Initial commit

2025-07-22 12:50:22 -07:00 · 2020-03-09 09:11:07 +00:00 · 2020-03-09 09:11:07 +00:00 · aebc1b03fd
commit aebc1b03fd
4861 changed files with 812621 additions and 0 deletions
--- a/tests/integration/targets/postgresql_membership/aliases
+++ b/tests/integration/targets/postgresql_membership/aliases
@ -0,0 +1,4 @@
+destructive
+shippable/posix/group4
+skip/aix
+skip/osx
--- a/tests/integration/targets/postgresql_membership/defaults/main.yml
+++ b/tests/integration/targets/postgresql_membership/defaults/main.yml
@ -0,0 +1,5 @@
+test_group1: group1
+test_group2: group2
+test_group3: group.with.dots
+test_user1: user1
+test_user2: user.with.dots
--- a/tests/integration/targets/postgresql_membership/meta/main.yml
+++ b/tests/integration/targets/postgresql_membership/meta/main.yml
@ -0,0 +1,2 @@
+dependencies:
+  - setup_postgresql_db
--- a/tests/integration/targets/postgresql_membership/tasks/main.yml
+++ b/tests/integration/targets/postgresql_membership/tasks/main.yml
@ -0,0 +1,2 @@
+# Initial CI tests of postgresql_membership module
+- import_tasks: postgresql_membership_initial.yml
--- a/tests/integration/targets/postgresql_membership/tasks/postgresql_membership_initial.yml
+++ b/tests/integration/targets/postgresql_membership/tasks/postgresql_membership_initial.yml
@ -0,0 +1,347 @@
+# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+####################
+# Prepare for tests:
+
+# Create test roles:
+- name: postgresql_membership - create test roles
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_user:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    name: "{{ item }}"
+  ignore_errors: yes
+  with_items:
+  - "{{ test_group1 }}"
+  - "{{ test_group2 }}"
+  - "{{ test_group3 }}"
+  - "{{ test_user1 }}"
+  - "{{ test_user2 }}"
+
+################
+# Do main tests:
+
+### Test check_mode
+# Grant test_group1 to test_user1 in check_mode:
+- name: postgresql_membership - grant test_group1 to test_user1 in check_mode
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_membership:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    group: "{{ test_group1 }}"
+    user: "{{ test_user1 }}"
+    state: present
+  register: result
+  ignore_errors: yes
+  check_mode: yes
+
+- assert:
+    that:
+    - result is changed
+    - result.groups == ["{{ test_group1 }}"]
+    - result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\""]
+    - result.granted.{{ test_group1 }} == ["{{ test_user1 }}"]
+    - result.state == "present"
+    - result.target_roles == ["{{ test_user1 }}"]
+
+# Try to revoke test_group1 from test_user1 to check that
+# nothing actually changed in check_mode at the previous step:
+- name: postgresql_membership - try to revoke test_group1 from test_user1 for checking check_mode
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_membership:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    group: "{{ test_group1 }}"
+    user: "{{ test_user1 }}"
+    state: absent
+  register: result
+  ignore_errors: yes
+  check_mode: yes
+
+- assert:
+    that:
+    - result is not changed
+    - result.groups == ["{{ test_group1 }}"]
+    - result.queries == []
+    - result.revoked.{{ test_group1 }} == []
+    - result.state == "absent"
+    - result.target_roles == ["{{ test_user1 }}"]
+### End of test check_mode
+
+# Grant test_group1 to test_user1:
+- name: postgresql_membership - grant test_group1 to test_user1
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_membership:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    group: "{{ test_group1 }}"
+    user: "{{ test_user1 }}"
+    state: present
+  register: result
+  ignore_errors: yes
+
+- assert:
+    that:
+    - result is changed
+    - result.groups == ["{{ test_group1 }}"]
+    - result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\""]
+    - result.granted.{{ test_group1 }} == ["{{ test_user1 }}"]
+    - result.state == "present"
+    - result.target_roles == ["{{ test_user1 }}"]
+
+# Grant test_group1 to test_user1 again to check that nothing changes:
+- name: postgresql_membership - grant test_group1 to test_user1 again
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_membership:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    group: "{{ test_group1 }}"
+    user: "{{ test_user1 }}"
+    state: present
+  register: result
+  ignore_errors: yes
+
+- assert:
+    that:
+    - result is not changed
+    - result.groups == ["{{ test_group1 }}"]
+    - result.queries == []
+    - result.granted.{{ test_group1 }} == []
+    - result.state == "present"
+    - result.target_roles == ["{{ test_user1 }}"]
+
+# Revoke test_group1 from test_user1:
+- name: postgresql_membership - revoke test_group1 from test_user1
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_membership:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    group: "{{ test_group1 }}"
+    user: "{{ test_user1 }}"
+    state: absent
+  register: result
+  ignore_errors: yes
+
+- assert:
+    that:
+    - result is changed
+    - result.groups == ["{{ test_group1 }}"]
+    - result.queries == ["REVOKE \"{{ test_group1 }}\" FROM \"{{ test_user1 }}\""]
+    - result.revoked.{{ test_group1 }} == ["{{ test_user1 }}"]
+    - result.state == "absent"
+    - result.target_roles == ["{{ test_user1 }}"]
+
+# Revoke test_group1 from test_user1 again to check that nothing changes:
+- name: postgresql_membership - revoke test_group1 from test_user1 again
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_membership:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    group: "{{ test_group1 }}"
+    user: "{{ test_user1 }}"
+    state: absent
+  register: result
+  ignore_errors: yes
+
+- assert:
+    that:
+    - result is not changed
+    - result.groups == ["{{ test_group1 }}"]
+    - result.queries == []
+    - result.revoked.{{ test_group1 }} == []
+    - result.state == "absent"
+    - result.target_roles == ["{{ test_user1 }}"]
+
+# Grant test_group1 and test_group2 to test_user1 and test_user2:
+- name: postgresql_membership - grant two groups to two users
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_membership:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    group:
+    - "{{ test_group1 }}"
+    - "{{ test_group2 }}"
+    user:
+    - "{{ test_user1 }}"
+    - "{{ test_user2 }}"
+    state: present
+  register: result
+  ignore_errors: yes
+
+- assert:
+    that:
+    - result is changed
+    - result.groups == ["{{ test_group1 }}", "{{ test_group2 }}"]
+    - result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\"", "GRANT \"{{ test_group1 }}\" TO \"{{ test_user2 }}\"", "GRANT \"{{ test_group2 }}\" TO \"{{ test_user1 }}\"", "GRANT \"{{ test_group2 }}\" TO \"{{ test_user2 }}\""]
+    - result.granted.{{ test_group1 }} == ["{{ test_user1 }}", "{{ test_user2 }}"]
+    - result.granted.{{ test_group2 }} == ["{{ test_user1 }}", "{{ test_user2 }}"]
+    - result.state == "present"
+    - result.target_roles == ["{{ test_user1 }}", "{{ test_user2 }}"]
+
+# Grant test_group1 and test_group2 to test_user1 and test_user2 again to check that nothing changes:
+- name: postgresql_membership - grant two groups to two users again
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_membership:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    group:
+    - "{{ test_group1 }}"
+    - "{{ test_group2 }}"
+    user:
+    - "{{ test_user1 }}"
+    - "{{ test_user2 }}"
+    state: present
+  register: result
+  ignore_errors: yes
+
+- assert:
+    that:
+    - result is not changed
+    - result.groups == ["{{ test_group1 }}", "{{ test_group2 }}"]
+    - result.queries == []
+    - result.granted.{{ test_group1 }} == []
+    - result.granted.{{ test_group2 }} == []
+    - result.state == "present"
+    - result.target_roles == ["{{ test_user1 }}", "{{ test_user2 }}"]
+
+# Revoke only test_group1 from test_user1:
+- name: postgresql_membership - revoke one group from one user
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_membership:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    group: "{{ test_group1 }}"
+    user: "{{ test_user1 }}"
+    state: absent
+  register: result
+  ignore_errors: yes
+
+- assert:
+    that:
+    - result is changed
+    - result.groups == ["{{ test_group1 }}"]
+    - result.queries == ["REVOKE \"{{ test_group1 }}\" FROM \"{{ test_user1 }}\""]
+    - result.revoked.{{ test_group1 }} == ["{{ test_user1 }}"]
+    - result.state == "absent"
+    - result.target_roles == ["{{ test_user1 }}"]
+
+# Try to grant test_group1 and test_group2 to test_user1 and test_user2 again
+# to check that nothing changes with test_user2:
+- name: postgresql_membership - grant two groups to two users again
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_membership:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    group:
+    - "{{ test_group1 }}"
+    - "{{ test_group2 }}"
+    user:
+    - "{{ test_user1 }}"
+    - "{{ test_user2 }}"
+    state: present
+  register: result
+  ignore_errors: yes
+
+- assert:
+    that:
+    - result is changed
+    - result.groups == ["{{ test_group1 }}", "{{ test_group2 }}"]
+    - result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\""]
+    - result.granted.{{ test_group1 }} == ["{{ test_user1 }}"]
+    - result.granted.{{ test_group2 }} == []
+    - result.state == "present"
+    - result.target_roles == ["{{ test_user1 }}", "{{ test_user2 }}"]
+
+#####################
+# Check fail_on_role:
+
+# Try to grant non existent group to non existent role with fail_on_role=yes:
+- name: postgresql_membership - revoke non existen group from non existen role
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_membership:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    group: fake_group
+    user: fake_user
+    state: present
+    fail_on_role: yes
+  register: result
+  ignore_errors: yes
+
+- assert:
+    that:
+    - result is not changed
+
+# Try to grant non existent group to non existent role with fail_on_role=no:
+- name: postgresql_membership - revoke non existen group from non existen role
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_membership:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    group: fake_group
+    user: fake_user
+    state: present
+    fail_on_role: no
+  register: result
+  ignore_errors: yes
+
+- assert:
+    that:
+    - result is not changed
+    - result.granted == {}
+    - result.groups == []
+    - result.target_roles == []
+    - result.state == 'present'
+
+# Try to revoke non existent group from non existent role with fail_on_role=no:
+- name: postgresql_membership - revoke non existen group from non existen role
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_membership:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    group: fake_group
+    user: fake_user
+    state: absent
+    fail_on_role: no
+  register: result
+  ignore_errors: yes
+
+- assert:
+    that:
+    - result is not changed
+    - result.revoked == {}
+    - result.groups == []
+    - result.target_roles == []
+    - result.state == 'absent'
+
+# Grant test_group3 with a name containing dots to test_user1.
+- name: postgresql_membership - grant test_group3 with dots to test_user1
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_membership:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    group: "{{ test_group3 }}"
+    user: "{{ test_user1 }}"
+    state: present
+  register: result
+
+- assert:
+    that:
+    - result is changed
+    - result.queries == ["GRANT \"{{ test_group3 }}\" TO \"{{ test_user1 }}\""]