updated tests and changelog for 54516 (#54670)

* updated tests and changelog for 54516 * Handle errors if PG does not support partitioning. * Check for PG > 10 in tasks * Show changes for partitioned tables in ansible * Added documentation in the tests * Update test/integration/targets/postgresql/tasks/postgresql_privs.yml Co-Authored-By: raymondroelands <raymondroelands@users.noreply.github.com> * Update test/integration/targets/postgresql/tasks/postgresql_privs.yml Co-Authored-By: raymondroelands <raymondroelands@users.noreply.github.com> * Added check for 0 tables after revoking rights * Added test and moved tests Added check mode test and moved test right after the change. * Rebased postgresql_privs.py
2025-05-21 16:39:08 -07:00 · 2019-04-09 13:30:06 +02:00 · 2019-04-09 13:30:06 +02:00 · 8edae1bc61
commit 8edae1bc61
parent bb52390b04
3 changed files with 191 additions and 6 deletions
--- a/test/integration/targets/postgresql/tasks/postgresql_privs.yml
+++ b/test/integration/targets/postgresql/tasks/postgresql_privs.yml
@ -371,6 +371,189 @@
    login_user: "{{ db_user3 }}"
    login_password: password

+#################################################
+# Test ALL_IN_SCHEMA for 'partioned tables type #
+#################################################
+
+# Partioning tables is a feature introduced in Postgresql 10.
+# (see https://www.postgresql.org/docs/10/ddl-partitioning.html )
+# The test below check for this version
+
+# Function ALL_IN_SCHEMA Setup
+- name: Create partioned table for test purpose
+  postgresql_query:
+    query: CREATE TABLE public.testpt (id int not null, logdate date not null) PARTITION BY RANGE (logdate);
+    db: "{{ db_name }}"
+    login_user: "{{ db_user3 }}"
+    login_password: password
+  when: postgres_version_resp.stdout is version('10', '>=')
+
+# Test
+- name: Grant execute to all tables in check mode
+  postgresql_privs:
+    type: table
+    state: present
+    privs: SELECT
+    roles: "{{ db_user2 }}"
+    objs: ALL_IN_SCHEMA
+    schema: public
+    db: "{{ db_name }}"
+    login_user: "{{ db_user3 }}"
+    login_password: password
+  register: result
+  ignore_errors: yes
+  when: postgres_version_resp.stdout is version('10', '>=')
+  check_mode: yes
+
+# Checks
+- name: Check that all partitioned tables don't have select privileges after the check mode task
+  postgresql_query:
+    query: SELECT grantee, privilege_type FROM information_schema.role_table_grants WHERE table_name='testpt' and privilege_type='SELECT' and grantee = %(grantuser)s
+    db: "{{ db_name }}"
+    login_user: '{{ db_user2 }}'
+    login_password: password
+    named_args:
+        grantuser: '{{ db_user2 }}'
+  become: yes
+  become_user: "{{ pg_user }}"
+  register: result
+  when: postgres_version_resp.stdout is version('10', '>=')
+
+- assert:
+    that:
+    - result.rowcount == 0
+  when: postgres_version_resp.stdout is version('10', '>=')
+
+
+# Test
+- name: Grant execute to all tables
+  postgresql_privs:
+    type: table
+    state: present
+    privs: SELECT
+    roles: "{{ db_user2 }}"
+    objs: ALL_IN_SCHEMA
+    schema: public
+    db: "{{ db_name }}"
+    login_user: "{{ db_user3 }}"
+    login_password: password
+  register: result
+  ignore_errors: yes
+  when: postgres_version_resp.stdout is version('10', '>=')
+
+# Checks
+- assert:
+    that: result.changed == true
+  when: postgres_version_resp.stdout is version('10', '>=')
+
+- name: Check that all partitioned tables have select privileges
+  postgresql_query:
+    query: SELECT grantee, privilege_type FROM information_schema.role_table_grants WHERE table_name='testpt' and privilege_type='SELECT' and grantee = %(grantuser)s
+    db: "{{ db_name }}"
+    login_user: '{{ db_user2 }}'
+    login_password: password
+    named_args:
+        grantuser: '{{ db_user2 }}'
+  become: yes
+  become_user: "{{ pg_user }}"
+  register: result
+  when: postgres_version_resp.stdout is version('10', '>=')
+
+- assert:
+    that:
+    - result.rowcount == 1
+  when: postgres_version_resp.stdout is version('10', '>=')
+
+# Test
+- name: Grant execute to all tables again to see no changes are reported
+  postgresql_privs:
+    type: table
+    state: present
+    privs: SELECT
+    roles: "{{ db_user2 }}"
+    objs: ALL_IN_SCHEMA
+    schema: public
+    db: "{{ db_name }}"
+    login_user: "{{ db_user3 }}"
+    login_password: password
+  register: result
+  ignore_errors: yes
+  when: postgres_version_resp.stdout is version('10', '>=')
+
+# Checks
+- assert:
+    that: result.changed == false
+  when: postgres_version_resp.stdout is version('10', '>=')
+
+# Test
+- name: Revoke SELECT to all tables
+  postgresql_privs:
+    type: table
+    state: absent
+    privs: SELECT
+    roles: "{{ db_user2 }}"
+    objs: ALL_IN_SCHEMA
+    schema: public
+    db: "{{ db_name }}"
+    login_user: "{{ db_user3 }}"
+    login_password: password
+  register: result
+  ignore_errors: yes
+  when: postgres_version_resp.stdout is version('10', '>=')
+
+# Checks
+- assert:
+    that: result.changed == true
+  when: postgres_version_resp.stdout is version('10', '>=')
+
+- name: Check that all partitioned tables don't have select privileges
+  postgresql_query:
+    query: SELECT grantee, privilege_type FROM information_schema.role_table_grants WHERE table_name='testpt' and privilege_type='SELECT' and grantee = %(grantuser)s
+    db: "{{ db_name }}"
+    login_user: '{{ db_user2 }}'
+    login_password: password
+    named_args:
+        grantuser: '{{ db_user2 }}'
+  become: yes
+  become_user: "{{ pg_user }}"
+  register: result
+  when: postgres_version_resp.stdout is version('10', '>=')
+
+- assert:
+    that:
+    - result.rowcount == 0
+  when: postgres_version_resp.stdout is version('10', '>=')
+
+# Test
+- name: Revoke SELECT to all tables and no changes are reported
+  postgresql_privs:
+    type: table
+    state: absent
+    privs: SELECT
+    roles: "{{ db_user2 }}"
+    objs: ALL_IN_SCHEMA
+    schema: public
+    db: "{{ db_name }}"
+    login_user: "{{ db_user3 }}"
+    login_password: password
+  register: result
+  ignore_errors: yes
+  when: postgres_version_resp.stdout is version('10', '>=')
+
+- assert:
+    that: result.changed == false
+  when: postgres_version_resp.stdout is version('10', '>=')
+
+# Table ALL_IN_SCHEMA cleanup
+- name: Remove table for test
+  postgresql_query:
+    query: DROP TABLE public.testpt;
+    db: "{{ db_name }}"
+    login_user: "{{ db_user3 }}"
+    login_password: password
+  ignore_errors: yes
+  when: postgres_version_resp.stdout is version('10', '>=')
+  
 # Cleanup
 - name: Remove user given permissions
  postgresql_user: