community.general/tests/integration/targets/postgresql_membership/tasks/postgresql_membership_initial.yml

# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

####################
# Prepare for tests:

# Create test roles:
- name: postgresql_membership - create test roles
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_user:
    login_user: "{{ pg_user }}"
    db: postgres
    name: "{{ item }}"
  ignore_errors: yes
  with_items:
  - "{{ test_group1 }}"
  - "{{ test_group2 }}"
  - "{{ test_group3 }}"
  - "{{ test_user1 }}"
  - "{{ test_user2 }}"

################
# Do main tests:

### Test check_mode
# Grant test_group1 to test_user1 in check_mode:
- name: postgresql_membership - grant test_group1 to test_user1 in check_mode
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_membership:
    login_user: "{{ pg_user }}"
    db: postgres
    group: "{{ test_group1 }}"
    user: "{{ test_user1 }}"
    state: present
  register: result
  ignore_errors: yes
  check_mode: yes

- assert:
    that:
    - result is changed
    - result.groups == ["{{ test_group1 }}"]
    - result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\""]
    - result.granted.{{ test_group1 }} == ["{{ test_user1 }}"]
    - result.state == "present"
    - result.target_roles == ["{{ test_user1 }}"]

# Try to revoke test_group1 from test_user1 to check that
# nothing actually changed in check_mode at the previous step:
- name: postgresql_membership - try to revoke test_group1 from test_user1 for checking check_mode
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_membership:
    login_user: "{{ pg_user }}"
    db: postgres
    group: "{{ test_group1 }}"
    user: "{{ test_user1 }}"
    state: absent
  register: result
  ignore_errors: yes
  check_mode: yes

- assert:
    that:
    - result is not changed
    - result.groups == ["{{ test_group1 }}"]
    - result.queries == []
    - result.revoked.{{ test_group1 }} == []
    - result.state == "absent"
    - result.target_roles == ["{{ test_user1 }}"]
### End of test check_mode

# Grant test_group1 to test_user1:
- name: postgresql_membership - grant test_group1 to test_user1
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_membership:
    login_user: "{{ pg_user }}"
    db: postgres
    group: "{{ test_group1 }}"
    user: "{{ test_user1 }}"
    state: present
  register: result
  ignore_errors: yes

- assert:
    that:
    - result is changed
    - result.groups == ["{{ test_group1 }}"]
    - result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\""]
    - result.granted.{{ test_group1 }} == ["{{ test_user1 }}"]
    - result.state == "present"
    - result.target_roles == ["{{ test_user1 }}"]

# Grant test_group1 to test_user1 again to check that nothing changes:
- name: postgresql_membership - grant test_group1 to test_user1 again
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_membership:
    login_user: "{{ pg_user }}"
    db: postgres
    group: "{{ test_group1 }}"
    user: "{{ test_user1 }}"
    state: present
  register: result
  ignore_errors: yes

- assert:
    that:
    - result is not changed
    - result.groups == ["{{ test_group1 }}"]
    - result.queries == []
    - result.granted.{{ test_group1 }} == []
    - result.state == "present"
    - result.target_roles == ["{{ test_user1 }}"]

# Revoke test_group1 from test_user1:
- name: postgresql_membership - revoke test_group1 from test_user1
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_membership:
    login_user: "{{ pg_user }}"
    db: postgres
    group: "{{ test_group1 }}"
    user: "{{ test_user1 }}"
    state: absent
  register: result
  ignore_errors: yes

- assert:
    that:
    - result is changed
    - result.groups == ["{{ test_group1 }}"]
    - result.queries == ["REVOKE \"{{ test_group1 }}\" FROM \"{{ test_user1 }}\""]
    - result.revoked.{{ test_group1 }} == ["{{ test_user1 }}"]
    - result.state == "absent"
    - result.target_roles == ["{{ test_user1 }}"]

# Revoke test_group1 from test_user1 again to check that nothing changes:
- name: postgresql_membership - revoke test_group1 from test_user1 again
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_membership:
    login_user: "{{ pg_user }}"
    db: postgres
    group: "{{ test_group1 }}"
    user: "{{ test_user1 }}"
    state: absent
  register: result
  ignore_errors: yes

