ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-23 13:20:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Remove postgresql content for 2.0.0 (#1355)

Browse source 
* Remove postgresql content

* add suggested

* Update meta/runtime.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Remove symlinks

* Remove a consequence of rebasing

* Remove ssl task from setup_postgresql_db

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Andrew Klychkov 2020-11-24 11:01:50 +03:00 committed by GitHub
commit 72b59c764e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
186 changed files with 61 additions and 27584 deletions
Download patch file Download diff file Expand all files Collapse all files

7
tests/integration/targets/odbc/tasks/main.yml
View file

@ -37,12 +37,7 @@
# Name setup database
#
- name: Create a user to run the tests with
postgresql_user:
name: "{{ my_user }}"
password: "{{ my_pass }}"
encrypted: 'yes'
role_attr_flags: "SUPERUSER"
db: postgres
shell: echo "CREATE USER {{ my_user }} SUPERUSER PASSWORD '{{ my_pass }}'" | psql postgres
become_user: "{{ pg_user }}"
become: True

6
tests/integration/targets/postgresql_copy/aliases
View file

@ -1,6 +0,0 @@
destructive
shippable/posix/group4
skip/aix
skip/osx
skip/macos
disabled # tests already running in community.postgresql

2
tests/integration/targets/postgresql_copy/meta/main.yml
View file

@ -1,2 +0,0 @@
dependencies:
- setup_postgresql_db

8
tests/integration/targets/postgresql_copy/tasks/main.yml
View file

@ -1,8 +0,0 @@
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
# Initial CI tests of postgresql_copy module
- import_tasks: postgresql_copy_initial.yml
when: postgres_version_resp.stdout is version('9.4', '>=')

278
tests/integration/targets/postgresql_copy/tasks/postgresql_copy_initial.yml
View file

@ -1,278 +0,0 @@
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# The file for testing postgresql_copy module.
- vars:
test_table: acme
data_file_txt: /tmp/data.txt
data_file_csv: /tmp/data.csv
task_parameters: &task_parameters
become_user: '{{ pg_user }}'
become: yes
register: result
pg_parameters: &pg_parameters
login_user: '{{ pg_user }}'
login_db: postgres
block:
# Test preparation:
- name: postgresql_copy - create test table
<<: *task_parameters
postgresql_table:
<<: *pg_parameters
name: '{{ test_table }}'
columns:
- id int
- name text
# Insert the data:
- name: postgresql_copy - insert rows into test table
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "INSERT INTO {{ test_table }} (id, name) VALUES (1, 'first')"
- name: postgresql_copy - ensure that test data files don't exist
<<: *task_parameters
file:
path: '{{ item }}'
state: absent
with_items:
- '{{ data_file_csv }}'
- '{{ data_file_txt }}'
# ##############
# Do main tests:
# check_mode - if it's OK, must always return changed=True:
- name: postgresql_copy - check_mode, copy test table content to data_file_txt
check_mode: yes
<<: *task_parameters
postgresql_copy:
<<: *pg_parameters
copy_to: '{{ data_file_txt }}'
src: '{{ test_table }}'
trust_input: no
- assert:
that:
- result is changed
# check that nothing changed after the previous step:
- name: postgresql_copy - check that data_file_txt doesn't exist
<<: *task_parameters
ignore_errors: yes
shell: head -n 1 '{{ data_file_txt }}'
- assert:
that:
- result.failed == true
- result.rc == 1
# check_mode - if it's OK, must always return changed=True:
- name: postgresql_copy - check_mode, copy test table content from data_file_txt
check_mode: yes
<<: *task_parameters
postgresql_copy:
<<: *pg_parameters
copy_from: '{{ data_file_txt }}'
dst: '{{ test_table }}'
trust_input: no
- assert:
that:
- result is changed
# check that nothing changed after the previous step:
- name: postgresql_copy - check that test table continue to have one row
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: 'SELECT * FROM {{ test_table }}'
- assert:
that:
- result.rowcount == 1
# check_mode - test must fail because test table doesn't exist:
- name: postgresql_copy - check_mode, copy non existent table to data_file_txt
check_mode: yes
ignore_errors: yes
<<: *task_parameters
postgresql_copy:
<<: *pg_parameters
copy_to: '{{ data_file_txt }}'
src: non_existent_table
trust_input: no
- assert:
that:
- result.failed == true
- result.queries is not defined
- name: postgresql_copy - check trust_input
<<: *task_parameters
postgresql_copy:
<<: *pg_parameters
copy_to: '{{ data_file_txt }}'
src: '{{ test_table }}'
session_role: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
trust_input: no
ignore_errors: yes
- assert:
that:
- result is failed
- result.msg is search('is potentially dangerous')
- name: postgresql_copy - copy test table data to data_file_txt
<<: *task_parameters
postgresql_copy:
<<: *pg_parameters
copy_to: '{{ data_file_txt }}'
src: '{{ test_table }}'
trust_input: no
- assert:
that:
- result is changed
- result.queries == ["COPY \"{{ test_table }}\" TO '{{ data_file_txt }}'"]
- result.src == '{{ test_table }}'
- result.dst == '{{ data_file_txt }}'
# check the prev test
- name: postgresql_copy - check data_file_txt exists and not empty
<<: *task_parameters
shell: 'head -n 1 {{ data_file_txt }}'
- assert:
that:
- result.stdout == '1\tfirst'
# test different options and columns
- name: postgresql_copy - copy test table data to data_file_csv with options and columns
<<: *task_parameters
postgresql_copy:
<<: *pg_parameters
copy_to: '{{ data_file_csv }}'
src: '{{ test_table }}'
columns:
- id
- name
options:
format: csv
trust_input: no
- assert:
that:
- result is changed
- result.queries == ["COPY \"{{ test_table }}\" (id,name) TO '{{ data_file_csv }}' (format csv)"]
- result.src == '{{ test_table }}'
- result.dst == '{{ data_file_csv }}'
# check the prev test
- name: postgresql_copy - check data_file_csv exists and not empty
<<: *task_parameters
shell: 'head -n 1 {{ data_file_csv }}'
- assert:
that:
- result.stdout == '1,first'
- name: postgresql_copy - copy from data_file_csv to test table
<<: *task_parameters
postgresql_copy:
<<: *pg_parameters
copy_from: '{{ data_file_csv }}'
dst: '{{ test_table }}'
columns:
- id
- name
options:
format: csv
trust_input: no
- assert:
that:
- result is changed
- result.queries == ["COPY \"{{ test_table }}\" (id,name) FROM '{{ data_file_csv }}' (format csv)"]
- result.dst == '{{ test_table }}'
- result.src == '{{ data_file_csv }}'
- name: postgresql_copy - check that there are two rows in test table after the prev step
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT * FROM {{ test_table }} WHERE id = '1' AND name = 'first'"
- assert:
that:
- result.rowcount == 2
- name: postgresql_copy - test program option, copy to program
<<: *task_parameters
postgresql_copy:
<<: *pg_parameters
src: '{{ test_table }}'
copy_to: '/bin/true'
program: yes
columns: id, name
options:
delimiter: '|'
trust_input: no
when: ansible_distribution != 'FreeBSD'
- assert:
that:
- result is changed
- result.queries == ["COPY \"{{ test_table }}\" (id, name) TO PROGRAM '/bin/true' (delimiter '|')"]
- result.src == '{{ test_table }}'
- result.dst == '/bin/true'
when: ansible_distribution != 'FreeBSD'
- name: postgresql_copy - test program option, copy from program
<<: *task_parameters
postgresql_copy:
<<: *pg_parameters
dst: '{{ test_table }}'
copy_from: 'echo 1,first'
program: yes
columns: id, name
options:
delimiter: ','
trust_input: no
- assert:
that:
- result is changed
- result.queries == ["COPY \"{{ test_table }}\" (id, name) FROM PROGRAM 'echo 1,first' (delimiter ',')"]
- result.dst == '{{ test_table }}'
- result.src == 'echo 1,first'
when: ansible_distribution != 'FreeBSD'
- name: postgresql_copy - check that there are three rows in test table after the prev step
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT * FROM {{ test_table }} WHERE id = '1' AND name = 'first'"
- assert:
that:
- result.rowcount == 3
# clean up
- name: postgresql_copy - remove test table
<<: *task_parameters
postgresql_table:
<<: *pg_parameters
name: '{{ test_table }}'
state: absent
- name: postgresql_copy - remove test data files
<<: *task_parameters
file:
path: '{{ item }}'
state: absent
with_items:
- '{{ data_file_csv }}'
- '{{ data_file_txt }}'

7
tests/integration/targets/postgresql_db/aliases
View file

@ -1,7 +0,0 @@
destructive
shippable/posix/group4
postgresql_db
skip/aix
skip/osx
skip/macos
disabled # tests already running in community.postgresql

11
tests/integration/targets/postgresql_db/defaults/main.yml
View file

@ -1,11 +0,0 @@
db_name: 'ansible_db'
db_user1: 'ansible.db.user1'
db_user2: 'ansible.db.user2'
tmp_dir: '/tmp'
db_session_role1: 'session_role1'
db_session_role2: 'session_role2'
# To test trust_input parameter and
# possibility to create a database with dots in its name
db_name_with_dot: 'db.name'
suspicious_db_name: '{{ db_name_with_dot }}"; --'

2
tests/integration/targets/postgresql_db/meta/main.yml
View file

@ -1,2 +0,0 @@
dependencies:
- setup_postgresql_db

36
tests/integration/targets/postgresql_db/tasks/main.yml
View file

@ -1,36 +0,0 @@
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
- import_tasks: postgresql_db_session_role.yml
# Initial tests of postgresql_db module:
- import_tasks: postgresql_db_initial.yml
# General tests:
- import_tasks: postgresql_db_general.yml
# Dump/restore tests per format:
- include_tasks: state_dump_restore.yml
vars:
test_fixture: user
file: '{{ loop_item }}'
loop:
- dbdata.sql
- dbdata.sql.gz
- dbdata.sql.bz2
- dbdata.sql.xz
- dbdata.tar
- dbdata.tar.gz
- dbdata.tar.bz2
- dbdata.tar.xz
- dbdata.pgc
loop_control:
loop_var: loop_item
# Dump/restore tests per other logins:
- import_tasks: state_dump_restore.yml
vars:
file: dbdata.tar
test_fixture: admin

152
tests/integration/targets/postgresql_db/tasks/postgresql_db_general.yml
View file

@ -1,152 +0,0 @@
- become_user: '{{ pg_user }}'
become: true
vars:
db_tablespace: bar
tblspc_location: /ssd
db_name: acme
block_parameters:
become_user: '{{ pg_user }}'
become: true
task_parameters:
register: result
pg_parameters:
login_user: '{{ pg_user }}'
block:
- name: postgresql_db - drop dir for test tablespace
become: true
become_user: root
file:
path: '{{ tblspc_location }}'
state: absent
ignore_errors: true
- name: postgresql_db - disable selinux
become: true
become_user: root
shell: setenforce 0
ignore_errors: true
- name: postgresql_db - create dir for test tablespace
become: true
become_user: root
file:
path: '{{ tblspc_location }}'
state: directory
owner: '{{ pg_user }}'
group: '{{ pg_user }}'
mode: '0700'
- name: postgresql_db_ - create a new tablespace
postgresql_tablespace:
login_user: '{{ pg_user }}'
login_db: postgres
name: '{{ db_tablespace }}'
location: '{{ tblspc_location }}'
- register: result
name: postgresql_db_tablespace - Create DB with tablespace option in check mode
check_mode: true
postgresql_db:
login_user: '{{ pg_user }}'
maintenance_db: postgres
name: '{{ db_name }}'
tablespace: '{{ db_tablespace }}'
- assert:
that:
- result is changed
- register: result
name: postgresql_db_tablespace - Check actual DB tablespace, rowcount must be 0 because actually nothing changed
postgresql_query:
login_user: '{{ pg_user }}'
login_db: postgres
query: 'SELECT 1 FROM pg_database AS d JOIN pg_tablespace AS t ON d.dattablespace = t.oid WHERE d.datname = ''{{ db_name }}'' AND t.spcname = ''{{ db_tablespace }}''
'
- assert:
that:
- result.rowcount == 0
- register: result
name: postgresql_db_tablespace - Create DB with tablespace option
postgresql_db:
login_user: '{{ pg_user }}'
maintenance_db: postgres
name: '{{ db_name }}'
tablespace: '{{ db_tablespace }}'
- assert:
that:
- result is changed
- result.executed_commands == ['CREATE DATABASE "{{ db_name }}" TABLESPACE "{{ db_tablespace }}"']
- register: result
name: postgresql_db_tablespace - Check actual DB tablespace, rowcount must be 1
postgresql_query:
login_user: '{{ pg_user }}'
login_db: postgres
query: 'SELECT 1 FROM pg_database AS d JOIN pg_tablespace AS t ON d.dattablespace = t.oid WHERE d.datname = ''{{ db_name }}'' AND t.spcname = ''{{ db_tablespace }}''
'
- assert:
that:
- result.rowcount == 1
- register: result
name: postgresql_db_tablespace - The same DB with tablespace option again
postgresql_db:
login_user: '{{ pg_user }}'
maintenance_db: postgres
name: '{{ db_name }}'
tablespace: '{{ db_tablespace }}'
- assert:
that:
- result is not changed
- register: result
name: postgresql_db_tablespace - Change tablespace in check_mode
check_mode: true
postgresql_db:
login_user: '{{ pg_user }}'
maintenance_db: postgres
name: '{{ db_name }}'
tablespace: pg_default
- assert:
that:
- result is changed
- register: result
name: postgresql_db_tablespace - Check actual DB tablespace, rowcount must be 1 because actually nothing changed
postgresql_query:
login_user: '{{ pg_user }}'
login_db: postgres
query: 'SELECT 1 FROM pg_database AS d JOIN pg_tablespace AS t ON d.dattablespace = t.oid WHERE d.datname = ''{{ db_name }}'' AND t.spcname = ''{{ db_tablespace }}''
'
- assert:
that:
- result.rowcount == 1
- register: result
name: postgresql_db_tablespace - Change tablespace in actual mode
postgresql_db:
login_user: '{{ pg_user }}'
maintenance_db: postgres
name: '{{ db_name }}'
tablespace: pg_default
- assert:
that:
- result is changed
- register: result
name: postgresql_db_tablespace - Check actual DB tablespace, rowcount must be 1
postgresql_query:
login_user: '{{ pg_user }}'
login_db: postgres
query: 'SELECT 1 FROM pg_database AS d JOIN pg_tablespace AS t ON d.dattablespace = t.oid WHERE d.datname = ''{{ db_name }}'' AND t.spcname = ''pg_default''
'
- assert:
that:
- result.rowcount == 1
- register: result
name: postgresql_db_tablespace - Drop test DB
postgresql_db:
login_user: '{{ pg_user }}'
maintenance_db: postgres
name: '{{ db_name }}'
state: absent
- register: result
name: postgresql_db_tablespace - Remove tablespace
postgresql_tablespace:
login_user: '{{ pg_user }}'
login_db: postgres
name: '{{ db_tablespace }}'
state: absent

366
tests/integration/targets/postgresql_db/tasks/postgresql_db_initial.yml
View file

@ -1,366 +0,0 @@
#
# Create and destroy db
#
- name: Create DB
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: "{{ db_name }}"
login_user: "{{ pg_user }}"
register: result
- name: assert that module reports the db was created
assert:
that:
- result is changed
- result.db == "{{ db_name }}"
- result.executed_commands == ['CREATE DATABASE "{{ db_name }}"']
- name: Check that database created
become_user: "{{ pg_user }}"
become: yes
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- name: Run create on an already created db
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: "{{ db_name }}"
login_user: "{{ pg_user }}"
register: result
- name: assert that module reports the db was unchanged
assert:
that:
- result is not changed
- name: Destroy DB
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: absent
name: "{{ db_name }}"
login_user: "{{ pg_user }}"
register: result
- name: assert that module reports the db was changed
assert:
that:
- result is changed
- result.executed_commands == ['DROP DATABASE "{{ db_name }}"']
- name: Check that database was destroyed
become_user: "{{ pg_user }}"
become: yes
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Destroy DB
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: absent
name: "{{ db_name }}"
login_user: "{{ pg_user }}"
register: result
- name: assert that removing an already removed db makes no change
assert:
that:
- result is not changed
# This corner case works to add but not to drop. This is sufficiently crazy
# that I'm not going to attempt to fix it unless someone lets me know that they
# need the functionality
#
# - postgresql_db:
# state: 'present'
# name: '"silly.""name"'
# - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql
# register: result
#
# - assert:
# that: "result.stdout_lines[-1] == '(1 row)'"
# - postgresql_db:
# state: absent
# name: '"silly.""name"'
# - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql
# register: result
#
# - assert:
# that: "result.stdout_lines[-1] == '(0 rows)'"
#
# Test conn_limit, encoding, collate, ctype, template options
#
- name: Create a DB with conn_limit, encoding, collate, ctype, and template options
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
name: '{{ db_name }}'
state: 'present'
conn_limit: '100'
encoding: 'LATIN1'
lc_collate: 'pt_BR{{ locale_latin_suffix }}'
lc_ctype: 'es_ES{{ locale_latin_suffix }}'
template: 'template0'
login_user: "{{ pg_user }}"
register: result
- assert:
that:
- result is changed
- result.executed_commands == ["CREATE DATABASE \"{{ db_name }}\" TEMPLATE \"template0\" ENCODING 'LATIN1' LC_COLLATE 'pt_BR{{ locale_latin_suffix }}' LC_CTYPE 'es_ES{{ locale_latin_suffix }}' CONNECTION LIMIT 100"] or result.executed_commands == ["CREATE DATABASE \"{{ db_name }}\" TEMPLATE \"template0\" ENCODING E'LATIN1' LC_COLLATE E'pt_BR{{ locale_latin_suffix }}' LC_CTYPE E'es_ES{{ locale_latin_suffix }}' CONNECTION LIMIT 100"]
- name: Check that the DB has all of our options
become_user: "{{ pg_user }}"
become: yes
shell: echo "select datname, datconnlimit, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- "'LATIN1' in result.stdout_lines[-2]"
- "'pt_BR' in result.stdout_lines[-2]"
- "'es_ES' in result.stdout_lines[-2]"
- "'UTF8' not in result.stdout_lines[-2]"
- "'en_US' not in result.stdout_lines[-2]"
- "'100' in result.stdout_lines[-2]"
- name: Check that running db creation with options a second time does nothing
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
name: '{{ db_name }}'
state: 'present'
conn_limit: '100'
encoding: 'LATIN1'
lc_collate: 'pt_BR{{ locale_latin_suffix }}'
lc_ctype: 'es_ES{{ locale_latin_suffix }}'
template: 'template0'
login_user: "{{ pg_user }}"
register: result
- assert:
that:
- result is not changed
- name: Check that attempting to change encoding returns an error
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
name: '{{ db_name }}'
state: 'present'
encoding: 'UTF8'
lc_collate: 'pt_BR{{ locale_utf8_suffix }}'
lc_ctype: 'es_ES{{ locale_utf8_suffix }}'
template: 'template0'
login_user: "{{ pg_user }}"
register: result
ignore_errors: yes
- assert:
that:
- result is failed
- name: Check that changing the conn_limit actually works
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
name: '{{ db_name }}'
state: 'present'
conn_limit: '200'
encoding: 'LATIN1'
lc_collate: 'pt_BR{{ locale_latin_suffix }}'
lc_ctype: 'es_ES{{ locale_latin_suffix }}'
template: 'template0'
login_user: "{{ pg_user }}"
register: result
- assert:
that:
- result is changed
- result.executed_commands == ['ALTER DATABASE "{{ db_name }}" CONNECTION LIMIT 200']
- name: Check that conn_limit has actually been set / updated to 200
become_user: "{{ pg_user }}"
become: yes
shell: echo "SELECT datconnlimit AS conn_limit FROM pg_database WHERE datname = '{{ db_name }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- "'200' == '{{ result.stdout_lines[-2] | trim }}'"
- name: Cleanup test DB
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
name: '{{ db_name }}'
state: 'absent'
login_user: "{{ pg_user }}"
- shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres
become_user: "{{ pg_user }}"
become: yes
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
#
# Test db ownership
#
- name: Create an unprivileged user to own a DB
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
name: "{{ item }}"
encrypted: 'yes'
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
login_user: "{{ pg_user }}"
db: postgres
loop:
- "{{ db_user1 }}"
- "{{ db_user2 }}"
- name: Create db with user ownership
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
name: "{{ db_name }}"
state: "present"
owner: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
register: result
- assert:
that:
- result is changed
- result.executed_commands == ['CREATE DATABASE "{{ db_name }}" OWNER "{{ db_user1 }}"']
- name: Check that the user owns the newly created DB
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: >
SELECT 1 FROM pg_catalog.pg_database
WHERE datname = '{{ db_name }}'
AND pg_catalog.pg_get_userbyid(datdba) = '{{ db_user1 }}'
register: result
- assert:
that:
- result.rowcount == 1
- name: Change the owner on an existing db, username with dots
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
name: "{{ db_name }}"
state: "present"
owner: "{{ db_user2 }}"
login_user: "{{ pg_user }}"
register: result
- assert:
that:
- result is changed
- result.executed_commands == ['ALTER DATABASE "{{ db_name }}" OWNER TO "{{ db_user2 }}"']
- name: Check the previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
login_user: "{{ pg_user }}"
db: postgres
query: >
SELECT 1 FROM pg_catalog.pg_database
WHERE datname = '{{ db_name }}'
AND pg_catalog.pg_get_userbyid(datdba) = '{{ db_user2 }}'
register: result
- assert:
that:
- result.rowcount == 1
- name: Change the owner on an existing db
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
name: "{{ db_name }}"
state: "present"
owner: "{{ pg_user }}"
login_user: "{{ pg_user }}"
register: result
- name: assert that ansible says it changed the db
assert:
that:
- result is changed
- name: Check that the user owns the newly created DB
become_user: "{{ pg_user }}"
become: yes
shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- "'{{ pg_user }}' == '{{ result.stdout_lines[-2] | trim }}'"
- name: Cleanup db
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
name: "{{ db_name }}"
state: "absent"
login_user: "{{ pg_user }}"
- name: Check that database was destroyed
become_user: "{{ pg_user }}"
become: yes
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Cleanup test user
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
login_user: "{{ pg_user }}"
db: postgres
- name: Check that they were removed
become_user: "{{ pg_user }}"
become: yes
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"

80
tests/integration/targets/postgresql_db/tasks/postgresql_db_session_role.yml
View file

@ -1,80 +0,0 @@
- name: Check that becoming an non-existing user throws an error
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: must_fail
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
register: result
ignore_errors: yes
- assert:
that:
- result is failed
- name: Create a high privileged user
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ db_session_role1 }}"
state: "present"
password: "password"
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
login_user: "{{ pg_user }}"
db: postgres
- name: Create a low privileged user using the newly created user
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ db_session_role2 }}"
state: "present"
password: "password"
role_attr_flags: "LOGIN"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
db: postgres
- name: Create DB as session_role
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
register: result
- name: Check that database created and is owned by correct user
become_user: "{{ pg_user }}"
become: yes
shell: echo "select rolname from pg_database join pg_roles on datdba = pg_roles.oid where datname = '{{ db_session_role1 }}';" | psql -AtXq postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '{{ db_session_role1 }}'"
- name: Fail when creating database as low privileged user
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: "{{ db_session_role2 }}"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role2 }}"
register: result
ignore_errors: yes
- assert:
that:
- result is failed
- name: Drop test db
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: absent
name: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"

235
tests/integration/targets/postgresql_db/tasks/state_dump_restore.yml
View file

@ -1,235 +0,0 @@
# test code for state dump and restore for postgresql_db module
# copied from mysql_db/tasks/state_dump_import.yml
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# ============================================================
- name: Create a test user
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ db_user1 }}"
state: "present"
encrypted: 'yes'
password: "password"
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
login_user: "{{ pg_user }}"
db: postgres
- set_fact: db_file_name="{{tmp_dir}}/{{file}}"
- set_fact:
admin_str: "psql -U {{ pg_user }}"
- set_fact:
user_str: "env PGPASSWORD=password psql -h localhost -U {{ db_user1 }} {{ db_name }}"
when: test_fixture == "user"
# "-n public" is required to work around pg_restore issues with plpgsql
- set_fact:
user_str: "psql -U {{ pg_user }} {{ db_name }}"
when: test_fixture == "admin"
- set_fact:
sql_create: "create table employee(id int, name varchar(100));"
sql_insert: "insert into employee values (47,'Joe Smith');"
sql_select: "select * from employee;"
- name: state dump/restore - create database
postgresql_db:
state: present
name: "{{ db_name }}"
owner: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
- name: state dump/restore - create table employee
command: '{{ user_str }} -c "{{ sql_create }}"'
- name: state dump/restore - insert data into table employee
command: '{{ user_str }} -c "{{ sql_insert }}"'
- name: state dump/restore - file name should not exist
file: name={{ db_file_name }} state=absent
- name: test state=dump to backup the database (expect changed=true)
postgresql_db:
name: "{{ db_name }}"
target: "{{ db_file_name }}"
owner: "{{ db_user1 }}"
login_user: '{{(test_fixture == "user")|ternary(db_user1, pg_user)}}'
target_opts: '{{(test_fixture == "user")|ternary("-n public", omit)}}'
login_host: '{{(test_fixture == "user")|ternary("localhost", omit)}}'
login_password: '{{(test_fixture == "user")|ternary("password", omit)}}'
state: dump
dump_extra_args: --exclude-table=fake
register: result
become_user: "{{ pg_user }}"
become: yes
- name: assert output message backup the database
assert:
that:
- result is changed
- result.executed_commands[0] is search("--exclude-table=fake")
- name: assert database was backed up successfully
command: file {{ db_file_name }}
register: result
- name: state dump/restore - remove database for restore
postgresql_db:
name: "{{ db_name }}"
target: "{{ db_file_name }}"
owner: "{{ db_user1 }}"
login_user: '{{(test_fixture == "user")|ternary(db_user1, pg_user)}}'
target_opts: '{{(test_fixture == "user")|ternary("-n public", omit)}}'
login_host: '{{(test_fixture == "user")|ternary("localhost", omit)}}'
login_password: '{{(test_fixture == "user")|ternary("password", omit)}}'
state: absent
- name: state dump/restore - re-create database
postgresql_db:
state: present
name: "{{ db_name }}"
owner: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
- name: test state=restore to restore the database (expect changed=true)
postgresql_db:
name: "{{ db_name }}"
target: "{{ db_file_name }}"
owner: "{{ db_user1 }}"
login_user: '{{(test_fixture == "user")|ternary(db_user1, pg_user)}}'
target_opts: '{{(test_fixture == "user")|ternary("-n public", omit)}}'
login_host: '{{(test_fixture == "user")|ternary("localhost", omit)}}'
login_password: '{{(test_fixture == "user")|ternary("password", omit)}}'
state: restore
register: result
become_user: "{{ pg_user }}"
become: yes
- name: assert output message restore the database
assert:
that:
- result is changed
- name: select data from table employee
command: '{{ user_str }} -c "{{ sql_select }}"'
register: result
- name: assert data in database is from the restore database
assert:
that:
- "'47' in result.stdout"
- "'Joe Smith' in result.stdout"
############################
# 1. Test trust_input parameter
# 2. Test db name containing dots
- name: state dump/restore - create database, trust_input no
become: yes
become_user: "{{ pg_user }}"
postgresql_db:
state: present
name: "{{ suspicious_db_name }}"
owner: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
trust_input: no
register: result
ignore_errors: yes
- assert:
that:
- result is failed
- result.msg == 'Passed input \'{{ suspicious_db_name }}\' is potentially dangerous'
- name: state dump/restore - create database, trust_input yes explicitly
become: yes
become_user: "{{ pg_user }}"
postgresql_db:
state: present
name: "{{ suspicious_db_name }}"
owner: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
trust_input: yes
register: result
- assert:
that:
- result is changed
- name: test state=restore to restore the database (expect changed=true)
become: yes
become_user: "{{ pg_user }}"
postgresql_db:
name: "{{ db_name_with_dot }}"
target: "{{ db_file_name }}"
owner: "{{ db_user1 }}"
login_user: '{{(test_fixture == "user")|ternary(db_user1, pg_user)}}'
target_opts: '{{(test_fixture == "user")|ternary("-n public", omit)}}'
login_host: '{{(test_fixture == "user")|ternary("localhost", omit)}}'
login_password: '{{(test_fixture == "user")|ternary("password", omit)}}'
state: restore
register: result
- name: assert output message restore the database
assert:
that:
- result is changed
- name: state dump/restore - remove databases
become: yes
become_user: "{{ pg_user }}"
postgresql_db:
state: absent
name: "{{ db_name_with_dot }}"
owner: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
trust_input: yes
register: result
- assert:
that:
- result is changed
# Clean up
- name: state dump/restore - remove database name
postgresql_db:
name: "{{ db_name }}"
target: "{{ db_file_name }}"
owner: "{{ db_user1 }}"
login_user: '{{(test_fixture == "user")|ternary(db_user1, pg_user)}}'
target_opts: '{{(test_fixture == "user")|ternary("-n public", omit)}}'
login_host: '{{(test_fixture == "user")|ternary("localhost", omit)}}'
login_password: '{{(test_fixture == "user")|ternary("password", omit)}}'
state: absent
- name: remove file name
file: name={{ db_file_name }} state=absent
- name: Remove the test user
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ db_user1 }}"
state: "absent"
login_user: "{{ pg_user }}"
db: postgres

7
tests/integration/targets/postgresql_ext/aliases
View file

@ -1,7 +0,0 @@
destructive
shippable/posix/group4
skip/aix
skip/osx
skip/macos
skip/freebsd
disabled # tests already running in community.postgresql

2
tests/integration/targets/postgresql_ext/defaults/main.yml
View file

@ -1,2 +0,0 @@
db_session_role1: 'session_role1'
db_session_role2: 'session_role2'

3
tests/integration/targets/postgresql_ext/meta/main.yml
View file

@ -1,3 +0,0 @@
dependencies:
- setup_pkg_mgr
- setup_postgresql_db

26
tests/integration/targets/postgresql_ext/tasks/main.yml
View file

@ -1,26 +0,0 @@
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
- import_tasks: postgresql_ext_session_role.yml
# Initial CI tests of postgresql_ext module.
# pg_extension system view is available from PG 9.1.
# The tests are restricted by Fedora because there will be errors related with
# attempts to change the environment during postgis installation or
# missing postgis package in repositories.
# Anyway, these tests completely depend on Postgres version,
# not specific distributions.
- import_tasks: postgresql_ext_initial.yml
when:
- postgres_version_resp.stdout is version('9.1', '>=')
- ansible_distribution == 'Fedora'
# CI tests of "version" option.
# It uses a mock extension, see test/integration/targets/setup_postgresql_db/.
# TODO: change postgresql_ext_initial.yml to use the mock extension too.
- import_tasks: postgresql_ext_version_opt.yml
when:
- ansible_distribution == 'Ubuntu'
- postgres_version_resp.stdout is version('9.1', '>=')

208
tests/integration/targets/postgresql_ext/tasks/postgresql_ext_initial.yml
View file

@ -1,208 +0,0 @@
---
- name: postgresql_ext - install postgis on Linux
package: name=postgis state=present
when: ansible_os_family != "Windows"
- name: postgresql_ext - create schema schema1
become_user: '{{ pg_user }}'
become: true
postgresql_schema:
database: postgres
name: schema1
state: present
- name: postgresql_ext - drop extension if exists
become_user: '{{ pg_user }}'
become: true
postgresql_query:
db: postgres
query: DROP EXTENSION IF EXISTS postgis
ignore_errors: true
- name: postgresql_ext - create extension postgis in check_mode
become_user: '{{ pg_user }}'
become: true
postgresql_ext:
login_db: postgres
login_port: 5432
name: postgis
check_mode: true
ignore_errors: true
register: result
- assert:
that:
- result is changed
- result.queries == []
- name: postgresql_ext - check that extension doesn't exist after the previous step
become_user: '{{ pg_user }}'
become: true
postgresql_query:
db: postgres
query: SELECT extname FROM pg_extension WHERE extname='postgis'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 0
- name: postgresql_ext - create extension postgis
become_user: '{{ pg_user }}'
become: true
postgresql_ext:
login_db: postgres
login_port: 5432
name: postgis
ignore_errors: true
register: result
- assert:
that:
- result is changed
- result.queries == ['CREATE EXTENSION "postgis"']
- name: postgresql_ext - check that extension exists after the previous step
become_user: '{{ pg_user }}'
become: true
postgresql_query:
db: postgres
query: SELECT extname FROM pg_extension WHERE extname='postgis'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 1
- name: postgresql_ext - drop extension postgis
become_user: '{{ pg_user }}'
become: true
postgresql_ext:
db: postgres
name: postgis
state: absent
ignore_errors: true
register: result
- assert:
that:
- result is changed
- result.queries == ['DROP EXTENSION "postgis"']
- name: postgresql_ext - check that extension doesn't exist after the previous step
become_user: '{{ pg_user }}'
become: true
postgresql_query:
db: postgres
query: SELECT extname FROM pg_extension WHERE extname='postgis'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 0
- name: postgresql_ext - create extension postgis
become_user: '{{ pg_user }}'
become: true
postgresql_ext:
db: postgres
name: postgis
schema: schema1
ignore_errors: true
register: result
- assert:
that:
- result is changed
- result.queries == ['CREATE EXTENSION "postgis" WITH SCHEMA "schema1"']
- name: postgresql_ext - check that extension exists after the previous step
become_user: '{{ pg_user }}'
become: true
postgresql_query:
db: postgres
query: "SELECT extname FROM pg_extension AS e LEFT JOIN pg_catalog.pg_namespace AS n \nON n.oid = e.extnamespace WHERE e.extname='postgis' AND n.nspname='schema1'\n"
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 1
- name: postgresql_ext - drop extension postgis cascade
become_user: '{{ pg_user }}'
become: true
postgresql_ext:
db: postgres
name: postgis
state: absent
cascade: true
ignore_errors: true
register: result
- assert:
that:
- result is changed
- result.queries == ['DROP EXTENSION "postgis" CASCADE']
- name: postgresql_ext - check that extension doesn't exist after the previous step
become_user: '{{ pg_user }}'
become: true
postgresql_query:
db: postgres
query: SELECT extname FROM pg_extension WHERE extname='postgis'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 0
- name: postgresql_ext - create extension postgis cascade
become_user: '{{ pg_user }}'
become: true
postgresql_ext:
db: postgres
name: postgis
cascade: true
ignore_errors: true
register: result
when: postgres_version_resp.stdout is version('9.6', '<=')
- assert:
that:
- result is changed
- result.queries == ['CREATE EXTENSION "postgis" CASCADE"']
when: postgres_version_resp.stdout is version('9.6', '<=')
- name: postgresql_ext - check that extension exists after the previous step
become_user: '{{ pg_user }}'
become: true
postgresql_query:
db: postgres
query: SELECT extname FROM pg_extension WHERE extname='postgis'
ignore_errors: true
register: result
when: postgres_version_resp.stdout is version('9.6', '<=')
- assert:
that:
- result.rowcount == 1
when: postgres_version_resp.stdout is version('9.6', '<=')
- name: postgresql_ext - check that using a dangerous name fails
postgresql_ext:
db: postgres
name: postgis
session_role: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
trust_input: no
ignore_errors: true
register: result
- assert:
that:
- result is failed
- result.msg is search('is potentially dangerous')

114
tests/integration/targets/postgresql_ext/tasks/postgresql_ext_session_role.yml
View file

@ -1,114 +0,0 @@
- name: Create a high privileged user
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ db_session_role1 }}"
state: "present"
password: "password"
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
login_user: "{{ pg_user }}"
db: postgres
- name: Create DB as session_role
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
register: result
- name: Check that pg_extension exists (PostgreSQL >= 9.1)
become_user: "{{ pg_user }}"
become: yes
shell: echo "select count(*) from pg_class where relname='pg_extension' and relkind='r'" | psql -AtXq postgres
register: pg_extension
- name: Remove plpgsql from testdb using postgresql_ext
become_user: "{{ pg_user }}"
become: yes
postgresql_ext:
name: plpgsql
db: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
state: absent
when:
"pg_extension.stdout_lines[-1] == '1'"
- name: Fail when trying to create an extension as a mere mortal user
become_user: "{{ pg_user }}"
become: yes
postgresql_ext:
name: plpgsql
db: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role2 }}"
ignore_errors: yes
register: result
when:
"pg_extension.stdout_lines[-1] == '1'"
- assert:
that:
- result is failed
when:
"pg_extension.stdout_lines[-1] == '1'"
- name: Install extension as session_role
become_user: "{{ pg_user }}"
become: yes
postgresql_ext:
name: plpgsql
db: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
trust_input: no
when:
"pg_extension.stdout_lines[-1] == '1'"
- name: Check that extension is created and is owned by session_role
become_user: "{{ pg_user }}"
become: yes
shell: echo "select rolname from pg_extension join pg_roles on extowner=pg_roles.oid where extname='plpgsql';" | psql -AtXq "{{ db_session_role1 }}"
register: result
when:
"pg_extension.stdout_lines[-1] == '1'"
- assert:
that:
- "result.stdout_lines[-1] == '{{ db_session_role1 }}'"
when:
"pg_extension.stdout_lines[-1] == '1'"
- name: Remove plpgsql from testdb using postgresql_ext
become_user: "{{ pg_user }}"
become: yes
postgresql_ext:
name: plpgsql
db: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
state: absent
trust_input: no
when:
"pg_extension.stdout_lines[-1] == '1'"
- name: Drop test db
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: absent
name: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
- name: Drop test users
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ item }}"
state: absent
login_user: "{{ pg_user }}"
db: postgres
with_items:
- "{{ db_session_role1 }}"
- "{{ db_session_role2 }}"

364
tests/integration/targets/postgresql_ext/tasks/postgresql_ext_version_opt.yml
View file

@ -1,364 +0,0 @@
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# Tests for postgresql_ext version option
- vars:
test_ext: dummy
test_schema: schema1
task_parameters: &task_parameters
become_user: '{{ pg_user }}'
become: yes
register: result
pg_parameters: &pg_parameters
login_user: '{{ pg_user }}'
login_db: postgres
block:
# Preparation:
- name: postgresql_ext_version - create schema schema1
<<: *task_parameters
postgresql_schema:
<<: *pg_parameters
name: "{{ test_schema }}"
# Do tests:
- name: postgresql_ext_version - create extension of specific version, check mode
<<: *task_parameters
postgresql_ext:
<<: *pg_parameters
name: "{{ test_ext }}"
schema: "{{ test_schema }}"
version: '1.0'
trust_input: no
check_mode: yes
- assert:
that:
- result is changed
- name: postgresql_ext_version - check that nothing was actually changed
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}'"
- assert:
that:
- result.rowcount == 0
- name: postgresql_ext_version - create extension of specific version
<<: *task_parameters
postgresql_ext:
<<: *pg_parameters
name: "{{ test_ext }}"
schema: "{{ test_schema }}"
version: '1.0'
trust_input: no
- assert:
that:
- result is changed
- result.queries == ["CREATE EXTENSION \"{{ test_ext }}\" WITH SCHEMA \"{{ test_schema }}\" VERSION '1.0'"]
- name: postgresql_ext_version - check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}' AND extversion = '1.0'"
- assert:
that:
- result.rowcount == 1
- name: postgresql_ext_version - try to create extension of the same version again in check_mode
<<: *task_parameters
postgresql_ext:
<<: *pg_parameters
name: "{{ test_ext }}"
schema: "{{ test_schema }}"
version: '1.0'
trust_input: no
check_mode: yes
- assert:
that:
- result is not changed
- name: postgresql_ext_version - check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}' AND extversion = '1.0'"
- assert:
that:
- result.rowcount == 1
- name: postgresql_ext_version - try to create extension of the same version again in actual mode
<<: *task_parameters
postgresql_ext:
<<: *pg_parameters
name: "{{ test_ext }}"
schema: "{{ test_schema }}"
version: '1.0'
trust_input: no
- assert:
that:
- result is not changed
- name: postgresql_ext_version - check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}' AND extversion = '1.0'"
- assert:
that:
- result.rowcount == 1
- name: postgresql_ext_version - update the extension to the next version in check_mode
<<: *task_parameters
postgresql_ext:
<<: *pg_parameters
name: "{{ test_ext }}"
schema: "{{ test_schema }}"
version: '2.0'
trust_input: no
check_mode: yes
- assert:
that:
- result is changed
- name: postgresql_ext_version - check, the version must be 1.0
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}' AND extversion = '1.0'"
- assert:
that:
- result.rowcount == 1
- name: postgresql_ext_version - update the extension to the next version
<<: *task_parameters
postgresql_ext:
<<: *pg_parameters
name: "{{ test_ext }}"
schema: "{{ test_schema }}"
version: '2.0'
trust_input: no
- assert:
that:
- result is changed
- result.queries == ["ALTER EXTENSION \"{{ test_ext }}\" UPDATE TO '2.0'"]
- name: postgresql_ext_version - check, the version must be 2.0
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}' AND extversion = '2.0'"
- assert:
that:
- result.rowcount == 1
- name: postgresql_ext_version - check that version won't be changed if version won't be passed
<<: *task_parameters
postgresql_ext:
<<: *pg_parameters
name: "{{ test_ext }}"
schema: "{{ test_schema }}"
trust_input: no
- assert:
that:
- result is not changed
- name: postgresql_ext_version - check, the version must be 2.0
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}' AND extversion = '2.0'"
- assert:
that:
- result.rowcount == 1
- name: postgresql_ext_version - update the extension to the latest version
<<: *task_parameters
postgresql_ext:
<<: *pg_parameters
name: "{{ test_ext }}"
schema: "{{ test_schema }}"
version: latest
trust_input: no
- assert:
that:
- result is changed
- result.queries == ["ALTER EXTENSION \"{{ test_ext }}\" UPDATE TO '3.0'"]
- name: postgresql_ext_version - check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}' AND extversion = '3.0'"
- assert:
that:
- result.rowcount == 1
- name: postgresql_ext_version - try to update the extension to the latest version again
<<: *task_parameters
postgresql_ext:
<<: *pg_parameters
name: "{{ test_ext }}"
schema: "{{ test_schema }}"
version: latest
trust_input: no
- assert:
that:
- result is not changed
- name: postgresql_ext_version - try to downgrade the extension version, must fail
<<: *task_parameters
postgresql_ext:
<<: *pg_parameters
name: "{{ test_ext }}"
schema: "{{ test_schema }}"
version: '1.0'
trust_input: no
ignore_errors: yes
- assert:
that:
- result.failed == true
- name: postgresql_ext_version - drop the extension in check_mode
<<: *task_parameters
postgresql_ext:
<<: *pg_parameters
name: "{{ test_ext }}"
state: absent
trust_input: no
check_mode: yes
- assert:
that:
- result is changed
- name: postgresql_ext_version - check that extension exists
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}' AND extversion = '3.0'"
- assert:
that:
- result.rowcount == 1
- name: postgresql_ext_version - drop the extension in actual mode
<<: *task_parameters
postgresql_ext:
<<: *pg_parameters
name: "{{ test_ext }}"
state: absent
trust_input: no
- assert:
that:
- result is changed
- name: postgresql_ext_version - check that extension doesn't exist after the prev step
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}'"
- assert:
that:
- result.rowcount == 0
- name: postgresql_ext_version - try to drop the non-existent extension again
<<: *task_parameters
postgresql_ext:
<<: *pg_parameters
name: "{{ test_ext }}"
state: absent
trust_input: no
- assert:
that:
- result is not changed
- name: postgresql_ext_version - create the extension without passing version
<<: *task_parameters
postgresql_ext:
<<: *pg_parameters
name: "{{ test_ext }}"
trust_input: no
- assert:
that:
- result is changed
- result.queries == ["CREATE EXTENSION \"{{ test_ext }}\""]
- name: postgresql_ext_version - check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT 1 FROM pg_extension WHERE extname = '{{ test_ext }}' AND extversion = '3.0'"
- assert:
that:
- result.rowcount == 1
- name: postgresql_ext_version - try to install non-existent version
<<: *task_parameters
postgresql_ext:
<<: *pg_parameters
name: non_existent
trust_input: no
ignore_errors: yes
- assert:
that:
- result.failed == true
- result.msg == "Extension non_existent is not installed"
######################################################################
# https://github.com/ansible-collections/community.general/issues/1095
- name: Install postgis
package:
name: postgis
- name: Create postgis extension
<<: *task_parameters
postgresql_ext:
<<: *pg_parameters
name: postgis
version: latest
- assert:
that:
- result is changed
# Cleanup:
- name: postgresql_ext_version - drop the extension
<<: *task_parameters
postgresql_ext:
<<: *pg_parameters
name: "{{ test_ext }}"
state: absent
trust_input: no
- name: postgresql_ext_version - drop the schema
<<: *task_parameters
postgresql_schema:
<<: *pg_parameters
name: "{{ test_schema }}"
state: absent

6
tests/integration/targets/postgresql_idx/aliases
View file

@ -1,6 +0,0 @@
destructive
shippable/posix/group4
skip/aix
skip/osx
skip/macos
disabled # tests already running in community.postgresql

2
tests/integration/targets/postgresql_idx/meta/main.yml
View file

@ -1,2 +0,0 @@
dependencies:
- setup_postgresql_db

7
tests/integration/targets/postgresql_idx/tasks/main.yml
View file

@ -1,7 +0,0 @@
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
# Initial CI tests of postgresql_idx module
- import_tasks: postgresql_idx_initial.yml

377
tests/integration/targets/postgresql_idx/tasks/postgresql_idx_initial.yml
View file

