
|
|
@ -1,7 +0,0 @@
|
|||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
# Initial CI tests of postgresql_pg_hba module
|
||||
- import_tasks: postgresql_pg_hba_initial.yml
|
|
@ -1,183 +0,0 @@
|
|||
- name: Make sure file does not exist
|
||||
file:
|
||||
dest: /tmp/pg_hba.conf
|
||||
state: absent
|
||||
|
||||
- name: check_mode run
|
||||
postgresql_pg_hba:
|
||||
dest: /tmp/pg_hba.conf
|
||||
contype: host
|
||||
source: '0000:ffff::'
|
||||
netmask: 'ffff:fff0::'
|
||||
method: md5
|
||||
backup: 'True'
|
||||
order: sud
|
||||
state: "{{item}}"
|
||||
check_mode: yes
|
||||
with_items:
|
||||
- present
|
||||
- absent
|
||||
|
||||
- name: check_mode check
|
||||
stat:
|
||||
path: /tmp/pg_hba.conf
|
||||
register: pg_hba_checkmode_check
|
||||
|
||||
- name: Remove several ip addresses for idempotency check
|
||||
postgresql_pg_hba:
|
||||
contype: "{{item.contype|default('host')}}"
|
||||
databases: "{{item.databases|default('all')}}"
|
||||
dest: /tmp/pg_hba.conf
|
||||
method: "{{item.method|default('md5')}}"
|
||||
netmask: "{{item.netmask|default('')}}"
|
||||
order: sud
|
||||
source: "{{item.source|default('')}}"
|
||||
state: absent
|
||||
users: "{{item.users|default('all')}}"
|
||||
with_items: "{{pg_hba_test_ips}}"
|
||||
register: pg_hba_idempotency_check1
|
||||
|
||||
- name: idempotency not creating file check
|
||||
stat:
|
||||
path: /tmp/pg_hba.conf
|
||||
register: pg_hba_idempotency_file_check
|
||||
|
||||
- name: Add several ip addresses
|
||||
postgresql_pg_hba:
|
||||
backup: 'True'
|
||||
contype: "{{item.contype|default('host')}}"
|
||||
create: 'True'
|
||||
databases: "{{item.databases|default('all')}}"
|
||||
dest: /tmp/pg_hba.conf
|
||||
method: "{{item.method|default('md5')}}"
|
||||
netmask: "{{item.netmask|default('')}}"
|
||||
order: sud
|
||||
source: "{{item.source|default('')}}"
|
||||
state: present
|
||||
users: "{{item.users|default('all')}}"
|
||||
register: pg_hba_change
|
||||
with_items: "{{pg_hba_test_ips}}"
|
||||
|
||||
- name: Able to add options on rule without
|
||||
postgresql_pg_hba:
|
||||
dest: "/tmp/pg_hba.conf"
|
||||
users: "+some"
|
||||
order: "sud"
|
||||
state: "present"
|
||||
contype: "local"
|
||||
method: "cert"
|
||||
options: "{{ item }}"
|
||||
address: ""
|
||||
with_items:
|
||||
- ""
|
||||
- "clientcert=1"
|
||||
|
||||
- name: Retain options even if they contain spaces
|
||||
postgresql_pg_hba:
|
||||
dest: "/tmp/pg_hba.conf"
|
||||
users: "+some"
|
||||
order: "sud"
|
||||
state: "present"
|
||||
contype: "{{ item.contype }}"
|
||||
method: "{{ item.method }}"
|
||||
options: "{{ item.options }}"
|
||||
address: "{{ item.address }}"
|
||||
with_items:
|
||||
- { address: "", contype: "local", method: "ldap", options: "ldapserver=example.com ldapport=389 ldapprefix=\"cn=\"" }
|
||||
- { address: "red", contype: "hostssl", method: "cert", options: "clientcert=1 map=mymap" }
|
||||
- { address: "blue", contype: "hostssl", method: "cert", options: "clientcert=1 map=mymap" }
|
||||
register: pg_hba_options
|
||||
|
||||
- name: read pg_hba rules
|
||||
postgresql_pg_hba:
|
||||
dest: /tmp/pg_hba.conf
|
||||
register: pg_hba
|
||||
|
||||
- name: Add several ip addresses again for idempotency check
|
||||
postgresql_pg_hba:
|
||||
contype: "{{item.contype|default('host')}}"
|
||||
databases: "{{item.databases|default('all')}}"
|
||||
dest: /tmp/pg_hba.conf
|
||||
method: "{{item.method|default('md5')}}"
|
||||
netmask: "{{item.netmask|default('')}}"
|
||||
order: sud
|
||||
source: "{{item.source|default('')}}"
|
||||
state: present
|
||||
users: "{{item.users|default('all')}}"
|
||||
with_items: "{{pg_hba_test_ips}}"
|
||||
register: pg_hba_idempotency_check2
|
||||
|
||||
- name: pre-backup stat
|
||||
stat:
|
||||
path: /tmp/pg_hba.conf
|
||||
register: prebackupstat
|
||||
|
||||
- name: Add new ip address for backup check and netmask_sameas_prefix check
|
||||
postgresql_pg_hba:
|
||||
backup: 'True'
|
||||
contype: host
|
||||
dest: /tmp/pg_hba.conf
|
||||
method: md5
|
||||
netmask: 255.255.255.0
|
||||
order: sud
|
||||
source: '172.21.0.0'
|
||||
state: present
|
||||
register: pg_hba_backup_check2
|
||||
|
||||
- name: Add new ip address for netmask_sameas_prefix check
|
||||
postgresql_pg_hba:
|
||||
backup: 'True'
|
||||
contype: host
|
||||
dest: /tmp/pg_hba.conf
|
||||
method: md5
|
||||
order: sud
|
||||
source: '172.21.0.0/24'
|
||||
state: present
|
||||
register: netmask_sameas_prefix_check
|
||||
|
||||
- name: post-backup stat
|
||||
stat:
|
||||
path: "{{pg_hba_backup_check2.backup_file}}"
|
||||
register: postbackupstat
|
||||
|
||||
- name: Dont allow netmask for src in [all, samehost, samenet]
|
||||
postgresql_pg_hba:
|
||||
contype: host
|
||||
dest: /tmp/pg_hba.conf
|
||||
method: md5
|
||||
netmask: '255.255.255.255'
|
||||
order: sud
|
||||
source: all
|
||||
state: present
|
||||
register: pg_hba_fail_src_all_with_netmask
|
||||
ignore_errors: yes
|
||||
|
||||
- debug:
|
||||
var: pg_hba.pg_hba
|
||||
- assert:
|
||||
that:
|
||||
- 'pg_hba.pg_hba == [
|
||||
{ "db": "all", "method": "ldap", "type": "local", "usr": "+some", "options": "ldapserver=example.com ldapport=389 ldapprefix=\"cn=\"" },
|
||||
{ "db": "all", "method": "md5", "type": "local", "usr": "postgres" },
|
||||
{ "db": "all", "method": "md5", "type": "local", "usr": "test" },
|
||||
{ "db": "all", "method": "md5", "type": "local", "usr": "all" },
|
||||
{ "db": "all", "method": "cert", "src": "blue", "type": "hostssl", "usr": "+some", "options": "clientcert=1 map=mymap" },
|
||||
{ "db": "all", "method": "cert", "src": "red", "type": "hostssl", "usr": "+some", "options": "clientcert=1 map=mymap" },
|
||||
{ "db": "all", "method": "md5", "src": "127.0.0.1/32", "type": "host", "usr": "all" },
|
||||
{ "db": "all", "method": "md5", "src": "::1/128", "type": "host", "usr": "all" },
|
||||
{ "db": "all", "method": "scram-sha-256", "src": "0:ff00::/120", "type": "host", "usr": "all" },
|
||||
{ "db": "replication", "method": "md5", "src": "192.168.0.0/24", "type": "host", "usr": "all" },
|
||||
{ "db": "all", "method": "md5", "src": "192.168.0.0/24", "type": "host", "usr": "all" },
|
||||
{ "db": "all", "method": "reject", "src": "192.168.1.0/24", "type": "host", "usr": "all" },
|
||||
{ "db": "all", "method": "trust", "src": "172.16.0.0/16", "type": "host", "usr": "all" },
|
||||
{ "db": "all", "method": "md5", "src": "0:fff0::/28", "type": "host", "usr": "all" }
|
||||
]'
|
||||
- 'pg_hba_change is changed'
|
||||
- 'pg_hba_checkmode_check.stat.exists == false'
|
||||
- 'not pg_hba_idempotency_check1 is changed'
|
||||
- 'not pg_hba_idempotency_check2 is changed'
|
||||
- 'pg_hba_idempotency_file_check.stat.exists == false'
|
||||
- 'prebackupstat.stat.checksum == postbackupstat.stat.checksum'
|
||||
- 'pg_hba_fail_src_all_with_netmask is failed'
|
||||
- 'not netmask_sameas_prefix_check is changed'
|
||||
- 'pg_hba_options is changed'
|
|
@ -1,6 +0,0 @@
|
|||
destructive
|
||||
shippable/posix/group4
|
||||
skip/aix
|
||||
skip/osx
|
||||
skip/macos
|
||||
disabled # tests already running in community.postgresql
|
|
@ -1,2 +0,0 @@
|
|||
---
|
||||
db_default: postgres
|
|
@ -1,2 +0,0 @@
|
|||
dependencies:
|
||||
- setup_postgresql_db
|
|
@ -1,9 +0,0 @@
|
|||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
# Initial CI tests of postgresql_ping module
|
||||
- import_tasks: postgresql_ping_initial.yml
|
||||
vars:
|
||||
db_name_nonexist: fake_db
|
|
@ -1,75 +0,0 @@
|
|||
# Test code for the postgresql_ping module
|
||||
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
- name: postgresql_ping - test return values
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_ping:
|
||||
db: "{{ db_default }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.is_available == true
|
||||
- result.server_version != {}
|
||||
- result.server_version.major != false
|
||||
- result.server_version.minor != false
|
||||
- result is not changed
|
||||
|
||||
- name: postgresql_ping - check ping of non-existing database doesn't return anything
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_ping:
|
||||
db: "{{ db_name_nonexist }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.is_available == false
|
||||
- result.server_version == {}
|
||||
- result is not changed
|
||||
|
||||
- name: postgresql_ping - ping DB with SSL
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_ping:
|
||||
db: "{{ ssl_db }}"
|
||||
login_user: "{{ ssl_user }}"
|
||||
login_password: "{{ ssl_pass }}"
|
||||
login_host: 127.0.0.1
|
||||
login_port: 5432
|
||||
ssl_mode: require
|
||||
ca_cert: '{{ ssl_rootcert }}'
|
||||
trust_input: yes
|
||||
register: result
|
||||
when:
|
||||
- ansible_os_family == 'Debian'
|
||||
- postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.is_available == true
|
||||
when:
|
||||
- ansible_os_family == 'Debian'
|
||||
- postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
||||
- name: postgresql_ping - check trust_input
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_ping:
|
||||
db: "{{ db_default }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
trust_input: no
|
||||
session_role: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
- result.msg is search('is potentially dangerous')
|
|
@ -1,6 +0,0 @@
|
|||
destructive
|
||||
shippable/posix/group4
|
||||
skip/aix
|
||||
skip/osx
|
||||
skip/macos
|
||||
disabled # tests already running in community.postgresql
|
|
@ -1,12 +0,0 @@
|
|||
db_name: ansible_db
|
||||
db_user1: ansible_db_user1
|
||||
db_user2: ansible_db_user2
|
||||
db_user3: ansible_db_user3
|
||||
db_user_with_dots1: role.with.dots1
|
||||
db_user_with_dots2: role.with.dots2
|
||||
db_name_with_hyphens: ansible-db
|
||||
db_user_with_hyphens: ansible-db-user
|
||||
db_schema_with_hyphens: ansible-db-schema
|
||||
db_session_role1: session_role1
|
||||
db_session_role2: session_role2
|
||||
dangerous_name: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
|
|
@ -1,2 +0,0 @@
|
|||
dependencies:
|
||||
- setup_postgresql_db
|
|
@ -1,19 +0,0 @@
|
|||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
- include_tasks: postgresql_privs_session_role.yml
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
||||
# Initial CI tests of postgresql_privs module:
|
||||
- include_tasks: postgresql_privs_initial.yml
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
||||
# General tests:
|
||||
- include_tasks: postgresql_privs_general.yml
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
||||
# Tests default_privs with target_role:
|
||||
- include_tasks: test_target_role.yml
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
|
@ -1,50 +0,0 @@
|
|||
- name: "Admin user is allowed to access pg_authid relation: password comparison will succeed, password won't be updated"
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
encrypted: 'yes'
|
||||
password: "md5{{ (db_password ~ db_user1) | hash('md5')}}"
|
||||
db: "{{ db_name }}"
|
||||
priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP'
|
||||
login_user: "{{ pg_user }}"
|
||||
register: redo_as_admin
|
||||
|
||||
- name: "Check that task succeeded without any change"
|
||||
assert:
|
||||
that:
|
||||
- 'redo_as_admin is not failed'
|
||||
- 'redo_as_admin is not changed'
|
||||
- 'redo_as_admin is successful'
|
||||
|
||||
- name: "Check that normal user isn't allowed to access pg_authid"
|
||||
shell: 'psql -c "select * from pg_authid;" {{ db_name }} {{ db_user1 }}'
|
||||
environment:
|
||||
PGPASSWORD: '{{ db_password }}'
|
||||
ignore_errors: yes
|
||||
register: pg_authid
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- 'pg_authid is failed'
|
||||
- pg_authid.stderr is search('permission denied for (relation|table) pg_authid')
|
||||
|
||||
- name: "Normal user isn't allowed to access pg_authid relation: password comparison will fail, password will be updated"
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
encrypted: 'yes'
|
||||
password: "md5{{ (db_password ~ db_user1) | hash('md5')}}"
|
||||
db: "{{ db_name }}"
|
||||
priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP'
|
||||
login_user: "{{ db_user1 }}"
|
||||
login_password: "{{ db_password }}"
|
||||
register: redo_as_normal_user
|
||||
|
||||
- name: "Check that task succeeded and that result is changed"
|
||||
assert:
|
||||
that:
|
||||
- 'redo_as_normal_user is not failed'
|
||||
- 'redo_as_normal_user is changed'
|
||||
- 'redo_as_normal_user is successful'