- assert:
    that:
    - result is not changed
    - result.groups == ["{{ test_group1 }}"]
    - result.queries == []
    - result.revoked.{{ test_group1 }} == []
    - result.state == "absent"
    - result.target_roles == ["{{ test_user1 }}"]

# Grant test_group1 and test_group2 to test_user1 and test_user2:
- name: postgresql_membership - grant two groups to two users
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_membership:
    login_user: "{{ pg_user }}"
    db: postgres
    group:
    - "{{ test_group1 }}"
    - "{{ test_group2 }}"
    user:
    - "{{ test_user1 }}"
    - "{{ test_user2 }}"
    state: present
  register: result
  ignore_errors: yes

- assert:
    that:
    - result is changed
    - result.groups == ["{{ test_group1 }}", "{{ test_group2 }}"]
    - result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\"", "GRANT \"{{ test_group1 }}\" TO \"{{ test_user2 }}\"", "GRANT \"{{ test_group2 }}\" TO \"{{ test_user1 }}\"", "GRANT \"{{ test_group2 }}\" TO \"{{ test_user2 }}\""]
    - result.granted.{{ test_group1 }} == ["{{ test_user1 }}", "{{ test_user2 }}"]
    - result.granted.{{ test_group2 }} == ["{{ test_user1 }}", "{{ test_user2 }}"]
    - result.state == "present"
    - result.target_roles == ["{{ test_user1 }}", "{{ test_user2 }}"]

# Grant test_group1 and test_group2 to test_user1 and test_user2 again to check that nothing changes:
- name: postgresql_membership - grant two groups to two users again
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_membership:
    login_user: "{{ pg_user }}"
    db: postgres
    group:
    - "{{ test_group1 }}"
    - "{{ test_group2 }}"
    user:
    - "{{ test_user1 }}"
    - "{{ test_user2 }}"
    state: present
  register: result
  ignore_errors: yes

- assert:
    that:
    - result is not changed
    - result.groups == ["{{ test_group1 }}", "{{ test_group2 }}"]
    - result.queries == []
    - result.granted.{{ test_group1 }} == []
    - result.granted.{{ test_group2 }} == []
    - result.state == "present"
    - result.target_roles == ["{{ test_user1 }}", "{{ test_user2 }}"]

# Revoke only test_group1 from test_user1:
- name: postgresql_membership - revoke one group from one user
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_membership:
    login_user: "{{ pg_user }}"
    db: postgres
    group: "{{ test_group1 }}"
    user: "{{ test_user1 }}"
    state: absent
  register: result
  ignore_errors: yes

- assert:
    that:
    - result is changed
    - result.groups == ["{{ test_group1 }}"]
    - result.queries == ["REVOKE \"{{ test_group1 }}\" FROM \"{{ test_user1 }}\""]
    - result.revoked.{{ test_group1 }} == ["{{ test_user1 }}"]
    - result.state == "absent"
    - result.target_roles == ["{{ test_user1 }}"]

# Try to grant test_group1 and test_group2 to test_user1 and test_user2 again
# to check that nothing changes with test_user2:
- name: postgresql_membership - grant two groups to two users again
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_membership:
    login_user: "{{ pg_user }}"
    db: postgres
    group:
    - "{{ test_group1 }}"
    - "{{ test_group2 }}"
    user:
    - "{{ test_user1 }}"
    - "{{ test_user2 }}"
    state: present
  register: result
  ignore_errors: yes

- assert:
    that:
    - result is changed
    - result.groups == ["{{ test_group1 }}", "{{ test_group2 }}"]
    - result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\""]
    - result.granted.{{ test_group1 }} == ["{{ test_user1 }}"]
    - result.granted.{{ test_group2 }} == []
    - result.state == "present"
    - result.target_roles == ["{{ test_user1 }}", "{{ test_user2 }}"]

#####################
# Check fail_on_role:

# Try to grant non existent group to non existent role with fail_on_role=yes:
- name: postgresql_membership - revoke non existen group from non existen role
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_membership:
    login_user: "{{ pg_user }}"
    db: postgres
    group: fake_group
    user: fake_user
    state: present
    fail_on_role: yes
  register: result
  ignore_errors: yes

- assert:
    that:
    - result is not changed

# Try to grant non existent group to non existent role with fail_on_role=no:
- name: postgresql_membership - revoke non existen group from non existen role
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_membership:
    login_user: "{{ pg_user }}"
    db: postgres
    group: fake_group
    user: fake_user
    state: present
    fail_on_role: no
  register: result
  ignore_errors: yes

- assert:
    that:
    - result is not changed
    - result.granted == {}
    - result.groups == []
    - result.target_roles == []
    - result.state == 'present'

# Try to revoke non existent group from non existent role with fail_on_role=no:
- name: postgresql_membership - revoke non existen group from non existen role
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_membership:
    login_user: "{{ pg_user }}"
    db: postgres
    group: fake_group
    user: fake_user
    state: absent
    fail_on_role: no
  register: result
  ignore_errors: yes

- assert:
    that:
    - result is not changed
    - result.revoked == {}
    - result.groups == []
    - result.target_roles == []
    - result.state == 'absent'

# Grant test_group3 with a name containing dots to test_user1.
- name: postgresql_membership - grant test_group3 with dots to test_user1
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_membership:
    login_user: "{{ pg_user }}"
    db: postgres
    group: "{{ test_group3 }}"
    user: "{{ test_user1 }}"
    state: present
  register: result

- assert:
    that:
    - result is changed
    - result.queries == ["GRANT \"{{ test_group3 }}\" TO \"{{ test_user1 }}\""]

#############################
# Check trust_input parameter

- name: postgresql_membership - try to use dangerous input, don't trust
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_membership:
    login_user: "{{ pg_user }}"
    db: postgres
    group:
    - "{{ test_group3}}"
    - "{{ dangerous_name }}"
    user: "{{ test_user1 }}"
    state: present
    trust_input: no
  register: result
  ignore_errors: yes

- assert:
    that:
    - result is failed
    - result.msg == 'Passed input \'{{ dangerous_name }}\' is potentially dangerous'

- name: postgresql_membership - try to use dangerous input, trust explicitly
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_membership:
    login_user: "{{ pg_user }}"
    db: postgres
    group:
    - "{{ test_group3}}"
    - "{{ dangerous_name }}"
    user: "{{ test_user1 }}"
    state: present
    trust_input: yes
  register: result
  ignore_errors: yes

- assert:
    that:
    - result is failed
    - result.msg == 'Role {{ dangerous_name }} does not exist'
Initial commit 2020-03-09 10:11:07 +01:00			`# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>`
			`# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)`

			`####################`
			`# Prepare for tests:`

			`# Create test roles:`
			`- name: postgresql_membership - create test roles`
			`become_user: "{{ pg_user }}"`
			`become: yes`
			`postgresql_user:`
			`login_user: "{{ pg_user }}"`
			`db: postgres`
			`name: "{{ item }}"`
			`ignore_errors: yes`
			`with_items:`
			`- "{{ test_group1 }}"`
			`- "{{ test_group2 }}"`
			`- "{{ test_group3 }}"`
			`- "{{ test_user1 }}"`
			`- "{{ test_user2 }}"`

			`################`
			`# Do main tests:`

			`### Test check_mode`
			`# Grant test_group1 to test_user1 in check_mode:`
			`- name: postgresql_membership - grant test_group1 to test_user1 in check_mode`
			`become_user: "{{ pg_user }}"`
			`become: yes`
			`postgresql_membership:`
			`login_user: "{{ pg_user }}"`
			`db: postgres`
			`group: "{{ test_group1 }}"`
			`user: "{{ test_user1 }}"`
			`state: present`
			`register: result`
			`ignore_errors: yes`
			`check_mode: yes`

			`- assert:`
			`that:`
			`- result is changed`
			`- result.groups == ["{{ test_group1 }}"]`
			`- result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\""]`
			`- result.granted.{{ test_group1 }} == ["{{ test_user1 }}"]`
			`- result.state == "present"`
			`- result.target_roles == ["{{ test_user1 }}"]`

			`# Try to revoke test_group1 from test_user1 to check that`
			`# nothing actually changed in check_mode at the previous step:`
			`- name: postgresql_membership - try to revoke test_group1 from test_user1 for checking check_mode`
			`become_user: "{{ pg_user }}"`
			`become: yes`
			`postgresql_membership:`
			`login_user: "{{ pg_user }}"`
			`db: postgres`
			`group: "{{ test_group1 }}"`
			`user: "{{ test_user1 }}"`
			`state: absent`
			`register: result`
			`ignore_errors: yes`
			`check_mode: yes`

			`- assert:`
			`that:`
			`- result is not changed`
			`- result.groups == ["{{ test_group1 }}"]`
			`- result.queries == []`
			`- result.revoked.{{ test_group1 }} == []`
			`- result.state == "absent"`
			`- result.target_roles == ["{{ test_user1 }}"]`
			`### End of test check_mode`

			`# Grant test_group1 to test_user1:`
			`- name: postgresql_membership - grant test_group1 to test_user1`
			`become_user: "{{ pg_user }}"`
			`become: yes`
			`postgresql_membership:`
			`login_user: "{{ pg_user }}"`
			`db: postgres`
			`group: "{{ test_group1 }}"`
			`user: "{{ test_user1 }}"`
			`state: present`
			`register: result`
			`ignore_errors: yes`

			`- assert:`
			`that:`
			`- result is changed`
			`- result.groups == ["{{ test_group1 }}"]`
			`- result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\""]`
			`- result.granted.{{ test_group1 }} == ["{{ test_user1 }}"]`
			`- result.state == "present"`
			`- result.target_roles == ["{{ test_user1 }}"]`

			`# Grant test_group1 to test_user1 again to check that nothing changes:`
			`- name: postgresql_membership - grant test_group1 to test_user1 again`
			`become_user: "{{ pg_user }}"`
			`become: yes`
			`postgresql_membership:`
			`login_user: "{{ pg_user }}"`
			`db: postgres`
			`group: "{{ test_group1 }}"`
			`user: "{{ test_user1 }}"`
			`state: present`
			`register: result`
			`ignore_errors: yes`

			`- assert:`
			`that:`
			`- result is not changed`
			`- result.groups == ["{{ test_group1 }}"]`
			`- result.queries == []`
			`- result.granted.{{ test_group1 }} == []`
			`- result.state == "present"`
			`- result.target_roles == ["{{ test_user1 }}"]`

			`# Revoke test_group1 from test_user1:`
			`- name: postgresql_membership - revoke test_group1 from test_user1`
			`become_user: "{{ pg_user }}"`
			`become: yes`
			`postgresql_membership:`
			`login_user: "{{ pg_user }}"`
			`db: postgres`
			`group: "{{ test_group1 }}"`
			`user: "{{ test_user1 }}"`
			`state: absent`
			`register: result`
			`ignore_errors: yes`

			`- assert:`
			`that:`
			`- result is changed`
			`- result.groups == ["{{ test_group1 }}"]`
			`- result.queries == ["REVOKE \"{{ test_group1 }}\" FROM \"{{ test_user1 }}\""]`
			`- result.revoked.{{ test_group1 }} == ["{{ test_user1 }}"]`
			`- result.state == "absent"`
			`- result.target_roles == ["{{ test_user1 }}"]`

			`# Revoke test_group1 from test_user1 again to check that nothing changes:`
			`- name: postgresql_membership - revoke test_group1 from test_user1 again`
			`become_user: "{{ pg_user }}"`
			`become: yes`
			`postgresql_membership:`
			`login_user: "{{ pg_user }}"`
			`db: postgres`
			`group: "{{ test_group1 }}"`
			`user: "{{ test_user1 }}"`
			`state: absent`
			`register: result`
			`ignore_errors: yes`

			`- assert:`
			`that:`
			`- result is not changed`
			`- result.groups == ["{{ test_group1 }}"]`
			`- result.queries == []`
			`- result.revoked.{{ test_group1 }} == []`
			`- result.state == "absent"`
			`- result.target_roles == ["{{ test_user1 }}"]`