@ -1,377 +0,0 @@
- name: postgresql_idx - create test table called test_table
become_user: '{{ pg_user }}'
become: true
shell: psql postgres -U "{{ pg_user }}" -t -c "CREATE TABLE test_table (id int, story text);"
ignore_errors: true
- name: postgresql_idx - drop test tablespace called ssd if exists
become_user: '{{ pg_user }}'
become: true
shell: psql postgres -U "{{ pg_user }}" -t -c "DROP TABLESPACE IF EXISTS ssd;"
ignore_errors: true
- name: postgresql_idx - drop dir for test tablespace
become: true
file:
path: /mnt/ssd
state: absent
ignore_errors: true
- name: postgresql_idx - create dir for test tablespace
become: true
file:
path: /mnt/ssd
state: directory
owner: '{{ pg_user }}'
mode: '0755'
ignore_errors: true
- name: postgresql_idx - create test tablespace called ssd
become_user: '{{ pg_user }}'
become: true
shell: psql postgres -U "{{ pg_user }}" -t -c "CREATE TABLESPACE ssd LOCATION '/mnt/ssd';"
ignore_errors: true
register: tablespace
- name: postgresql_idx - create test schema
become_user: '{{ pg_user }}'
become: true
shell: psql postgres -U "{{ pg_user }}" -t -c "CREATE SCHEMA foo;"
ignore_errors: true
- name: postgresql_idx - create table in non-default schema
become_user: '{{ pg_user }}'
become: true
shell: psql postgres -U "{{ pg_user }}" -t -c "CREATE TABLE foo.foo_table (id int, story text);"
ignore_errors: true
- name: postgresql_idx - create btree index in check_mode
become_user: '{{ pg_user }}'
become: true
postgresql_idx:
db: postgres
login_user: '{{ pg_user }}'
table: test_table
columns: id, story
idxname: Test0_idx
check_mode: true
register: result
ignore_errors: true
- assert:
that:
- result is changed
- result.tblname == ''
- result.name == 'Test0_idx'
- result.state == 'absent'
- result.valid != ''
- result.tblspace == ''
- result.storage_params == []
- result.schema == ''
- result.query == ''
- name: postgresql_idx - check nothing changed after the previous step
become_user: '{{ pg_user }}'
become: true
postgresql_query:
db: postgres
login_user: '{{ pg_user }}'
query: SELECT 1 FROM pg_indexes WHERE indexname = 'Test0_idx'
register: result
- assert:
that:
- result.rowcount == 0
- name: postgresql_idx - create btree index concurrently
become_user: '{{ pg_user }}'
become: true
postgresql_idx:
db: postgres
login_user: '{{ pg_user }}'
table: test_table
columns: id, story
idxname: Test0_idx
trust_input: no
register: result
ignore_errors: true
- assert:
that:
- result is changed
- result.tblname == 'test_table'
- result.name == 'Test0_idx'
- result.state == 'present'
- result.valid != ''
- result.tblspace == ''
- result.storage_params == []
- result.schema == 'public'
- result.query == 'CREATE INDEX CONCURRENTLY "Test0_idx" ON "public"."test_table" USING BTREE (id, story)'
- name: postgresql_idx - check the index exists after the previous step
become_user: '{{ pg_user }}'
become: true
postgresql_query:
db: postgres
login_user: '{{ pg_user }}'
query: SELECT 1 FROM pg_indexes WHERE indexname = 'Test0_idx'
register: result
- assert:
that:
- result.rowcount == 1
- name: postgresql_idx - try to create existing index again
become_user: '{{ pg_user }}'
become: true
postgresql_idx:
db: postgres
login_user: '{{ pg_user }}'
table: test_table
columns: id, story
idxname: Test0_idx
register: result
ignore_errors: true
- assert:
that:
- result is not changed
- result.tblname == 'test_table'
- result.name == 'Test0_idx'
- result.state == 'present'
- result.valid != ''
- result.tblspace == ''
- result.storage_params == []
- result.schema == 'public'
- result.query == ''
- name: postgresql_idx - create btree index - non-default schema, tablespace, storage parameter
become_user: '{{ pg_user }}'
become: true
postgresql_idx:
db: postgres
login_user: '{{ pg_user }}'
schema: foo
table: foo_table
columns:
- id
- story
idxname: foo_test_idx
tablespace: ssd
storage_params: fillfactor=90
trust_input: no
register: result
ignore_errors: true
when: tablespace.rc == 0
- assert:
that:
- result is changed
- result.tblname == 'foo_table'
- result.name == 'foo_test_idx'
- result.state == 'present'
- result.valid != ''
- result.tblspace == 'ssd'
- result.storage_params == [ "fillfactor=90" ]
- result.schema == 'foo'
- result.query == 'CREATE INDEX CONCURRENTLY "foo_test_idx" ON "foo"."foo_table" USING BTREE (id,story) WITH (fillfactor=90) TABLESPACE "ssd"'
when: tablespace.rc == 0
- name: postgresql_idx - create brin index not concurrently
become_user: '{{ pg_user }}'
become: true
postgresql_idx:
db: postgres
login_user: '{{ pg_user }}'
schema: public
table: test_table
state: present
type: brin
columns: id
idxname: test_brin_idx
concurrent: false
trust_input: no
register: result
ignore_errors: true
- assert:
that:
- result is changed
- result.tblname == 'test_table'
- result.name == 'test_brin_idx'
- result.state == 'present'
- result.valid != ''
- result.tblspace == ''
- result.storage_params == []
- result.schema == 'public'
- result.query == 'CREATE INDEX "test_brin_idx" ON "public"."test_table" USING brin (id)'
when: postgres_version_resp.stdout is version('9.5', '>=')
- name: postgresql_idx - create index with condition
become_user: '{{ pg_user }}'
become: true
postgresql_idx:
db: postgres
login_user: '{{ pg_user }}'
table: test_table
columns: id
idxname: test1_idx
cond: id > 1 AND id != 10
trust_input: no
register: result
ignore_errors: true
- assert:
that:
- result is changed
- result.tblname == 'test_table'
- result.name == 'test1_idx'
- result.state == 'present'
- result.valid != ''
- result.tblspace == ''
- result.storage_params == []
- result.schema == 'public'
- result.query == 'CREATE INDEX CONCURRENTLY "test1_idx" ON "public"."test_table" USING BTREE (id) WHERE id > 1 AND id != 10'
- name: postgresql_idx - create unique index
become_user: '{{ pg_user }}'
become: true
postgresql_idx:
db: postgres
login_user: '{{ pg_user }}'
table: test_table
columns: story
idxname: test_unique0_idx
unique: true
trust_input: no
register: result
ignore_errors: true
- assert:
that:
- result is changed
- result.tblname == 'test_table'
- result.name == 'test_unique0_idx'
- result.state == 'present'
- result.valid != ''
- result.tblspace == ''
- result.storage_params == []
- result.schema == 'public'
- result.query == 'CREATE UNIQUE INDEX CONCURRENTLY "test_unique0_idx" ON "public"."test_table" USING BTREE (story)'
- name: postgresql_idx - avoid unique index with type different of btree
become_user: '{{ pg_user }}'
become: true
postgresql_idx:
db: postgres
login_user: '{{ pg_user }}'
table: test_table
columns: story
idxname: test_unique0_idx
unique: true
concurrent: false
type: brin
register: result
ignore_errors: true
- assert:
that:
- result is not changed
- result.msg == 'Only btree currently supports unique indexes'
- name: postgresql_idx - drop index from specific schema cascade in check_mode
become_user: '{{ pg_user }}'
become: true
postgresql_idx:
db: postgres
login_user: '{{ pg_user }}'
schema: foo
name: foo_test_idx
cascade: true
state: absent
concurrent: false
trust_input: yes
check_mode: true
register: result
ignore_errors: true
when: tablespace.rc == 0
- assert:
that:
- result is changed
- result.name == 'foo_test_idx'
- result.state == 'present'
- result.schema == 'foo'
- result.query == ''
when: tablespace.rc == 0
- name: postgresql_idx - check the index exists after the previous step
become_user: '{{ pg_user }}'
become: true
postgresql_query:
db: postgres
login_user: '{{ pg_user }}'
query: SELECT 1 FROM pg_indexes WHERE indexname = 'foo_test_idx' AND schemaname = 'foo'
register: result
when: tablespace.rc == 0
- assert:
that:
- result.rowcount == 1
when: tablespace.rc == 0
- name: postgresql_idx - drop index from specific schema cascade
become_user: '{{ pg_user }}'
become: true
postgresql_idx:
db: postgres
login_user: '{{ pg_user }}'
schema: foo
name: foo_test_idx
cascade: true
state: absent
concurrent: false
register: result
ignore_errors: true
when: tablespace.rc == 0
- assert:
that:
- result is changed
- result.name == 'foo_test_idx'
- result.state == 'absent'
- result.schema == 'foo'
- result.query == 'DROP INDEX "foo"."foo_test_idx" CASCADE'
when: tablespace.rc == 0
- name: postgresql_idx - check the index doesn't exist after the previous step
become_user: '{{ pg_user }}'
become: true
postgresql_query:
db: postgres
login_user: '{{ pg_user }}'
query: SELECT 1 FROM pg_indexes WHERE indexname = 'foo_test_idx' and schemaname = 'foo'
register: result
when: tablespace.rc == 0
- assert:
that:
- result.rowcount == 0
when: tablespace.rc == 0
- name: postgresql_idx - try to drop not existing index
become_user: '{{ pg_user }}'
become: true
postgresql_idx:
db: postgres
login_user: '{{ pg_user }}'
schema: foo
name: foo_test_idx
state: absent
register: result
ignore_errors: true
- assert:
that:
- result is not changed
- result.query == ''

8
tests/integration/targets/postgresql_info/aliases
View file

@ -1,8 +0,0 @@
destructive
shippable/posix/group1
skip/aix
skip/osx
skip/macos
skip/freebsd
skip/rhel
disabled # tests already running in community.postgresql

15
tests/integration/targets/postgresql_info/defaults/main.yml
View file

@ -1,15 +0,0 @@
---
pg_user: postgres
db_default: postgres
master_port: 5433
replica_port: 5434
test_table1: acme1
test_pub: first_publication
test_pub2: second_publication
replication_role: logical_replication
replication_pass: alsdjfKJKDf1#
test_db: acme_db
test_subscription: test
test_subscription2: test2
conn_timeout: 100

2
tests/integration/targets/postgresql_info/meta/main.yml
View file

@ -1,2 +0,0 @@
dependencies:
- setup_postgresql_replication

12
tests/integration/targets/postgresql_info/tasks/main.yml
View file

@ -1,12 +0,0 @@
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
# For testing getting publication and subscription info
- import_tasks: setup_publication.yml
when: ansible_distribution == 'Ubuntu' and ansible_distribution_major_version >= '18'
# Initial CI tests of postgresql_info module
- import_tasks: postgresql_info_initial.yml
when: ansible_distribution == 'Ubuntu' and ansible_distribution_major_version >= '18'

177
tests/integration/targets/postgresql_info/tasks/postgresql_info_initial.yml
View file

@ -1,177 +0,0 @@
# Copyright: (c) 2020, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- vars:
task_parameters: &task_parameters
become_user: '{{ pg_user }}'
become: yes
register: result
pg_parameters: &pg_parameters
login_user: '{{ pg_user }}'
login_db: '{{ db_default }}'
block:
- name: Create test subscription
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
login_db: '{{ test_db }}'
state: present
publications: '{{ test_pub }}'
connparams:
host: 127.0.0.1
port: '{{ master_port }}'
user: '{{ replication_role }}'
password: '{{ replication_pass }}'
dbname: '{{ test_db }}'
- name: Create test subscription
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription2 }}'
login_db: '{{ test_db }}'
state: present
publications: '{{ test_pub2 }}'
connparams:
host: 127.0.0.1
port: '{{ master_port }}'
user: '{{ replication_role }}'
password: '{{ replication_pass }}'
dbname: '{{ test_db }}'
- name: postgresql_info - create role to check session_role
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
login_port: '{{ replica_port }}'
login_user: "{{ pg_user }}"
name: session_superuser
role_attr_flags: SUPERUSER
- name: postgresql_info - test return values and session_role param
<<: *task_parameters
postgresql_info:
<<: *pg_parameters
login_port: '{{ replica_port }}'
session_role: session_superuser
- assert:
that:
- result.version != {}
- result.in_recovery == false
- result.databases.{{ db_default }}.collate
- result.databases.{{ db_default }}.languages
- result.databases.{{ db_default }}.namespaces
- result.databases.{{ db_default }}.extensions
- result.databases.{{ test_db }}.subscriptions.{{ test_subscription }}
- result.databases.{{ test_db }}.subscriptions.{{ test_subscription2 }}
- result.settings
- result.tablespaces
- result.roles
- name: postgresql_info - check filter param passed by list
<<: *task_parameters
postgresql_info:
<<: *pg_parameters
login_port: '{{ replica_port }}'
filter:
- ver*
- rol*
- in_recov*
- assert:
that:
- result.version != {}
- result.roles
- result.in_recovery == false
- result.databases == {}
- result.repl_slots == {}
- result.replications == {}
- result.settings == {}
- result.tablespaces == {}
- name: postgresql_info - check filter param passed by string
<<: *task_parameters
postgresql_info:
<<: *pg_parameters
filter: ver*,role*
- assert:
that:
- result.version != {}
- result.roles
- result.databases == {}
- result.repl_slots == {}
- result.replications == {}
- result.settings == {}
- result.tablespaces == {}
- name: postgresql_info - check filter param passed by string
<<: *task_parameters
postgresql_info:
<<: *pg_parameters
filter: ver*
- assert:
that:
- result.version
- result.roles == {}
- name: postgresql_info - check excluding filter param passed by list
<<: *task_parameters
postgresql_info:
<<: *pg_parameters
filter:
- "!ver*"
- "!rol*"
- "!in_rec*"
- assert:
that:
- result.version == {}
- result.in_recovery == None
- result.roles == {}
- result.databases
- name: postgresql_info - test return publication info
<<: *task_parameters
postgresql_info:
<<: *pg_parameters
login_db: '{{ test_db }}'
login_port: '{{ master_port }}'
trust_input: yes
- assert:
that:
- result.version != {}
- result.in_recovery == false
- result.databases.{{ db_default }}.collate
- result.databases.{{ db_default }}.languages
- result.databases.{{ db_default }}.namespaces
- result.databases.{{ db_default }}.extensions
- result.databases.{{ test_db }}.publications.{{ test_pub }}.ownername == '{{ pg_user }}'
- result.databases.{{ test_db }}.publications.{{ test_pub2 }}.puballtables == true
- result.settings
- result.tablespaces
- result.roles
- name: postgresql_info - test trust_input parameter
<<: *task_parameters
postgresql_info:
<<: *pg_parameters
login_db: '{{ test_db }}'
login_port: '{{ master_port }}'
trust_input: no
session_role: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
register: result
ignore_errors: yes
- assert:
that:
- result is failed
- result.msg is search('is potentially dangerous')

61
tests/integration/targets/postgresql_info/tasks/setup_publication.yml
View file

@ -1,61 +0,0 @@
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# Preparation for further tests of postgresql_subscription module.
- vars:
task_parameters: &task_parameters
become_user: '{{ pg_user }}'
become: yes
register: result
pg_parameters: &pg_parameters
login_user: '{{ pg_user }}'
login_db: '{{ test_db }}'
block:
- name: Create test db
<<: *task_parameters
postgresql_db:
login_user: '{{ pg_user }}'
login_port: '{{ master_port }}'
maintenance_db: '{{ db_default }}'
name: '{{ test_db }}'
- name: Create test role
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
login_port: '{{ master_port }}'
name: '{{ replication_role }}'
password: '{{ replication_pass }}'
role_attr_flags: LOGIN,REPLICATION
- name: Create test table
<<: *task_parameters
postgresql_table:
<<: *pg_parameters
login_port: '{{ master_port }}'
name: '{{ test_table1 }}'
columns:
- id int
- name: Master - dump schema
<<: *task_parameters
shell: pg_dumpall -p '{{ master_port }}' -s > /tmp/schema.sql
- name: Replicat restore schema
<<: *task_parameters
shell: psql -p '{{ replica_port }}' -f /tmp/schema.sql
- name: Create publication
<<: *task_parameters
postgresql_publication:
<<: *pg_parameters
login_port: '{{ master_port }}'
name: '{{ test_pub }}'
- name: Create publication
<<: *task_parameters
postgresql_publication:
<<: *pg_parameters
login_port: '{{ master_port }}'
name: '{{ test_pub2 }}'

6
tests/integration/targets/postgresql_lang/aliases
View file

@ -1,6 +0,0 @@
destructive
shippable/posix/group4
skip/aix
skip/osx
skip/macos
disabled # tests already running in community.postgresql

2
tests/integration/targets/postgresql_lang/meta/main.yml
View file

@ -1,2 +0,0 @@
dependencies:
- setup_postgresql_db

25
tests/integration/targets/postgresql_lang/tasks/main.yml
View file

@ -1,25 +0,0 @@
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
- name: Include distribution specific variables
include_vars: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- "{{ ansible_facts.distribution }}-{{ ansible_facts.distribution_major_version }}.yml"
- default.yml
paths:
- vars
# Only run on CentOS 7 because there is a stack trace on CentOS 8 because the module
# is looking for the incorrect version of plpython.
# https://gist.github.com/samdoran/8fc1b4ae834d3e66d1895d087419b8d8
- name: Initial CI tests of postgresql_lang module
when:
- ansible_facts.distribution == 'CentOS'
- ansible_facts.distribution_major_version is version ('7', '==')
block:
- include_tasks: postgresql_lang_initial.yml
- include_tasks: postgresql_lang_add_owner_param.yml

199
tests/integration/targets/postgresql_lang/tasks/postgresql_lang_add_owner_param.yml
View file

@ -1,199 +0,0 @@
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- vars:
test_user1: alice
test_user2: bob
test_lang: plperl
non_existent_role: fake_role
task_parameters: &task_parameters
become_user: '{{ pg_user }}'
become: yes
register: result
pg_parameters: &pg_parameters
login_user: '{{ pg_user }}'
login_db: postgres
block:
- name: Create roles for tests
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ item }}'
loop:
- '{{ test_user1 }}'
- '{{ test_user2 }}'
- name: Create lang with owner in check_mode
<<: *task_parameters
postgresql_lang:
<<: *pg_parameters
name: '{{ test_lang }}'
owner: '{{ test_user1 }}'
trust_input: no
check_mode: yes
- assert:
that:
- result is changed
- result.queries == []
- name: Check that nothing was actually changed
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT r.rolname FROM pg_language l
JOIN pg_roles r ON l.lanowner = r.oid
WHERE l.lanname = '{{ test_lang }}'
AND r.rolname = '{{ test_user1 }}'
- assert:
that:
- result.rowcount == 0
- name: Create lang with owner
<<: *task_parameters
postgresql_lang:
<<: *pg_parameters
name: '{{ test_lang }}'
owner: '{{ test_user1 }}'
trust_input: no
- assert:
that:
- result is changed
- result.queries == ['CREATE LANGUAGE "{{ test_lang }}"', 'ALTER LANGUAGE "{{ test_lang }}" OWNER TO "{{ test_user1 }}"']
- name: Check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT r.rolname FROM pg_language l
JOIN pg_roles r ON l.lanowner = r.oid
WHERE l.lanname = '{{ test_lang }}'
AND r.rolname = '{{ test_user1 }}'
- assert:
that:
- result.rowcount == 1
- name: Change lang owner in check_mode
<<: *task_parameters
postgresql_lang:
<<: *pg_parameters
name: '{{ test_lang }}'
owner: '{{ test_user2 }}'
trust_input: yes
check_mode: yes
- assert:
that:
- result is changed
- result.queries == ['ALTER LANGUAGE "{{ test_lang }}" OWNER TO "{{ test_user2 }}"']
- name: Check that nothing was actually changed
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT r.rolname FROM pg_language l
JOIN pg_roles r ON l.lanowner = r.oid
WHERE l.lanname = '{{ test_lang }}'
AND r.rolname = '{{ test_user2 }}'
- assert:
that:
- result.rowcount == 0
- name: Change lang owner
<<: *task_parameters
postgresql_lang:
<<: *pg_parameters
name: '{{ test_lang }}'
owner: '{{ test_user2 }}'
- assert:
that:
- result is changed
# TODO: the first elem of the returned list below
# looks like a bug, not related with the option owner, needs to be checked
- result.queries == ["UPDATE pg_language SET lanpltrusted = false WHERE lanname = '{{ test_lang }}'", 'ALTER LANGUAGE "{{ test_lang }}" OWNER TO "{{ test_user2 }}"']
- name: Check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT r.rolname FROM pg_language l
JOIN pg_roles r ON l.lanowner = r.oid
WHERE l.lanname = '{{ test_lang }}'
AND r.rolname = '{{ test_user2 }}'
- assert:
that:
- result.rowcount == 1
- name: Try to change lang owner again to the same role
<<: *task_parameters
postgresql_lang:
<<: *pg_parameters
name: '{{ test_lang }}'
owner: '{{ test_user2 }}'
- assert:
that:
- result is not changed
- result.queries == []
- name: Check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT r.rolname FROM pg_language l
JOIN pg_roles r ON l.lanowner = r.oid
WHERE l.lanname = '{{ test_lang }}'
AND r.rolname = '{{ test_user2 }}'
- assert:
that:
- result.rowcount == 1
- name: Drop test lang with owner, must ignore
<<: *task_parameters
postgresql_lang:
<<: *pg_parameters
name: '{{ test_lang }}'
state: absent
owner: '{{ non_existent_role }}'
- assert:
that:
- result is changed
- result.queries == ["DROP LANGUAGE \"{{ test_lang }}\""]
- name: Check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT r.rolname FROM pg_language l
JOIN pg_roles r ON l.lanowner = r.oid
WHERE l.lanname = '{{ test_lang }}'
- assert:
that:
- result.rowcount == 0
# Clean up
- name: Drop test roles
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ item }}'
state: absent
loop:
- '{{ test_user1 }}'
- '{{ test_user2 }}'

231
tests/integration/targets/postgresql_lang/tasks/postgresql_lang_initial.yml
View file

@ -1,231 +0,0 @@
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# Preparation for tests:
- name: Install PostgreSQL support packages
become: yes
action: "{{ ansible_facts.pkg_mgr }}"
args:
name: "{{ postgresql_lang_packages }}"
state: present
###############
# Do main tests
#
# Create language in check_mode:
- name: postgresql_lang - create plperl in check_mode
become_user: "{{ pg_user }}"
become: yes
postgresql_lang:
db: postgres
login_user: "{{ pg_user }}"
name: plperl
register: result
ignore_errors: yes
check_mode: yes
- assert:
that:
- result is changed
- result.queries == []
- name: postgresql_lang - check that lang doesn't exist after previous step, rowcount must be 0
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_language WHERE lanname = 'plperl'"
register: result
- assert:
that:
- result.rowcount == 0
# Create language:
- name: postgresql_lang - create plperl
become_user: "{{ pg_user }}"
become: yes
postgresql_lang:
db: postgres
login_user: "{{ pg_user }}"
name: plperl
register: result
ignore_errors: yes
- assert:
that:
- result is changed
- result.queries == ['CREATE LANGUAGE "plperl"']
- name: postgresql_lang - check that lang exists after previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_language WHERE lanname = 'plperl'"
register: result
- assert:
that:
- result.rowcount == 1
# Drop language in check_mode:
- name: postgresql_lang - drop plperl in check_mode
become_user: "{{ pg_user }}"
become: yes
postgresql_lang:
db: postgres
login_user: "{{ pg_user }}"
name: plperl
state: absent
register: result
ignore_errors: yes
check_mode: yes
- assert:
that:
- result is changed
- result.queries == []
- name: postgresql_lang - check that lang exists after previous step, rowcount must be 1
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_language WHERE lanname = 'plperl'"
register: result
- assert:
that:
- result.rowcount == 1
# Drop language:
- name: postgresql_lang - drop plperl
become_user: "{{ pg_user }}"
become: yes
postgresql_lang:
db: postgres
login_user: "{{ pg_user }}"
name: plperl
state: absent
register: result
ignore_errors: yes
- assert:
that:
- result is changed
- result.queries == ['DROP LANGUAGE "plperl"']
- name: postgresql_lang - check that lang doesn't exist after previous step, rowcount must be 0
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_language WHERE lanname = 'plperl'"
register: result
- assert:
that:
- result.rowcount == 0
# Check fail_on_drop yes
- name: postgresql_lang - drop c language to check fail_on_drop yes
become_user: "{{ pg_user }}"
become: yes
postgresql_lang:
db: postgres
login_user: "{{ pg_user }}"
name: c
state: absent
fail_on_drop: yes
register: result
ignore_errors: yes
- assert:
that:
- result.failed == true
# Check fail_on_drop no
- name: postgresql_lang - drop c language to check fail_on_drop no
become_user: "{{ pg_user }}"
become: yes
postgresql_lang:
db: postgres
login_user: "{{ pg_user }}"
name: c
state: absent
fail_on_drop: no
register: result
ignore_errors: yes
- assert:
that:
- result.failed == false
# Create trusted language:
- name: postgresql_lang - create plpythonu
become_user: "{{ pg_user }}"
become: yes
postgresql_lang:
db: postgres
login_user: "{{ pg_user }}"
name: plpythonu
trust: yes
force_trust: yes
register: result
ignore_errors: yes
- assert:
that:
- result is changed
- result.queries == ['CREATE TRUSTED LANGUAGE "plpythonu"', "UPDATE pg_language SET lanpltrusted = true WHERE lanname = 'plpythonu'"]
- name: postgresql_lang - check that lang exists and it's trusted after previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_language WHERE lanname = 'plpythonu' AND lanpltrusted = 't'"
register: result
- assert:
that:
- result.rowcount == 1
# Drop language cascade, tests of aliases:
- name: postgresql_lang - drop plpythonu cascade
become_user: "{{ pg_user }}"
become: yes
postgresql_lang:
login_db: postgres
login_user: "{{ pg_user }}"
login_port: 5432
lang: plpythonu
state: absent
cascade: yes
register: result
ignore_errors: yes
- assert:
that:
- result is changed
- result.queries == ['DROP LANGUAGE "plpythonu" CASCADE']
- name: postgresql_lang - check that lang doesn't exist after previous step, rowcount must be 0
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_language WHERE lanname = 'plpythonu'"
register: result
- assert:
that:
- result.rowcount == 0

3
tests/integration/targets/postgresql_lang/vars/CentOS-7.yml
View file

@ -1,3 +0,0 @@
postgresql_lang_packages:
- postgresql-plperl
- postgresql-plpython

3
tests/integration/targets/postgresql_lang/vars/CentOS-8.yml
View file

@ -1,3 +0,0 @@
postgresql_lang_packages:
- postgresql-plperl
- postgresql-plpython3

0
tests/integration/targets/postgresql_lang/vars/default.yml
View file

6
tests/integration/targets/postgresql_membership/aliases
View file

@ -1,6 +0,0 @@
destructive
shippable/posix/group4
skip/aix
skip/osx
skip/macos
disabled # tests already running in community.postgresql

6
tests/integration/targets/postgresql_membership/defaults/main.yml
View file

@ -1,6 +0,0 @@
test_group1: group1
test_group2: group2
test_group3: group.with.dots
test_user1: user1
test_user2: user.with.dots
dangerous_name: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'

2
tests/integration/targets/postgresql_membership/meta/main.yml
View file

@ -1,2 +0,0 @@
dependencies:
- setup_postgresql_db

7
tests/integration/targets/postgresql_membership/tasks/main.yml
View file

@ -1,7 +0,0 @@
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
# Initial CI tests of postgresql_membership module
- import_tasks: postgresql_membership_initial.yml

390
tests/integration/targets/postgresql_membership/tasks/postgresql_membership_initial.yml
View file