|
File diff suppressed because it is too large
Load diff
|
@ -1,407 +0,0 @@
|
|||
# The tests below were added initially and moved here
|
||||
# from the shared target called ``postgresql`` by @Andersson007 <aaklychkov@mail.ru>.
|
||||
# You can see modern examples of CI tests in postgresql_publication directory, for example.
|
||||
|
||||
#
|
||||
# Test settings privileges
|
||||
#
|
||||
- name: Create db
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
name: "{{ db_name }}"
|
||||
state: "present"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Create some tables on the db
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "create table test_table1 (field text);" | psql {{ db_name }}
|
||||
|
||||
- become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "create table test_table2 (field text);" | psql {{ db_name }}
|
||||
|
||||
- vars:
|
||||
db_password: 'secretù' # use UTF-8
|
||||
block:
|
||||
- name: Create a user with some permissions on the db
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
encrypted: 'yes'
|
||||
password: "md5{{ (db_password ~ db_user1) | hash('md5')}}"
|
||||
db: "{{ db_name }}"
|
||||
priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP'
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- include_tasks: pg_authid_not_readable.yml
|
||||
|
||||
- name: Check that the user has the requested permissions (table1)
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
|
||||
register: result_table1
|
||||
|
||||
- name: Check that the user has the requested permissions (table2)
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
|
||||
register: result_table2
|
||||
|
||||
- name: Check that the user has the requested permissions (database)
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
|
||||
register: result_database
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result_table1.stdout_lines[-1] == '(7 rows)'"
|
||||
- "'INSERT' in result_table1.stdout"
|
||||
- "'SELECT' in result_table1.stdout"
|
||||
- "'UPDATE' in result_table1.stdout"
|
||||
- "'DELETE' in result_table1.stdout"
|
||||
- "'TRUNCATE' in result_table1.stdout"
|
||||
- "'REFERENCES' in result_table1.stdout"
|
||||
- "'TRIGGER' in result_table1.stdout"
|
||||
- "result_table2.stdout_lines[-1] == '(1 row)'"
|
||||
- "'INSERT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
|
||||
- "result_database.stdout_lines[-1] == '(1 row)'"
|
||||
- "'{{ db_user1 }}=CTc/{{ pg_user }}' in result_database.stdout_lines[-2]"
|
||||
|
||||
- name: Add another permission for the user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
encrypted: 'yes'
|
||||
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
|
||||
db: "{{ db_name }}"
|
||||
priv: 'test_table2:select'
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
- name: Check that ansible reports it changed the user
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
- name: Check that the user has the requested permissions (table2)
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
|
||||
register: result_table2
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result_table2.stdout_lines[-1] == '(2 rows)'"
|
||||
- "'INSERT' in result_table2.stdout"
|
||||
- "'SELECT' in result_table2.stdout"
|
||||
|
||||
#
|
||||
# Test priv setting via postgresql_privs module
|
||||
# (Depends on state from previous _user privs tests)
|
||||
#
|
||||
|
||||
- name: Revoke a privilege
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
type: "table"
|
||||
state: "absent"
|
||||
roles: "{{ db_user1 }}"
|
||||
privs: "INSERT"
|
||||
objs: "test_table2"
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
trust_input: no
|
||||
register: result
|
||||
|
||||
- name: Check that ansible reports it changed the user
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
- name: Check that the user has the requested permissions (table2)
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
|
||||
register: result_table2
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result_table2.stdout_lines[-1] == '(1 row)'"
|
||||
- "'SELECT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
|
||||
|
||||
- name: Revoke many privileges on multiple tables
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
state: "absent"
|
||||
roles: "{{ db_user1 }}"
|
||||
privs: "INSERT,select,UPDATE,TRUNCATE,REFERENCES,TRIGGER,delete"
|
||||
objs: "test_table2,test_table1"
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
trust_input: no
|
||||
register: result
|
||||
|
||||
- name: Check that ansible reports it changed the user
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
- name: Check that permissions were revoked (table1)
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
|
||||
register: result_table1
|
||||
|
||||
- name: Check that permissions were revoked (table2)
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
|
||||
register: result_table2
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result_table1.stdout_lines[-1] == '(0 rows)'"
|
||||
- "result_table2.stdout_lines[-1] == '(0 rows)'"
|
||||
|
||||
- name: Revoke database privileges
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
type: "database"
|
||||
state: "absent"
|
||||
roles: "{{ db_user1 }}"
|
||||
privs: "Create,connect,TEMP"
|
||||
objs: "{{ db_name }}"
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
trust_input: no
|
||||
|
||||
- name: Check that the user has the requested permissions (database)
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
|
||||
register: result_database
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result_database.stdout_lines[-1] == '(1 row)'"
|
||||
- "'{{ db_user1 }}' not in result_database.stdout"
|
||||
|
||||
- name: Grant database privileges
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
type: "database"
|
||||
state: "present"
|
||||
roles: "{{ db_user1 }}"
|
||||
privs: "CREATE,connect"
|
||||
objs: "{{ db_name }}"
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
trust_input: no
|
||||
register: result
|
||||
|
||||
- name: Check that ansible reports it changed the user
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
- name: Check that the user has the requested permissions (database)
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
|
||||
register: result_database
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result_database.stdout_lines[-1] == '(1 row)'"
|
||||
- "'{{ db_user1 }}=Cc' in result_database.stdout"
|
||||
|
||||
- name: Grant a single privilege on a table
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
state: "present"
|
||||
roles: "{{ db_user1 }}"
|
||||
privs: "INSERT"
|
||||
objs: "test_table1"
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
trust_input: no
|
||||
|
||||
- name: Check that permissions were added (table1)
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
|
||||
register: result_table1
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result_table1.stdout_lines[-1] == '(1 row)'"
|
||||
- "'{{ result_table1.stdout_lines[-2] | trim }}' == 'INSERT'"
|
||||
|
||||
- name: Grant many privileges on multiple tables
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
state: "present"
|
||||
roles: "{{ db_user1 }}"
|
||||
privs: 'INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,trigger'
|
||||
objs: "test_table2,test_table1"
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
trust_input: no
|
||||
|
||||
- name: Check that permissions were added (table1)
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
|
||||
register: result_table1
|
||||
|
||||
- name: Check that permissions were added (table2)
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
|
||||
register: result_table2
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result_table1.stdout_lines[-1] == '(7 rows)'"
|
||||
- "'INSERT' in result_table1.stdout"
|
||||
- "'SELECT' in result_table1.stdout"
|
||||
- "'UPDATE' in result_table1.stdout"
|
||||
- "'DELETE' in result_table1.stdout"
|
||||
- "'TRUNCATE' in result_table1.stdout"
|
||||
- "'REFERENCES' in result_table1.stdout"
|
||||
- "'TRIGGER' in result_table1.stdout"
|
||||
- "result_table2.stdout_lines[-1] == '(7 rows)'"
|
||||
- "'INSERT' in result_table2.stdout"
|
||||
- "'SELECT' in result_table2.stdout"
|
||||
- "'UPDATE' in result_table2.stdout"
|
||||
- "'DELETE' in result_table2.stdout"
|
||||
- "'TRUNCATE' in result_table2.stdout"
|
||||
- "'REFERENCES' in result_table2.stdout"
|
||||
- "'TRIGGER' in result_table2.stdout"
|
||||
|
||||
# Check passing roles with dots
|
||||
# https://github.com/ansible/ansible/issues/63204
|
||||
- name: Create roles for further tests
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_user:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: "{{ item }}"
|
||||
loop:
|
||||
- "{{ db_user_with_dots1 }}"
|
||||
- "{{ db_user_with_dots2 }}"
|
||||
|
||||
- name: Pass role with dots in its name to roles parameter
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
state: "present"
|
||||
roles: "{{ db_user_with_dots1 }}"
|
||||
privs: "INSERT"
|
||||
objs: "test_table1"
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
trust_input: no
|
||||
|
||||
- name: Check that permissions were added (table1)
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user_with_dots1 }}' and table_name='test_table1'"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
# We don't need to check anything here, only that nothing failed
|
||||
- name: Pass role with dots in its name to target_roles parameter
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
state: "present"
|
||||
roles: "{{ db_user_with_dots1 }}"
|
||||
privs: "INSERT"
|
||||
objs: TABLES
|
||||
type: default_privs
|
||||
target_roles: "{{ db_user_with_dots2 }}"
|
||||
trust_input: no
|
||||
|
||||
# Bugfix for https://github.com/ansible-collections/community.general/issues/857
|
||||
- name: Test passing lowercase PUBLIC role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
type: 'database'
|
||||
privs: 'connect'
|
||||
role: 'public'
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["GRANT CONNECT ON database \"{{ db_name }}\" TO PUBLIC;"]
|
||||
|
||||
#
|
||||
# Cleanup
|
||||
#
|
||||
- name: Cleanup db
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
name: "{{ db_name }}"
|
||||
state: "absent"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Check that database was destroyed
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result.stdout_lines[-1] == '(0 rows)'"
|
||||
|
||||
- name: Cleanup test user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_user:
|
||||
name: "{{ item }}"
|
||||
state: 'absent'
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
loop:
|
||||
- "{{ db_user1 }}"
|
||||
- "{{ db_user2 }}"
|
||||
- "{{ db_user3 }}"
|
||||
- "{{ db_user_with_dots1 }}"
|
||||
- "{{ db_user_with_dots2 }}"
|
||||
|
||||
- name: Check that they were removed
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result.stdout_lines[-1] == '(0 rows)'"
|
|
@ -1,102 +0,0 @@
|
|||
- name: Create a high privileged user
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ db_session_role1 }}"
|
||||
state: "present"
|
||||
password: "password"
|
||||
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
|
||||
- name: Create a low privileged user using the newly created user
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ db_session_role2 }}"
|
||||
state: "present"
|
||||
password: "password"
|
||||
role_attr_flags: "LOGIN"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
db: postgres
|
||||
|
||||
- name: Create DB as session_role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
register: result
|
||||
|
||||
- name: Create table to be able to grant privileges
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
shell: echo "CREATE TABLE test(i int); CREATE TABLE test2(i int);" | psql -AtXq "{{ db_session_role1 }}"
|
||||
|
||||
- name: Grant all privileges on test1 table to low privileged user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
db: "{{ db_session_role1 }}"
|
||||
type: table
|
||||
objs: test
|
||||
roles: "{{ db_session_role2 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
privs: select
|
||||
admin_option: yes
|
||||
|
||||
- name: Verify admin option was successful for grants
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
db: "{{ db_session_role1 }}"
|
||||
type: table
|
||||
objs: test
|
||||
roles: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
privs: select
|
||||
session_role: "{{ db_session_role2 }}"
|
||||
|
||||
- name: Verify no grants can be granted for test2 table
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
db: "{{ db_session_role1 }}"
|
||||
type: table
|
||||
objs: test2
|
||||
roles: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
privs: update
|
||||
session_role: "{{ db_session_role2 }}"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
|
||||
########################
|
||||
# Test trust_input param
|
||||
|
||||
- name: Verify trust_input parameter
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
db: "{{ db_session_role1 }}"
|
||||
type: table
|
||||
objs: test2
|
||||
roles: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
privs: update
|
||||
session_role: "{{ dangerous_name }}"
|
||||
trust_input: no
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
- result.msg == 'Passed input \'{{ dangerous_name }}\' is potentially dangerous'
|
|
@ -1,120 +0,0 @@
|
|||
# Setup
|
||||
- name: Create a test user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
|
||||
- name: Create DB
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_name }}"
|
||||
owner: "{{ db_user1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Create a user to be given permissions and other tests
|
||||
postgresql_user:
|
||||
name: "{{ db_user2 }}"
|
||||
state: present
|
||||
encrypted: yes
|
||||
password: password
|
||||
role_attr_flags: LOGIN
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
#######################################
|
||||
# Test default_privs with target_role #
|
||||
#######################################
|
||||
|
||||
# Test
|
||||
- name: Grant default privileges for new table objects
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
db: "{{ db_name }}"
|
||||
objs: TABLES
|
||||
privs: SELECT
|
||||
type: default_privs
|
||||
role: "{{ db_user2 }}"
|
||||
target_roles: "{{ db_user1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- assert:
|
||||
that: result is changed
|
||||
|
||||
- name: Check that default privileges are set
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
shell: psql {{ db_name }} -c "SELECT defaclrole, defaclobjtype, defaclacl FROM pg_default_acl a JOIN pg_roles b ON a.defaclrole=b.oid;" -t
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that: "'{{ db_user2 }}=r/{{ db_user1 }}' in '{{ result.stdout_lines[0] }}'"
|
||||
|
||||
# Test
|
||||
- name: Revoke default privileges for new table objects
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
db: "{{ db_name }}"
|
||||
state: absent
|
||||
objs: TABLES
|
||||
privs: SELECT
|
||||
type: default_privs
|
||||
role: "{{ db_user2 }}"
|
||||
target_roles: "{{ db_user1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- assert:
|
||||
that: result is changed
|
||||
|
||||
# Cleanup
|
||||
- name: Remove user given permissions
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_user:
|
||||
name: "{{ db_user2 }}"
|
||||
state: absent
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Remove user owner of objects
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_user:
|
||||
name: "{{ db_user3 }}"
|
||||
state: absent
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Destroy DBs
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: absent
|
||||
name: "{{ item }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
loop:
|
||||
- "{{ db_name }}"
|
||||
- "{{ db_session_role1 }}"
|
||||
|
||||
- name: Remove test users
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_user:
|
||||
name: "{{ item }}"
|
||||
state: absent
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
loop:
|
||||
- "{{ db_user1 }}"
|
||||
- "{{ db_session_role1 }}"
|
||||
- "{{ db_session_role2 }}"
|
|
@ -1,7 +0,0 @@
|
|||
destructive
|
||||
shippable/posix/group4
|
||||
skip/aix
|
||||
skip/osx
|
||||
skip/macos
|
||||
skip/freebsd
|
||||
disabled # tests already running in community.postgresql
|
|
@ -1,2 +0,0 @@
|
|||
dependencies:
|
||||
- setup_postgresql_db
|
|
@ -1,8 +0,0 @@
|
|||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
# Initial CI tests of postgresql_publication module
|
||||
- import_tasks: postgresql_publication_initial.yml
|
||||
when: postgres_version_resp.stdout is version('10', '>=')
|
|
@ -1,436 +0,0 @@
|
|||
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# The file for testing postgresql_copy module.
|
||||
|
||||
- vars:
|
||||
test_table1: acme1
|
||||
test_table2: acme2
|
||||
test_table3: acme3
|
||||
test_pub: acme_publ
|
||||
test_role: alice
|
||||
dangerous_name: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
|
||||
test_schema: acme_schema
|
||||
test_db: acme_db
|
||||
task_parameters: &task_parameters
|
||||
become_user: '{{ pg_user }}'
|
||||
become: yes
|
||||
register: result
|
||||
pg_parameters: &pg_parameters
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: '{{ test_db }}'
|
||||
|
||||
block:
|
||||
#################################################
|
||||
# Test preparation, create database test objects:
|
||||
- name: postgresql_publication - create test db
|
||||
<<: *task_parameters
|
||||
postgresql_db:
|
||||
login_user: '{{ pg_user }}'
|
||||
maintenance_db: postgres
|
||||
name: '{{ test_db }}'
|
||||
|
||||
- name: postgresql_publication - create test schema
|
||||
<<: *task_parameters
|
||||
postgresql_schema:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_schema }}'
|
||||
|
||||
- name: postgresql_publication - create test role
|
||||
<<: *task_parameters
|
||||
postgresql_user:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_role }}'
|
||||
role_attr_flags: SUPERUSER
|
||||
|
||||
- name: postgresql_publication - create test tables
|
||||
<<: *task_parameters
|
||||
postgresql_table:
|
||||
<<: *pg_parameters
|
||||
name: '{{ item }}'
|
||||
columns:
|
||||
- id int
|
||||
loop:
|
||||
- '{{ test_table1 }}'
|
||||
- '{{ test_schema }}.{{ test_table2 }}'
|
||||
- '{{ test_table3 }}'
|
||||
|
||||
|
||||
################
|
||||
# Do main tests:
|
||||
|
||||
# Test
|
||||
- name: postgresql_publication - create publication, check_mode
|
||||
<<: *task_parameters
|
||||
postgresql_publication:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_pub }}'
|
||||
trust_input: no
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.exists == false
|
||||
- result.queries == ["CREATE PUBLICATION \"{{ test_pub }}\" FOR ALL TABLES"]
|
||||
|
||||
# Check
|
||||
- name: postgresql_publication - check that nothing has been changed
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: SELECT * FROM pg_publication WHERE pubname = '{{ test_pub }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
# Test
|
||||
- name: postgresql_publication - create publication
|
||||
<<: *task_parameters
|
||||
postgresql_publication:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_pub }}'
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.exists == true
|
||||
- result.queries == ["CREATE PUBLICATION \"{{ test_pub }}\" FOR ALL TABLES"]
|
||||
- result.owner == '{{ pg_user }}'
|
||||
- result.alltables == true
|
||||
- result.tables == []
|
||||
- result.parameters.publish != {}
|
||||
|
||||
# Check
|
||||
- name: postgresql_publication - check that nothing has been changed
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: >
|
||||
SELECT * FROM pg_publication WHERE pubname = '{{ test_pub }}'
|
||||
AND pubowner = '10' AND puballtables = 't'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
# Test
|
||||
- name: postgresql_publication - drop publication, check_mode
|
||||
<<: *task_parameters
|
||||
postgresql_publication:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_pub }}'
|
||||
state: absent
|
||||
trust_input: no
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.exists == true
|
||||
- result.queries == ["DROP PUBLICATION \"{{ test_pub }}\""]
|
||||
- result.owner == '{{ pg_user }}'
|
||||
- result.alltables == true
|
||||
- result.tables == []
|
||||
- result.parameters.publish != {}
|
||||
|
||||
# Check
|
||||
- name: postgresql_publication - check that nothing has been changed
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: SELECT * FROM pg_publication WHERE pubname = '{{ test_pub }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
# Test
|
||||
- name: postgresql_publication - drop publication
|
||||
<<: *task_parameters
|
||||
postgresql_publication:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_pub }}'
|
||||
state: absent
|
||||
cascade: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.exists == false
|
||||
- result.queries == ["DROP PUBLICATION \"{{ test_pub }}\" CASCADE"]
|
||||
|
||||
# Check
|
||||
- name: postgresql_publication - check that publication does not exist
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: SELECT * FROM pg_publication WHERE pubname = '{{ test_pub }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
# Test
|
||||
- name: postgresql_publication - create publication with tables, owner, params
|
||||
<<: *task_parameters
|
||||
postgresql_publication:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_pub }}'
|
||||
owner: '{{ test_role }}'
|
||||
tables:
|
||||
- '{{ test_table1 }}'
|
||||
- '{{ test_schema }}.{{ test_table2 }}'
|
||||
parameters:
|
||||
publish: 'insert'
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["CREATE PUBLICATION \"{{ test_pub }}\" FOR TABLE \"public\".\"{{ test_table1 }}\", \"{{ test_schema }}\".\"{{ test_table2 }}\" WITH (publish = 'insert')", "ALTER PUBLICATION \"{{ test_pub }}\" OWNER TO \"{{ test_role }}\""]
|
||||
- result.owner == '{{ test_role }}'
|
||||
- result.tables == ["\"public\".\"{{ test_table1 }}\"", "\"{{ test_schema }}\".\"{{ test_table2 }}\""]
|
||||
- result.parameters.publish.insert == true
|
||||
- result.parameters.publish.delete == false
|
||||
|
||||
# Check 1
|
||||
- name: postgresql_publication - check that test publication exists
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: >
|
||||
SELECT * FROM pg_publication WHERE pubname = '{{ test_pub }}'
|
||||
AND pubowner != '10' AND puballtables = 'f' AND pubinsert = 't' AND pubdelete = 'f'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
# Check 2
|
||||
- name: postgresql_publication - check that test_table1 from schema public is in publication
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: SELECT * FROM pg_publication_tables WHERE pubname = '{{ test_pub }}' AND schemaname = 'public'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
# Check 3
|
||||
- name: postgresql_publication - check that test_table2 from test schema is in publication
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: SELECT * FROM pg_publication_tables WHERE pubname = '{{ test_pub }}' AND schemaname = '{{ test_schema }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
# Test
|
||||
- name: postgresql_publication - test trust_input parameter
|
||||
<<: *task_parameters
|
||||
postgresql_publication:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_pub }}'
|
||||
session_role: '{{ dangerous_name }}'
|
||||
owner: '{{ dangerous_name }}'
|
||||
trust_input: no
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
- result.msg is search('is potentially dangerous')
|
||||
|
||||
# Test
|
||||
- name: postgresql_publication - add table to publication, change owner, check_mode
|
||||
<<: *task_parameters
|
||||
postgresql_publication:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_pub }}'
|
||||
owner: '{{ pg_user }}'
|
||||
tables:
|
||||
- '{{ test_table1 }}'
|
||||
- '{{ test_schema }}.{{ test_table2 }}'
|
||||
- '{{ test_table3 }}'
|
||||
trust_input: no
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["ALTER PUBLICATION \"{{ test_pub }}\" ADD TABLE \"public\".\"{{ test_table3 }}\"", "ALTER PUBLICATION \"{{ test_pub }}\" OWNER TO \"{{ pg_user }}\""]
|
||||
- result.tables == ["\"public\".\"{{ test_table1 }}\"", "\"{{ test_schema }}\".\"{{ test_table2 }}\""]
|
||||
|
||||
# Check
|
||||
- name: postgresql_publication - check that nothing changes after the previous step
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: >
|
||||
SELECT * FROM pg_publication WHERE pubname = '{{ test_pub }}'
|
||||
AND pubowner != '10' AND puballtables = 'f' AND pubinsert = 't' AND pubupdate = 't'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
# Check
|
||||
- name: postgresql_publication - check that 2 tables are in publication
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: SELECT * FROM pg_publication_tables WHERE pubname = '{{ test_pub }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 2
|
||||
|
||||
# Test
|
||||
- name: postgresql_publication - add table to publication, change owner
|
||||
<<: *task_parameters
|
||||
postgresql_publication:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_pub }}'
|
||||
owner: '{{ pg_user }}'
|
||||
tables:
|
||||
- '{{ test_table1 }}'
|
||||
- '{{ test_schema }}.{{ test_table2 }}'
|
||||
- '{{ test_table3 }}'
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["ALTER PUBLICATION \"{{ test_pub }}\" ADD TABLE \"public\".\"{{ test_table3 }}\"", "ALTER PUBLICATION \"{{ test_pub }}\" OWNER TO \"{{ pg_user }}\""]
|
||||
- result.tables == ["\"public\".\"{{ test_table1 }}\"", "\"{{ test_schema }}\".\"{{ test_table2 }}\"", "\"public\".\"{{ test_table3 }}\""]
|
||||
|
||||
# Check 1
|
||||
- name: postgresql_publication - check owner has been changed
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: >
|
||||
SELECT * FROM pg_publication WHERE pubname = '{{ test_pub }}' AND pubowner = '10'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
# Check 2
|
||||
- name: postgresql_publication - check that 3 tables are in publication
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: SELECT * FROM pg_publication_tables WHERE pubname = '{{ test_pub }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 3
|
||||
|
||||
# Test
|
||||
- name: postgresql_publication - remove table from publication, check_mode
|
||||
<<: *task_parameters
|
||||
postgresql_publication:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_pub }}'
|
||||
tables:
|
||||
- '{{ test_table1 }}'
|
||||
- '{{ test_schema }}.{{ test_table2 }}'
|
||||
parameters:
|
||||
publish: 'insert'
|
||||
trust_input: no
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["ALTER PUBLICATION \"{{ test_pub }}\" DROP TABLE \"public\".\"{{ test_table3 }}\""]
|
||||
- result.tables == ["\"public\".\"{{ test_table1 }}\"", "\"{{ test_schema }}\".\"{{ test_table2 }}\"", "\"public\".\"{{ test_table3 }}\""]
|
||||
|
||||
# Check 1
|
||||
- name: postgresql_publication - check that 3 tables are in publication
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: SELECT * FROM pg_publication_tables WHERE pubname = '{{ test_pub }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 3
|
||||
|
||||
# Check 2
|
||||
- name: postgresql_publication - check no parameters have been changed
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: SELECT * FROM pg_publication WHERE pubname = '{{ test_pub }}' AND pubinsert = 't'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
# Test
|
||||
- name: postgresql_publication - remove table from publication
|
||||
<<: *task_parameters
|
||||
postgresql_publication:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_pub }}'
|
||||
tables:
|
||||
- '{{ test_table1 }}'
|
||||
- '{{ test_schema }}.{{ test_table2 }}'
|
||||
parameters:
|
||||
publish: 'delete'
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["ALTER PUBLICATION \"{{ test_pub }}\" DROP TABLE \"public\".\"{{ test_table3 }}\"", "ALTER PUBLICATION \"{{ test_pub }}\" SET (publish = 'delete')"]
|
||||
- result.tables == ["\"public\".\"{{ test_table1 }}\"", "\"{{ test_schema }}\".\"{{ test_table2 }}\""]
|
||||
|
||||
# Check 1
|
||||
- name: postgresql_publication - check that 2 tables are in publication
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: SELECT * FROM pg_publication_tables WHERE pubname = '{{ test_pub }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 2
|
||||
|
||||
# Check 2
|
||||
- name: postgresql_publication - check parameter has been changed
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: SELECT * FROM pg_publication WHERE pubname = '{{ test_pub }}' AND pubinsert = 'f'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
always:
|
||||
###########
|
||||
# Clean up:
|
||||
|
||||
- name: postgresql_publication - remove test db
|
||||
<<: *task_parameters
|
||||
postgresql_db:
|
||||
login_user: '{{ pg_user }}'
|
||||
maintenance_db: postgres
|
||||
name: '{{ test_db }}'
|
||||
state: absent
|
||||
|
||||
- name: postgresql_publication - remove test role
|
||||
<<: *task_parameters
|
||||
postgresql_user:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
name: '{{ test_role }}'
|
||||
state: absent
|
|
@ -1,6 +0,0 @@
|
|||
destructive
|
||||
shippable/posix/group4
|
||||
skip/aix
|
||||
skip/osx
|
||||
skip/macos
|
||||
disabled # tests already running in community.postgresql
|
|
@ -1,2 +0,0 @@
|
|||
dependencies:
|
||||
- setup_postgresql_db
|
|
@ -1,7 +0,0 @@
|
|||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
# Initial CI tests of postgresql_query module
|
||||
- import_tasks: postgresql_query_initial.yml
|
|
@ -1,534 +0,0 @@
|
|||
- name: postgresql_query - drop test table if exists
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
shell: psql postgres -U "{{ pg_user }}" -t -c "DROP TABLE IF EXISTS test_table;"
|
||||
ignore_errors: true
|
||||
|
||||
- name: postgresql_query - create test table called test_table
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
shell: psql postgres -U "{{ pg_user }}" -t -c "CREATE TABLE test_table (id int, story text);"
|
||||
ignore_errors: true
|
||||
|
||||
- name: postgresql_query - insert some data into test_table
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
shell: psql postgres -U "{{ pg_user }}" -t -c "INSERT INTO test_table (id, story) VALUES (1, 'first'), (2, 'second'), (3, 'third');"
|
||||
ignore_errors: true
|
||||
|
||||
- name: postgresql_query - remove SQL script if exists
|
||||
become: true
|
||||
file:
|
||||
path: ~{{ pg_user}}/test.sql
|
||||
state: absent
|
||||
ignore_errors: true
|
||||
|
||||
- name: postgresql_query - create an empty file to check permission
|
||||
become: true
|
||||
file:
|
||||
path: ~{{ pg_user}}/test.sql
|
||||
state: touch
|
||||
owner: '{{ pg_user }}'
|
||||
group: '{{ pg_user }}'
|
||||
mode: '0644'
|
||||
register: sql_file_created
|
||||
ignore_errors: true
|
||||
|
||||
- name: postgresql_query - prepare SQL script
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
shell: echo "{{ item }}" >> ~{{ pg_user}}/test.sql
|
||||
ignore_errors: true
|
||||
with_items:
|
||||
- SELECT version();
|
||||
- SELECT story FROM test_table
|
||||
- WHERE id = %s OR story = 'Данные';
|
||||
when: sql_file_created
|
||||
- name: postgresql_query - analyze test_table
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
db: postgres
|
||||
query: ANALYZE test_table
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.query == 'ANALYZE test_table'
|
||||
- result.query_list == ['ANALYZE test_table']
|
||||
- result.rowcount == 0
|
||||
- result.statusmessage == 'ANALYZE'
|
||||
- result.query_result == {}
|
||||
- result.query_all_results == [{}]
|
||||
|
||||
- name: postgresql_query - run queries from SQL script
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
db: postgres
|
||||
path_to_script: ~{{ pg_user }}/test.sql
|
||||
positional_args:
|
||||
- 1
|
||||
encoding: UTF-8
|
||||
register: result
|
||||
ignore_errors: true
|
||||
when: sql_file_created
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.query == "\nSELECT story FROM test_table\nWHERE id = 1 OR story = 'Данные'"
|
||||
- result.query_result[0].story == 'first'
|
||||
- result.query_all_results[0][0].version is search('PostgreSQL')
|
||||
- result.query_all_results[1][0].story == 'first'
|
||||
- result.rowcount == 2
|
||||
- result.statusmessage == 'SELECT 1' or result.statusmessage == 'SELECT'
|
||||
when: sql_file_created
|
||||
|
||||
- name: postgresql_query - simple select query to test_table
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
db: postgres
|
||||
query: SELECT * FROM test_table
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.query == 'SELECT * FROM test_table'
|
||||
- result.rowcount == 3
|
||||
- result.statusmessage == 'SELECT 3' or result.statusmessage == 'SELECT'
|
||||
- result.query_result[0].id == 1
|
||||
- result.query_result[1].id == 2
|
||||
- result.query_result[2].id == 3
|
||||
- result.query_result[0].story == 'first'
|
||||
- result.query_result[1].story == 'second'
|
||||
- result.query_result[2].story == 'third'
|
||||
|
||||
- name: postgresql_query - select query with named args
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
db: postgres
|
||||
query: SELECT id FROM test_table WHERE id = %(id_val)s AND story = %(story_val)s
|
||||
named_args:
|
||||
id_val: 1
|
||||
story_val: first
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.query == "SELECT id FROM test_table WHERE id = 1 AND story = 'first'" or result.query == "SELECT id FROM test_table WHERE id = 1 AND story = E'first'"
|
||||
- result.rowcount == 1
|
||||
- result.statusmessage == 'SELECT 1' or result.statusmessage == 'SELECT'
|
||||
- result.query_result[0].id == 1
|
||||
|
||||
- name: postgresql_query - select query with positional arguments
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
db: postgres
|
||||
query: SELECT story FROM test_table WHERE id = %s AND story = %s
|
||||
positional_args:
|
||||
- 2
|
||||
- second
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.query == "SELECT story FROM test_table WHERE id = 2 AND story = 'second'" or result.query == "SELECT story FROM test_table WHERE id = 2 AND story = E'second'"
|
||||
- result.rowcount == 1
|
||||
- result.statusmessage == 'SELECT 1' or result.statusmessage == 'SELECT'
|
||||
- result.query_result[0].story == 'second'
|
||||
|
||||
- name: postgresql_query - simple update query
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