			`# Grant test_group1 and test_group2 to test_user1 and test_user2:`
			`- name: postgresql_membership - grant two groups to two users`
			`become_user: "{{ pg_user }}"`
			`become: yes`
			`postgresql_membership:`
			`login_user: "{{ pg_user }}"`
			`db: postgres`
			`group:`
			`- "{{ test_group1 }}"`
			`- "{{ test_group2 }}"`
			`user:`
			`- "{{ test_user1 }}"`
			`- "{{ test_user2 }}"`
			`state: present`
			`register: result`
			`ignore_errors: yes`

			`- assert:`
			`that:`
			`- result is changed`
			`- result.groups == ["{{ test_group1 }}", "{{ test_group2 }}"]`
			`- result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\"", "GRANT \"{{ test_group1 }}\" TO \"{{ test_user2 }}\"", "GRANT \"{{ test_group2 }}\" TO \"{{ test_user1 }}\"", "GRANT \"{{ test_group2 }}\" TO \"{{ test_user2 }}\""]`
			`- result.granted.{{ test_group1 }} == ["{{ test_user1 }}", "{{ test_user2 }}"]`
			`- result.granted.{{ test_group2 }} == ["{{ test_user1 }}", "{{ test_user2 }}"]`
			`- result.state == "present"`
			`- result.target_roles == ["{{ test_user1 }}", "{{ test_user2 }}"]`

			`# Grant test_group1 and test_group2 to test_user1 and test_user2 again to check that nothing changes:`
			`- name: postgresql_membership - grant two groups to two users again`
			`become_user: "{{ pg_user }}"`
			`become: yes`
			`postgresql_membership:`
			`login_user: "{{ pg_user }}"`
			`db: postgres`
			`group:`
			`- "{{ test_group1 }}"`
			`- "{{ test_group2 }}"`
			`user:`
			`- "{{ test_user1 }}"`
			`- "{{ test_user2 }}"`
			`state: present`
			`register: result`
			`ignore_errors: yes`

			`- assert:`
			`that:`
			`- result is not changed`
			`- result.groups == ["{{ test_group1 }}", "{{ test_group2 }}"]`
			`- result.queries == []`
			`- result.granted.{{ test_group1 }} == []`
			`- result.granted.{{ test_group2 }} == []`
			`- result.state == "present"`
			`- result.target_roles == ["{{ test_user1 }}", "{{ test_user2 }}"]`

			`# Revoke only test_group1 from test_user1:`
			`- name: postgresql_membership - revoke one group from one user`
			`become_user: "{{ pg_user }}"`
			`become: yes`
			`postgresql_membership:`
			`login_user: "{{ pg_user }}"`
			`db: postgres`
			`group: "{{ test_group1 }}"`
			`user: "{{ test_user1 }}"`
			`state: absent`
			`register: result`
			`ignore_errors: yes`

			`- assert:`
			`that:`
			`- result is changed`
			`- result.groups == ["{{ test_group1 }}"]`
			`- result.queries == ["REVOKE \"{{ test_group1 }}\" FROM \"{{ test_user1 }}\""]`
			`- result.revoked.{{ test_group1 }} == ["{{ test_user1 }}"]`
			`- result.state == "absent"`
			`- result.target_roles == ["{{ test_user1 }}"]`

			`# Try to grant test_group1 and test_group2 to test_user1 and test_user2 again`
			`# to check that nothing changes with test_user2:`
			`- name: postgresql_membership - grant two groups to two users again`
			`become_user: "{{ pg_user }}"`
			`become: yes`
			`postgresql_membership:`
			`login_user: "{{ pg_user }}"`
			`db: postgres`
			`group:`
			`- "{{ test_group1 }}"`
			`- "{{ test_group2 }}"`
			`user:`
			`- "{{ test_user1 }}"`
			`- "{{ test_user2 }}"`
			`state: present`
			`register: result`
			`ignore_errors: yes`

			`- assert:`
			`that:`
			`- result is changed`
			`- result.groups == ["{{ test_group1 }}", "{{ test_group2 }}"]`
			`- result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\""]`
			`- result.granted.{{ test_group1 }} == ["{{ test_user1 }}"]`
			`- result.granted.{{ test_group2 }} == []`
			`- result.state == "present"`
			`- result.target_roles == ["{{ test_user1 }}", "{{ test_user2 }}"]`