@ -1,390 +0,0 @@
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
####################
# Prepare for tests:
# Create test roles:
- name: postgresql_membership - create test roles
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
login_user: "{{ pg_user }}"
db: postgres
name: "{{ item }}"
ignore_errors: yes
with_items:
- "{{ test_group1 }}"
- "{{ test_group2 }}"
- "{{ test_group3 }}"
- "{{ test_user1 }}"
- "{{ test_user2 }}"
################
# Do main tests:
### Test check_mode
# Grant test_group1 to test_user1 in check_mode:
- name: postgresql_membership - grant test_group1 to test_user1 in check_mode
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group: "{{ test_group1 }}"
user: "{{ test_user1 }}"
state: present
register: result
ignore_errors: yes
check_mode: yes
- assert:
that:
- result is changed
- result.groups == ["{{ test_group1 }}"]
- result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\""]
- result.granted.{{ test_group1 }} == ["{{ test_user1 }}"]
- result.state == "present"
- result.target_roles == ["{{ test_user1 }}"]
# Try to revoke test_group1 from test_user1 to check that
# nothing actually changed in check_mode at the previous step:
- name: postgresql_membership - try to revoke test_group1 from test_user1 for checking check_mode
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group: "{{ test_group1 }}"
user: "{{ test_user1 }}"
state: absent
register: result
ignore_errors: yes
check_mode: yes
- assert:
that:
- result is not changed
- result.groups == ["{{ test_group1 }}"]
- result.queries == []
- result.revoked.{{ test_group1 }} == []
- result.state == "absent"
- result.target_roles == ["{{ test_user1 }}"]
### End of test check_mode
# Grant test_group1 to test_user1:
- name: postgresql_membership - grant test_group1 to test_user1
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group: "{{ test_group1 }}"
user: "{{ test_user1 }}"
state: present
register: result
ignore_errors: yes
- assert:
that:
- result is changed
- result.groups == ["{{ test_group1 }}"]
- result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\""]
- result.granted.{{ test_group1 }} == ["{{ test_user1 }}"]
- result.state == "present"
- result.target_roles == ["{{ test_user1 }}"]
# Grant test_group1 to test_user1 again to check that nothing changes:
- name: postgresql_membership - grant test_group1 to test_user1 again
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group: "{{ test_group1 }}"
user: "{{ test_user1 }}"
state: present
register: result
ignore_errors: yes
- assert:
that:
- result is not changed
- result.groups == ["{{ test_group1 }}"]
- result.queries == []
- result.granted.{{ test_group1 }} == []
- result.state == "present"
- result.target_roles == ["{{ test_user1 }}"]
# Revoke test_group1 from test_user1:
- name: postgresql_membership - revoke test_group1 from test_user1
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group: "{{ test_group1 }}"
user: "{{ test_user1 }}"
state: absent
register: result
ignore_errors: yes
- assert:
that:
- result is changed
- result.groups == ["{{ test_group1 }}"]
- result.queries == ["REVOKE \"{{ test_group1 }}\" FROM \"{{ test_user1 }}\""]
- result.revoked.{{ test_group1 }} == ["{{ test_user1 }}"]
- result.state == "absent"
- result.target_roles == ["{{ test_user1 }}"]
# Revoke test_group1 from test_user1 again to check that nothing changes:
- name: postgresql_membership - revoke test_group1 from test_user1 again
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group: "{{ test_group1 }}"
user: "{{ test_user1 }}"
state: absent
register: result
ignore_errors: yes
- assert:
that:
- result is not changed
- result.groups == ["{{ test_group1 }}"]
- result.queries == []
- result.revoked.{{ test_group1 }} == []
- result.state == "absent"
- result.target_roles == ["{{ test_user1 }}"]
# Grant test_group1 and test_group2 to test_user1 and test_user2:
- name: postgresql_membership - grant two groups to two users
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group:
- "{{ test_group1 }}"
- "{{ test_group2 }}"
user:
- "{{ test_user1 }}"
- "{{ test_user2 }}"
state: present
register: result
ignore_errors: yes
- assert:
that:
- result is changed
- result.groups == ["{{ test_group1 }}", "{{ test_group2 }}"]
- result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\"", "GRANT \"{{ test_group1 }}\" TO \"{{ test_user2 }}\"", "GRANT \"{{ test_group2 }}\" TO \"{{ test_user1 }}\"", "GRANT \"{{ test_group2 }}\" TO \"{{ test_user2 }}\""]
- result.granted.{{ test_group1 }} == ["{{ test_user1 }}", "{{ test_user2 }}"]
- result.granted.{{ test_group2 }} == ["{{ test_user1 }}", "{{ test_user2 }}"]
- result.state == "present"
- result.target_roles == ["{{ test_user1 }}", "{{ test_user2 }}"]
# Grant test_group1 and test_group2 to test_user1 and test_user2 again to check that nothing changes:
- name: postgresql_membership - grant two groups to two users again
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group:
- "{{ test_group1 }}"
- "{{ test_group2 }}"
user:
- "{{ test_user1 }}"
- "{{ test_user2 }}"
state: present
register: result
ignore_errors: yes
- assert:
that:
- result is not changed
- result.groups == ["{{ test_group1 }}", "{{ test_group2 }}"]
- result.queries == []
- result.granted.{{ test_group1 }} == []
- result.granted.{{ test_group2 }} == []
- result.state == "present"
- result.target_roles == ["{{ test_user1 }}", "{{ test_user2 }}"]
# Revoke only test_group1 from test_user1:
- name: postgresql_membership - revoke one group from one user
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group: "{{ test_group1 }}"
user: "{{ test_user1 }}"
state: absent
register: result
ignore_errors: yes
- assert:
that:
- result is changed
- result.groups == ["{{ test_group1 }}"]
- result.queries == ["REVOKE \"{{ test_group1 }}\" FROM \"{{ test_user1 }}\""]
- result.revoked.{{ test_group1 }} == ["{{ test_user1 }}"]
- result.state == "absent"
- result.target_roles == ["{{ test_user1 }}"]
# Try to grant test_group1 and test_group2 to test_user1 and test_user2 again
# to check that nothing changes with test_user2:
- name: postgresql_membership - grant two groups to two users again
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group:
- "{{ test_group1 }}"
- "{{ test_group2 }}"
user:
- "{{ test_user1 }}"
- "{{ test_user2 }}"
state: present
register: result
ignore_errors: yes
- assert:
that:
- result is changed
- result.groups == ["{{ test_group1 }}", "{{ test_group2 }}"]
- result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\""]
- result.granted.{{ test_group1 }} == ["{{ test_user1 }}"]
- result.granted.{{ test_group2 }} == []
- result.state == "present"
- result.target_roles == ["{{ test_user1 }}", "{{ test_user2 }}"]
#####################
# Check fail_on_role:
# Try to grant non existent group to non existent role with fail_on_role=yes:
- name: postgresql_membership - revoke non existen group from non existen role
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group: fake_group
user: fake_user
state: present
fail_on_role: yes
register: result
ignore_errors: yes
- assert:
that:
- result is not changed
# Try to grant non existent group to non existent role with fail_on_role=no:
- name: postgresql_membership - revoke non existen group from non existen role
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group: fake_group
user: fake_user
state: present
fail_on_role: no
register: result
ignore_errors: yes
- assert:
that:
- result is not changed
- result.granted == {}
- result.groups == []
- result.target_roles == []
- result.state == 'present'
# Try to revoke non existent group from non existent role with fail_on_role=no:
- name: postgresql_membership - revoke non existen group from non existen role
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group: fake_group
user: fake_user
state: absent
fail_on_role: no
register: result
ignore_errors: yes
- assert:
that:
- result is not changed
- result.revoked == {}
- result.groups == []
- result.target_roles == []
- result.state == 'absent'
# Grant test_group3 with a name containing dots to test_user1.
- name: postgresql_membership - grant test_group3 with dots to test_user1
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group: "{{ test_group3 }}"
user: "{{ test_user1 }}"
state: present
register: result
- assert:
that:
- result is changed
- result.queries == ["GRANT \"{{ test_group3 }}\" TO \"{{ test_user1 }}\""]
#############################
# Check trust_input parameter
- name: postgresql_membership - try to use dangerous input, don't trust
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group:
- "{{ test_group3}}"
- "{{ dangerous_name }}"
user: "{{ test_user1 }}"
state: present
trust_input: no
register: result
ignore_errors: yes
- assert:
that:
- result is failed
- result.msg == 'Passed input \'{{ dangerous_name }}\' is potentially dangerous'
- name: postgresql_membership - try to use dangerous input, trust explicitly
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group:
- "{{ test_group3}}"
- "{{ dangerous_name }}"
user: "{{ test_user1 }}"
state: present
trust_input: yes
register: result
ignore_errors: yes
- assert:
that:
- result is failed
- result.msg == 'Role {{ dangerous_name }} does not exist'

6
tests/integration/targets/postgresql_owner/aliases
View file

@ -1,6 +0,0 @@
destructive
shippable/posix/group4
skip/aix
skip/osx
skip/macos
disabled # tests already running in community.postgresql

3
tests/integration/targets/postgresql_owner/defaults/main.yml
View file

@ -1,3 +0,0 @@
test_tablespace_path: "/ssd"
dangerous_name: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'

2
tests/integration/targets/postgresql_owner/meta/main.yml
View file

@ -1,2 +0,0 @@
dependencies:
- setup_postgresql_db

9
tests/integration/targets/postgresql_owner/tasks/main.yml
View file

@ -1,9 +0,0 @@
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
# Initial CI tests of postgresql_owner module
- import_tasks: postgresql_owner_initial.yml
when:
- postgres_version_resp.stdout is version('9.4', '>=')

1073
tests/integration/targets/postgresql_owner/tasks/postgresql_owner_initial.yml
View file

File diff suppressed because it is too large Load diff

6
tests/integration/targets/postgresql_pg_hba/aliases
View file

@ -1,6 +0,0 @@
destructive
shippable/posix/group4
skip/aix
skip/osx
skip/macos
disabled # tests already running in community.postgresql

23
tests/integration/targets/postgresql_pg_hba/defaults/main.yml
View file

@ -1,23 +0,0 @@
---
pg_hba_test_ips:
- contype: local
users: 'all,postgres,test'
- source: '0000:ffff::'
netmask: 'ffff:fff0::'
- source: '192.168.0.0/24'
netmask: ''
databases: 'all,replication'
- source: '192.168.1.0/24'
netmask: ''
databases: 'all'
method: reject
- source: '127.0.0.1/32'
netmask: ''
- source: '::1/128'
netmask: ''
- source: '0000:ff00::'
netmask: 'ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00'
method: scram-sha-256
- source: '172.16.0.0'
netmask: '255.255.0.0'
method: trust

2
tests/integration/targets/postgresql_pg_hba/meta/main.yml
View file

@ -1,2 +0,0 @@
dependencies:
- setup_postgresql_db

7
tests/integration/targets/postgresql_pg_hba/tasks/main.yml
View file

@ -1,7 +0,0 @@
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
# Initial CI tests of postgresql_pg_hba module
- import_tasks: postgresql_pg_hba_initial.yml

183
tests/integration/targets/postgresql_pg_hba/tasks/postgresql_pg_hba_initial.yml
View file

@ -1,183 +0,0 @@
- name: Make sure file does not exist
file:
dest: /tmp/pg_hba.conf
state: absent
- name: check_mode run
postgresql_pg_hba:
dest: /tmp/pg_hba.conf
contype: host
source: '0000:ffff::'
netmask: 'ffff:fff0::'
method: md5
backup: 'True'
order: sud
state: "{{item}}"
check_mode: yes
with_items:
- present
- absent
- name: check_mode check
stat:
path: /tmp/pg_hba.conf
register: pg_hba_checkmode_check
- name: Remove several ip addresses for idempotency check
postgresql_pg_hba:
contype: "{{item.contype|default('host')}}"
databases: "{{item.databases|default('all')}}"
dest: /tmp/pg_hba.conf
method: "{{item.method|default('md5')}}"
netmask: "{{item.netmask|default('')}}"
order: sud
source: "{{item.source|default('')}}"
state: absent
users: "{{item.users|default('all')}}"
with_items: "{{pg_hba_test_ips}}"
register: pg_hba_idempotency_check1
- name: idempotency not creating file check
stat:
path: /tmp/pg_hba.conf
register: pg_hba_idempotency_file_check
- name: Add several ip addresses
postgresql_pg_hba:
backup: 'True'
contype: "{{item.contype|default('host')}}"
create: 'True'
databases: "{{item.databases|default('all')}}"
dest: /tmp/pg_hba.conf
method: "{{item.method|default('md5')}}"
netmask: "{{item.netmask|default('')}}"
order: sud
source: "{{item.source|default('')}}"
state: present
users: "{{item.users|default('all')}}"
register: pg_hba_change
with_items: "{{pg_hba_test_ips}}"
- name: Able to add options on rule without
postgresql_pg_hba:
dest: "/tmp/pg_hba.conf"
users: "+some"
order: "sud"
state: "present"
contype: "local"
method: "cert"
options: "{{ item }}"
address: ""
with_items:
- ""
- "clientcert=1"
- name: Retain options even if they contain spaces
postgresql_pg_hba:
dest: "/tmp/pg_hba.conf"
users: "+some"
order: "sud"
state: "present"
contype: "{{ item.contype }}"
method: "{{ item.method }}"
options: "{{ item.options }}"
address: "{{ item.address }}"
with_items:
- { address: "", contype: "local", method: "ldap", options: "ldapserver=example.com ldapport=389 ldapprefix=\"cn=\"" }
- { address: "red", contype: "hostssl", method: "cert", options: "clientcert=1 map=mymap" }
- { address: "blue", contype: "hostssl", method: "cert", options: "clientcert=1 map=mymap" }
register: pg_hba_options
- name: read pg_hba rules
postgresql_pg_hba:
dest: /tmp/pg_hba.conf
register: pg_hba
- name: Add several ip addresses again for idempotency check
postgresql_pg_hba:
contype: "{{item.contype|default('host')}}"
databases: "{{item.databases|default('all')}}"
dest: /tmp/pg_hba.conf
method: "{{item.method|default('md5')}}"
netmask: "{{item.netmask|default('')}}"
order: sud
source: "{{item.source|default('')}}"
state: present
users: "{{item.users|default('all')}}"
with_items: "{{pg_hba_test_ips}}"
register: pg_hba_idempotency_check2
- name: pre-backup stat
stat:
path: /tmp/pg_hba.conf
register: prebackupstat
- name: Add new ip address for backup check and netmask_sameas_prefix check
postgresql_pg_hba:
backup: 'True'
contype: host
dest: /tmp/pg_hba.conf
method: md5
netmask: 255.255.255.0
order: sud
source: '172.21.0.0'
state: present
register: pg_hba_backup_check2
- name: Add new ip address for netmask_sameas_prefix check
postgresql_pg_hba:
backup: 'True'
contype: host
dest: /tmp/pg_hba.conf
method: md5
order: sud
source: '172.21.0.0/24'
state: present
register: netmask_sameas_prefix_check
- name: post-backup stat
stat:
path: "{{pg_hba_backup_check2.backup_file}}"
register: postbackupstat
- name: Dont allow netmask for src in [all, samehost, samenet]
postgresql_pg_hba:
contype: host
dest: /tmp/pg_hba.conf
method: md5
netmask: '255.255.255.255'
order: sud
source: all
state: present
register: pg_hba_fail_src_all_with_netmask
ignore_errors: yes
- debug:
var: pg_hba.pg_hba
- assert:
that:
- 'pg_hba.pg_hba == [
{ "db": "all", "method": "ldap", "type": "local", "usr": "+some", "options": "ldapserver=example.com ldapport=389 ldapprefix=\"cn=\"" },
{ "db": "all", "method": "md5", "type": "local", "usr": "postgres" },
{ "db": "all", "method": "md5", "type": "local", "usr": "test" },
{ "db": "all", "method": "md5", "type": "local", "usr": "all" },
{ "db": "all", "method": "cert", "src": "blue", "type": "hostssl", "usr": "+some", "options": "clientcert=1 map=mymap" },
{ "db": "all", "method": "cert", "src": "red", "type": "hostssl", "usr": "+some", "options": "clientcert=1 map=mymap" },
{ "db": "all", "method": "md5", "src": "127.0.0.1/32", "type": "host", "usr": "all" },
{ "db": "all", "method": "md5", "src": "::1/128", "type": "host", "usr": "all" },
{ "db": "all", "method": "scram-sha-256", "src": "0:ff00::/120", "type": "host", "usr": "all" },
{ "db": "replication", "method": "md5", "src": "192.168.0.0/24", "type": "host", "usr": "all" },
{ "db": "all", "method": "md5", "src": "192.168.0.0/24", "type": "host", "usr": "all" },
{ "db": "all", "method": "reject", "src": "192.168.1.0/24", "type": "host", "usr": "all" },
{ "db": "all", "method": "trust", "src": "172.16.0.0/16", "type": "host", "usr": "all" },
{ "db": "all", "method": "md5", "src": "0:fff0::/28", "type": "host", "usr": "all" }
]'
- 'pg_hba_change is changed'
- 'pg_hba_checkmode_check.stat.exists == false'
- 'not pg_hba_idempotency_check1 is changed'
- 'not pg_hba_idempotency_check2 is changed'
- 'pg_hba_idempotency_file_check.stat.exists == false'
- 'prebackupstat.stat.checksum == postbackupstat.stat.checksum'
- 'pg_hba_fail_src_all_with_netmask is failed'
- 'not netmask_sameas_prefix_check is changed'
- 'pg_hba_options is changed'

6
tests/integration/targets/postgresql_ping/aliases
View file

@ -1,6 +0,0 @@
destructive
shippable/posix/group4
skip/aix
skip/osx
skip/macos
disabled # tests already running in community.postgresql

2
tests/integration/targets/postgresql_ping/defaults/main.yml
View file

@ -1,2 +0,0 @@
---
db_default: postgres

2
tests/integration/targets/postgresql_ping/meta/main.yml
View file

@ -1,2 +0,0 @@
dependencies:
- setup_postgresql_db

9
tests/integration/targets/postgresql_ping/tasks/main.yml
View file

@ -1,9 +0,0 @@
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
# Initial CI tests of postgresql_ping module
- import_tasks: postgresql_ping_initial.yml
vars:
db_name_nonexist: fake_db

75
tests/integration/targets/postgresql_ping/tasks/postgresql_ping_initial.yml
View file

@ -1,75 +0,0 @@
# Test code for the postgresql_ping module
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: postgresql_ping - test return values
become_user: "{{ pg_user }}"
become: yes
postgresql_ping:
db: "{{ db_default }}"
login_user: "{{ pg_user }}"
register: result
ignore_errors: yes
- assert:
that:
- result.is_available == true
- result.server_version != {}
- result.server_version.major != false
- result.server_version.minor != false
- result is not changed
- name: postgresql_ping - check ping of non-existing database doesn't return anything
become_user: "{{ pg_user }}"
become: yes
postgresql_ping:
db: "{{ db_name_nonexist }}"
login_user: "{{ pg_user }}"
register: result
ignore_errors: yes
- assert:
that:
- result.is_available == false
- result.server_version == {}
- result is not changed
- name: postgresql_ping - ping DB with SSL
become_user: "{{ pg_user }}"
become: yes
postgresql_ping:
db: "{{ ssl_db }}"
login_user: "{{ ssl_user }}"
login_password: "{{ ssl_pass }}"
login_host: 127.0.0.1
login_port: 5432
ssl_mode: require
ca_cert: '{{ ssl_rootcert }}'
trust_input: yes
register: result
when:
- ansible_os_family == 'Debian'
- postgres_version_resp.stdout is version('9.4', '>=')
- assert:
that:
- result.is_available == true
when:
- ansible_os_family == 'Debian'
- postgres_version_resp.stdout is version('9.4', '>=')
- name: postgresql_ping - check trust_input
become_user: "{{ pg_user }}"
become: yes
postgresql_ping:
db: "{{ db_default }}"
login_user: "{{ pg_user }}"
trust_input: no
session_role: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
register: result
ignore_errors: yes
- assert:
that:
- result is failed
- result.msg is search('is potentially dangerous')

6
tests/integration/targets/postgresql_privs/aliases
View file

@ -1,6 +0,0 @@
destructive
shippable/posix/group4
skip/aix
skip/osx
skip/macos
disabled # tests already running in community.postgresql

12
tests/integration/targets/postgresql_privs/defaults/main.yml
View file

@ -1,12 +0,0 @@
db_name: ansible_db
db_user1: ansible_db_user1
db_user2: ansible_db_user2
db_user3: ansible_db_user3
db_user_with_dots1: role.with.dots1
db_user_with_dots2: role.with.dots2
db_name_with_hyphens: ansible-db
db_user_with_hyphens: ansible-db-user
db_schema_with_hyphens: ansible-db-schema
db_session_role1: session_role1
db_session_role2: session_role2
dangerous_name: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'

2
tests/integration/targets/postgresql_privs/meta/main.yml
View file

@ -1,2 +0,0 @@
dependencies:
- setup_postgresql_db

19
tests/integration/targets/postgresql_privs/tasks/main.yml
View file

@ -1,19 +0,0 @@
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
- include_tasks: postgresql_privs_session_role.yml
when: postgres_version_resp.stdout is version('9.4', '>=')
# Initial CI tests of postgresql_privs module:
- include_tasks: postgresql_privs_initial.yml
when: postgres_version_resp.stdout is version('9.4', '>=')
# General tests:
- include_tasks: postgresql_privs_general.yml
when: postgres_version_resp.stdout is version('9.4', '>=')
# Tests default_privs with target_role:
- include_tasks: test_target_role.yml
when: postgres_version_resp.stdout is version('9.4', '>=')

50
tests/integration/targets/postgresql_privs/tasks/pg_authid_not_readable.yml
View file

@ -1,50 +0,0 @@
- name: "Admin user is allowed to access pg_authid relation: password comparison will succeed, password won't be updated"
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
password: "md5{{ (db_password ~ db_user1) | hash('md5')}}"
db: "{{ db_name }}"
priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP'
login_user: "{{ pg_user }}"
register: redo_as_admin
- name: "Check that task succeeded without any change"
assert:
that:
- 'redo_as_admin is not failed'
- 'redo_as_admin is not changed'
- 'redo_as_admin is successful'
- name: "Check that normal user isn't allowed to access pg_authid"
shell: 'psql -c "select * from pg_authid;" {{ db_name }} {{ db_user1 }}'
environment:
PGPASSWORD: '{{ db_password }}'
ignore_errors: yes
register: pg_authid
- assert:
that:
- 'pg_authid is failed'
- pg_authid.stderr is search('permission denied for (relation|table) pg_authid')
- name: "Normal user isn't allowed to access pg_authid relation: password comparison will fail, password will be updated"
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
password: "md5{{ (db_password ~ db_user1) | hash('md5')}}"
db: "{{ db_name }}"
priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP'
login_user: "{{ db_user1 }}"
login_password: "{{ db_password }}"
register: redo_as_normal_user
- name: "Check that task succeeded and that result is changed"
assert:
that:
- 'redo_as_normal_user is not failed'
- 'redo_as_normal_user is changed'
- 'redo_as_normal_user is successful'

1533
tests/integration/targets/postgresql_privs/tasks/postgresql_privs_general.yml
View file

File diff suppressed because it is too large Load diff

407
tests/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml
View file

@ -1,407 +0,0 @@
# The tests below were added initially and moved here
# from the shared target called ``postgresql`` by @Andersson007 <aaklychkov@mail.ru>.
# You can see modern examples of CI tests in postgresql_publication directory, for example.
#
# Test settings privileges
#
- name: Create db
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
name: "{{ db_name }}"
state: "present"
login_user: "{{ pg_user }}"
- name: Create some tables on the db
become_user: "{{ pg_user }}"
become: yes
shell: echo "create table test_table1 (field text);" | psql {{ db_name }}
- become_user: "{{ pg_user }}"
become: yes
shell: echo "create table test_table2 (field text);" | psql {{ db_name }}
- vars:
db_password: 'secretù' # use UTF-8
block:
- name: Create a user with some permissions on the db
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
password: "md5{{ (db_password ~ db_user1) | hash('md5')}}"
db: "{{ db_name }}"
priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP'
login_user: "{{ pg_user }}"
- include_tasks: pg_authid_not_readable.yml
- name: Check that the user has the requested permissions (table1)
become_user: "{{ pg_user }}"
become: yes
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
register: result_table1
- name: Check that the user has the requested permissions (table2)
become_user: "{{ pg_user }}"
become: yes
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- name: Check that the user has the requested permissions (database)
become_user: "{{ pg_user }}"
become: yes
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
register: result_database
- assert:
that:
- "result_table1.stdout_lines[-1] == '(7 rows)'"
- "'INSERT' in result_table1.stdout"
- "'SELECT' in result_table1.stdout"
- "'UPDATE' in result_table1.stdout"
- "'DELETE' in result_table1.stdout"
- "'TRUNCATE' in result_table1.stdout"
- "'REFERENCES' in result_table1.stdout"
- "'TRIGGER' in result_table1.stdout"
- "result_table2.stdout_lines[-1] == '(1 row)'"
- "'INSERT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
- "result_database.stdout_lines[-1] == '(1 row)'"
- "'{{ db_user1 }}=CTc/{{ pg_user }}' in result_database.stdout_lines[-2]"
- name: Add another permission for the user
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
db: "{{ db_name }}"
priv: 'test_table2:select'
login_user: "{{ pg_user }}"
register: result
- name: Check that ansible reports it changed the user
assert:
that:
- result is changed
- name: Check that the user has the requested permissions (table2)
become_user: "{{ pg_user }}"
become: yes
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- assert:
that:
- "result_table2.stdout_lines[-1] == '(2 rows)'"
- "'INSERT' in result_table2.stdout"
- "'SELECT' in result_table2.stdout"
#
# Test priv setting via postgresql_privs module
# (Depends on state from previous _user privs tests)
#
- name: Revoke a privilege
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
type: "table"
state: "absent"
roles: "{{ db_user1 }}"
privs: "INSERT"
objs: "test_table2"
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
trust_input: no
register: result
- name: Check that ansible reports it changed the user
assert:
that:
- result is changed
- name: Check that the user has the requested permissions (table2)
become_user: "{{ pg_user }}"
become: yes
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- assert:
that:
- "result_table2.stdout_lines[-1] == '(1 row)'"
- "'SELECT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
- name: Revoke many privileges on multiple tables
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
state: "absent"
roles: "{{ db_user1 }}"
privs: "INSERT,select,UPDATE,TRUNCATE,REFERENCES,TRIGGER,delete"
objs: "test_table2,test_table1"
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
trust_input: no
register: result
- name: Check that ansible reports it changed the user
assert:
that:
- result is changed
- name: Check that permissions were revoked (table1)
become_user: "{{ pg_user }}"
become: yes
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
register: result_table1
- name: Check that permissions were revoked (table2)
become_user: "{{ pg_user }}"
become: yes
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- assert:
that:
- "result_table1.stdout_lines[-1] == '(0 rows)'"
- "result_table2.stdout_lines[-1] == '(0 rows)'"
- name: Revoke database privileges
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
type: "database"
state: "absent"
roles: "{{ db_user1 }}"
privs: "Create,connect,TEMP"
objs: "{{ db_name }}"
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
trust_input: no
- name: Check that the user has the requested permissions (database)
become_user: "{{ pg_user }}"
become: yes
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
register: result_database
- assert:
that:
- "result_database.stdout_lines[-1] == '(1 row)'"
- "'{{ db_user1 }}' not in result_database.stdout"
- name: Grant database privileges
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
type: "database"
state: "present"
roles: "{{ db_user1 }}"
privs: "CREATE,connect"
objs: "{{ db_name }}"
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
trust_input: no
register: result
- name: Check that ansible reports it changed the user
assert:
that:
- result is changed
- name: Check that the user has the requested permissions (database)
become_user: "{{ pg_user }}"
become: yes
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
register: result_database
- assert:
that:
- "result_database.stdout_lines[-1] == '(1 row)'"
- "'{{ db_user1 }}=Cc' in result_database.stdout"
- name: Grant a single privilege on a table
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
state: "present"
roles: "{{ db_user1 }}"
privs: "INSERT"
objs: "test_table1"
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
trust_input: no
- name: Check that permissions were added (table1)
become_user: "{{ pg_user }}"
become: yes
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
register: result_table1
- assert:
that:
- "result_table1.stdout_lines[-1] == '(1 row)'"
- "'{{ result_table1.stdout_lines[-2] | trim }}' == 'INSERT'"
- name: Grant many privileges on multiple tables
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
state: "present"
roles: "{{ db_user1 }}"
privs: 'INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,trigger'
objs: "test_table2,test_table1"
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
trust_input: no
- name: Check that permissions were added (table1)
become_user: "{{ pg_user }}"
become: yes
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
register: result_table1
- name: Check that permissions were added (table2)
become_user: "{{ pg_user }}"
become: yes
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- assert:
that:
- "result_table1.stdout_lines[-1] == '(7 rows)'"
- "'INSERT' in result_table1.stdout"
- "'SELECT' in result_table1.stdout"
- "'UPDATE' in result_table1.stdout"
- "'DELETE' in result_table1.stdout"
- "'TRUNCATE' in result_table1.stdout"
- "'REFERENCES' in result_table1.stdout"
- "'TRIGGER' in result_table1.stdout"
- "result_table2.stdout_lines[-1] == '(7 rows)'"
- "'INSERT' in result_table2.stdout"
- "'SELECT' in result_table2.stdout"
- "'UPDATE' in result_table2.stdout"
- "'DELETE' in result_table2.stdout"
- "'TRUNCATE' in result_table2.stdout"
- "'REFERENCES' in result_table2.stdout"
- "'TRIGGER' in result_table2.stdout"
# Check passing roles with dots
# https://github.com/ansible/ansible/issues/63204
- name: Create roles for further tests
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: "{{ item }}"
loop:
- "{{ db_user_with_dots1 }}"
- "{{ db_user_with_dots2 }}"
- name: Pass role with dots in its name to roles parameter
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
state: "present"
roles: "{{ db_user_with_dots1 }}"
privs: "INSERT"
objs: "test_table1"
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
trust_input: no
- name: Check that permissions were added (table1)
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user_with_dots1 }}' and table_name='test_table1'"
register: result
- assert:
that:
- result.rowcount == 1
# We don't need to check anything here, only that nothing failed
- name: Pass role with dots in its name to target_roles parameter
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
state: "present"
roles: "{{ db_user_with_dots1 }}"
privs: "INSERT"
objs: TABLES
type: default_privs
target_roles: "{{ db_user_with_dots2 }}"
trust_input: no
# Bugfix for https://github.com/ansible-collections/community.general/issues/857
- name: Test passing lowercase PUBLIC role
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
type: 'database'
privs: 'connect'
role: 'public'
register: result
- assert:
that:
- result is changed
- result.queries == ["GRANT CONNECT ON database \"{{ db_name }}\" TO PUBLIC;"]
#
# Cleanup
#
- name: Cleanup db
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
name: "{{ db_name }}"
state: "absent"
login_user: "{{ pg_user }}"
- name: Check that database was destroyed
become_user: "{{ pg_user }}"
become: yes
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Cleanup test user
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
name: "{{ item }}"
state: 'absent'
login_user: "{{ pg_user }}"
db: postgres
loop:
- "{{ db_user1 }}"
- "{{ db_user2 }}"
- "{{ db_user3 }}"
- "{{ db_user_with_dots1 }}"
- "{{ db_user_with_dots2 }}"
- name: Check that they were removed
become_user: "{{ pg_user }}"
become: yes
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"

102
tests/integration/targets/postgresql_privs/tasks/postgresql_privs_session_role.yml
View file

@ -1,102 +0,0 @@
- name: Create a high privileged user
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ db_session_role1 }}"
state: "present"
password: "password"
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
login_user: "{{ pg_user }}"
db: postgres
- name: Create a low privileged user using the newly created user
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ db_session_role2 }}"
state: "present"
password: "password"
role_attr_flags: "LOGIN"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
db: postgres
- name: Create DB as session_role
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
register: result
- name: Create table to be able to grant privileges
become_user: "{{ pg_user }}"
become: yes
shell: echo "CREATE TABLE test(i int); CREATE TABLE test2(i int);" | psql -AtXq "{{ db_session_role1 }}"
- name: Grant all privileges on test1 table to low privileged user
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
db: "{{ db_session_role1 }}"
type: table
objs: test
roles: "{{ db_session_role2 }}"
login_user: "{{ pg_user }}"
privs: select
admin_option: yes
- name: Verify admin option was successful for grants
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
db: "{{ db_session_role1 }}"
type: table
objs: test
roles: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
privs: select
session_role: "{{ db_session_role2 }}"
- name: Verify no grants can be granted for test2 table
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
db: "{{ db_session_role1 }}"
type: table
objs: test2
roles: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
privs: update
session_role: "{{ db_session_role2 }}"
ignore_errors: yes
register: result
- assert:
that:
- result is failed
########################
# Test trust_input param
- name: Verify trust_input parameter
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
db: "{{ db_session_role1 }}"
type: table
objs: test2
roles: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
privs: update
session_role: "{{ dangerous_name }}"
trust_input: no
ignore_errors: yes
register: result
- assert:
that:
- result is failed
- result.msg == 'Passed input \'{{ dangerous_name }}\' is potentially dangerous'

120
tests/integration/targets/postgresql_privs/tasks/test_target_role.yml
View file

@ -1,120 +0,0 @@
# Setup
- name: Create a test user
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
name: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
db: postgres
- name: Create DB
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: "{{ db_name }}"
owner: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
- name: Create a user to be given permissions and other tests
postgresql_user:
name: "{{ db_user2 }}"
state: present
encrypted: yes
password: password
role_attr_flags: LOGIN
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
#######################################
# Test default_privs with target_role #
#######################################
# Test
- name: Grant default privileges for new table objects
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
db: "{{ db_name }}"
objs: TABLES
privs: SELECT
type: default_privs
role: "{{ db_user2 }}"
target_roles: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
register: result
# Checks
- assert:
that: result is changed
- name: Check that default privileges are set
become: yes
become_user: "{{ pg_user }}"
shell: psql {{ db_name }} -c "SELECT defaclrole, defaclobjtype, defaclacl FROM pg_default_acl a JOIN pg_roles b ON a.defaclrole=b.oid;" -t
register: result
- assert:
that: "'{{ db_user2 }}=r/{{ db_user1 }}' in '{{ result.stdout_lines[0] }}'"
# Test
- name: Revoke default privileges for new table objects
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
db: "{{ db_name }}"
state: absent
objs: TABLES
privs: SELECT
type: default_privs
role: "{{ db_user2 }}"
target_roles: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
register: result
# Checks
- assert:
that: result is changed
# Cleanup
- name: Remove user given permissions
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
name: "{{ db_user2 }}"
state: absent
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
- name: Remove user owner of objects
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
name: "{{ db_user3 }}"
state: absent
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
- name: Destroy DBs
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: absent
name: "{{ item }}"
login_user: "{{ pg_user }}"
loop:
- "{{ db_name }}"
- "{{ db_session_role1 }}"
- name: Remove test users
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
name: "{{ item }}"
state: absent
db: postgres
login_user: "{{ pg_user }}"
loop:
- "{{ db_user1 }}"
- "{{ db_session_role1 }}"
- "{{ db_session_role2 }}"

7
tests/integration/targets/postgresql_publication/aliases
View file

@ -1,7 +0,0 @@
destructive
shippable/posix/group4
skip/aix
skip/osx
skip/macos
skip/freebsd
disabled # tests already running in community.postgresql

2
tests/integration/targets/postgresql_publication/meta/main.yml
View file

@ -1,2 +0,0 @@
dependencies:
- setup_postgresql_db

8
tests/integration/targets/postgresql_publication/tasks/main.yml
View file

@ -1,8 +0,0 @@
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
# Initial CI tests of postgresql_publication module
- import_tasks: postgresql_publication_initial.yml
when: postgres_version_resp.stdout is version('10', '>=')

436
tests/integration/targets/postgresql_publication/tasks/postgresql_publication_initial.yml
View file

@ -1,436 +0,0 @@
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# The file for testing postgresql_copy module.
- vars:
test_table1: acme1
test_table2: acme2
test_table3: acme3
test_pub: acme_publ
test_role: alice
dangerous_name: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
test_schema: acme_schema
test_db: acme_db
task_parameters: &task_parameters
become_user: '{{ pg_user }}'
become: yes
register: result
pg_parameters: &pg_parameters
login_user: '{{ pg_user }}'
login_db: '{{ test_db }}'
block:
#################################################
# Test preparation, create database test objects:
- name: postgresql_publication - create test db
<<: *task_parameters
postgresql_db:
login_user: '{{ pg_user }}'
maintenance_db: postgres
name: '{{ test_db }}'
- name: postgresql_publication - create test schema
<<: *task_parameters
postgresql_schema:
<<: *pg_parameters
name: '{{ test_schema }}'
- name: postgresql_publication - create test role
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_role }}'
role_attr_flags: SUPERUSER
- name: postgresql_publication - create test tables
<<: *task_parameters
postgresql_table:
<<: *pg_parameters
name: '{{ item }}'
columns:
- id int
loop:
- '{{ test_table1 }}'
- '{{ test_schema }}.{{ test_table2 }}'
- '{{ test_table3 }}'
################
# Do main tests:
# Test
- name: postgresql_publication - create publication, check_mode
<<: *task_parameters
postgresql_publication:
<<: *pg_parameters
name: '{{ test_pub }}'
trust_input: no
check_mode: yes
- assert:
that:
- result is changed
- result.exists == false
- result.queries == ["CREATE PUBLICATION \"{{ test_pub }}\" FOR ALL TABLES"]
# Check
- name: postgresql_publication - check that nothing has been changed
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: SELECT * FROM pg_publication WHERE pubname = '{{ test_pub }}'
- assert:
that:
- result.rowcount == 0
# Test
- name: postgresql_publication - create publication
<<: *task_parameters
postgresql_publication:
<<: *pg_parameters
name: '{{ test_pub }}'
trust_input: no
- assert:
that:
- result is changed
- result.exists == true
- result.queries == ["CREATE PUBLICATION \"{{ test_pub }}\" FOR ALL TABLES"]
- result.owner == '{{ pg_user }}'
- result.alltables == true
- result.tables == []
- result.parameters.publish != {}
# Check
- name: postgresql_publication - check that nothing has been changed
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT * FROM pg_publication WHERE pubname = '{{ test_pub }}'
AND pubowner = '10' AND puballtables = 't'
- assert:
that:
- result.rowcount == 1
# Test
- name: postgresql_publication - drop publication, check_mode
<<: *task_parameters
postgresql_publication:
<<: *pg_parameters
name: '{{ test_pub }}'
state: absent
trust_input: no
check_mode: yes
- assert:
that:
- result is changed
- result.exists == true
- result.queries == ["DROP PUBLICATION \"{{ test_pub }}\""]
- result.owner == '{{ pg_user }}'
- result.alltables == true
- result.tables == []
- result.parameters.publish != {}
# Check
- name: postgresql_publication - check that nothing has been changed
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: SELECT * FROM pg_publication WHERE pubname = '{{ test_pub }}'
- assert:
that:
- result.rowcount == 1
# Test
- name: postgresql_publication - drop publication
<<: *task_parameters
postgresql_publication:
<<: *pg_parameters
name: '{{ test_pub }}'
state: absent
cascade: yes
- assert:
that:
- result is changed
- result.exists == false
- result.queries == ["DROP PUBLICATION \"{{ test_pub }}\" CASCADE"]
# Check
- name: postgresql_publication - check that publication does not exist
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: SELECT * FROM pg_publication WHERE pubname = '{{ test_pub }}'
- assert:
that:
- result.rowcount == 0
# Test
- name: postgresql_publication - create publication with tables, owner, params
<<: *task_parameters
postgresql_publication:
<<: *pg_parameters
name: '{{ test_pub }}'
owner: '{{ test_role }}'
tables:
- '{{ test_table1 }}'
- '{{ test_schema }}.{{ test_table2 }}'
parameters:
publish: 'insert'
trust_input: no
- assert:
that:
- result is changed
- result.queries == ["CREATE PUBLICATION \"{{ test_pub }}\" FOR TABLE \"public\".\"{{ test_table1 }}\", \"{{ test_schema }}\".\"{{ test_table2 }}\" WITH (publish = 'insert')", "ALTER PUBLICATION \"{{ test_pub }}\" OWNER TO \"{{ test_role }}\""]
- result.owner == '{{ test_role }}'
- result.tables == ["\"public\".\"{{ test_table1 }}\"", "\"{{ test_schema }}\".\"{{ test_table2 }}\""]
- result.parameters.publish.insert == true
- result.parameters.publish.delete == false
# Check 1
- name: postgresql_publication - check that test publication exists
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT * FROM pg_publication WHERE pubname = '{{ test_pub }}'
AND pubowner != '10' AND puballtables = 'f' AND pubinsert = 't' AND pubdelete = 'f'
- assert:
that:
- result.rowcount == 1
# Check 2
- name: postgresql_publication - check that test_table1 from schema public is in publication
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: SELECT * FROM pg_publication_tables WHERE pubname = '{{ test_pub }}' AND schemaname = 'public'
- assert:
that:
- result.rowcount == 1
# Check 3
- name: postgresql_publication - check that test_table2 from test schema is in publication
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: SELECT * FROM pg_publication_tables WHERE pubname = '{{ test_pub }}' AND schemaname = '{{ test_schema }}'
- assert:
that:
- result.rowcount == 1
# Test
- name: postgresql_publication - test trust_input parameter
<<: *task_parameters
postgresql_publication:
<<: *pg_parameters
name: '{{ test_pub }}'
session_role: '{{ dangerous_name }}'
owner: '{{ dangerous_name }}'
trust_input: no
ignore_errors: yes
- assert:
that:
- result is failed
- result.msg is search('is potentially dangerous')
# Test
- name: postgresql_publication - add table to publication, change owner, check_mode
<<: *task_parameters
postgresql_publication:
<<: *pg_parameters
name: '{{ test_pub }}'
owner: '{{ pg_user }}'
tables:
- '{{ test_table1 }}'
- '{{ test_schema }}.{{ test_table2 }}'
- '{{ test_table3 }}'
trust_input: no
check_mode: yes
- assert:
that:
- result is changed
- result.queries == ["ALTER PUBLICATION \"{{ test_pub }}\" ADD TABLE \"public\".\"{{ test_table3 }}\"", "ALTER PUBLICATION \"{{ test_pub }}\" OWNER TO \"{{ pg_user }}\""]
- result.tables == ["\"public\".\"{{ test_table1 }}\"", "\"{{ test_schema }}\".\"{{ test_table2 }}\""]
# Check
- name: postgresql_publication - check that nothing changes after the previous step
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT * FROM pg_publication WHERE pubname = '{{ test_pub }}'
AND pubowner != '10' AND puballtables = 'f' AND pubinsert = 't' AND pubupdate = 't'
- assert:
that:
- result.rowcount == 0
# Check
- name: postgresql_publication - check that 2 tables are in publication
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: SELECT * FROM pg_publication_tables WHERE pubname = '{{ test_pub }}'
- assert:
that:
- result.rowcount == 2
# Test
- name: postgresql_publication - add table to publication, change owner
<<: *task_parameters
postgresql_publication:
<<: *pg_parameters
name: '{{ test_pub }}'
owner: '{{ pg_user }}'
tables:
- '{{ test_table1 }}'
- '{{ test_schema }}.{{ test_table2 }}'
- '{{ test_table3 }}'
trust_input: no
- assert:
that:
- result is changed
- result.queries == ["ALTER PUBLICATION \"{{ test_pub }}\" ADD TABLE \"public\".\"{{ test_table3 }}\"", "ALTER PUBLICATION \"{{ test_pub }}\" OWNER TO \"{{ pg_user }}\""]
- result.tables == ["\"public\".\"{{ test_table1 }}\"", "\"{{ test_schema }}\".\"{{ test_table2 }}\"", "\"public\".\"{{ test_table3 }}\""]
# Check 1
- name: postgresql_publication - check owner has been changed
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT * FROM pg_publication WHERE pubname = '{{ test_pub }}' AND pubowner = '10'
- assert:
that:
- result.rowcount == 1
# Check 2
- name: postgresql_publication - check that 3 tables are in publication
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: SELECT * FROM pg_publication_tables WHERE pubname = '{{ test_pub }}'
- assert:
that:
- result.rowcount == 3
# Test
- name: postgresql_publication - remove table from publication, check_mode
<<: *task_parameters
postgresql_publication:
<<: *pg_parameters
name: '{{ test_pub }}'
tables:
- '{{ test_table1 }}'
- '{{ test_schema }}.{{ test_table2 }}'
parameters:
publish: 'insert'
trust_input: no
check_mode: yes
- assert:
that:
- result is changed
- result.queries == ["ALTER PUBLICATION \"{{ test_pub }}\" DROP TABLE \"public\".\"{{ test_table3 }}\""]
- result.tables == ["\"public\".\"{{ test_table1 }}\"", "\"{{ test_schema }}\".\"{{ test_table2 }}\"", "\"public\".\"{{ test_table3 }}\""]
# Check 1
- name: postgresql_publication - check that 3 tables are in publication
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: SELECT * FROM pg_publication_tables WHERE pubname = '{{ test_pub }}'
- assert:
that:
- result.rowcount == 3
# Check 2
- name: postgresql_publication - check no parameters have been changed
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: SELECT * FROM pg_publication WHERE pubname = '{{ test_pub }}' AND pubinsert = 't'
- assert:
that:
- result.rowcount == 1
# Test
- name: postgresql_publication - remove table from publication
<<: *task_parameters
postgresql_publication:
<<: *pg_parameters
name: '{{ test_pub }}'
tables:
- '{{ test_table1 }}'
- '{{ test_schema }}.{{ test_table2 }}'
parameters:
publish: 'delete'
trust_input: no
- assert:
that:
- result is changed
- result.queries == ["ALTER PUBLICATION \"{{ test_pub }}\" DROP TABLE \"public\".\"{{ test_table3 }}\"", "ALTER PUBLICATION \"{{ test_pub }}\" SET (publish = 'delete')"]
- result.tables == ["\"public\".\"{{ test_table1 }}\"", "\"{{ test_schema }}\".\"{{ test_table2 }}\""]
# Check 1
- name: postgresql_publication - check that 2 tables are in publication
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: SELECT * FROM pg_publication_tables WHERE pubname = '{{ test_pub }}'
- assert:
that:
- result.rowcount == 2
# Check 2
- name: postgresql_publication - check parameter has been changed
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: SELECT * FROM pg_publication WHERE pubname = '{{ test_pub }}' AND pubinsert = 'f'
- assert:
that:
- result.rowcount == 1
always:
###########
# Clean up:
- name: postgresql_publication - remove test db
<<: *task_parameters
postgresql_db:
login_user: '{{ pg_user }}'
maintenance_db: postgres
name: '{{ test_db }}'
state: absent
- name: postgresql_publication - remove test role
<<: *task_parameters
postgresql_user:
login_user: '{{ pg_user }}'
login_db: postgres
name: '{{ test_role }}'
state: absent

6
tests/integration/targets/postgresql_query/aliases
View file

@ -1,6 +0,0 @@
destructive
shippable/posix/group4
skip/aix
skip/osx
skip/macos
disabled # tests already running in community.postgresql

2
tests/integration/targets/postgresql_query/meta/main.yml
View file

@ -1,2 +0,0 @@
dependencies:
- setup_postgresql_db

7
tests/integration/targets/postgresql_query/tasks/main.yml
View file

@ -1,7 +0,0 @@
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
# Initial CI tests of postgresql_query module
- import_tasks: postgresql_query_initial.yml

534
tests/integration/targets/postgresql_query/tasks/postgresql_query_initial.yml
View file

@ -1,534 +0,0 @@
- name: postgresql_query - drop test table if exists
become_user: '{{ pg_user }}'
become: true
shell: psql postgres -U "{{ pg_user }}" -t -c "DROP TABLE IF EXISTS test_table;"
ignore_errors: true
- name: postgresql_query - create test table called test_table
become_user: '{{ pg_user }}'
become: true
shell: psql postgres -U "{{ pg_user }}" -t -c "CREATE TABLE test_table (id int, story text);"
ignore_errors: true
- name: postgresql_query - insert some data into test_table
become_user: '{{ pg_user }}'
become: true
shell: psql postgres -U "{{ pg_user }}" -t -c "INSERT INTO test_table (id, story) VALUES (1, 'first'), (2, 'second'), (3, 'third');"
ignore_errors: true
- name: postgresql_query - remove SQL script if exists
become: true
file:
path: ~{{ pg_user}}/test.sql
state: absent
ignore_errors: true
- name: postgresql_query - create an empty file to check permission
become: true
file:
path: ~{{ pg_user}}/test.sql
state: touch
owner: '{{ pg_user }}'
group: '{{ pg_user }}'
mode: '0644'
register: sql_file_created
ignore_errors: true
- name: postgresql_query - prepare SQL script
become_user: '{{ pg_user }}'
become: true
shell: echo "{{ item }}" >> ~{{ pg_user}}/test.sql
ignore_errors: true
with_items:
- SELECT version();
- SELECT story FROM test_table
- WHERE id = %s OR story = 'Данные';
when: sql_file_created
- name: postgresql_query - analyze test_table
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
db: postgres
query: ANALYZE test_table
register: result
ignore_errors: true
- assert:
that:
- result is changed
- result.query == 'ANALYZE test_table'
- result.query_list == ['ANALYZE test_table']
- result.rowcount == 0
- result.statusmessage == 'ANALYZE'
- result.query_result == {}
- result.query_all_results == [{}]
- name: postgresql_query - run queries from SQL script
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
db: postgres
path_to_script: ~{{ pg_user }}/test.sql
positional_args:
- 1
encoding: UTF-8
register: result
ignore_errors: true
when: sql_file_created
- assert:
that:
- result is not changed
- result.query == "\nSELECT story FROM test_table\nWHERE id = 1 OR story = 'Данные'"
- result.query_result[0].story == 'first'
- result.query_all_results[0][0].version is search('PostgreSQL')
- result.query_all_results[1][0].story == 'first'
- result.rowcount == 2
- result.statusmessage == 'SELECT 1' or result.statusmessage == 'SELECT'
when: sql_file_created
- name: postgresql_query - simple select query to test_table
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
db: postgres
query: SELECT * FROM test_table
register: result
ignore_errors: true
- assert:
that:
- result is not changed
- result.query == 'SELECT * FROM test_table'
- result.rowcount == 3
- result.statusmessage == 'SELECT 3' or result.statusmessage == 'SELECT'
- result.query_result[0].id == 1
- result.query_result[1].id == 2
- result.query_result[2].id == 3
- result.query_result[0].story == 'first'
- result.query_result[1].story == 'second'
- result.query_result[2].story == 'third'
- name: postgresql_query - select query with named args
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
db: postgres
query: SELECT id FROM test_table WHERE id = %(id_val)s AND story = %(story_val)s
named_args:
id_val: 1
story_val: first
register: result
ignore_errors: true
- assert:
that:
- result is not changed
- result.query == "SELECT id FROM test_table WHERE id = 1 AND story = 'first'" or result.query == "SELECT id FROM test_table WHERE id = 1 AND story = E'first'"
- result.rowcount == 1
- result.statusmessage == 'SELECT 1' or result.statusmessage == 'SELECT'
- result.query_result[0].id == 1
- name: postgresql_query - select query with positional arguments
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
db: postgres
query: SELECT story FROM test_table WHERE id = %s AND story = %s
positional_args:
- 2
- second
register: result
ignore_errors: true
- assert:
that:
- result is not changed
- result.query == "SELECT story FROM test_table WHERE id = 2 AND story = 'second'" or result.query == "SELECT story FROM test_table WHERE id = 2 AND story = E'second'"
- result.rowcount == 1
- result.statusmessage == 'SELECT 1' or result.statusmessage == 'SELECT'
- result.query_result[0].story == 'second'
- name: postgresql_query - simple update query
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
db: postgres
query: UPDATE test_table SET story = 'new' WHERE id = 3
register: result
ignore_errors: true
- assert:
that:
- result is changed
- result.query == "UPDATE test_table SET story = 'new' WHERE id = 3"
- result.rowcount == 1
- result.statusmessage == 'UPDATE 1'
- result.query_result == {}
- name: check the previous update
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
db: postgres
query: SELECT * FROM test_table WHERE story = 'new' AND id = 3
register: result
- assert:
that:
- result.rowcount == 1
- name: postgresql_query - simple update query in check_mode
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
db: postgres
query: UPDATE test_table SET story = 'CHECK_MODE' WHERE id = 3
register: result
check_mode: true
- assert:
that:
- result is changed
- result.query == "UPDATE test_table SET story = 'CHECK_MODE' WHERE id = 3"
- result.rowcount == 1
- result.statusmessage == 'UPDATE 1'
- result.query_result == {}
- name: check the previous update that nothing has been changed
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
db: postgres
query: SELECT * FROM test_table WHERE story = 'CHECK_MODE' AND id = 3
register: result
- assert:
that:
- result.rowcount == 0
- name: postgresql_query - try to update not existing row
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
db: postgres
query: UPDATE test_table SET story = 'new' WHERE id = 100
register: result
ignore_errors: true
- assert:
that:
- result is not changed
- result.query == "UPDATE test_table SET story = 'new' WHERE id = 100"
- result.rowcount == 0
- result.statusmessage == 'UPDATE 0'
- result.query_result == {}
- name: postgresql_query - insert query
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
db: postgres
query: INSERT INTO test_table (id, story) VALUES (%s, %s)
positional_args:
- 4
- fourth
register: result
ignore_errors: true
- assert:
that:
- result is changed
- result.query == "INSERT INTO test_table (id, story) VALUES (4, 'fourth')" or result.query == "INSERT INTO test_table (id, story) VALUES (4, E'fourth')"
- result.rowcount == 1
- result.statusmessage == 'INSERT 0 1'
- result.query_result == {}
- name: postgresql_query - truncate test_table
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
db: postgres
query: TRUNCATE test_table
register: result
ignore_errors: true
- assert:
that:
- result is changed
- result.query == "TRUNCATE test_table"
- result.rowcount == 0
- result.statusmessage == 'TRUNCATE TABLE'
- result.query_result == {}
- name: postgresql_query - alter test_table
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
db: postgres
query: ALTER TABLE test_table ADD COLUMN foo int
register: result
ignore_errors: true
- assert:
that:
- result is changed
- result.query == "ALTER TABLE test_table ADD COLUMN foo int"
- result.rowcount == 0
- result.statusmessage == 'ALTER TABLE'
- name: postgresql_query - vacuum without autocommit must fail
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
db: postgres
query: VACUUM
register: result
ignore_errors: true
- assert:
that:
- result.failed == true
- name: postgresql_query - autocommit in check_mode must fail
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
db: postgres
query: VACUUM
autocommit: true
check_mode: true
register: result
ignore_errors: true
- assert:
that:
- result.failed == true
- result.msg == "Using autocommit is mutually exclusive with check_mode"
- name: postgresql_query - vacuum with autocommit
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
db: postgres
query: VACUUM
autocommit: true
register: result
- assert:
that:
- result is changed
- result.query == "VACUUM"
- result.rowcount == 0
- result.statusmessage == 'VACUUM'
- result.query_result == {}
- name: postgresql_query - create test table for issue 59955
become_user: '{{ pg_user }}'
become: true
postgresql_table:
login_user: '{{ pg_user }}'
login_db: postgres
name: test_array_table
columns:
- arr_col int[]
when: postgres_version_resp.stdout is version('9.4', '>=')
- set_fact:
my_list:
- 1
- 2
- 3
my_arr: '{1, 2, 3}'
when: postgres_version_resp.stdout is version('9.4', '>=')
- name: postgresql_query - insert array into test table by positional args
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
login_db: postgres
query: INSERT INTO test_array_table (arr_col) VALUES (%s)
positional_args:
- '{{ my_list }}'
register: result
when: postgres_version_resp.stdout is version('9.4', '>=')
- assert:
that:
- result is changed
- result.query == "INSERT INTO test_array_table (arr_col) VALUES ('{1, 2, 3}')"
when: postgres_version_resp.stdout is version('9.4', '>=')
- name: postgresql_query - select array from test table by passing positional_args
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
login_db: postgres
query: SELECT * FROM test_array_table WHERE arr_col = %s
positional_args:
- '{{ my_list }}'
register: result
when: postgres_version_resp.stdout is version('9.4', '>=')
- assert:
that:
- result is not changed
- result.query == "SELECT * FROM test_array_table WHERE arr_col = '{1, 2, 3}'"
- result.rowcount == 1
when: postgres_version_resp.stdout is version('9.4', '>=')
- name: postgresql_query - select array from test table by passing named_args
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
login_db: postgres
query: SELECT * FROM test_array_table WHERE arr_col = %(arr_val)s
named_args:
arr_val:
- '{{ my_list }}'
register: result
when: postgres_version_resp.stdout is version('9.4', '>=')
- assert:
that:
- result is not changed
- result.query == "SELECT * FROM test_array_table WHERE arr_col = '{1, 2, 3}'"
- result.rowcount == 1
when: postgres_version_resp.stdout is version('9.4', '>=')
- name: postgresql_query - select array from test table by passing positional_args as a string
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
login_db: postgres
query: SELECT * FROM test_array_table WHERE arr_col = %s
positional_args:
- '{{ my_arr|string }}'
trust_input: yes
register: result
when: postgres_version_resp.stdout is version('9.4', '>=')
- assert:
that:
- result is not changed
- result.query == "SELECT * FROM test_array_table WHERE arr_col = '{1, 2, 3}'"
- result.rowcount == 1
when: postgres_version_resp.stdout is version('9.4', '>=')
- name: postgresql_query - test trust_input parameter
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
login_db: postgres
session_role: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
query: SELECT version()
trust_input: no
ignore_errors: yes
register: result
- assert:
that:
- result is failed
- result.msg is search('is potentially dangerous')
- name: postgresql_query - clean up
become_user: '{{ pg_user }}'
become: true
postgresql_table:
login_user: '{{ pg_user }}'
login_db: postgres
name: test_array_table
state: absent
when: postgres_version_resp.stdout is version('9.4', '>=')
#############################
# Check search_path parameter
- name: postgresql_set - create test schemas
become_user: '{{ pg_user }}'
become: true
postgresql_schema:
login_user: '{{ pg_user }}'
login_db: postgres
name: '{{ item }}'
loop:
- query_test1
- query_test2
- name: postgresql_set - create test tables
become_user: '{{ pg_user }}'
become: true
postgresql_table:
login_user: '{{ pg_user }}'
login_db: postgres
name: '{{ item }}'
columns:
- id int
loop:
- 'query_test1.test1'
- 'query_test2.test2'
- name: postgresql_query - insert data
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
login_db: postgres
query: 'INSERT INTO {{ item }} (id) VALUES (1)'
search_path:
- query_test1
- query_test2
loop:
- test1
- test2
- name: postgresql_query - get data
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
login_db: postgres
query: 'SELECT id FROM test1'
search_path:
- query_test1
- query_test2
register: result
- assert:
that:
- result.rowcount == 1
- name: postgresql_query - get data, must fail
become_user: '{{ pg_user }}'
become: true
postgresql_query:
login_user: '{{ pg_user }}'
login_db: postgres
query: 'SELECT id FROM test1'
register: result
ignore_errors: yes
- assert:
that:
- result is failed

6
tests/integration/targets/postgresql_schema/aliases
View file

@ -1,6 +0,0 @@
destructive
shippable/posix/group4
skip/aix
skip/osx
skip/macos
disabled # tests already running in community.postgresql

7
tests/integration/targets/postgresql_schema/defaults/main.yml
View file

@ -1,7 +0,0 @@
---
db_name: 'ansible_db'
db_user1: 'ansible_db_user1'
db_user2: 'ansible_db_user2'
dangerous_name: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
db_session_role1: 'session_role1'
db_session_role2: 'session_role2'

2
tests/integration/targets/postgresql_schema/meta/main.yml
View file

@ -1,2 +0,0 @@
dependencies:
- setup_postgresql_db

9
tests/integration/targets/postgresql_schema/tasks/main.yml
View file

@ -1,9 +0,0 @@
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
- import_tasks: postgresql_schema_session_role.yml
# Initial CI tests of postgresql_schema module
- import_tasks: postgresql_schema_initial.yml

331
tests/integration/targets/postgresql_schema/tasks/postgresql_schema_initial.yml
View file

@ -1,331 +0,0 @@
---
# Setup
- name: Create test roles
postgresql_user:
name: "{{ item }}"
state: present
encrypted: yes
password: password
role_attr_flags: LOGIN
db: postgres
login_user: "{{ pg_user }}"
loop:
- "{{ db_user1 }}"
- "{{ db_user2 }}"
- name: Create DB
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: "{{ db_name }}"
owner: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
# Test: CREATE SCHEMA in checkmode
- name: Create a new schema with name "acme" in check_mode
become_user: "{{ pg_user }}"
become: yes
check_mode: yes
postgresql_schema:
database: "{{ db_name }}"
name: acme
login_user: "{{ pg_user }}"
register: result
# Checks
- assert:
that:
- result is changed
- result.schema == 'acme'
- name: Check that the new schema "acme" not exists
become: yes
become_user: "{{ pg_user }}"
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT schema_name FROM information_schema.schemata WHERE schema_name = 'acme'"
register: result
- assert:
that:
- result.rowcount == 0
# Test: CREATE SCHEMA
- name: Create a new schema with name "acme"
become_user: "{{ pg_user }}"
become: yes
postgresql_schema:
database: "{{ db_name }}"
name: acme
login_user: "{{ pg_user }}"
trust_input: yes
register: result
# Checks
- assert:
that:
- result is changed
- result.schema == 'acme'
- result.queries == [ 'CREATE SCHEMA "acme"' ]
- name: Check that the new schema "acme" exists
become: yes
become_user: "{{ pg_user }}"
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT schema_name FROM information_schema.schemata WHERE schema_name = 'acme'"
register: result
- assert:
that:
- result.rowcount == 1
# Test: DROP SCHEMA in checkmode
- name: Drop schema "acme" in check_mode
become_user: "{{ pg_user }}"
become: yes
check_mode: yes
postgresql_schema:
database: "{{ db_name }}"
name: acme
state: absent
login_user: "{{ pg_user }}"
register: result
# Checks
- assert:
that:
- result is not changed
- name: Check that the new schema "acme" still exists
become: yes
become_user: "{{ pg_user }}"
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT schema_name FROM information_schema.schemata WHERE schema_name = 'acme'"
register: result
- assert:
that:
- result.rowcount == 1
# Test: DROP SCHEMA
- name: Drop schema "acme"
become_user: "{{ pg_user }}"
become: yes
postgresql_schema:
database: "{{ db_name }}"
name: acme
state: absent
login_user: "{{ pg_user }}"
register: result
# Checks
- assert:
that:
- result is changed
- result.queries == [ 'DROP SCHEMA "acme"' ]
- name: Check that no schema "acme" exists
become: yes
become_user: "{{ pg_user }}"
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT schema_name FROM information_schema.schemata WHERE schema_name = 'acme'"
register: result
ignore_errors: yes
- assert:
that:
- result.rowcount == 0
# Test: trust_input parameter
- name: Create a new schema with potentially dangerous owner name
become_user: "{{ pg_user }}"
become: yes
postgresql_schema:
database: "{{ db_name }}"
name: acme
login_user: "{{ pg_user }}"
owner: "{{ dangerous_name }}"
trust_input: no
register: result
ignore_errors: yes
# Checks
- assert:
that:
- result is failed
- result.msg == 'Passed input \'{{ dangerous_name }}\' is potentially dangerous'
# Test: CREATE SCHEMA; WITH TABLE for DROP CASCADE test
- name: Create a new schema "acme"
become_user: "{{ pg_user }}"
become: yes
postgresql_schema:
database: "{{ db_name }}"
name: acme
login_user: "{{ pg_user }}"
register: result
- name: Create table in schema for DROP CASCADE check
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "CREATE TABLE acme.table1()"
register: result2
# Checks
- assert:
that:
- result is changed
- result.schema == 'acme'
- result.queries == [ 'CREATE SCHEMA "acme"' ]
- result2.changed == true
- result2.statusmessage == 'CREATE TABLE'
- name: Check that the new schema "acme" exists
become: yes
become_user: "{{ pg_user }}"
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT schema_name,schema_owner FROM information_schema.schemata WHERE schema_name = 'acme'"
register: result
- assert:
that:
- result.rowcount == 1
- name: Check that the new table "table1" in schema 'acme' exists
become: yes
become_user: "{{ pg_user }}"
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT EXISTS (SELECT 1 FROM pg_tables WHERE schemaname = 'acme' AND tablename = 'table1')"
register: result
- assert:
that:
- result.rowcount == 1
# Test: DROP SCHEMA ... CASCADE;
- name: Drop schema "acme" with cascade
become_user: "{{ pg_user }}"
become: yes
postgresql_schema:
database: "{{ db_name }}"
name: acme
state: absent
cascade_drop: yes
login_user: "{{ pg_user }}"
register: result
# Checks
- assert:
that:
- result is changed
- result.queries == [ 'DROP SCHEMA "acme" CASCADE' ]
- name: Check that no schema "acme" exists
become: yes
become_user: "{{ pg_user }}"
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT schema_name FROM information_schema.schemata WHERE schema_name = 'acme'"
register: result
ignore_errors: yes
- assert:
that:
- result.rowcount == 0
# Test: CREATE SCHEMA WITH OWNER ...;
- name: Create a new schema "acme" with a user "{{ db_user2 }}" who will own it
become_user: "{{ pg_user }}"
become: yes
postgresql_schema:
database: "{{ db_name }}"
name: acme
owner: "{{ db_user2 }}"
login_user: "{{ pg_user }}"
register: result
# Checks
- assert:
that:
- result is changed
- result.schema == 'acme'
- result.queries == [ 'CREATE SCHEMA "acme" AUTHORIZATION "{{ db_user2 }}"' ]
- name: Check that the new schema "acme" exists and "{{ db_user2 }}" own it
become: yes
become_user: "{{ pg_user }}"
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT schema_name,schema_owner FROM information_schema.schemata WHERE schema_name = 'acme' AND schema_owner = '{{ db_user2 }}'"
register: result
ignore_errors: yes
- assert:
that:
- result.rowcount == 1
# Test: DROP SCHEMA
- name: Drop schema "acme"
become_user: "{{ pg_user }}"
become: yes
postgresql_schema:
database: "{{ db_name }}"
name: acme
state: absent
login_user: "{{ pg_user }}"
register: result
# Checks
- assert:
that:
- result is changed
- result.queries == [ 'DROP SCHEMA "acme"' ]
- name: Check that no schema "acme" exists
become: yes
become_user: "{{ pg_user }}"
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT schema_name FROM information_schema.schemata WHERE schema_name = 'acme'"
register: result
ignore_errors: yes
- assert:
that:
- result.rowcount == 0
# Cleanup
- name: Remove user
postgresql_user:
name: "{{ db_user2 }}"
state: absent
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
- name: Destroy DB
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: absent
name: "{{ db_name }}"
login_user: "{{ pg_user }}"

78
tests/integration/targets/postgresql_schema/tasks/postgresql_schema_session_role.yml
View file

@ -1,78 +0,0 @@
- name: Create a high privileged user
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ db_session_role1 }}"
state: "present"
password: "password"
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
login_user: "{{ pg_user }}"
db: postgres
- name: Create DB as session_role
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
register: result
- name: Create schema in own database
become_user: "{{ pg_user }}"
become: yes
postgresql_schema:
database: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
name: "{{ db_session_role1 }}"
session_role: "{{ db_session_role1 }}"
- name: Create schema in own database, should be owned by session_role
become_user: "{{ pg_user }}"
become: yes
postgresql_schema:
database: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
name: "{{ db_session_role1 }}"
owner: "{{ db_session_role1 }}"
register: result
- assert:
that:
- result is not changed
- name: Fail when creating schema in postgres database as a regular user
become_user: "{{ pg_user }}"
become: yes
postgresql_schema:
database: postgres
login_user: "{{ pg_user }}"
name: "{{ db_session_role1 }}"
session_role: "{{ db_session_role1 }}"
ignore_errors: yes
register: result
- assert:
that:
- result is failed
- name: Drop test db
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: absent
name: "{{ db_session_role1 }}"
login_user: "{{ pg_user }}"
- name: Drop test users
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ item }}"
state: absent
login_user: "{{ pg_user }}"
db: postgres
with_items:
- "{{ db_session_role1 }}"
- "{{ db_session_role2 }}"

6
tests/integration/targets/postgresql_sequence/aliases
View file

@ -1,6 +0,0 @@
destructive
shippable/posix/group4
skip/aix
skip/osx
skip/macos
disabled # tests already running in community.postgresql

5
tests/integration/targets/postgresql_sequence/defaults/main.yml
View file

@ -1,5 +0,0 @@
---
db_name: 'ansible_db'
db_user1: 'ansible_db_user1'
db_user2: 'ansible_db_user2'
db_default: 'postgres'

2
tests/integration/targets/postgresql_sequence/meta/main.yml
View file

@ -1,2 +0,0 @@
dependencies:
- setup_postgresql_db

8
tests/integration/targets/postgresql_sequence/tasks/main.yml
View file

@ -1,8 +0,0 @@
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
# Initial CI tests of postgresql_sequence module
- import_tasks: postgresql_sequence_initial.yml
when: postgres_version_resp.stdout is version('9.4', '>=')

730
tests/integration/targets/postgresql_sequence/tasks/postgresql_sequence_initial.yml
View file

@ -1,730 +0,0 @@
---
# Copyright: (c) 2019, Tobias Birkefeld (@tcraxs) <t@craxs.de>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# Preparation for tests.
- name: postgresql_sequence - create a user to be owner of a database
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
name: "{{ db_user1 }}"
state: present
encrypted: yes
password: password
role_attr_flags: LOGIN
db: "{{ db_default }}"
login_user: "{{ pg_user }}"
- name: postgresql_sequence - create DB
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: "{{ db_name }}"
owner: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
- name: Create a user to be owner of a sequence
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
name: "{{ db_user2 }}"
state: present
encrypted: yes
password: password
role_attr_flags: LOGIN
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
- name: postgresql_sequence - create a schema
become_user: "{{ pg_user }}"
become: yes
postgresql_schema:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: foobar_schema
####################
# Test: create sequence in checkmode
- name: postgresql_sequence - create a new sequence with name "foobar" in check_mode
become_user: "{{ pg_user }}"
become: yes
check_mode: yes
postgresql_sequence:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: foobar
register: result
# Checks
- name: postgresql_sequence - check with assert the output
assert:
that:
- result is changed
- result.sequence == 'foobar'
- result.queries == ["CREATE SEQUENCE \"public\".\"foobar\""]
# Real SQL check
- name: postgresql_sequence - check that the new sequence "foobar" not exists
become: yes
become_user: "{{ pg_user }}"
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'foobar'"
register: result
- name: postgresql_sequence - check with assert the output
assert:
that:
- result.rowcount == 0
- result.statusmessage == 'SELECT 0'
####################
# Test: create sequence
- name: postgresql_sequence - create a new sequence with name "foobar"
become_user: "{{ pg_user }}"
become: yes
postgresql_sequence:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: foobar
register: result
# Checks
- name: postgresql_sequence - check with assert the output
assert:
that:
- result is changed
- result.sequence == 'foobar'
- result.queries == ["CREATE SEQUENCE \"public\".\"foobar\""]
# Real SQL check
- name: postgresql_sequence - check that the new sequence "foobar" exists
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'foobar'"
register: result
- name: postgresql_sequence - check with assert the output
assert:
that:
- result.rowcount == 1
####################
# Test: drop sequence in checkmode
- name: postgresql_sequence - drop a sequence called foobar
become_user: "{{ pg_user }}"
become: yes
check_mode: yes
postgresql_sequence:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: foobar
state: absent
register: result
# Checks
- name: postgresql_sequence - check with assert the output
assert:
that:
- result is changed
- result.sequence == 'foobar'
- result.queries == ["DROP SEQUENCE \"public\".\"foobar\""]
# Real SQL check
- name: postgresql_sequence - check that the sequence "foobar" still exists
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'foobar'"
register: result
- name: postgresql_sequence - check with assert the output
assert:
that:
- result.rowcount == 1
####################
# Test: drop sequence
- name: postgresql_sequence - drop a sequence called foobar
become_user: "{{ pg_user }}"
become: yes
postgresql_sequence:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: foobar
state: absent
register: result
# Checks
- name: postgresql_sequence - check with assert the output
assert:
that:
- result is changed
- result.sequence == 'foobar'
- result.queries == ["DROP SEQUENCE \"public\".\"foobar\""]
# Real SQL check
- name: postgresql_sequence - check that the sequence "foobar" not exists
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'foobar'"
register: result
- name: postgresql_sequence - check with assert the output
assert:
that:
- result.rowcount == 0
####################
# Test: drop nonexistent sequence
- name: postgresql_sequence - drop a sequence called foobar which does not exists
become_user: "{{ pg_user }}"
become: yes
postgresql_sequence:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: foobar
state: absent
register: result
# Checks
- name: postgresql_sequence - check with assert the output
assert:
that:
- result is not changed
- result.sequence == 'foobar'
- result.queries == []
# Real SQL check
- name: postgresql_sequence - check that the sequence "foobar" not exists
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'foobar'"
register: result
- name: postgresql_sequence - check with assert the output
assert:
that:
- result.rowcount == 0
####################
# Test: create sequence with options
- name: postgresql_sequence - create an descending sequence called foobar_desc, starting at 101 and which cycle between 1 to 1000
become_user: "{{ pg_user }}"
become: yes
postgresql_sequence:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: foobar_desc
increment: -1
start: 101
minvalue: 1
maxvalue: 1000
cycle: yes
register: result
# Checks
- name: postgresql_sequence - check with assert the output
assert:
that:
- result is changed
- result.sequence == 'foobar_desc'
- result.increment == '-1'
- result.minvalue == '1'
- result.maxvalue == '1000'
- result.cycle == 'YES'
- result.queries == ["CREATE SEQUENCE \"public\".\"foobar_desc\" INCREMENT BY -1 MINVALUE 1 MAXVALUE 1000 START WITH 101 CYCLE"]
# Real SQL check
- name: postgresql_sequence - check that the new sequence "foobar_desc" exists
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'foobar_desc'"
register: result
- name: postgresql_sequence - check with assert the output
assert:
that:
- result.rowcount == 1
####################
# Test: rename a sequence in checkmode
- name: postgresql_sequence - rename an existing sequence named foobar_desc to foobar_with_options
become_user: "{{ pg_user }}"
become: yes
check_mode: yes
postgresql_sequence:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: foobar_desc
rename_to: foobar_with_options
register: result
# Checks
- name: postgresql_sequence - check with assert the output
assert:
that:
- result is changed
- result.sequence == 'foobar_desc'
- result.newname == 'foobar_with_options'
- result.queries == ["ALTER SEQUENCE \"public\".\"foobar_desc\" RENAME TO \"foobar_with_options\""]
# Real SQL check
- name: postgresql_sequence - check that the sequence "foobar_desc" still exists and is not renamed
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'foobar_desc'"
register: result
- name: postgresql_sequence - check with assert the output
assert:
that:
- result.rowcount == 1
####################
# Test: rename a sequence
- name: postgresql_sequence - rename an existing sequence named foobar_desc to foobar_with_options
become_user: "{{ pg_user }}"
become: yes
postgresql_sequence:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: foobar_desc
rename_to: foobar_with_options
register: result
# Checks
- name: postgresql_sequence - check with assert the output
assert:
that:
- result is changed
- result.sequence == 'foobar_desc'
- result.newname == 'foobar_with_options'
- result.queries == ["ALTER SEQUENCE \"public\".\"foobar_desc\" RENAME TO \"foobar_with_options\""]
# Real SQL check
- name: postgresql_sequence - check that the renamed sequence "foobar_with_options" exists
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'foobar_with_options'"
register: result
- name: postgresql_sequence - check with assert the output
assert:
that:
- result.rowcount == 1
####################
# Test: change schema of a sequence in checkmode
- name: postgresql_sequence - change schema of an existing sequence from public to foobar_schema
become_user: "{{ pg_user }}"
become: yes
check_mode: yes
postgresql_sequence:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: foobar_with_options
newschema: foobar_schema
register: result
# Checks
- name: postgresql_sequence - check with assert the output
assert:
that:
- result is changed
- result.sequence == 'foobar_with_options'
- result.schema == 'public'
- result.newschema == 'foobar_schema'
- result.queries == ["ALTER SEQUENCE \"public\".\"foobar_with_options\" SET SCHEMA \"foobar_schema\""]
# Real SQL check
- name: postgresql_sequence - check that the sequence "foobar_with_options" still exists in the old schema
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT sequence_name,sequence_schema FROM information_schema.sequences WHERE sequence_name = 'foobar_with_options' AND sequence_schema = 'public'"
register: result
- name: postgresql_sequence - check with assert the output
assert:
that:
- result.rowcount == 1
####################
# Test: change schema of a sequence
- name: postgresql_sequence - change schema of an existing sequence from public to foobar_schema
become_user: "{{ pg_user }}"
become: yes
postgresql_sequence:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: foobar_with_options
newschema: foobar_schema
register: result
# Checks
- name: postgresql_sequence - check with assert the output
assert:
that:
- result is changed
- result.sequence == 'foobar_with_options'
- result.schema == 'public'
- result.newschema == 'foobar_schema'
- result.queries == ["ALTER SEQUENCE \"public\".\"foobar_with_options\" SET SCHEMA \"foobar_schema\""]
# Real SQL check
- name: postgresql_sequence - check that the sequence "foobar_with_options" exists in new schema
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT sequence_name,sequence_schema FROM information_schema.sequences WHERE sequence_name = 'foobar_with_options' AND sequence_schema = 'foobar_schema'"
register: result
- name: postgresql_sequence - check with assert the output
assert:
that:
- result.rowcount == 1
####################
# Test: change owner of a sequence in checkmode
- name: postgresql_sequence - change owner of an existing sequence from "{{ pg_user }}" to "{{ db_user1 }}"
become_user: "{{ pg_user }}"
become: yes
check_mode: yes
postgresql_sequence:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: foobar_with_options
schema: foobar_schema
owner: "{{ db_user1 }}"
register: result
# Checks
- name: postgresql_sequence - check with assert the output
assert:
that:
- result is changed
- result.sequence == 'foobar_with_options'
- result.owner == "{{ pg_user }}"
- result.queries == ["ALTER SEQUENCE \"foobar_schema\".\"foobar_with_options\" OWNER TO \"{{ db_user1 }}\""]
# Real SQL check
- name: postgresql_sequence - check that the sequence "foobar_with_options" has still the old owner
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT c.relname,a.rolname,n.nspname
FROM pg_class as c
JOIN pg_authid as a on (c.relowner = a.oid)
JOIN pg_namespace as n on (c.relnamespace = n.oid)
WHERE c.relkind = 'S' and
c.relname = 'foobar_with_options' and
n.nspname = 'foobar_schema' and
a.rolname = '{{ pg_user }}'"
register: result
- name: postgresql_sequence - check with assert the output
assert:
that:
- result.rowcount == 1
####################
# Test: change owner of a sequence
- name: postgresql_sequence - change owner of an existing sequence from "{{ pg_user }}" to "{{ db_user1 }}"
become_user: "{{ pg_user }}"
become: yes
postgresql_sequence:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: foobar_with_options
schema: foobar_schema
owner: "{{ db_user1 }}"
register: result
# Checks
- name: postgresql_sequence - check with assert the output
assert:
that:
- result is changed
- result.sequence == 'foobar_with_options'
- result.owner == "{{ pg_user }}"
- result.queries == ["ALTER SEQUENCE \"foobar_schema\".\"foobar_with_options\" OWNER TO \"{{ db_user1 }}\""]
# Real SQL check
- name: postgresql_sequence - check that the sequence "foobar_with_options" has a new owner
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT c.relname,a.rolname,n.nspname
FROM pg_class as c
JOIN pg_authid as a on (c.relowner = a.oid)
JOIN pg_namespace as n on (c.relnamespace = n.oid)
WHERE c.relkind = 'S' and
c.relname = 'foobar_with_options' and
n.nspname = 'foobar_schema' and
a.rolname = '{{ db_user1 }}'"
register: result
- name: postgresql_sequence - check with assert the output
assert:
that:
- result.rowcount == 1
####################
# Test: drop sequence with cascade
# CREATE SEQUENCE seq1;
# CREATE TABLE t1 (f1 INT NOT NULL DEFAULT nextval('seq1'));
# DROP SEQUENCE seq1 CASCADE;
- name: postgresql_sequence - create sequence for drop cascade test
become_user: "{{ pg_user }}"
become: yes
postgresql_sequence:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: seq1
- name: postgresql_sequence - create table which use sequence for drop cascade test
become_user: "{{ pg_user }}"
become: yes
postgresql_table:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: t1
columns:
- f1 INT NOT NULL DEFAULT nextval('seq1')
####################
# Test: drop sequence with cascade in checkmode
- name: postgresql_sequence - drop with cascade a sequence called seq1
become_user: "{{ pg_user }}"
become: yes
check_mode: yes
postgresql_sequence:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: seq1
state: absent
cascade: yes
register: result
# Checks
- name: postgresql_sequence - check with assert the output
assert:
that:
- result is changed
- result.sequence == 'seq1'
- result.queries == ["DROP SEQUENCE \"public\".\"seq1\" CASCADE"]
# Real SQL check
- name: postgresql_sequence - check that the sequence "seq1" still exists
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'seq1'"
register: result
- name: postgresql_sequence - check with assert the output
assert:
that:
- result.rowcount == 1
####################
# Test: drop sequence with cascade
- name: postgresql_sequence - drop with cascade a sequence called seq1
become_user: "{{ pg_user }}"
become: yes
postgresql_sequence:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: seq1
state: absent
cascade: yes
register: result
# Checks
- name: postgresql_sequence - check with assert the output
assert:
that:
- result is changed
- result.sequence == 'seq1'
- result.queries == ["DROP SEQUENCE \"public\".\"seq1\" CASCADE"]
# Real SQL check
- name: postgresql_sequence - check that the sequence "seq1" not exists
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'seq1'"
register: result
- name: postgresql_sequence - check with assert the output
assert:
that:
- result.rowcount == 0
####################
# Test: create sequence with owner in checkmode
- name: postgresql_sequence - create a new sequence with name "foobar2" with owner "{{ db_user2 }}"
become_user: "{{ pg_user }}"
become: yes
check_mode: yes
postgresql_sequence:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: foobar2
owner: "{{ db_user2 }}"
register: result
# Checks
- name: postgresql_sequence - check with assert the output
assert:
that:
- result is changed
- result.sequence == 'foobar2'
- result.queries == ["CREATE SEQUENCE \"public\".\"foobar2\"", "ALTER SEQUENCE \"public\".\"foobar2\" OWNER TO \"ansible_db_user2\""]
# Real SQL check
- name: postgresql_sequence - check that the new sequence "foobar2" does not exists
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'foobar2'"
register: result
- name: postgresql_sequence - check with assert the output
assert:
that:
- result.rowcount == 0
####################
# Test: create sequence with owner
- name: postgresql_sequence - create a new sequence with name "foobar2" with owner "{{ db_user2 }}"
become_user: "{{ pg_user }}"
become: yes
postgresql_sequence:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: foobar2
owner: "{{ db_user2 }}"
register: result
# Checks
- name: postgresql_sequence - check with assert the output
assert:
that:
- result is changed
- result.sequence == 'foobar2'
- result.queries == ["CREATE SEQUENCE \"public\".\"foobar2\"", "ALTER SEQUENCE \"public\".\"foobar2\" OWNER TO \"ansible_db_user2\""]
# Real SQL check
- name: postgresql_sequence - check that the new sequence "foobar2" exists
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT sequence_name FROM information_schema.sequences WHERE sequence_name = 'foobar2'"
register: result
- name: postgresql_sequence - check with assert the output
assert:
that:
- result.rowcount == 1
- name: postgresql_sequence - check that the sequence "foobar2" has owner "{{ db_user2 }}"
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
query: "SELECT c.relname,a.rolname,n.nspname
FROM pg_class as c
JOIN pg_authid as a on (c.relowner = a.oid)
JOIN pg_namespace as n on (c.relnamespace = n.oid)
WHERE c.relkind = 'S' and
c.relname = 'foobar2' and
n.nspname = 'public' and
a.rolname = '{{ db_user2 }}'"
register: result
- name: postgresql_sequence - check with assert the output
assert:
that:
- result.rowcount == 1
####################
# Test: create sequence with trust_input
- name: postgresql_sequence - check that trust_input works as expected
become_user: "{{ pg_user }}"
become: yes
postgresql_sequence:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
name: 'just_a_name"; SELECT * FROM information_schema.tables; --'
trust_input: no
owner: "{{ db_user2 }}"
ignore_errors: yes
register: result
# Checks
- name: postgresql_sequence - check with assert the output
assert:
that:
- result is failed
- result.msg is search('is potentially dangerous')
# Cleanup
- name: postgresql_sequence - destroy DB
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: absent
name: "{{ db_name }}"
login_user: "{{ pg_user }}"
- name: remove test roles
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
state: absent
login_db: "{{ db_default }}"
login_user: "{{ pg_user }}"
name: "{{ item }}"
loop:
- "{{ db_user1 }}"
- "{{ db_user2 }}"

6
tests/integration/targets/postgresql_set/aliases
View file

@ -1,6 +0,0 @@
destructive
shippable/posix/group4
skip/aix
skip/osx
skip/macos
disabled # tests already running in community.postgresql

2
tests/integration/targets/postgresql_set/meta/main.yml
View file

@ -1,2 +0,0 @@
dependencies:
- setup_postgresql_db

8
tests/integration/targets/postgresql_set/tasks/main.yml
View file

@ -1,8 +0,0 @@
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
# Initial CI tests of postgresql_initial module
- include_tasks: postgresql_set_initial.yml
when: postgres_version_resp.stdout is version('9.6', '>=')

375
tests/integration/targets/postgresql_set/tasks/postgresql_set_initial.yml
View file

@ -1,375 +0,0 @@
# Test code for the postgresql_set module
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
# Notice: assertions are different for Ubuntu 16.04 and FreeBSD because they don't work
# correctly for these tests. There are some stranges exactly in Shippable CI.
# However I checked it manually for all points (including Ubuntu 16.05 and FreeBSD)
# and it worked as expected.
- vars:
task_parameters: &task_parameters
become_user: '{{ pg_user }}'
become: yes
pg_parameters: &pg_parameters
login_user: '{{ pg_user }}'
login_db: postgres
block:
- name: postgresql_set - preparation to the next step
<<: *task_parameters
become_user: "{{ pg_user }}"
become: yes
postgresql_set:
<<: *pg_parameters
name: work_mem
reset: yes
#####################
# Testing check_mode:
- name: postgresql_set - get work_mem initial value
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: SHOW work_mem
register: before
- name: postgresql_set - set work_mem (restart is not required), check_mode
<<: *task_parameters
postgresql_set:
<<: *pg_parameters
name: work_mem
value: 12MB
register: set_wm
check_mode: yes
- assert:
that:
- set_wm.name == 'work_mem'
- set_wm.changed == true
- set_wm.prev_val_pretty == before.query_result[0].work_mem
- set_wm.value_pretty == '12MB'
- set_wm.restart_required == false
- name: postgresql_set - get work_mem value to check, must be the same as initial
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: SHOW work_mem
register: after
- assert:
that:
- before.query_result[0].work_mem == after.query_result[0].work_mem
######
#
- name: postgresql_set - set work_mem (restart is not required)
<<: *task_parameters
postgresql_set:
<<: *pg_parameters
name: work_mem
value: 12mb
register: set_wm
- assert:
that:
- set_wm.name == 'work_mem'
- set_wm.changed == true
- set_wm.value_pretty == '12MB'
- set_wm.value_pretty != set_wm.prev_val_pretty
- set_wm.restart_required == false
- set_wm.value.value == 12582912
- set_wm.value.unit == 'b'
when:
- ansible_distribution != "Ubuntu"
- ansible_distribution_major_version != '16'
- ansible_distribution != "FreeBSD"
- assert:
that:
- set_wm.name == 'work_mem'
- set_wm.changed == true
- set_wm.restart_required == false
when:
- ansible_distribution == "Ubuntu"
- ansible_distribution_major_version == '16'
- name: postgresql_set - reset work_mem (restart is not required)
<<: *task_parameters
postgresql_set:
<<: *pg_parameters
name: work_mem
reset: yes
register: reset_wm
- assert:
that:
- reset_wm.name == 'work_mem'
- reset_wm.changed == true
- reset_wm.value_pretty != reset_wm.prev_val_pretty
- reset_wm.restart_required == false
- reset_wm.value.value != '12582912'
when:
- ansible_distribution != "Ubuntu"
- ansible_distribution_major_version != '16'
- ansible_distribution != "FreeBSD"
- assert:
that:
- reset_wm.name == 'work_mem'
- reset_wm.changed == true
- reset_wm.restart_required == false
when:
- ansible_distribution == "Ubuntu"
- ansible_distribution_major_version == '16'
- name: postgresql_set - reset work_mem again to check that nothing changed (restart is not required)
<<: *task_parameters
postgresql_set:
<<: *pg_parameters
name: work_mem
reset: yes
register: reset_wm2
- assert:
that:
- reset_wm2.name == 'work_mem'
- reset_wm2.changed == false
- reset_wm2.value_pretty == reset_wm2.prev_val_pretty
- reset_wm2.restart_required == false
when:
- ansible_distribution != "Ubuntu"
- ansible_distribution_major_version != '16'
- assert:
that:
- reset_wm2.name == 'work_mem'
- reset_wm2.changed == false
- reset_wm2.restart_required == false
when:
- ansible_distribution == "Ubuntu"
- ansible_distribution_major_version == '16'
- name: postgresql_set - preparation to the next step
<<: *task_parameters
postgresql_set:
<<: *pg_parameters
name: work_mem
value: 14MB
- name: postgresql_set - set work_mem to initial state (restart is not required)
<<: *task_parameters
postgresql_set:
<<: *pg_parameters
name: work_mem
value: default
register: def_wm
- assert:
that:
- def_wm.name == 'work_mem'
- def_wm.changed == true
- def_wm.value_pretty != def_wm.prev_val_pretty
- def_wm.restart_required == false
- def_wm.value.value != '14680064'
when:
- ansible_distribution != "Ubuntu"
- ansible_distribution_major_version != '16'
- ansible_distribution != 'FreeBSD'
- assert:
that:
- def_wm.name == 'work_mem'
- def_wm.changed == true
- def_wm.restart_required == false
when:
- ansible_distribution == "Ubuntu"
- ansible_distribution_major_version == '16'
- ansible_distribution != 'FreeBSD'
- name: postgresql_set - set shared_buffers (restart is required)
<<: *task_parameters
postgresql_set:
<<: *pg_parameters
name: shared_buffers
value: 111MB
register: set_shb
- assert:
that:
- set_shb.name == 'shared_buffers'
- set_shb.changed == true
- set_shb.restart_required == true
# We don't check value.unit because it is none
- name: postgresql_set - set autovacuum (enabled by default, restart is not required)
<<: *task_parameters
postgresql_set:
<<: *pg_parameters
name: autovacuum
value: off
register: set_aut
- assert:
that:
- set_aut.name == 'autovacuum'
- set_aut.changed == true
- set_aut.restart_required == false
- set_aut.value.value == 'off'
# Test check_mode, step 1. At the previous test we set autovacuum = 'off'
- name: postgresql - try to change autovacuum again in check_mode
<<: *task_parameters
postgresql_set:
<<: *pg_parameters
name: autovacuum
value: on
register: set_aut
check_mode: yes
- assert:
that:
- set_aut.name == 'autovacuum'
- set_aut.changed == true
- set_aut.restart_required == false
- set_aut.value.value == 'off'
# Test check_mode, step 2
- name: postgresql - check that autovacuum wasn't actually changed after change in check_mode
<<: *task_parameters
postgresql_set:
<<: *pg_parameters
name: autovacuum
value: off
register: set_aut
check_mode: yes
- assert:
that:
- set_aut.name == 'autovacuum'
- set_aut.changed == false
- set_aut.restart_required == false
- set_aut.value.value == 'off'
# Additional check by SQL query:
- name: postgresql_set - get autovacuum value to check, must be off
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: SHOW autovacuum
register: result
- assert:
that:
- result.query_result[0].autovacuum == 'off'
# Test check_mode, step 3. It is different from
# the prev test - it runs without check_mode: yes.
# Before the check_mode tests autovacuum was off
- name: postgresql - check that autovacuum wasn't actually changed after change in check_mode
<<: *task_parameters
postgresql_set:
<<: *pg_parameters
name: autovacuum
value: off
register: set_aut
- assert:
that:
- set_aut.name == 'autovacuum'
- set_aut.changed == false
- set_aut.restart_required == false
- set_aut.value.value == 'off'
#################
# Bugfix of 67377
- name: archive command with mb
<<: *task_parameters
postgresql_set:
<<: *pg_parameters
trust_input: yes
name: archive_command
value: 'test ! -f /mnt/postgres/mb/%f && cp %p /mnt/postgres/mb/%f'
# Check:
- name: check value
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: select reset_val from pg_settings where name = 'archive_command'
register: result
- assert:
that:
- result.query_result.0.reset_val == "test ! -f /mnt/postgres/mb/%f && cp %p /mnt/postgres/mb/%f"
#############################
# Check trust_input parameter
- name: postgresql_set - check trust_input
<<: *task_parameters
postgresql_set:
<<: *pg_parameters
name: shared_buffers
value: 111MB
trust_input: no
session_role: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
register: result
ignore_errors: yes
- assert:
that:
- result is failed
- result.msg is search('is potentially dangerous')
###############################################################################
# Bugfix of https://github.com/ansible-collections/community.general/issues/775
- name: postgresql_set - turn on archive mode
<<: *task_parameters
postgresql_set:
<<: *pg_parameters
name: archive_mode
value: 'on'
- name: Restart PostgreSQL
become: yes
service:
name: "{{ postgresql_service }}"
state: restarted
- name: postgresql_set - set empty string as value
<<: *task_parameters
postgresql_set:
<<: *pg_parameters
name: archive_command
value: ''
register: result
- assert:
that:
- result is changed
- name: postgresql_set - set empty string as value again
<<: *task_parameters
postgresql_set:
<<: *pg_parameters
name: archive_command
value: ''
register: result
- assert:
that:
- result is not changed
- name: postgresql_set - set empty string as value again in check mode
<<: *task_parameters
postgresql_set:
<<: *pg_parameters
name: archive_command
value: ''
register: result
check_mode: yes
- assert:
that:
- result is not changed

6
tests/integration/targets/postgresql_slot/aliases
View file

@ -1,6 +0,0 @@
destructive
shippable/posix/group4
skip/aix
skip/osx
skip/macos
disabled # tests already running in community.postgresql

2
tests/integration/targets/postgresql_slot/meta/main.yml
View file

@ -1,2 +0,0 @@
dependencies:
- setup_postgresql_db

9
tests/integration/targets/postgresql_slot/tasks/main.yml
View file

@ -1,9 +0,0 @@
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
# Initial CI tests of postgresql_slot module
# Physical replication slots are available since PostgreSQL 9.4
- import_tasks: postgresql_slot_initial.yml
when: postgres_version_resp.stdout is version('9.4', '>=')

735
tests/integration/targets/postgresql_slot/tasks/postgresql_slot_initial.yml
View file

@ -1,735 +0,0 @@
---
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: postgresql_slot - set max_replication_slots
become_user: "{{ pg_user }}"
become: yes
postgresql_set:
login_user: "{{ pg_user }}"
db: postgres
name: max_replication_slots
value: '10'
- name: postgresql_slot - set wal_level to logical
become_user: "{{ pg_user }}"
become: yes
postgresql_set:
login_user: "{{ pg_user }}"
db: postgres
name: wal_level
value: logical
# To avoid CI timeouts
- name: Kill all postgres processes
shell: 'pkill -u {{ pg_user }}'
become: yes
when: ansible_facts.distribution == 'CentOS' and ansible_facts.distribution_major_version == '8'
ignore_errors: yes
- name: postgresql_slot - stop PostgreSQL
become: yes
service:
name: "{{ postgresql_service }}"
state: stopped
when: (ansible_facts.distribution_major_version != '8' and ansible_facts.distribution == 'CentOS') or ansible_facts.distribution != 'CentOS'
- name: postgresql_slot - pause between stop and start PostgreSQL
ansible.builtin.pause:
seconds: 5
- name: postgresql_slot - start PostgreSQL
become: yes
service:
name: "{{ postgresql_service }}"
state: started
#
# state=present
#
# check_mode
- name: postgresql_slot - create slot in check_mode
become_user: "{{ pg_user }}"
become: yes
postgresql_slot:
login_user: "{{ pg_user }}"
db: postgres
name: slot0
check_mode: yes
register: result
- assert:
that:
- result is changed
- result.queries == []
# Check, rowcount must be 0
- name: postgresql_slot - check that nothing changed after the previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot0'"
ignore_errors: yes
register: result
- assert:
that:
- result.rowcount == 0
# true mode
- name: postgresql_slot - create physical slot
become_user: "{{ pg_user }}"
become: yes
postgresql_slot:
login_user: "{{ pg_user }}"
db: postgres
name: slot0
register: result
- assert:
that:
- result is changed
- result.queries == ["SELECT pg_create_physical_replication_slot('slot0', false)"]
when: postgres_version_resp.stdout is version('9.6', '>=')
- assert:
that:
- result is changed
- result.queries == ["SELECT pg_create_physical_replication_slot('slot0')"]
when: postgres_version_resp.stdout is version('9.6', '<')
# Check, rowcount must be 1
- name: postgresql_slot - check that the slot exists after the previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot0' and slot_type = 'physical'"
ignore_errors: yes
register: result
- assert:
that:
- result.rowcount == 1
# check mode
- name: postgresql_slot - try create physical slot again in check_mode
become_user: "{{ pg_user }}"
become: yes
postgresql_slot:
login_user: "{{ pg_user }}"
db: postgres
name: slot0
check_mode: yes
register: result
- assert:
that:
- result is not changed
- result.queries == []
# Check, rowcount must be 1
- name: postgresql_slot - check that nothing changed after the previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot0' and slot_type = 'physical'"
ignore_errors: yes
register: result
- assert:
that:
- result.rowcount == 1
# true mode
- name: postgresql_slot - try create physical slot again
become_user: "{{ pg_user }}"
become: yes
postgresql_slot:
login_user: "{{ pg_user }}"
db: postgres
name: slot0
slot_type: physical
register: result
- assert:
that:
- result is not changed
- result.queries == []
# Check, rowcount must be 1
- name: postgresql_slot - check that nothing changed after the previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot0' and slot_type = 'physical'"
ignore_errors: yes
register: result
- assert:
that:
- result.rowcount == 1
#
# immediately_reserve
#
- name: postgresql_slot - create physical slot with immediately_reserve
become_user: "{{ pg_user }}"
become: yes
postgresql_slot:
login_user: "{{ pg_user }}"
db: postgres
name: slot1
immediately_reserve: yes
register: result
when: postgres_version_resp.stdout is version('9.6', '>=')
- assert:
that:
- result is changed
- result.queries == ["SELECT pg_create_physical_replication_slot('slot1', true)"]
when: postgres_version_resp.stdout is version('9.6', '>=')
# Check, rowcount must be 1
- name: postgresql_slot - check that the slot exists after the previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot1' and slot_type = 'physical' and restart_lsn is not NULL"
ignore_errors: yes
register: result
when: postgres_version_resp.stdout is version('9.6', '>=')
- assert:
that:
- result.rowcount == 1
when: postgres_version_resp.stdout is version('9.6', '>=')
#
# slot_type: logical
#
# available from postgresql 10
#
# on RedHat family tests failed:
# ERROR: could not access file "test_decoding": No such file or directory
# "Your distrib did not compile the test decoder."
# So the tests are restricted by Ubuntu because of the module functionality
# depends on PostgreSQL server version only.
# check_mode
- name: postgresql_slot - create slot in check_mode
become_user: "{{ pg_user }}"
become: yes
postgresql_slot:
login_user: "{{ pg_user }}"
db: postgres
name: slot2
slot_type: logical
check_mode: yes
register: result
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
- assert:
that:
- result is changed
- result.queries == []
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
# Check, rowcount must be 0
- name: postgresql_slot - check that nothing changed after the previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot2'"
ignore_errors: yes
register: result
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
- assert:
that:
- result.rowcount == 0
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
# true mode
- name: postgresql_slot - create logical slot
become_user: "{{ pg_user }}"
become: yes
postgresql_slot:
login_user: "{{ pg_user }}"
db: postgres
name: slot2
slot_type: logical
register: result
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
- assert:
that:
- result is changed
- result.queries == ["SELECT pg_create_logical_replication_slot('slot2', 'test_decoding')"]
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
# Check, rowcount must be 1
- name: postgresql_slot - check that the slot exists after the previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot2' and slot_type = 'logical'"
ignore_errors: yes
register: result
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
- assert:
that:
- result.rowcount == 1
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
# check mode
- name: postgresql_slot - try create logical slot again in check_mode
become_user: "{{ pg_user }}"
become: yes
postgresql_slot:
login_user: "{{ pg_user }}"
db: postgres
name: slot2
slot_type: logical
check_mode: yes
register: result
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
- assert:
that:
- result is not changed
- result.queries == []
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
# Check, rowcount must be 1
- name: postgresql_slot - check that nothing changed after the previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot2' and slot_type = 'logical'"
ignore_errors: yes
register: result
when: postgres_version_resp.stdout is version('10', '>=')
- assert:
that:
- result.rowcount == 1
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
# true mode
- name: postgresql_slot - try create logical slot again
become_user: "{{ pg_user }}"
become: yes
postgresql_slot:
login_user: "{{ pg_user }}"
db: postgres
name: slot2
slot_type: logical
register: result
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
- assert:
that:
- result is not changed
- result.queries == []
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
# Check, rowcount must be 1
- name: postgresql_slot - check that nothing changed after the previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot2' and slot_type = 'logical'"
ignore_errors: yes
register: result
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
- assert:
that:
- result.rowcount == 1
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
#
# output_plugin: test_decoding
#
- name: postgresql_slot - create logical slot with output_plugin
become_user: "{{ pg_user }}"
become: yes
postgresql_slot:
login_user: "{{ pg_user }}"
db: postgres
name: slot3
slot_type: logical
output_plugin: test_decoding
register: result
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
- assert:
that:
- result is changed
- result.queries == ["SELECT pg_create_logical_replication_slot('slot3', 'test_decoding')"]
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
# Check, rowcount must be 1
- name: postgresql_slot - check that the slot exists after the previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot3' and slot_type = 'logical' and plugin = 'test_decoding'"
ignore_errors: yes
register: result
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
- assert:
that:
- result.rowcount == 1
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
#
# state: absent for logical slots
#
# check_mode
- name: postgresql_slot - drop logical slot in check_mode
become_user: "{{ pg_user }}"
become: yes
postgresql_slot:
login_user: "{{ pg_user }}"
db: postgres
name: slot2
state: absent
check_mode: yes
register: result
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
- assert:
that:
- result is changed
- result.queries == []
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
# Check, rowcount must be 1
- name: postgresql_slot - check that nothing changed after the previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot2'"
ignore_errors: yes
register: result
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
- assert:
that:
- result.rowcount == 1
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
# true mode
- name: postgresql_slot - drop logical slot
become_user: "{{ pg_user }}"
become: yes
postgresql_slot:
login_user: "{{ pg_user }}"
db: postgres
name: slot2
state: absent
register: result
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
- assert:
that:
- result is changed
- result.queries == ["SELECT pg_drop_replication_slot('slot2')"]
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
# Check, rowcount must be 0
- name: postgresql_slot - check that the slot does not exist after the previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot2' and slot_type = 'logical'"
ignore_errors: yes
register: result
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
- assert:
that:
- result.rowcount == 0
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
# check mode
- name: postgresql_slot - try drop logical slot again in check_mode
become_user: "{{ pg_user }}"
become: yes
postgresql_slot:
login_user: "{{ pg_user }}"
db: postgres
name: slot2
state: absent
check_mode: yes
register: result
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
- assert:
that:
- result is not changed
- result.queries == []
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
# Check, rowcount must be 0
- name: postgresql_slot - check that nothing changed after the previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot2' and slot_type = 'logical'"
ignore_errors: yes
register: result
when: postgres_version_resp.stdout is version('10', '>=')
- assert:
that:
- result.rowcount == 0
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
# true mode
- name: postgresql_slot - try drop logical slot again
become_user: "{{ pg_user }}"
become: yes
postgresql_slot:
login_user: "{{ pg_user }}"
db: postgres
name: slot2
state: absent
register: result
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
- assert:
that:
- result is not changed
- result.queries == []
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
# Check, rowcount must be 0
- name: postgresql_slot - check that nothing changed after the previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot2' and slot_type = 'logical'"
ignore_errors: yes
register: result
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
- assert:
that:
- result.rowcount == 0
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
#
# state=absent for physical slots
#
# check_mode
- name: postgresql_slot - drop physical slot in check_mode
become_user: "{{ pg_user }}"
become: yes
postgresql_slot:
login_user: "{{ pg_user }}"
db: postgres
name: slot1
state: absent
check_mode: yes
register: result
- assert:
that:
- result is changed
- result.queries == []
when: postgres_version_resp.stdout is version('9.6', '>=')
# Check, rowcount must be 1
- name: postgresql_slot - check that nothing changed after the previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot1'"
ignore_errors: yes
register: result
when: postgres_version_resp.stdout is version('9.6', '>=')
- assert:
that:
- result.rowcount == 1
when: postgres_version_resp.stdout is version('9.6', '>=')
# true mode
- name: postgresql_slot - drop physical slot
become_user: "{{ pg_user }}"
become: yes
postgresql_slot:
login_user: "{{ pg_user }}"
db: postgres
name: slot1
state: absent
register: result
when: postgres_version_resp.stdout is version('9.6', '>=')
- assert:
that:
- result is changed
- result.queries == ["SELECT pg_drop_replication_slot('slot1')"]
when: postgres_version_resp.stdout is version('9.6', '>=')
# Check, rowcount must be 0
- name: postgresql_slot - check that the slot does not exist after the previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot1' and slot_type = 'physical'"
ignore_errors: yes
register: result
when: postgres_version_resp.stdout is version('9.6', '>=')
- assert:
that:
- result.rowcount == 0
when: postgres_version_resp.stdout is version('9.6', '>=')
# check mode
- name: postgresql_slot - try drop physical slot again in check_mode
become_user: "{{ pg_user }}"
become: yes
postgresql_slot:
login_user: "{{ pg_user }}"
db: postgres
name: slot1
state: absent
check_mode: yes
register: result
when: postgres_version_resp.stdout is version('9.6', '>=')
- assert:
that:
- result is not changed
- result.queries == []
when: postgres_version_resp.stdout is version('9.6', '>=')
# Check, rowcount must be 0
- name: postgresql_slot - check that nothing changed after the previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot1' and slot_type = 'physical'"
ignore_errors: yes
register: result
when: postgres_version_resp.stdout is version('9.6', '>=')
- assert:
that:
- result.rowcount == 0
when: postgres_version_resp.stdout is version('9.6', '>=')
# true mode
- name: postgresql_slot - try drop physical slot again
become_user: "{{ pg_user }}"
become: yes
postgresql_slot:
login_user: "{{ pg_user }}"
db: postgres
name: slot1
state: absent
register: result
when: postgres_version_resp.stdout is version('9.6', '>=')
- assert:
that:
- result is not changed
- result.queries == []
when: postgres_version_resp.stdout is version('9.6', '>=')
# Check, rowcount must be 0
- name: postgresql_slot - check that nothing changed after the previous step
become_user: "{{ pg_user }}"
become: yes
postgresql_query:
db: postgres
login_user: "{{ pg_user }}"
query: "SELECT 1 FROM pg_replication_slots WHERE slot_name = 'slot1' and slot_type = 'physical'"
ignore_errors: yes
register: result
when: postgres_version_resp.stdout is version('9.6', '>=')
- assert:
that:
- result.rowcount == 0
when: postgres_version_resp.stdout is version('9.6', '>=')
# Check trust input
- name: postgresql_slot - try using a bad name
postgresql_slot:
session_role: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
db: postgres
name: slot1
trust_input: no
register: result
ignore_errors: true
when: postgres_version_resp.stdout is version('9.6', '>=')
- name: postgresql_slot - check that using a dangerous name fails
assert:
that:
- result is failed
- result.msg is search('is potentially dangerous')
when: postgres_version_resp.stdout is version('9.6', '>=')
#
# clean up
#
- name: postgresql_slot - clean up
become_user: "{{ pg_user }}"
become: yes
postgresql_slot:
login_user: "{{ pg_user }}"
db: postgres
name: "{{ item }}"
state: absent
ignore_errors: yes
when: postgres_version_resp.stdout is version('10', '>=') and ansible_distribution == 'Ubuntu'
with_items:
- slot0
- slot3

8
tests/integration/targets/postgresql_subscription/aliases
View file

@ -1,8 +0,0 @@
destructive
shippable/posix/group1
skip/aix
skip/osx
skip/macos
skip/freebsd
skip/rhel
disabled # tests already running in community.postgresql

15
tests/integration/targets/postgresql_subscription/defaults/main.yml
View file

@ -1,15 +0,0 @@
pg_user: postgres
db_default: postgres
master_port: 5433
replica_port: 5434
test_table1: acme1
test_pub: first_publication
test_pub2: second_publication
replication_role: logical_replication
replication_pass: alsdjfKJKDf1#
test_db: acme_db
test_subscription: test
test_role1: alice
test_role2: bob
conn_timeout: 100

2
tests/integration/targets/postgresql_subscription/meta/main.yml
View file

@ -1,2 +0,0 @@
dependencies:
- setup_postgresql_replication

12
tests/integration/targets/postgresql_subscription/tasks/main.yml
View file

@ -1,12 +0,0 @@
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
# Initial tests of postgresql_subscription module:
- import_tasks: setup_publication.yml
when: ansible_distribution == 'Ubuntu' and ansible_distribution_major_version >= '18'
- import_tasks: postgresql_subscription_initial.yml
when: ansible_distribution == 'Ubuntu' and ansible_distribution_major_version >= '18'

672
tests/integration/targets/postgresql_subscription/tasks/postgresql_subscription_initial.yml
View file

@ -1,672 +0,0 @@
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- vars:
dangerous_name: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
task_parameters: &task_parameters
become_user: '{{ pg_user }}'
become: yes
register: result
pg_parameters: &pg_parameters
login_user: '{{ pg_user }}'
login_db: '{{ test_db }}'
block:
- name: Create roles to test owner parameter
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ item }}'
role_attr_flags: SUPERUSER,LOGIN
loop:
- '{{ test_role1 }}'
- '{{ test_role2 }}'
####################
# Test mode: present
####################
- name: Create subscription
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
state: present
publications: '{{ test_pub }}'
connparams:
host: 127.0.0.1
port: '{{ master_port }}'
user: '{{ replication_role }}'
password: '{{ replication_pass }}'
dbname: '{{ test_db }}'
trust_input: no
- assert:
that:
- result is changed
- result.name == '{{ test_subscription }}'
- result.queries == ["CREATE SUBSCRIPTION test CONNECTION 'host=127.0.0.1 port={{ master_port }} user={{ replication_role }} password={{ replication_pass }} dbname={{ test_db }}' PUBLICATION {{ test_pub }}"]
- result.exists == true
- result.initial_state == {}
- result.final_state.owner == '{{ pg_user }}'
- result.final_state.enabled == true
- result.final_state.publications == ["{{ test_pub }}"]
- result.final_state.synccommit == true
- result.final_state.slotname == '{{ test_subscription }}'
- result.final_state.conninfo.dbname == '{{ test_db }}'
- result.final_state.conninfo.host == '127.0.0.1'
- result.final_state.conninfo.port == {{ master_port }}
- result.final_state.conninfo.user == '{{ replication_role }}'
- result.final_state.conninfo.password == '{{ replication_pass }}'
- name: Check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
login_port: '{{ replica_port }}'
query: "SELECT subname FROM pg_subscription WHERE subname = '{{ test_subscription }}'"
- assert:
that:
- result.rowcount == 1
###################
# Test mode: absent
###################
- name: Drop subscription in check mode
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
state: absent
trust_input: no
check_mode: yes
- assert:
that:
- result is changed
- result.queries == ["DROP SUBSCRIPTION {{ test_subscription }}"]
- result.final_state == result.initial_state
- name: Check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
login_port: '{{ replica_port }}'
query: "SELECT subname FROM pg_subscription WHERE subname = '{{ test_subscription }}'"
- assert:
that:
- result.rowcount == 1
- name: Drop subscription
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
state: absent
- assert:
that:
- result is changed
- result.queries == ["DROP SUBSCRIPTION {{ test_subscription }}"]
- result.final_state != result.initial_state
- name: Check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
login_port: '{{ replica_port }}'
query: "SELECT subname FROM pg_subscription WHERE subname = '{{ test_subscription }}'"
- assert:
that:
- result.rowcount == 0
##################
# Test owner param
##################
- name: Create with owner
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
state: present
publications: '{{ test_pub }}'
owner: '{{ test_role1 }}'
connparams:
host: 127.0.0.1
port: '{{ master_port }}'
user: '{{ replication_role }}'
password: '{{ replication_pass }}'
dbname: '{{ test_db }}'
trust_input: no
- assert:
that:
- result.final_state.owner == '{{ test_role1 }}'
- result.queries[1] == 'ALTER SUBSCRIPTION {{ test_subscription }} OWNER TO "{{ test_role1 }}"'
- name: Try to set this owner again
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
state: present
publications: '{{ test_pub }}'
owner: '{{ test_role1 }}'
trust_input: no
- assert:
that:
- result is not changed
- result.initial_state == result.final_state
- result.final_state.owner == '{{ test_role1 }}'
- name: Check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
login_port: '{{ replica_port }}'
query: >
SELECT subname FROM pg_subscription AS s
JOIN pg_catalog.pg_roles AS r ON s.subowner = r.oid
WHERE subname = '{{ test_subscription }}' and r.rolname = '{{ test_role1 }}'
- assert:
that:
- result.rowcount == 1
- name: Set another owner in check mode
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
state: present
publications: '{{ test_pub }}'
owner: '{{ test_role2 }}'
trust_input: no
check_mode: yes
- assert:
that:
- result is changed
- result.initial_state == result.final_state
- result.final_state.owner == '{{ test_role1 }}'
- result.queries == ['ALTER SUBSCRIPTION {{ test_subscription }} OWNER TO "{{ test_role2 }}"']
- name: Check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
login_port: '{{ replica_port }}'
query: >
SELECT subname FROM pg_subscription AS s
JOIN pg_catalog.pg_roles AS r ON s.subowner = r.oid
WHERE subname = '{{ test_subscription }}' and r.rolname = '{{ test_role1 }}'
- assert:
that:
- result.rowcount == 1
- name: Set another owner
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
state: present
publications: '{{ test_pub }}'
owner: '{{ test_role2 }}'
trust_input: no
- assert:
that:
- result is changed
- result.initial_state != result.final_state
- result.final_state.owner == '{{ test_role2 }}'
- result.queries == ['ALTER SUBSCRIPTION {{ test_subscription }} OWNER TO "{{ test_role2 }}"']
- name: Check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
login_port: '{{ replica_port }}'
query: >
SELECT subname FROM pg_subscription AS s
JOIN pg_catalog.pg_roles AS r ON s.subowner = r.oid
WHERE subname = '{{ test_subscription }}' and r.rolname = '{{ test_role2 }}'
- assert:
that:
- result.rowcount == 1
##########################
# Test trust_input param #
##########################
- name: Test trust_input parameter
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
state: present
publications: '{{ test_pub }}'
session_role: '{{ dangerous_name }}'
owner: '{{ test_role1 }}'
trust_input: no
connparams:
host: 127.0.0.1
port: '{{ master_port }}'
user: '{{ replication_role }}'
password: '{{ replication_pass }}'
dbname: '{{ test_db }}'
ignore_errors: yes
- assert:
that:
- result is failed
- result.msg is search('is potentially dangerous')
##############
# Test cascade
##############
- name: Drop subscription cascade in check mode
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
state: absent
cascade: yes
trust_input: no
check_mode: yes
- assert:
that:
- result is changed
- result.queries == ["DROP SUBSCRIPTION {{ test_subscription }} CASCADE"]
- result.final_state == result.initial_state
- name: Check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
login_port: '{{ replica_port }}'
query: "SELECT subname FROM pg_subscription WHERE subname = '{{ test_subscription }}'"
- assert:
that:
- result.rowcount == 1
- name: Drop subscription cascade
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
state: absent
cascade: yes
- assert:
that:
- result is changed
- result.queries == ["DROP SUBSCRIPTION {{ test_subscription }} CASCADE"]
- result.final_state != result.initial_state
- name: Check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
login_port: '{{ replica_port }}'
query: "SELECT subname FROM pg_subscription WHERE subname = '{{ test_subscription }}'"
- assert:
that:
- result.rowcount == 0
###########################
# Test subsparams parameter
###########################
- name: Create subscription with subsparams
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
state: present
publications: '{{ test_pub }}'
connparams:
host: 127.0.0.1
port: '{{ master_port }}'
user: '{{ replication_role }}'
password: '{{ replication_pass }}'
dbname: '{{ test_db }}'
subsparams:
enabled: no
synchronous_commit: no
trust_input: no
- assert:
that:
- result is changed
- result.name == '{{ test_subscription }}'
- result.queries == ["CREATE SUBSCRIPTION test CONNECTION 'host=127.0.0.1 port={{ master_port }} user={{ replication_role }} password={{ replication_pass }} dbname={{ test_db }}' PUBLICATION {{ test_pub }} WITH (enabled = false, synchronous_commit = false)"]
- result.exists == true
- result.final_state.enabled == false
- result.final_state.synccommit == false
- name: Check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
login_port: '{{ replica_port }}'
query: >
SELECT subname FROM pg_subscription WHERE subname = '{{ test_subscription }}'
AND subenabled = 'f' AND subsynccommit = 'false'
- assert:
that:
- result.rowcount == 1
- name: Enable changed params
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
publications: '{{ test_pub }}'
subsparams:
enabled: yes
synchronous_commit: yes
trust_input: no
- assert:
that:
- result is changed
- result.name == '{{ test_subscription }}'
- result.queries == ["ALTER SUBSCRIPTION {{ test_subscription }} ENABLE", "ALTER SUBSCRIPTION {{ test_subscription }} SET (synchronous_commit = true)"]
- result.exists == true
- result.final_state.enabled == true
- result.final_state.synccommit == true
- name: Check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
login_port: '{{ replica_port }}'
query: >
SELECT subname FROM pg_subscription WHERE subname = '{{ test_subscription }}'
AND subenabled = 't' AND subsynccommit = 'true'
- assert:
that:
- result.rowcount == 1
- name: Enable the same params again
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
publications: '{{ test_pub }}'
subsparams:
enabled: yes
synchronous_commit: yes
trust_input: no
- assert:
that:
- result is not changed
- result.name == '{{ test_subscription }}'
- result.queries == []
- result.exists == true
- result.final_state == result.initial_state
- result.final_state.enabled == true
- result.final_state.synccommit == true
##########################
# Test change publications
##########################
- name: Change publications in check mode
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
state: present
publications:
- '{{ test_pub }}'
- '{{ test_pub2 }}'
trust_input: no
check_mode: yes
- assert:
that:
- result is changed
- result.name == '{{ test_subscription }}'
- result.final_state.publications == result.initial_state.publications
- result.final_state.publications == ['{{ test_pub }}']
- result.queries == ['ALTER SUBSCRIPTION {{ test_subscription }} SET PUBLICATION {{ test_pub }}, {{ test_pub2 }}']
- name: Check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
login_port: '{{ replica_port }}'
query: >
SELECT subname FROM pg_subscription WHERE subname = '{{ test_subscription }}'
AND subpublications = '{"{{ test_pub }}"}'
- assert:
that:
- result.rowcount == 1
- name: Change publications
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
state: present
publications:
- '{{ test_pub }}'
- '{{ test_pub2 }}'
trust_input: no
- assert:
that:
- result is changed
- result.name == '{{ test_subscription }}'
- result.final_state.publications != result.initial_state.publications
- result.final_state.publications == ['{{ test_pub }}', '{{ test_pub2 }}']
- result.queries == ['ALTER SUBSCRIPTION {{ test_subscription }} SET PUBLICATION {{ test_pub }}, {{ test_pub2 }}']
- name: Check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
login_port: '{{ replica_port }}'
query: >
SELECT subname FROM pg_subscription WHERE subname = '{{ test_subscription }}'
AND subpublications = '{"{{ test_pub }}", "{{ test_pub2 }}"}'
- assert:
that:
- result.rowcount == 1
- name: Change publications with the same values again
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
state: present
publications:
- '{{ test_pub }}'
- '{{ test_pub2 }}'
trust_input: no
- assert:
that:
- result is not changed
- result.name == '{{ test_subscription }}'
- result.final_state.publications == result.initial_state.publications
- result.final_state.publications == ['{{ test_pub }}', '{{ test_pub2 }}']
- result.queries == []
- name: Check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
login_port: '{{ replica_port }}'
query: >
SELECT subname FROM pg_subscription WHERE subname = '{{ test_subscription }}'
AND subpublications = '{"{{ test_pub }}", "{{ test_pub2 }}"}'
- assert:
that:
- result.rowcount == 1
######################
# Test update conninfo
######################
- name: Change conninfo in check mode
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
state: present
connparams:
host: 127.0.0.1
port: '{{ master_port }}'
user: '{{ replication_role }}'
password: '{{ replication_pass }}'
dbname: '{{ test_db }}'
connect_timeout: '{{ conn_timeout }}'
trust_input: no
check_mode: yes
- assert:
that:
- result is changed
- result.name == '{{ test_subscription }}'
- result.queries == ["ALTER SUBSCRIPTION {{ test_subscription }} CONNECTION 'host=127.0.0.1 port={{ master_port }} user={{ replication_role }} password={{ replication_pass }} dbname={{ test_db }} connect_timeout={{ conn_timeout }}'"]
- result.initial_state.conninfo == result.final_state.conninfo
- name: Change conninfo
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
state: present
connparams:
host: 127.0.0.1
port: '{{ master_port }}'
user: '{{ replication_role }}'
password: '{{ replication_pass }}'
dbname: '{{ test_db }}'
connect_timeout: '{{ conn_timeout }}'
trust_input: no
- assert:
that:
- result is changed
- result.name == '{{ test_subscription }}'
- result.queries == ["ALTER SUBSCRIPTION {{ test_subscription }} CONNECTION 'host=127.0.0.1 port={{ master_port }} user={{ replication_role }} password={{ replication_pass }} dbname={{ test_db }} connect_timeout={{ conn_timeout }}'"]
- result.initial_state.conninfo != result.final_state.conninfo
- name: Check
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
login_port: '{{ replica_port }}'
query: "SELECT * FROM pg_subscription WHERE subname = '{{ test_subscription }}'"
- assert:
that:
- result.query_result[0].subconninfo == "host=127.0.0.1 port={{ master_port }} user={{ replication_role }} password={{ replication_pass }} dbname={{ test_db }} connect_timeout={{ conn_timeout }}"
- name: Try to change conninfo again with the same values
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
state: present
connparams:
host: 127.0.0.1
port: '{{ master_port }}'
user: '{{ replication_role }}'
password: '{{ replication_pass }}'
dbname: '{{ test_db }}'
connect_timeout: '{{ conn_timeout }}'
trust_input: no
- assert:
that:
- result is not changed
- result.name == '{{ test_subscription }}'
- result.queries == []
- result.initial_state.conninfo == result.final_state.conninfo
- result.final_state.conninfo.connect_timeout == {{ conn_timeout }}
####################
# Test state refresh
####################
- name: Refresh in check mode
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
state: refresh
check_mode: yes
- assert:
that:
- result is changed
- result.name == '{{ test_subscription }}'
- result.queries == ["ALTER SUBSCRIPTION {{ test_subscription }} REFRESH PUBLICATION"]
- name: Refresh
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
state: refresh
- assert:
that:
- result is changed
- result.name == '{{ test_subscription }}'
- result.queries == ["ALTER SUBSCRIPTION {{ test_subscription }} REFRESH PUBLICATION"]
##########
# Clean up
##########
- name: Drop subscription
<<: *task_parameters
postgresql_subscription:
<<: *pg_parameters
login_port: '{{ replica_port }}'
name: '{{ test_subscription }}'
state: absent

84
tests/integration/targets/postgresql_subscription/tasks/setup_publication.yml
View file

@ -1,84 +0,0 @@
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# Preparation for further tests of postgresql_subscription module.
- vars:
task_parameters: &task_parameters
become_user: '{{ pg_user }}'
become: yes
register: result
pg_parameters: &pg_parameters
login_user: '{{ pg_user }}'
login_db: '{{ test_db }}'
block:
- name: postgresql_publication - create test db
<<: *task_parameters
postgresql_db:
login_user: '{{ pg_user }}'
login_port: '{{ master_port }}'
maintenance_db: '{{ db_default }}'
name: '{{ test_db }}'
- name: postgresql_publication - create test role
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
login_port: '{{ master_port }}'
name: '{{ replication_role }}'
password: '{{ replication_pass }}'
role_attr_flags: LOGIN,REPLICATION
- name: postgresql_publication - create test table
<<: *task_parameters
postgresql_table:
<<: *pg_parameters
login_port: '{{ master_port }}'
name: '{{ test_table1 }}'
columns:
- id int
- name: Master - dump schema
<<: *task_parameters
shell: pg_dumpall -p '{{ master_port }}' -s > /tmp/schema.sql
- name: Replicat restore schema
<<: *task_parameters
shell: psql -p '{{ replica_port }}' -f /tmp/schema.sql
- name: postgresql_publication - create publication
<<: *task_parameters
postgresql_publication:
<<: *pg_parameters
login_port: '{{ master_port }}'
name: '{{ test_pub }}'
- assert:
that:
- result is changed
- result.exists == true
- result.queries == ["CREATE PUBLICATION \"{{ test_pub }}\" FOR ALL TABLES"]
- result.owner == '{{ pg_user }}'
- result.alltables == true
- result.tables == []
- result.parameters.publish != {}
- name: postgresql_publication - create one more publication
<<: *task_parameters
postgresql_publication:
<<: *pg_parameters
login_port: '{{ master_port }}'
name: '{{ test_pub2 }}'
- name: postgresql_publication - check the publication was created
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
login_port: '{{ master_port }}'
query: >
SELECT * FROM pg_publication WHERE pubname = '{{ test_pub }}'
AND pubowner = '10' AND puballtables = 't'
- assert:
that:
- result.rowcount == 1

Some files were not shown because too many files have changed in this diff Show more