db: postgres
|
||||
query: UPDATE test_table SET story = 'new' WHERE id = 3
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.query == "UPDATE test_table SET story = 'new' WHERE id = 3"
|
||||
- result.rowcount == 1
|
||||
- result.statusmessage == 'UPDATE 1'
|
||||
- result.query_result == {}
|
||||
|
||||
- name: check the previous update
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
db: postgres
|
||||
query: SELECT * FROM test_table WHERE story = 'new' AND id = 3
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: postgresql_query - simple update query in check_mode
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
db: postgres
|
||||
query: UPDATE test_table SET story = 'CHECK_MODE' WHERE id = 3
|
||||
register: result
|
||||
check_mode: true
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.query == "UPDATE test_table SET story = 'CHECK_MODE' WHERE id = 3"
|
||||
- result.rowcount == 1
|
||||
- result.statusmessage == 'UPDATE 1'
|
||||
- result.query_result == {}
|
||||
|
||||
- name: check the previous update that nothing has been changed
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
db: postgres
|
||||
query: SELECT * FROM test_table WHERE story = 'CHECK_MODE' AND id = 3
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
- name: postgresql_query - try to update not existing row
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
db: postgres
|
||||
query: UPDATE test_table SET story = 'new' WHERE id = 100
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.query == "UPDATE test_table SET story = 'new' WHERE id = 100"
|
||||
- result.rowcount == 0
|
||||
- result.statusmessage == 'UPDATE 0'
|
||||
- result.query_result == {}
|
||||
|
||||
- name: postgresql_query - insert query
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
db: postgres
|
||||
query: INSERT INTO test_table (id, story) VALUES (%s, %s)
|
||||
positional_args:
|
||||
- 4
|
||||
- fourth
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.query == "INSERT INTO test_table (id, story) VALUES (4, 'fourth')" or result.query == "INSERT INTO test_table (id, story) VALUES (4, E'fourth')"
|
||||
- result.rowcount == 1
|
||||
- result.statusmessage == 'INSERT 0 1'
|
||||
- result.query_result == {}
|
||||
|
||||
- name: postgresql_query - truncate test_table
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
db: postgres
|
||||
query: TRUNCATE test_table
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.query == "TRUNCATE test_table"
|
||||
- result.rowcount == 0
|
||||
- result.statusmessage == 'TRUNCATE TABLE'
|
||||
- result.query_result == {}
|
||||
|
||||
- name: postgresql_query - alter test_table
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
db: postgres
|
||||
query: ALTER TABLE test_table ADD COLUMN foo int
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.query == "ALTER TABLE test_table ADD COLUMN foo int"
|
||||
- result.rowcount == 0
|
||||
- result.statusmessage == 'ALTER TABLE'
|
||||
|
||||
- name: postgresql_query - vacuum without autocommit must fail
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
db: postgres
|
||||
query: VACUUM
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.failed == true
|
||||
|
||||
- name: postgresql_query - autocommit in check_mode must fail
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
db: postgres
|
||||
query: VACUUM
|
||||
autocommit: true
|
||||
check_mode: true
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.failed == true
|
||||
- result.msg == "Using autocommit is mutually exclusive with check_mode"
|
||||
|
||||
- name: postgresql_query - vacuum with autocommit
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
db: postgres
|
||||
query: VACUUM
|
||||
autocommit: true
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.query == "VACUUM"
|
||||
- result.rowcount == 0
|
||||
- result.statusmessage == 'VACUUM'
|
||||
- result.query_result == {}
|
||||
|
||||
- name: postgresql_query - create test table for issue 59955
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_table:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
name: test_array_table
|
||||
columns:
|
||||
- arr_col int[]
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
||||
- set_fact:
|
||||
my_list:
|
||||
- 1
|
||||
- 2
|
||||
- 3
|
||||
my_arr: '{1, 2, 3}'
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
||||
- name: postgresql_query - insert array into test table by positional args
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
query: INSERT INTO test_array_table (arr_col) VALUES (%s)
|
||||
positional_args:
|
||||
- '{{ my_list }}'
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.query == "INSERT INTO test_array_table (arr_col) VALUES ('{1, 2, 3}')"
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
||||
- name: postgresql_query - select array from test table by passing positional_args
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
query: SELECT * FROM test_array_table WHERE arr_col = %s
|
||||
positional_args:
|
||||
- '{{ my_list }}'
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.query == "SELECT * FROM test_array_table WHERE arr_col = '{1, 2, 3}'"
|
||||
- result.rowcount == 1
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
||||
- name: postgresql_query - select array from test table by passing named_args
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
query: SELECT * FROM test_array_table WHERE arr_col = %(arr_val)s
|
||||
named_args:
|
||||
arr_val:
|
||||
- '{{ my_list }}'
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.query == "SELECT * FROM test_array_table WHERE arr_col = '{1, 2, 3}'"
|
||||
- result.rowcount == 1
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
||||
- name: postgresql_query - select array from test table by passing positional_args as a string
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
query: SELECT * FROM test_array_table WHERE arr_col = %s
|
||||
positional_args:
|
||||
- '{{ my_arr|string }}'
|
||||
trust_input: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.query == "SELECT * FROM test_array_table WHERE arr_col = '{1, 2, 3}'"
|
||||
- result.rowcount == 1
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
||||
- name: postgresql_query - test trust_input parameter
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
session_role: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
|
||||
query: SELECT version()
|
||||
trust_input: no
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
- result.msg is search('is potentially dangerous')
|
||||
|
||||
- name: postgresql_query - clean up
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_table:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
name: test_array_table
|
||||
state: absent
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
||||
#############################
|
||||
# Check search_path parameter
|
||||
|
||||
- name: postgresql_set - create test schemas
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_schema:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
name: '{{ item }}'
|
||||
loop:
|
||||
- query_test1
|
||||
- query_test2
|
||||
|
||||
- name: postgresql_set - create test tables
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_table:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
name: '{{ item }}'
|
||||
columns:
|
||||
- id int
|
||||
loop:
|
||||
- 'query_test1.test1'
|
||||
- 'query_test2.test2'
|
||||
|
||||
- name: postgresql_query - insert data
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
query: 'INSERT INTO {{ item }} (id) VALUES (1)'
|
||||
search_path:
|
||||
- query_test1
|
||||
- query_test2
|
||||
loop:
|
||||
- test1
|
||||
- test2
|
||||
|
||||
- name: postgresql_query - get data
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
query: 'SELECT id FROM test1'
|
||||
search_path:
|
||||
- query_test1
|
||||
- query_test2
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: postgresql_query - get data, must fail
|
||||
become_user: '{{ pg_user }}'
|
||||
become: true
|
||||
postgresql_query:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
query: 'SELECT id FROM test1'
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
|
@ -1,6 +0,0 @@
|
|||
destructive
|
||||
shippable/posix/group4
|
||||
skip/aix
|
||||
skip/osx
|
||||
skip/macos
|
||||
disabled # tests already running in community.postgresql
|
|
@ -1,7 +0,0 @@
|
|||
---
|
||||
db_name: 'ansible_db'
|
||||
db_user1: 'ansible_db_user1'
|
||||
db_user2: 'ansible_db_user2'
|
||||
dangerous_name: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
|
||||
db_session_role1: 'session_role1'
|
||||
db_session_role2: 'session_role2'
|
|
@ -1,2 +0,0 @@
|
|||
dependencies:
|
||||
- setup_postgresql_db
|
|
@ -1,9 +0,0 @@
|
|||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
- import_tasks: postgresql_schema_session_role.yml
|
||||
|
||||
# Initial CI tests of postgresql_schema module
|
||||
- import_tasks: postgresql_schema_initial.yml
|
|
@ -1,331 +0,0 @@
|
|||
---
|
||||
|
||||
# Setup
|
||||
- name: Create test roles
|
||||
postgresql_user:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
encrypted: yes
|
||||
password: password
|
||||
role_attr_flags: LOGIN
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
loop:
|
||||
- "{{ db_user1 }}"
|
||||
- "{{ db_user2 }}"
|
||||
|
||||
- name: Create DB
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_name }}"
|
||||
owner: "{{ db_user1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
# Test: CREATE SCHEMA in checkmode
|
||||
- name: Create a new schema with name "acme" in check_mode
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
check_mode: yes
|
||||
postgresql_schema:
|
||||
database: "{{ db_name }}"
|
||||
name: acme
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.schema == 'acme'
|
||||
|
||||
- name: Check that the new schema "acme" not exists
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT schema_name FROM information_schema.schemata WHERE schema_name = 'acme'"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
# Test: CREATE SCHEMA
|
||||
- name: Create a new schema with name "acme"
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_schema:
|
||||
database: "{{ db_name }}"
|
||||
name: acme
|
||||
login_user: "{{ pg_user }}"
|
||||
trust_input: yes
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.schema == 'acme'
|
||||
- result.queries == [ 'CREATE SCHEMA "acme"' ]
|
||||
|
||||
- name: Check that the new schema "acme" exists
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT schema_name FROM information_schema.schemata WHERE schema_name = 'acme'"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
# Test: DROP SCHEMA in checkmode
|
||||
- name: Drop schema "acme" in check_mode
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
check_mode: yes
|
||||
postgresql_schema:
|
||||
database: "{{ db_name }}"
|
||||
name: acme
|
||||
state: absent
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
|
||||
- name: Check that the new schema "acme" still exists
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT schema_name FROM information_schema.schemata WHERE schema_name = 'acme'"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
# Test: DROP SCHEMA
|
||||
- name: Drop schema "acme"
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_schema:
|
||||
database: "{{ db_name }}"
|
||||
name: acme
|
||||
state: absent
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == [ 'DROP SCHEMA "acme"' ]
|
||||
|
||||
- name: Check that no schema "acme" exists
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT schema_name FROM information_schema.schemata WHERE schema_name = 'acme'"
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
# Test: trust_input parameter
|
||||
- name: Create a new schema with potentially dangerous owner name
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_schema:
|
||||
database: "{{ db_name }}"
|
||||
name: acme
|
||||
login_user: "{{ pg_user }}"
|
||||
owner: "{{ dangerous_name }}"
|
||||
trust_input: no
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
# Checks
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
- result.msg == 'Passed input \'{{ dangerous_name }}\' is potentially dangerous'
|
||||
|
||||
# Test: CREATE SCHEMA; WITH TABLE for DROP CASCADE test
|
||||
- name: Create a new schema "acme"
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_schema:
|
||||
database: "{{ db_name }}"
|
||||
name: acme
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
- name: Create table in schema for DROP CASCADE check
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "CREATE TABLE acme.table1()"
|
||||
register: result2
|
||||
|
||||
# Checks
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.schema == 'acme'
|
||||
- result.queries == [ 'CREATE SCHEMA "acme"' ]
|
||||
- result2.changed == true
|
||||
- result2.statusmessage == 'CREATE TABLE'
|
||||
|
||||
- name: Check that the new schema "acme" exists
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT schema_name,schema_owner FROM information_schema.schemata WHERE schema_name = 'acme'"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: Check that the new table "table1" in schema 'acme' exists
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT EXISTS (SELECT 1 FROM pg_tables WHERE schemaname = 'acme' AND tablename = 'table1')"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
# Test: DROP SCHEMA ... CASCADE;
|
||||
- name: Drop schema "acme" with cascade
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_schema:
|
||||
database: "{{ db_name }}"
|
||||
name: acme
|
||||
state: absent
|
||||
cascade_drop: yes
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == [ 'DROP SCHEMA "acme" CASCADE' ]
|
||||
|
||||
- name: Check that no schema "acme" exists
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT schema_name FROM information_schema.schemata WHERE schema_name = 'acme'"
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
# Test: CREATE SCHEMA WITH OWNER ...;
|
||||
- name: Create a new schema "acme" with a user "{{ db_user2 }}" who will own it
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_schema:
|
||||
database: "{{ db_name }}"
|
||||
name: acme
|
||||
owner: "{{ db_user2 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.schema == 'acme'
|
||||
- result.queries == [ 'CREATE SCHEMA "acme" AUTHORIZATION "{{ db_user2 }}"' ]
|
||||
|
||||
- name: Check that the new schema "acme" exists and "{{ db_user2 }}" own it
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT schema_name,schema_owner FROM information_schema.schemata WHERE schema_name = 'acme' AND schema_owner = '{{ db_user2 }}'"
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
# Test: DROP SCHEMA
|
||||
- name: Drop schema "acme"
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_schema:
|
||||
database: "{{ db_name }}"
|
||||
name: acme
|
||||
state: absent
|
||||
login_user: "{{ pg_user }}"
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == [ 'DROP SCHEMA "acme"' ]
|
||||
|
||||
- name: Check that no schema "acme" exists
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT schema_name FROM information_schema.schemata WHERE schema_name = 'acme'"
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
|
||||
# Cleanup
|
||||
- name: Remove user
|
||||
postgresql_user:
|
||||
name: "{{ db_user2 }}"
|
||||
state: absent
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Destroy DB
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: absent
|
||||
name: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
|
@ -1,78 +0,0 @@
|
|||
- name: Create a high privileged user
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ db_session_role1 }}"
|
||||
state: "present"
|
||||
password: "password"
|
||||
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
|
||||
- name: Create DB as session_role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
register: result
|
||||
|
||||
- name: Create schema in own database
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_schema:
|
||||
database: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: "{{ db_session_role1 }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
|
||||
- name: Create schema in own database, should be owned by session_role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_schema:
|
||||
database: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: "{{ db_session_role1 }}"
|
||||
owner: "{{ db_session_role1 }}"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
|
||||
- name: Fail when creating schema in postgres database as a regular user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_schema:
|
||||
database: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
name: "{{ db_session_role1 }}"
|
||||
session_role: "{{ db_session_role1 }}"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
|
||||
- name: Drop test db
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: absent
|
||||
name: "{{ db_session_role1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Drop test users
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_user:
|
||||
name: "{{ item }}"
|
||||
state: absent
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
with_items:
|
||||
- "{{ db_session_role1 }}"
|
||||
- "{{ db_session_role2 }}"
|
|
@ -1,6 +0,0 @@
|
|||
destructive
|
||||
shippable/posix/group4
|
||||
skip/aix
|
||||
skip/osx
|
||||
skip/macos
|
||||
disabled # tests already running in community.postgresql
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
db_name: 'ansible_db'
|
||||
db_user1: 'ansible_db_user1'
|
||||
db_user2: 'ansible_db_user2'
|
||||
db_default: 'postgres'
|
|
@ -1,2 +0,0 @@
|
|||
dependencies:
|
||||
- setup_postgresql_db
|
|
@ -1,8 +0,0 @@
|
|||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
# Initial CI tests of postgresql_sequence module
|
||||
- import_tasks: postgresql_sequence_initial.yml
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
|
@ -1,730 +0,0 @@
|
|||
---
|
||||
# Copyright: (c) 2019, Tobias Birkefeld (@tcraxs) <t@craxs.de>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
# Preparation for tests.
|
||||
- name: postgresql_sequence - create a user to be owner of a database
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_user:
|
||||
name: "{{ db_user1 }}"
|
||||
state: present
|
||||
encrypted: yes
|
||||
password: password
|
||||
role_attr_flags: LOGIN
|
||||
db: "{{ db_default }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: postgresql_sequence - create DB
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: present
|
||||
name: "{{ db_name }}"
|
||||
owner: "{{ db_user1 }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: Create a user to be owner of a sequence
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_user:
|
||||
name: "{{ db_user2 }}"
|
||||
state: present
|
||||
encrypted: yes
|
||||
password: password
|
||||
role_attr_flags: LOGIN
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: postgresql_sequence - create a schema
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_schema:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: foobar_schema
|
||||
|
||||
####################
|
||||
# Test: create sequence in checkmode
|
||||
- name: postgresql_sequence - create a new sequence with name "foobar" in check_mode
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
check_mode: yes
|
||||
postgresql_sequence:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: foobar
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.sequence == 'foobar'
|
||||
- result.queries == ["CREATE SEQUENCE \"public\".\"foobar\""]
|
||||
|
||||
# Real SQL check
|
||||
- name: postgresql_sequence - check that the new sequence "foobar" not exists
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'foobar'"
|
||||
register: result
|
||||
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
- result.statusmessage == 'SELECT 0'
|
||||
|
||||
####################
|
||||
# Test: create sequence
|
||||
- name: postgresql_sequence - create a new sequence with name "foobar"
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_sequence:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: foobar
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.sequence == 'foobar'
|
||||
- result.queries == ["CREATE SEQUENCE \"public\".\"foobar\""]
|
||||
|
||||
# Real SQL check
|
||||
- name: postgresql_sequence - check that the new sequence "foobar" exists
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'foobar'"
|
||||
register: result
|
||||
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
####################
|
||||
# Test: drop sequence in checkmode
|
||||
- name: postgresql_sequence - drop a sequence called foobar
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
check_mode: yes
|
||||
postgresql_sequence:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: foobar
|
||||
state: absent
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.sequence == 'foobar'
|
||||
- result.queries == ["DROP SEQUENCE \"public\".\"foobar\""]
|
||||
|
||||
# Real SQL check
|
||||
- name: postgresql_sequence - check that the sequence "foobar" still exists
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'foobar'"
|
||||
register: result
|
||||
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
####################
|
||||
# Test: drop sequence
|
||||
- name: postgresql_sequence - drop a sequence called foobar
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_sequence:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: foobar
|
||||
state: absent
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.sequence == 'foobar'
|
||||
- result.queries == ["DROP SEQUENCE \"public\".\"foobar\""]
|
||||
|
||||
# Real SQL check
|
||||
- name: postgresql_sequence - check that the sequence "foobar" not exists
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'foobar'"
|
||||
register: result
|
||||
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
####################
|
||||
# Test: drop nonexistent sequence
|
||||
- name: postgresql_sequence - drop a sequence called foobar which does not exists
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_sequence:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: foobar
|
||||
state: absent
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.sequence == 'foobar'
|
||||
- result.queries == []
|
||||
|
||||
# Real SQL check
|
||||
- name: postgresql_sequence - check that the sequence "foobar" not exists
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'foobar'"
|
||||
register: result
|
||||
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
####################
|
||||
# Test: create sequence with options
|
||||
- name: postgresql_sequence - create an descending sequence called foobar_desc, starting at 101 and which cycle between 1 to 1000
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_sequence:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: foobar_desc
|
||||
increment: -1
|
||||
start: 101
|
||||
minvalue: 1
|
||||
maxvalue: 1000
|
||||
cycle: yes
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.sequence == 'foobar_desc'
|
||||
- result.increment == '-1'
|
||||
- result.minvalue == '1'
|
||||
- result.maxvalue == '1000'
|
||||
- result.cycle == 'YES'
|
||||
- result.queries == ["CREATE SEQUENCE \"public\".\"foobar_desc\" INCREMENT BY -1 MINVALUE 1 MAXVALUE 1000 START WITH 101 CYCLE"]
|
||||
|
||||
# Real SQL check
|
||||
- name: postgresql_sequence - check that the new sequence "foobar_desc" exists
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'foobar_desc'"
|
||||
register: result
|
||||
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
####################
|
||||
# Test: rename a sequence in checkmode
|
||||
- name: postgresql_sequence - rename an existing sequence named foobar_desc to foobar_with_options
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
check_mode: yes
|
||||
postgresql_sequence:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: foobar_desc
|
||||
rename_to: foobar_with_options
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.sequence == 'foobar_desc'
|
||||
- result.newname == 'foobar_with_options'
|
||||
- result.queries == ["ALTER SEQUENCE \"public\".\"foobar_desc\" RENAME TO \"foobar_with_options\""]
|
||||
|
||||
# Real SQL check
|
||||
- name: postgresql_sequence - check that the sequence "foobar_desc" still exists and is not renamed
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'foobar_desc'"
|
||||
register: result
|
||||
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
####################
|
||||
# Test: rename a sequence
|
||||
- name: postgresql_sequence - rename an existing sequence named foobar_desc to foobar_with_options
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_sequence:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: foobar_desc
|
||||
rename_to: foobar_with_options
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.sequence == 'foobar_desc'
|
||||
- result.newname == 'foobar_with_options'
|
||||
- result.queries == ["ALTER SEQUENCE \"public\".\"foobar_desc\" RENAME TO \"foobar_with_options\""]
|
||||
|
||||
# Real SQL check
|
||||
- name: postgresql_sequence - check that the renamed sequence "foobar_with_options" exists
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'foobar_with_options'"
|
||||
register: result
|
||||
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
####################
|
||||
# Test: change schema of a sequence in checkmode
|
||||
- name: postgresql_sequence - change schema of an existing sequence from public to foobar_schema
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
check_mode: yes
|
||||
postgresql_sequence:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: foobar_with_options
|
||||
newschema: foobar_schema
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.sequence == 'foobar_with_options'
|
||||
- result.schema == 'public'
|
||||
- result.newschema == 'foobar_schema'
|
||||
- result.queries == ["ALTER SEQUENCE \"public\".\"foobar_with_options\" SET SCHEMA \"foobar_schema\""]
|
||||
|
||||
# Real SQL check
|
||||
- name: postgresql_sequence - check that the sequence "foobar_with_options" still exists in the old schema
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT sequence_name,sequence_schema FROM information_schema.sequences WHERE sequence_name = 'foobar_with_options' AND sequence_schema = 'public'"
|
||||
register: result
|
||||
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
####################
|
||||
# Test: change schema of a sequence
|
||||
- name: postgresql_sequence - change schema of an existing sequence from public to foobar_schema
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_sequence:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: foobar_with_options
|
||||
newschema: foobar_schema
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.sequence == 'foobar_with_options'
|
||||
- result.schema == 'public'
|
||||
- result.newschema == 'foobar_schema'
|
||||
- result.queries == ["ALTER SEQUENCE \"public\".\"foobar_with_options\" SET SCHEMA \"foobar_schema\""]
|
||||
|
||||
# Real SQL check
|
||||
- name: postgresql_sequence - check that the sequence "foobar_with_options" exists in new schema
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT sequence_name,sequence_schema FROM information_schema.sequences WHERE sequence_name = 'foobar_with_options' AND sequence_schema = 'foobar_schema'"
|
||||
register: result
|
||||
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
####################
|
||||
# Test: change owner of a sequence in checkmode
|
||||
- name: postgresql_sequence - change owner of an existing sequence from "{{ pg_user }}" to "{{ db_user1 }}"
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
check_mode: yes
|
||||
postgresql_sequence:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: foobar_with_options
|
||||
schema: foobar_schema
|
||||
owner: "{{ db_user1 }}"
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.sequence == 'foobar_with_options'
|
||||
- result.owner == "{{ pg_user }}"
|
||||
- result.queries == ["ALTER SEQUENCE \"foobar_schema\".\"foobar_with_options\" OWNER TO \"{{ db_user1 }}\""]
|
||||
|
||||
# Real SQL check
|
||||
- name: postgresql_sequence - check that the sequence "foobar_with_options" has still the old owner
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT c.relname,a.rolname,n.nspname
|
||||
FROM pg_class as c
|
||||
JOIN pg_authid as a on (c.relowner = a.oid)
|
||||
JOIN pg_namespace as n on (c.relnamespace = n.oid)
|
||||
WHERE c.relkind = 'S' and
|
||||
c.relname = 'foobar_with_options' and
|
||||
n.nspname = 'foobar_schema' and
|
||||
a.rolname = '{{ pg_user }}'"
|
||||
register: result
|
||||
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
####################
|
||||
# Test: change owner of a sequence
|
||||
- name: postgresql_sequence - change owner of an existing sequence from "{{ pg_user }}" to "{{ db_user1 }}"
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_sequence:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: foobar_with_options
|
||||
schema: foobar_schema
|
||||
owner: "{{ db_user1 }}"
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.sequence == 'foobar_with_options'
|
||||
- result.owner == "{{ pg_user }}"
|
||||
- result.queries == ["ALTER SEQUENCE \"foobar_schema\".\"foobar_with_options\" OWNER TO \"{{ db_user1 }}\""]
|
||||
|
||||
# Real SQL check
|
||||
- name: postgresql_sequence - check that the sequence "foobar_with_options" has a new owner
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT c.relname,a.rolname,n.nspname
|
||||
FROM pg_class as c
|
||||
JOIN pg_authid as a on (c.relowner = a.oid)
|
||||
JOIN pg_namespace as n on (c.relnamespace = n.oid)
|
||||
WHERE c.relkind = 'S' and
|
||||
c.relname = 'foobar_with_options' and
|
||||
n.nspname = 'foobar_schema' and
|
||||
a.rolname = '{{ db_user1 }}'"
|
||||
register: result
|
||||
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
####################
|
||||
# Test: drop sequence with cascade
|
||||
|
||||
# CREATE SEQUENCE seq1;
|
||||
# CREATE TABLE t1 (f1 INT NOT NULL DEFAULT nextval('seq1'));
|
||||
# DROP SEQUENCE seq1 CASCADE;
|
||||
- name: postgresql_sequence - create sequence for drop cascade test
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_sequence:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: seq1
|
||||
|
||||
- name: postgresql_sequence - create table which use sequence for drop cascade test
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_table:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: t1
|
||||
columns:
|
||||
- f1 INT NOT NULL DEFAULT nextval('seq1')
|
||||
|
||||
####################
|
||||
# Test: drop sequence with cascade in checkmode
|
||||
- name: postgresql_sequence - drop with cascade a sequence called seq1
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
check_mode: yes
|
||||
postgresql_sequence:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: seq1
|
||||
state: absent
|
||||
cascade: yes
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.sequence == 'seq1'
|
||||
- result.queries == ["DROP SEQUENCE \"public\".\"seq1\" CASCADE"]
|
||||
|
||||
# Real SQL check
|
||||
- name: postgresql_sequence - check that the sequence "seq1" still exists
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'seq1'"
|
||||
register: result
|
||||
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
####################
|
||||
# Test: drop sequence with cascade
|
||||
- name: postgresql_sequence - drop with cascade a sequence called seq1
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_sequence:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: seq1
|
||||
state: absent
|
||||
cascade: yes
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.sequence == 'seq1'
|
||||
- result.queries == ["DROP SEQUENCE \"public\".\"seq1\" CASCADE"]
|
||||
|
||||
# Real SQL check
|
||||
- name: postgresql_sequence - check that the sequence "seq1" not exists
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'seq1'"
|
||||
register: result
|
||||
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
####################
|
||||
# Test: create sequence with owner in checkmode
|
||||
- name: postgresql_sequence - create a new sequence with name "foobar2" with owner "{{ db_user2 }}"
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
check_mode: yes
|
||||
postgresql_sequence:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: foobar2
|
||||
owner: "{{ db_user2 }}"
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.sequence == 'foobar2'
|
||||
- result.queries == ["CREATE SEQUENCE \"public\".\"foobar2\"", "ALTER SEQUENCE \"public\".\"foobar2\" OWNER TO \"ansible_db_user2\""]
|
||||
|
||||
# Real SQL check
|
||||
- name: postgresql_sequence - check that the new sequence "foobar2" does not exists
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'foobar2'"
|
||||
register: result
|
||||
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
####################
|
||||
# Test: create sequence with owner
|
||||
- name: postgresql_sequence - create a new sequence with name "foobar2" with owner "{{ db_user2 }}"
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_sequence:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: foobar2
|
||||
owner: "{{ db_user2 }}"
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.sequence == 'foobar2'
|
||||
- result.queries == ["CREATE SEQUENCE \"public\".\"foobar2\"", "ALTER SEQUENCE \"public\".\"foobar2\" OWNER TO \"ansible_db_user2\""]
|
||||
|
||||
# Real SQL check
|
||||
- name: postgresql_sequence - check that the new sequence "foobar2" exists
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'foobar2'"
|
||||
register: result
|
||||
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: postgresql_sequence - check that the sequence "foobar2" has owner "{{ db_user2 }}"
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT c.relname,a.rolname,n.nspname
|
||||
FROM pg_class as c
|
||||
JOIN pg_authid as a on (c.relowner = a.oid)
|
||||
JOIN pg_namespace as n on (c.relnamespace = n.oid)
|
||||
WHERE c.relkind = 'S' and
|
||||
c.relname = 'foobar2' and
|
||||
n.nspname = 'public' and
|
||||
a.rolname = '{{ db_user2 }}'"
|
||||
register: result
|
||||
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
####################
|
||||
# Test: create sequence with trust_input
|
||||
- name: postgresql_sequence - check that trust_input works as expected
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_sequence:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: 'just_a_name"; SELECT * FROM information_schema.tables; --'
|
||||
trust_input: no
|
||||
owner: "{{ db_user2 }}"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
|
||||
# Checks
|
||||
- name: postgresql_sequence - check with assert the output
|
||||
assert:
|
||||
that:
|
||||
- result is failed
|
||||
- result.msg is search('is potentially dangerous')
|
||||
|
||||
# Cleanup
|
||||
- name: postgresql_sequence - destroy DB
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_db:
|
||||
state: absent
|
||||
name: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
- name: remove test roles
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_user:
|
||||
state: absent
|
||||
login_db: "{{ db_default }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
name: "{{ item }}"
|
||||
loop:
|
||||
- "{{ db_user1 }}"
|
||||
- "{{ db_user2 }}"
|
|
@ -1,6 +0,0 @@
|
|||
destructive
|
||||
shippable/posix/group4
|
||||
skip/aix
|
||||
skip/osx
|
||||
skip/macos
|
||||
disabled # tests already running in community.postgresql
|
|
@ -1,2 +0,0 @@
|
|||
dependencies:
|
||||
- setup_postgresql_db
|
|
@ -1,8 +0,0 @@
|
|||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
# Initial CI tests of postgresql_initial module
|
||||
- include_tasks: postgresql_set_initial.yml
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
|
@ -1,375 +0,0 @@
|
|||
# Test code for the postgresql_set module
|
||||
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
#
|
||||
# Notice: assertions are different for Ubuntu 16.04 and FreeBSD because they don't work
|
||||
# correctly for these tests. There are some stranges exactly in Shippable CI.
|
||||
# However I checked it manually for all points (including Ubuntu 16.05 and FreeBSD)
|
||||
# and it worked as expected.
|
||||
|
||||
- vars:
|
||||
task_parameters: &task_parameters
|
||||
become_user: '{{ pg_user }}'
|
||||
become: yes
|
||||
pg_parameters: &pg_parameters
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: postgres
|
||||
|
||||
block:
|
||||
- name: postgresql_set - preparation to the next step
|
||||
<<: *task_parameters
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_set:
|
||||
<<: *pg_parameters
|
||||
name: work_mem
|
||||
reset: yes
|
||||
|
||||
#####################
|
||||
# Testing check_mode:
|
||||
- name: postgresql_set - get work_mem initial value
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: SHOW work_mem
|
||||
register: before
|
||||
|
||||
- name: postgresql_set - set work_mem (restart is not required), check_mode
|
||||
<<: *task_parameters
|
||||
postgresql_set:
|
||||
<<: *pg_parameters
|
||||
name: work_mem
|
||||
value: 12MB
|
||||
register: set_wm
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- set_wm.name == 'work_mem'
|
||||
- set_wm.changed == true
|
||||
- set_wm.prev_val_pretty == before.query_result[0].work_mem
|
||||
- set_wm.value_pretty == '12MB'
|
||||
- set_wm.restart_required == false
|
||||
|
||||
- name: postgresql_set - get work_mem value to check, must be the same as initial
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: SHOW work_mem
|
||||
register: after
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- before.query_result[0].work_mem == after.query_result[0].work_mem
|
||||
######
|
||||
#
|
||||
|
||||
- name: postgresql_set - set work_mem (restart is not required)
|
||||
<<: *task_parameters
|
||||
postgresql_set:
|
||||
<<: *pg_parameters
|
||||
name: work_mem
|
||||
value: 12mb
|
||||
register: set_wm
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- set_wm.name == 'work_mem'
|
||||
- set_wm.changed == true
|
||||
- set_wm.value_pretty == '12MB'
|
||||
- set_wm.value_pretty != set_wm.prev_val_pretty
|
||||
- set_wm.restart_required == false
|
||||
- set_wm.value.value == 12582912
|
||||
- set_wm.value.unit == 'b'
|
||||
when:
|
||||
- ansible_distribution != "Ubuntu"
|
||||
- ansible_distribution_major_version != '16'
|
||||
- ansible_distribution != "FreeBSD"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- set_wm.name == 'work_mem'
|
||||
- set_wm.changed == true
|
||||
- set_wm.restart_required == false
|
||||
when:
|
||||
- ansible_distribution == "Ubuntu"
|
||||
- ansible_distribution_major_version == '16'
|
||||
|
||||
- name: postgresql_set - reset work_mem (restart is not required)
|
||||
<<: *task_parameters
|
||||
postgresql_set:
|
||||
<<: *pg_parameters
|
||||
name: work_mem
|
||||
reset: yes
|
||||
register: reset_wm
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- reset_wm.name == 'work_mem'
|
||||
- reset_wm.changed == true
|
||||
- reset_wm.value_pretty != reset_wm.prev_val_pretty
|
||||
- reset_wm.restart_required == false
|
||||
- reset_wm.value.value != '12582912'
|
||||
when:
|
||||
- ansible_distribution != "Ubuntu"
|
||||
- ansible_distribution_major_version != '16'
|
||||
- ansible_distribution != "FreeBSD"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- reset_wm.name == 'work_mem'
|
||||
- reset_wm.changed == true
|
||||
- reset_wm.restart_required == false
|
||||
when:
|
||||
- ansible_distribution == "Ubuntu"
|
||||
- ansible_distribution_major_version == '16'
|
||||
|
||||
- name: postgresql_set - reset work_mem again to check that nothing changed (restart is not required)
|
||||
<<: *task_parameters
|
||||
postgresql_set:
|
||||
<<: *pg_parameters
|
||||
name: work_mem
|
||||
reset: yes
|
||||
register: reset_wm2
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- reset_wm2.name == 'work_mem'
|
||||
- reset_wm2.changed == false
|
||||
- reset_wm2.value_pretty == reset_wm2.prev_val_pretty
|
||||
- reset_wm2.restart_required == false
|
||||
when:
|
||||
- ansible_distribution != "Ubuntu"
|
||||
- ansible_distribution_major_version != '16'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- reset_wm2.name == 'work_mem'
|
||||
- reset_wm2.changed == false
|
||||
- reset_wm2.restart_required == false
|
||||
when:
|
||||
- ansible_distribution == "Ubuntu"
|
||||
- ansible_distribution_major_version == '16'
|
||||
|
||||
- name: postgresql_set - preparation to the next step
|
||||
<<: *task_parameters
|
||||
postgresql_set:
|
||||
<<: *pg_parameters
|
||||
name: work_mem
|
||||
value: 14MB
|
||||
|
||||
- name: postgresql_set - set work_mem to initial state (restart is not required)
|
||||
<<: *task_parameters
|
||||
postgresql_set:
|
||||
<<: *pg_parameters
|
||||
name: work_mem
|
||||
value: default
|
||||
register: def_wm
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- def_wm.name == 'work_mem'
|
||||
- def_wm.changed == true
|
||||
- def_wm.value_pretty != def_wm.prev_val_pretty
|
||||
- def_wm.restart_required == false
|
||||
- def_wm.value.value != '14680064'
|
||||
when:
|
||||
- ansible_distribution != "Ubuntu"
|
||||
- ansible_distribution_major_version != '16'
|
||||
- ansible_distribution != 'FreeBSD'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- def_wm.name == 'work_mem'
|
||||
- def_wm.changed == true
|
||||
- def_wm.restart_required == false
|
||||
when:
|
||||
- ansible_distribution == "Ubuntu"
|
||||
- ansible_distribution_major_version == '16'
|
||||
- ansible_distribution != 'FreeBSD'
|
||||
|
||||
- name: postgresql_set - set shared_buffers (restart is required)
|
||||
<<: *task_parameters
|
||||
postgresql_set:
|
||||
<<: *pg_parameters
|
||||
name: shared_buffers
|
||||
value: 111MB
|
||||
register: set_shb
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- set_shb.name == 'shared_buffers'
|
||||
- set_shb.changed == true
|
||||
- set_shb.restart_required == true
|
||||
|
||||
# We don't check value.unit because it is none
|
||||
- name: postgresql_set - set autovacuum (enabled by default, restart is not required)
|
||||
<<: *task_parameters
|
||||
postgresql_set:
|
||||
<<: *pg_parameters
|
||||
name: autovacuum
|
||||
value: off
|
||||
register: set_aut
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- set_aut.name == 'autovacuum'
|
||||
- set_aut.changed == true
|
||||
- set_aut.restart_required == false
|
||||
- set_aut.value.value == 'off'
|
||||
|
||||
# Test check_mode, step 1. At the previous test we set autovacuum = 'off'
|
||||
- name: postgresql - try to change autovacuum again in check_mode
|
||||
<<: *task_parameters
|
||||
postgresql_set:
|
||||
<<: *pg_parameters
|
||||
name: autovacuum
|
||||
value: on
|
||||
register: set_aut
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- set_aut.name == 'autovacuum'
|
||||
- set_aut.changed == true
|
||||
- set_aut.restart_required == false
|
||||
- set_aut.value.value == 'off'
|
||||
|
||||
# Test check_mode, step 2
|
||||
- name: postgresql - check that autovacuum wasn't actually changed after change in check_mode
|
||||
<<: *task_parameters
|
||||
postgresql_set:
|
||||
<<: *pg_parameters
|
||||
name: autovacuum
|
||||
value: off
|
||||
register: set_aut
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- set_aut.name == 'autovacuum'
|
||||
- set_aut.changed == false
|
||||
- set_aut.restart_required == false
|
||||
- set_aut.value.value == 'off'
|
||||
|
||||
# Additional check by SQL query:
|
||||
- name: postgresql_set - get autovacuum value to check, must be off
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: SHOW autovacuum
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.query_result[0].autovacuum == 'off'