			`#####################`
			`# Check fail_on_role:`

			`# Try to grant non existent group to non existent role with fail_on_role=yes:`
			`- name: postgresql_membership - revoke non existen group from non existen role`
			`become_user: "{{ pg_user }}"`
			`become: yes`
			`postgresql_membership:`
			`login_user: "{{ pg_user }}"`
			`db: postgres`
			`group: fake_group`
			`user: fake_user`
			`state: present`
			`fail_on_role: yes`
			`register: result`
			`ignore_errors: yes`

			`- assert:`
			`that:`
			`- result is not changed`

			`# Try to grant non existent group to non existent role with fail_on_role=no:`
			`- name: postgresql_membership - revoke non existen group from non existen role`
			`become_user: "{{ pg_user }}"`
			`become: yes`
			`postgresql_membership:`
			`login_user: "{{ pg_user }}"`
			`db: postgres`
			`group: fake_group`
			`user: fake_user`
			`state: present`
			`fail_on_role: no`
			`register: result`
			`ignore_errors: yes`

			`- assert:`
			`that:`
			`- result is not changed`
			`- result.granted == {}`
			`- result.groups == []`
			`- result.target_roles == []`
			`- result.state == 'present'`

			`# Try to revoke non existent group from non existent role with fail_on_role=no:`
			`- name: postgresql_membership - revoke non existen group from non existen role`
			`become_user: "{{ pg_user }}"`
			`become: yes`
			`postgresql_membership:`
			`login_user: "{{ pg_user }}"`
			`db: postgres`
			`group: fake_group`
			`user: fake_user`
			`state: absent`
			`fail_on_role: no`
			`register: result`
			`ignore_errors: yes`

			`- assert:`
			`that:`
			`- result is not changed`
			`- result.revoked == {}`
			`- result.groups == []`
			`- result.target_roles == []`
			`- result.state == 'absent'`

			`# Grant test_group3 with a name containing dots to test_user1.`
			`- name: postgresql_membership - grant test_group3 with dots to test_user1`
			`become_user: "{{ pg_user }}"`
			`become: yes`
			`postgresql_membership:`
			`login_user: "{{ pg_user }}"`
			`db: postgres`
			`group: "{{ test_group3 }}"`
			`user: "{{ test_user1 }}"`
			`state: present`
			`register: result`

			`- assert:`
			`that:`
			`- result is changed`
			`- result.queries == ["GRANT \"{{ test_group3 }}\" TO \"{{ test_user1 }}\""]`
postgresql_membership: add trust_input parameter (#158) * postgresql_membership: add trust_input parameter * add changelog fragment * add session_role to check 2020-04-14 15:45:36 +02:00
			`#############################`
			`# Check trust_input parameter`

			`- name: postgresql_membership - try to use dangerous input, don't trust`
			`become_user: "{{ pg_user }}"`
			`become: yes`
			`postgresql_membership:`
			`login_user: "{{ pg_user }}"`
			`db: postgres`
			`group:`
			`- "{{ test_group3}}"`
			`- "{{ dangerous_name }}"`
			`user: "{{ test_user1 }}"`
			`state: present`
			`trust_input: no`
			`register: result`
			`ignore_errors: yes`

			`- assert:`
			`that:`
			`- result is failed`
			`- result.msg == 'Passed input \'{{ dangerous_name }}\' is potentially dangerous'`

			`- name: postgresql_membership - try to use dangerous input, trust explicitly`
			`become_user: "{{ pg_user }}"`
			`become: yes`
			`postgresql_membership:`
			`login_user: "{{ pg_user }}"`
			`db: postgres`
			`group:`
			`- "{{ test_group3}}"`
			`- "{{ dangerous_name }}"`
			`user: "{{ test_user1 }}"`
			`state: present`
			`trust_input: yes`
			`register: result`
			`ignore_errors: yes`

			`- assert:`
			`that:`
			`- result is failed`
			`- result.msg == 'Role {{ dangerous_name }} does not exist'`