postgresql_publication: add trust_input and session_role parameters (#279)

* postgresql_publication: add trust_input and session_role parameters * add changelog fragment
2025-07-22 21:00:22 -07:00 · 2020-05-05 16:36:14 +03:00 · 2020-05-05 16:36:14 +03:00 · e6b6c05bf7
commit e6b6c05bf7
parent 30e84111f0
3 changed files with 52 additions and 3 deletions
--- a/tests/integration/targets/postgresql_publication/tasks/postgresql_publication_initial.yml
+++ b/tests/integration/targets/postgresql_publication/tasks/postgresql_publication_initial.yml
@ -8,6 +8,7 @@
    test_table3: acme3
    test_pub: acme_publ
    test_role: alice
+    dangerous_name: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
    test_schema: acme_schema
    test_db: acme_db
    task_parameters: &task_parameters
@ -178,6 +179,7 @@
      tables:
      - '{{ test_table1 }}'
      - '{{ test_schema }}.{{ test_table2 }}'
+      trust_input: yes
      parameters:
        publish: 'insert'

@ -225,6 +227,22 @@
      that:
      - result.rowcount == 1

+  # Test
+  - name: postgresql_publication - test trust_input parameter
+    <<: *task_parameters
+    postgresql_publication: 
+      <<: *pg_parameters
+      name: '{{ test_pub }}'
+      session_role: '{{ dangerous_name }}'
+      owner: '{{ dangerous_name }}'
+      trust_input: no
+    ignore_errors: yes
+
+  - assert:
+      that:
+      - result is failed
+      - result.msg is search('is potentially dangerous')
+
  # Test
  - name: postgresql_publication - add table to publication, change owner, check_mode
    <<: *task_parameters