|
||||
|
||||
# Test check_mode, step 3. It is different from
|
||||
# the prev test - it runs without check_mode: yes.
|
||||
# Before the check_mode tests autovacuum was off
|
||||
- name: postgresql - check that autovacuum wasn't actually changed after change in check_mode
|
||||
<<: *task_parameters
|
||||
postgresql_set:
|
||||
<<: *pg_parameters
|
||||
name: autovacuum
|
||||
value: off
|
||||
register: set_aut
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- set_aut.name == 'autovacuum'
|
||||
- set_aut.changed == false
|
||||
- set_aut.restart_required == false
|
||||
- set_aut.value.value == 'off'
|
||||
|
||||
#################
|
||||
# Bugfix of 67377
|
||||
- name: archive command with mb
|
||||
<<: *task_parameters
|
||||
postgresql_set:
|
||||
<<: *pg_parameters
|
||||
trust_input: yes
|
||||
name: archive_command
|
||||
value: 'test ! -f /mnt/postgres/mb/%f && cp %p /mnt/postgres/mb/%f'
|
||||
|
||||
# Check:
|
||||
- name: check value
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: select reset_val from pg_settings where name = 'archive_command'
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.query_result.0.reset_val == "test ! -f /mnt/postgres/mb/%f && cp %p /mnt/postgres/mb/%f"
|
||||
|
||||
#############################
|
||||
# Check trust_input parameter
|
||||
- name: postgresql_set - check trust_input
|
||||
<<: *task_parameters
|
||||
postgresql_set:
|
||||
<<: *pg_parameters
|
||||
name: shared_buffers
|
||||
value: 111MB
|
||||
trust_input: no
|
||||
session_role: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
- result.msg is search('is potentially dangerous')
|
||||
|
||||
###############################################################################
|
||||
# Bugfix of https://github.com/ansible-collections/community.general/issues/775
|
||||
- name: postgresql_set - turn on archive mode
|
||||
<<: *task_parameters
|
||||
postgresql_set:
|
||||
<<: *pg_parameters
|
||||
name: archive_mode
|
||||
value: 'on'
|
||||
|
||||
- name: Restart PostgreSQL
|
||||
become: yes
|
||||
service:
|
||||
name: "{{ postgresql_service }}"
|
||||
state: restarted
|
||||
|
||||
- name: postgresql_set - set empty string as value
|
||||
<<: *task_parameters
|
||||
postgresql_set:
|
||||
<<: *pg_parameters
|
||||
name: archive_command
|
||||
value: ''
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
- name: postgresql_set - set empty string as value again
|
||||
<<: *task_parameters
|
||||
postgresql_set:
|
||||
<<: *pg_parameters
|
||||
name: archive_command
|
||||
value: ''
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
|
||||
- name: postgresql_set - set empty string as value again in check mode
|
||||
<<: *task_parameters
|
||||
postgresql_set:
|
||||
<<: *pg_parameters
|
||||
name: archive_command
|
||||
value: ''
|
||||
register: result
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
|
@ -1,6 +0,0 @@
|
|||
destructive
|
||||
shippable/posix/group4
|
||||
skip/aix
|
||||
skip/osx
|
||||
skip/macos
|
||||
disabled # tests already running in community.postgresql
|
|
@ -1,2 +0,0 @@
|
|||
dependencies:
|
||||
- setup_postgresql_db
|
|
@ -1,9 +0,0 @@
|
|||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
# Initial CI tests of postgresql_slot module
|
||||
# Physical replication slots are available since PostgreSQL 9.4
|
||||
- import_tasks: postgresql_slot_initial.yml
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
|
@ -1,735 +0,0 @@
|
|||
---
|
||||
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
- name: postgresql_slot - set max_replication_slots
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_set:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: max_replication_slots
|
||||
value: '10'
|
||||
|
||||
- name: postgresql_slot - set wal_level to logical
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_set:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: wal_level
|
||||
value: logical
|
||||
|
||||
# To avoid CI timeouts
|
||||
- name: Kill all postgres processes
|
||||
shell: 'pkill -u {{ pg_user }}'
|
||||
become: yes
|
||||
when: ansible_facts.distribution == 'CentOS' and ansible_facts.distribution_major_version == '8'
|
||||
ignore_errors: yes
|
||||
|
||||
- name: postgresql_slot - stop PostgreSQL
|
||||
become: yes
|
||||
service:
|
||||
name: "{{ postgresql_service }}"
|
||||
state: stopped
|
||||
when: (ansible_facts.distribution_major_version != '8' and ansible_facts.distribution == 'CentOS') or ansible_facts.distribution != 'CentOS'
|
||||
|
||||
- name: postgresql_slot - pause between stop and start PostgreSQL
|
||||
ansible.builtin.pause:
|
||||
seconds: 5
|
||||
|
||||
- name: postgresql_slot - start PostgreSQL
|
||||
become: yes
|
||||
service:
|
||||
name: "{{ postgresql_service }}"
|
||||
state: started
|
||||
|
||||
#
|
||||
# state=present
|
||||
#
|
||||
|
||||
# check_mode
|
||||
- name: postgresql_slot - create slot in check_mode
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_slot:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: slot0
|
||||
check_mode: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == []
|
||||
|
||||
# Check, rowcount must be 0
|
||||
- name: postgresql_slot - check that nothing changed after the previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot0'"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
# true mode
|
||||
- name: postgresql_slot - create physical slot
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_slot:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: slot0
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["SELECT pg_create_physical_replication_slot('slot0', false)"]
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["SELECT pg_create_physical_replication_slot('slot0')"]
|
||||
when: postgres_version_resp.stdout is version('9.6', '<')
|
||||
|
||||
# Check, rowcount must be 1
|
||||
- name: postgresql_slot - check that the slot exists after the previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot0' and slot_type = 'physical'"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
# check mode
|
||||
- name: postgresql_slot - try create physical slot again in check_mode
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_slot:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: slot0
|
||||
check_mode: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.queries == []
|
||||
|
||||
# Check, rowcount must be 1
|
||||
- name: postgresql_slot - check that nothing changed after the previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot0' and slot_type = 'physical'"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
# true mode
|
||||
- name: postgresql_slot - try create physical slot again
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_slot:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: slot0
|
||||
slot_type: physical
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.queries == []
|
||||
|
||||
# Check, rowcount must be 1
|
||||
- name: postgresql_slot - check that nothing changed after the previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot0' and slot_type = 'physical'"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
#
|
||||
# immediately_reserve
|
||||
#
|
||||
|
||||
- name: postgresql_slot - create physical slot with immediately_reserve
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_slot:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: slot1
|
||||
immediately_reserve: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["SELECT pg_create_physical_replication_slot('slot1', true)"]
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
# Check, rowcount must be 1
|
||||
- name: postgresql_slot - check that the slot exists after the previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot1' and slot_type = 'physical' and restart_lsn is not NULL"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
#
|
||||
# slot_type: logical
|
||||
#
|
||||
# available from postgresql 10
|
||||
#
|
||||
# on RedHat family tests failed:
|
||||
# ERROR: could not access file "test_decoding": No such file or directory
|
||||
# "Your distrib did not compile the test decoder."
|
||||
# So the tests are restricted by Ubuntu because of the module functionality
|
||||
# depends on PostgreSQL server version only.
|
||||
|
||||
# check_mode
|
||||
- name: postgresql_slot - create slot in check_mode
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_slot:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: slot2
|
||||
slot_type: logical
|
||||
check_mode: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == []
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
# Check, rowcount must be 0
|
||||
- name: postgresql_slot - check that nothing changed after the previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot2'"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
# true mode
|
||||
- name: postgresql_slot - create logical slot
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_slot:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: slot2
|
||||
slot_type: logical
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["SELECT pg_create_logical_replication_slot('slot2', 'test_decoding')"]
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
# Check, rowcount must be 1
|
||||
- name: postgresql_slot - check that the slot exists after the previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot2' and slot_type = 'logical'"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
# check mode
|
||||
- name: postgresql_slot - try create logical slot again in check_mode
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_slot:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: slot2
|
||||
slot_type: logical
|
||||
check_mode: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.queries == []
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
# Check, rowcount must be 1
|
||||
- name: postgresql_slot - check that nothing changed after the previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot2' and slot_type = 'logical'"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('10', '>=')
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
# true mode
|
||||
- name: postgresql_slot - try create logical slot again
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_slot:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: slot2
|
||||
slot_type: logical
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.queries == []
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
# Check, rowcount must be 1
|
||||
- name: postgresql_slot - check that nothing changed after the previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot2' and slot_type = 'logical'"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
#
|
||||
# output_plugin: test_decoding
|
||||
#
|
||||
|
||||
- name: postgresql_slot - create logical slot with output_plugin
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_slot:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: slot3
|
||||
slot_type: logical
|
||||
output_plugin: test_decoding
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["SELECT pg_create_logical_replication_slot('slot3', 'test_decoding')"]
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
# Check, rowcount must be 1
|
||||
- name: postgresql_slot - check that the slot exists after the previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot3' and slot_type = 'logical' and plugin = 'test_decoding'"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
#
|
||||
# state: absent for logical slots
|
||||
#
|
||||
|
||||
# check_mode
|
||||
- name: postgresql_slot - drop logical slot in check_mode
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_slot:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: slot2
|
||||
state: absent
|
||||
check_mode: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == []
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
# Check, rowcount must be 1
|
||||
- name: postgresql_slot - check that nothing changed after the previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot2'"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
# true mode
|
||||
- name: postgresql_slot - drop logical slot
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_slot:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: slot2
|
||||
state: absent
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["SELECT pg_drop_replication_slot('slot2')"]
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
# Check, rowcount must be 0
|
||||
- name: postgresql_slot - check that the slot does not exist after the previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot2' and slot_type = 'logical'"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
# check mode
|
||||
- name: postgresql_slot - try drop logical slot again in check_mode
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_slot:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: slot2
|
||||
state: absent
|
||||
check_mode: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.queries == []
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
# Check, rowcount must be 0
|
||||
- name: postgresql_slot - check that nothing changed after the previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot2' and slot_type = 'logical'"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('10', '>=')
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
# true mode
|
||||
- name: postgresql_slot - try drop logical slot again
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_slot:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: slot2
|
||||
state: absent
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.queries == []
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
# Check, rowcount must be 0
|
||||
- name: postgresql_slot - check that nothing changed after the previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot2' and slot_type = 'logical'"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
|
||||
#
|
||||
# state=absent for physical slots
|
||||
#
|
||||
|
||||
# check_mode
|
||||
- name: postgresql_slot - drop physical slot in check_mode
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_slot:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: slot1
|
||||
state: absent
|
||||
check_mode: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == []
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
# Check, rowcount must be 1
|
||||
- name: postgresql_slot - check that nothing changed after the previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot1'"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
# true mode
|
||||
- name: postgresql_slot - drop physical slot
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_slot:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: slot1
|
||||
state: absent
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["SELECT pg_drop_replication_slot('slot1')"]
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
# Check, rowcount must be 0
|
||||
- name: postgresql_slot - check that the slot does not exist after the previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot1' and slot_type = 'physical'"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
# check mode
|
||||
- name: postgresql_slot - try drop physical slot again in check_mode
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_slot:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: slot1
|
||||
state: absent
|
||||
check_mode: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.queries == []
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
# Check, rowcount must be 0
|
||||
- name: postgresql_slot - check that nothing changed after the previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot1' and slot_type = 'physical'"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
# true mode
|
||||
- name: postgresql_slot - try drop physical slot again
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_slot:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: slot1
|
||||
state: absent
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.queries == []
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
# Check, rowcount must be 0
|
||||
- name: postgresql_slot - check that nothing changed after the previous step
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_query:
|
||||
db: postgres
|
||||
login_user: "{{ pg_user }}"
|
||||
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot1' and slot_type = 'physical'"
|
||||
ignore_errors: yes
|
||||
register: result
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
# Check trust input
|
||||
- name: postgresql_slot - try using a bad name
|
||||
postgresql_slot:
|
||||
session_role: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
|
||||
db: postgres
|
||||
name: slot1
|
||||
trust_input: no
|
||||
register: result
|
||||
ignore_errors: true
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
- name: postgresql_slot - check that using a dangerous name fails
|
||||
assert:
|
||||
that:
|
||||
- result is failed
|
||||
- result.msg is search('is potentially dangerous')
|
||||
when: postgres_version_resp.stdout is version('9.6', '>=')
|
||||
|
||||
#
|
||||
# clean up
|
||||
#
|
||||
- name: postgresql_slot - clean up
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_slot:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: "{{ item }}"
|
||||
state: absent
|
||||
ignore_errors: yes
|
||||
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
|
||||
with_items:
|
||||
- slot0
|
||||
- slot3
|
|
@ -1,8 +0,0 @@
|
|||
destructive
|
||||
shippable/posix/group1
|
||||
skip/aix
|
||||
skip/osx
|
||||
skip/macos
|
||||
skip/freebsd
|
||||
skip/rhel
|
||||
disabled # tests already running in community.postgresql
|
|
@ -1,15 +0,0 @@
|
|||
pg_user: postgres
|
||||
db_default: postgres
|
||||
master_port: 5433
|
||||
replica_port: 5434
|
||||
|
||||
test_table1: acme1
|
||||
test_pub: first_publication
|
||||
test_pub2: second_publication
|
||||
replication_role: logical_replication
|
||||
replication_pass: alsdjfKJKDf1#
|
||||
test_db: acme_db
|
||||
test_subscription: test
|
||||
test_role1: alice
|
||||
test_role2: bob
|
||||
conn_timeout: 100
|
|
@ -1,2 +0,0 @@
|
|||
dependencies:
|
||||
- setup_postgresql_replication
|
|
@ -1,12 +0,0 @@
|
|||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
# Initial tests of postgresql_subscription module:
|
||||
|
||||
- import_tasks: setup_publication.yml
|
||||
when: ansible_distribution == 'Ubuntu' and ansible_distribution_major_version >= '18'
|
||||
|
||||
- import_tasks: postgresql_subscription_initial.yml
|
||||
when: ansible_distribution == 'Ubuntu' and ansible_distribution_major_version >= '18'
|
|
@ -1,672 +0,0 @@
|
|||
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
- vars:
|
||||
dangerous_name: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
|
||||
task_parameters: &task_parameters
|
||||
become_user: '{{ pg_user }}'
|
||||
become: yes
|
||||
