postgresql_privs: add procedure type support (#1048) (#1056)

* postgresql_privs: add procedure type support * add CI tests * add changelog fragment * change * improve doc formatting (cherry picked from commit 08c96d94e6) Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2025-06-22 16:20:22 -07:00 · 2020-10-08 09:03:33 +03:00 · 2020-10-08 09:03:33 +03:00 · c0971e41b0
commit c0971e41b0
parent 0b28f5d9e4
3 changed files with 192 additions and 14 deletions
--- a/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_general.yml
+++ b/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_general.yml
@ -682,6 +682,150 @@
    - result is not changed
  when: postgres_version_resp.stdout is version('11', '>=')

+###########################
+# Test for procedure type #
+###########################
+- name: Create another procedure for tests
+  postgresql_query:
+    query: "CREATE PROCEDURE mock_procedure1(int, int) LANGUAGE SQL AS $$ SELECT 1; $$;"
+    db: "{{ db_name }}"
+    login_user: "{{ db_user3 }}"
+    login_password: password
+  when: postgres_version_resp.stdout is version('11', '>=')
+
+- name: Grant privs on procedure
+  postgresql_privs:
+    type: procedure
+    state: present
+    privs: EXECUTE
+    roles: "{{ db_user2 }}"
+    objs: 'mock_procedure1(int:int)'
+    schema: public
+    db: "{{ db_name }}"
+    login_user: "{{ db_user3 }}"
+    login_password: password
+  register: result
+  when: postgres_version_resp.stdout is version('11', '>=')
+
+- assert:
+    that:
+    - result is changed
+  when: postgres_version_resp.stdout is version('11', '>=')
+
+- name: Grant privs on procedure again
+  postgresql_privs:
+    type: procedure
+    state: present
+    privs: EXECUTE
+    roles: "{{ db_user2 }}"
+    objs: 'mock_procedure1(int:int)'
+    schema: public
+    db: "{{ db_name }}"
+    login_user: "{{ db_user3 }}"
+    login_password: password
+  register: result
+  when: postgres_version_resp.stdout is version('11', '>=')
+
+- assert:
+    that:
+    - result is not changed
+  when: postgres_version_resp.stdout is version('11', '>=')
+
+- name: Revoke procedure privs
+  postgresql_privs:
+    type: procedure
+    state: absent
+    privs: EXECUTE
+    roles: "{{ db_user2 }}"
+    objs: 'mock_procedure1(int:int)'
+    schema: public
+    db: "{{ db_name }}"
+    login_user: "{{ db_user3 }}"
+    login_password: password
+  register: result
+  when: postgres_version_resp.stdout is version('11', '>=')
+
+- assert:
+    that:
+    - result is changed
+  when: postgres_version_resp.stdout is version('11', '>=')
+
+- name: Revoke procedure privs again
+  postgresql_privs:
+    type: procedure
+    state: absent
+    privs: EXECUTE
+    roles: "{{ db_user2 }}"
+    objs: 'mock_procedure1(int:int)'
+    schema: public
+    db: "{{ db_name }}"
+    login_user: "{{ db_user3 }}"
+    login_password: password
+  register: result
+  when: postgres_version_resp.stdout is version('11', '>=')
+
+- assert:
+    that:
+    - result is not changed
+  when: postgres_version_resp.stdout is version('11', '>=')
+
+- name: Grant procedure privs for all object in schema
+  postgresql_privs:
+    type: procedure
+    state: present
+    privs: ALL
+    roles: "{{ db_user2 }}"
+    objs: ALL_IN_SCHEMA
+    schema: public
+    db: "{{ db_name }}"
+    login_user: "{{ db_user3 }}"
+    login_password: password
+  register: result
+  when: postgres_version_resp.stdout is version('11', '>=')
+
+- assert:
+    that:
+    - result is changed
+  when: postgres_version_resp.stdout is version('11', '>=')
+
+- name: Grant procedure privs for all object in schema again
+  postgresql_privs:
+    type: procedure
+    state: present
+    privs: ALL
+    roles: "{{ db_user2 }}"
+    objs: ALL_IN_SCHEMA
+    schema: public
+    db: "{{ db_name }}"
+    login_user: "{{ db_user3 }}"
+    login_password: password
+  register: result
+  when: postgres_version_resp.stdout is version('11', '>=')
+
+- assert:
+    that:
+    - result is not changed
+  when: postgres_version_resp.stdout is version('11', '>=')
+
+- name: Revoke procedure privs for all object in schema
+  postgresql_privs:
+    type: procedure
+    state: absent
+    privs: ALL
+    roles: "{{ db_user2 }}"
+    objs: ALL_IN_SCHEMA
+    schema: public
+    db: "{{ db_name }}"
+    login_user: "{{ db_user3 }}"
+    login_password: password
+  register: result
+  when: postgres_version_resp.stdout is version('11', '>=')
+
+- assert:
+    that:
+    - result is changed
+  when: postgres_version_resp.stdout is version('11', '>=')
+
 #################################################
 # Test ALL_IN_SCHEMA for 'partioned tables type #
 #################################################