register: result
|
||||
pg_parameters: &pg_parameters
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: '{{ test_db }}'
|
||||
|
||||
block:
|
||||
|
||||
- name: Create roles to test owner parameter
|
||||
<<: *task_parameters
|
||||
postgresql_user:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ item }}'
|
||||
role_attr_flags: SUPERUSER,LOGIN
|
||||
loop:
|
||||
- '{{ test_role1 }}'
|
||||
- '{{ test_role2 }}'
|
||||
|
||||
####################
|
||||
# Test mode: present
|
||||
####################
|
||||
- name: Create subscription
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
state: present
|
||||
publications: '{{ test_pub }}'
|
||||
connparams:
|
||||
host: 127.0.0.1
|
||||
port: '{{ master_port }}'
|
||||
user: '{{ replication_role }}'
|
||||
password: '{{ replication_pass }}'
|
||||
dbname: '{{ test_db }}'
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.name == '{{ test_subscription }}'
|
||||
- result.queries == ["CREATE SUBSCRIPTION test CONNECTION 'host=127.0.0.1 port={{ master_port }} user={{ replication_role }} password={{ replication_pass }} dbname={{ test_db }}' PUBLICATION {{ test_pub }}"]
|
||||
- result.exists == true
|
||||
- result.initial_state == {}
|
||||
- result.final_state.owner == '{{ pg_user }}'
|
||||
- result.final_state.enabled == true
|
||||
- result.final_state.publications == ["{{ test_pub }}"]
|
||||
- result.final_state.synccommit == true
|
||||
- result.final_state.slotname == '{{ test_subscription }}'
|
||||
- result.final_state.conninfo.dbname == '{{ test_db }}'
|
||||
- result.final_state.conninfo.host == '127.0.0.1'
|
||||
- result.final_state.conninfo.port == {{ master_port }}
|
||||
- result.final_state.conninfo.user == '{{ replication_role }}'
|
||||
- result.final_state.conninfo.password == '{{ replication_pass }}'
|
||||
|
||||
- name: Check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
query: "SELECT subname FROM pg_subscription WHERE subname = '{{ test_subscription }}'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
###################
|
||||
# Test mode: absent
|
||||
###################
|
||||
|
||||
- name: Drop subscription in check mode
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
state: absent
|
||||
trust_input: no
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["DROP SUBSCRIPTION {{ test_subscription }}"]
|
||||
- result.final_state == result.initial_state
|
||||
|
||||
- name: Check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
query: "SELECT subname FROM pg_subscription WHERE subname = '{{ test_subscription }}'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: Drop subscription
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
state: absent
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["DROP SUBSCRIPTION {{ test_subscription }}"]
|
||||
- result.final_state != result.initial_state
|
||||
|
||||
- name: Check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
query: "SELECT subname FROM pg_subscription WHERE subname = '{{ test_subscription }}'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
##################
|
||||
# Test owner param
|
||||
##################
|
||||
|
||||
- name: Create with owner
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
state: present
|
||||
publications: '{{ test_pub }}'
|
||||
owner: '{{ test_role1 }}'
|
||||
connparams:
|
||||
host: 127.0.0.1
|
||||
port: '{{ master_port }}'
|
||||
user: '{{ replication_role }}'
|
||||
password: '{{ replication_pass }}'
|
||||
dbname: '{{ test_db }}'
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.final_state.owner == '{{ test_role1 }}'
|
||||
- result.queries[1] == 'ALTER SUBSCRIPTION {{ test_subscription }} OWNER TO "{{ test_role1 }}"'
|
||||
|
||||
- name: Try to set this owner again
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
state: present
|
||||
publications: '{{ test_pub }}'
|
||||
owner: '{{ test_role1 }}'
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.initial_state == result.final_state
|
||||
- result.final_state.owner == '{{ test_role1 }}'
|
||||
|
||||
- name: Check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
query: >
|
||||
SELECT subname FROM pg_subscription AS s
|
||||
JOIN pg_catalog.pg_roles AS r ON s.subowner = r.oid
|
||||
WHERE subname = '{{ test_subscription }}' and r.rolname = '{{ test_role1 }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: Set another owner in check mode
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
state: present
|
||||
publications: '{{ test_pub }}'
|
||||
owner: '{{ test_role2 }}'
|
||||
trust_input: no
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.initial_state == result.final_state
|
||||
- result.final_state.owner == '{{ test_role1 }}'
|
||||
- result.queries == ['ALTER SUBSCRIPTION {{ test_subscription }} OWNER TO "{{ test_role2 }}"']
|
||||
|
||||
- name: Check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
query: >
|
||||
SELECT subname FROM pg_subscription AS s
|
||||
JOIN pg_catalog.pg_roles AS r ON s.subowner = r.oid
|
||||
WHERE subname = '{{ test_subscription }}' and r.rolname = '{{ test_role1 }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: Set another owner
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
state: present
|
||||
publications: '{{ test_pub }}'
|
||||
owner: '{{ test_role2 }}'
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.initial_state != result.final_state
|
||||
- result.final_state.owner == '{{ test_role2 }}'
|
||||
- result.queries == ['ALTER SUBSCRIPTION {{ test_subscription }} OWNER TO "{{ test_role2 }}"']
|
||||
|
||||
- name: Check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
query: >
|
||||
SELECT subname FROM pg_subscription AS s
|
||||
JOIN pg_catalog.pg_roles AS r ON s.subowner = r.oid
|
||||
WHERE subname = '{{ test_subscription }}' and r.rolname = '{{ test_role2 }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
##########################
|
||||
# Test trust_input param #
|
||||
##########################
|
||||
|
||||
- name: Test trust_input parameter
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
state: present
|
||||
publications: '{{ test_pub }}'
|
||||
session_role: '{{ dangerous_name }}'
|
||||
owner: '{{ test_role1 }}'
|
||||
trust_input: no
|
||||
connparams:
|
||||
host: 127.0.0.1
|
||||
port: '{{ master_port }}'
|
||||
user: '{{ replication_role }}'
|
||||
password: '{{ replication_pass }}'
|
||||
dbname: '{{ test_db }}'
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
- result.msg is search('is potentially dangerous')
|
||||
|
||||
##############
|
||||
# Test cascade
|
||||
##############
|
||||
|
||||
- name: Drop subscription cascade in check mode
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
state: absent
|
||||
cascade: yes
|
||||
trust_input: no
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["DROP SUBSCRIPTION {{ test_subscription }} CASCADE"]
|
||||
- result.final_state == result.initial_state
|
||||
|
||||
- name: Check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
query: "SELECT subname FROM pg_subscription WHERE subname = '{{ test_subscription }}'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: Drop subscription cascade
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
state: absent
|
||||
cascade: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["DROP SUBSCRIPTION {{ test_subscription }} CASCADE"]
|
||||
- result.final_state != result.initial_state
|
||||
|
||||
- name: Check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
query: "SELECT subname FROM pg_subscription WHERE subname = '{{ test_subscription }}'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
###########################
|
||||
# Test subsparams parameter
|
||||
###########################
|
||||
|
||||
- name: Create subscription with subsparams
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
state: present
|
||||
publications: '{{ test_pub }}'
|
||||
connparams:
|
||||
host: 127.0.0.1
|
||||
port: '{{ master_port }}'
|
||||
user: '{{ replication_role }}'
|
||||
password: '{{ replication_pass }}'
|
||||
dbname: '{{ test_db }}'
|
||||
subsparams:
|
||||
enabled: no
|
||||
synchronous_commit: no
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.name == '{{ test_subscription }}'
|
||||
- result.queries == ["CREATE SUBSCRIPTION test CONNECTION 'host=127.0.0.1 port={{ master_port }} user={{ replication_role }} password={{ replication_pass }} dbname={{ test_db }}' PUBLICATION {{ test_pub }} WITH (enabled = false, synchronous_commit = false)"]
|
||||
- result.exists == true
|
||||
- result.final_state.enabled == false
|
||||
- result.final_state.synccommit == false
|
||||
|
||||
- name: Check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
query: >
|
||||
SELECT subname FROM pg_subscription WHERE subname = '{{ test_subscription }}'
|
||||
AND subenabled = 'f' AND subsynccommit = 'false'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: Enable changed params
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
publications: '{{ test_pub }}'
|
||||
subsparams:
|
||||
enabled: yes
|
||||
synchronous_commit: yes
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.name == '{{ test_subscription }}'
|
||||
- result.queries == ["ALTER SUBSCRIPTION {{ test_subscription }} ENABLE", "ALTER SUBSCRIPTION {{ test_subscription }} SET (synchronous_commit = true)"]
|
||||
- result.exists == true
|
||||
- result.final_state.enabled == true
|
||||
- result.final_state.synccommit == true
|
||||
|
||||
- name: Check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
query: >
|
||||
SELECT subname FROM pg_subscription WHERE subname = '{{ test_subscription }}'
|
||||
AND subenabled = 't' AND subsynccommit = 'true'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: Enable the same params again
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
publications: '{{ test_pub }}'
|
||||
subsparams:
|
||||
enabled: yes
|
||||
synchronous_commit: yes
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.name == '{{ test_subscription }}'
|
||||
- result.queries == []
|
||||
- result.exists == true
|
||||
- result.final_state == result.initial_state
|
||||
- result.final_state.enabled == true
|
||||
- result.final_state.synccommit == true
|
||||
|
||||
##########################
|
||||
# Test change publications
|
||||
##########################
|
||||
|
||||
- name: Change publications in check mode
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
state: present
|
||||
publications:
|
||||
- '{{ test_pub }}'
|
||||
- '{{ test_pub2 }}'
|
||||
trust_input: no
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.name == '{{ test_subscription }}'
|
||||
- result.final_state.publications == result.initial_state.publications
|
||||
- result.final_state.publications == ['{{ test_pub }}']
|
||||
- result.queries == ['ALTER SUBSCRIPTION {{ test_subscription }} SET PUBLICATION {{ test_pub }}, {{ test_pub2 }}']
|
||||
|
||||
- name: Check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
query: >
|
||||
SELECT subname FROM pg_subscription WHERE subname = '{{ test_subscription }}'
|
||||
AND subpublications = '{"{{ test_pub }}"}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: Change publications
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
state: present
|
||||
publications:
|
||||
- '{{ test_pub }}'
|
||||
- '{{ test_pub2 }}'
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.name == '{{ test_subscription }}'
|
||||
- result.final_state.publications != result.initial_state.publications
|
||||
- result.final_state.publications == ['{{ test_pub }}', '{{ test_pub2 }}']
|
||||
- result.queries == ['ALTER SUBSCRIPTION {{ test_subscription }} SET PUBLICATION {{ test_pub }}, {{ test_pub2 }}']
|
||||
|
||||
- name: Check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
query: >
|
||||
SELECT subname FROM pg_subscription WHERE subname = '{{ test_subscription }}'
|
||||
AND subpublications = '{"{{ test_pub }}", "{{ test_pub2 }}"}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: Change publications with the same values again
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
state: present
|
||||
publications:
|
||||
- '{{ test_pub }}'
|
||||
- '{{ test_pub2 }}'
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.name == '{{ test_subscription }}'
|
||||
- result.final_state.publications == result.initial_state.publications
|
||||
- result.final_state.publications == ['{{ test_pub }}', '{{ test_pub2 }}']
|
||||
- result.queries == []
|
||||
|
||||
- name: Check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
query: >
|
||||
SELECT subname FROM pg_subscription WHERE subname = '{{ test_subscription }}'
|
||||
AND subpublications = '{"{{ test_pub }}", "{{ test_pub2 }}"}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
######################
|
||||
# Test update conninfo
|
||||
######################
|
||||
|
||||
- name: Change conninfo in check mode
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
state: present
|
||||
connparams:
|
||||
host: 127.0.0.1
|
||||
port: '{{ master_port }}'
|
||||
user: '{{ replication_role }}'
|
||||
password: '{{ replication_pass }}'
|
||||
dbname: '{{ test_db }}'
|
||||
connect_timeout: '{{ conn_timeout }}'
|
||||
trust_input: no
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.name == '{{ test_subscription }}'
|
||||
- result.queries == ["ALTER SUBSCRIPTION {{ test_subscription }} CONNECTION 'host=127.0.0.1 port={{ master_port }} user={{ replication_role }} password={{ replication_pass }} dbname={{ test_db }} connect_timeout={{ conn_timeout }}'"]
|
||||
- result.initial_state.conninfo == result.final_state.conninfo
|
||||
|
||||
- name: Change conninfo
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
state: present
|
||||
connparams:
|
||||
host: 127.0.0.1
|
||||
port: '{{ master_port }}'
|
||||
user: '{{ replication_role }}'
|
||||
password: '{{ replication_pass }}'
|
||||
dbname: '{{ test_db }}'
|
||||
connect_timeout: '{{ conn_timeout }}'
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.name == '{{ test_subscription }}'
|
||||
- result.queries == ["ALTER SUBSCRIPTION {{ test_subscription }} CONNECTION 'host=127.0.0.1 port={{ master_port }} user={{ replication_role }} password={{ replication_pass }} dbname={{ test_db }} connect_timeout={{ conn_timeout }}'"]
|
||||
- result.initial_state.conninfo != result.final_state.conninfo
|
||||
|
||||
- name: Check
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
query: "SELECT * FROM pg_subscription WHERE subname = '{{ test_subscription }}'"
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.query_result[0].subconninfo == "host=127.0.0.1 port={{ master_port }} user={{ replication_role }} password={{ replication_pass }} dbname={{ test_db }} connect_timeout={{ conn_timeout }}"
|
||||
|
||||
- name: Try to change conninfo again with the same values
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
state: present
|
||||
connparams:
|
||||
host: 127.0.0.1
|
||||
port: '{{ master_port }}'
|
||||
user: '{{ replication_role }}'
|
||||
password: '{{ replication_pass }}'
|
||||
dbname: '{{ test_db }}'
|
||||
connect_timeout: '{{ conn_timeout }}'
|
||||
trust_input: no
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.name == '{{ test_subscription }}'
|
||||
- result.queries == []
|
||||
- result.initial_state.conninfo == result.final_state.conninfo
|
||||
- result.final_state.conninfo.connect_timeout == {{ conn_timeout }}
|
||||
|
||||
####################
|
||||
# Test state refresh
|
||||
####################
|
||||
|
||||
- name: Refresh in check mode
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
state: refresh
|
||||
check_mode: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.name == '{{ test_subscription }}'
|
||||
- result.queries == ["ALTER SUBSCRIPTION {{ test_subscription }} REFRESH PUBLICATION"]
|
||||
|
||||
- name: Refresh
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
state: refresh
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.name == '{{ test_subscription }}'
|
||||
- result.queries == ["ALTER SUBSCRIPTION {{ test_subscription }} REFRESH PUBLICATION"]
|
||||
|
||||
##########
|
||||
# Clean up
|
||||
##########
|
||||
- name: Drop subscription
|
||||
<<: *task_parameters
|
||||
postgresql_subscription:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ replica_port }}'
|
||||
name: '{{ test_subscription }}'
|
||||
state: absent
|
|
@ -1,84 +0,0 @@
|
|||
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# Preparation for further tests of postgresql_subscription module.
|
||||
|
||||
- vars:
|
||||
task_parameters: &task_parameters
|
||||
become_user: '{{ pg_user }}'
|
||||
become: yes
|
||||
register: result
|
||||
pg_parameters: &pg_parameters
|
||||
login_user: '{{ pg_user }}'
|
||||
login_db: '{{ test_db }}'
|
||||
|
||||
block:
|
||||
- name: postgresql_publication - create test db
|
||||
<<: *task_parameters
|
||||
postgresql_db:
|
||||
login_user: '{{ pg_user }}'
|
||||
login_port: '{{ master_port }}'
|
||||
maintenance_db: '{{ db_default }}'
|
||||
name: '{{ test_db }}'
|
||||
|
||||
- name: postgresql_publication - create test role
|
||||
<<: *task_parameters
|
||||
postgresql_user:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ master_port }}'
|
||||
name: '{{ replication_role }}'
|
||||
password: '{{ replication_pass }}'
|
||||
role_attr_flags: LOGIN,REPLICATION
|
||||
|
||||
- name: postgresql_publication - create test table
|
||||
<<: *task_parameters
|
||||
postgresql_table:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ master_port }}'
|
||||
name: '{{ test_table1 }}'
|
||||
columns:
|
||||
- id int
|
||||
|
||||
- name: Master - dump schema
|
||||
<<: *task_parameters
|
||||
shell: pg_dumpall -p '{{ master_port }}' -s > /tmp/schema.sql
|
||||
|
||||
- name: Replicat restore schema
|
||||
<<: *task_parameters
|
||||
shell: psql -p '{{ replica_port }}' -f /tmp/schema.sql
|
||||
|
||||
- name: postgresql_publication - create publication
|
||||
<<: *task_parameters
|
||||
postgresql_publication:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ master_port }}'
|
||||
name: '{{ test_pub }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.exists == true
|
||||
- result.queries == ["CREATE PUBLICATION \"{{ test_pub }}\" FOR ALL TABLES"]
|
||||
- result.owner == '{{ pg_user }}'
|
||||
- result.alltables == true
|
||||
- result.tables == []
|
||||
- result.parameters.publish != {}
|
||||
|
||||
- name: postgresql_publication - create one more publication
|
||||
<<: *task_parameters
|
||||
postgresql_publication:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ master_port }}'
|
||||
name: '{{ test_pub2 }}'
|
||||
|
||||
- name: postgresql_publication - check the publication was created
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
login_port: '{{ master_port }}'
|
||||
query: >
|
||||
SELECT * FROM pg_publication WHERE pubname = '{{ test_pub }}'
|
||||
AND pubowner = '10' AND puballtables = 't'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue