ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

postgresql_tablespace: add trust_input parameter (#240)

Browse source 
* postgresql_tablespace: add trust_input parameter

* add changelog fragment
This commit is contained in:
Andrew Klychkov 2020-05-01 14:10:13 +03:00 committed by GitHub
parent c68f17f09b
commit 01eee507f2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 80 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/240-postgresql_tablespace_add_trust_input_parameter.yml Normal file
View file

@ -0,0 +1,2 @@
minor_changes:
- postgresql_tablespace - add the ``trust_input`` parameter (https://github.com/ansible-collections/community.general/pull/240).

40
plugins/modules/database/postgresql/postgresql_tablespace.py
View file

@ -75,6 +75,11 @@ options:
type: str type: str
aliases: aliases:
- login_db - login_db
trust_input:
description:
- If C(no), check whether values of some parameters are potentially dangerous.
type: bool
default: yes
notes: notes:
- I(state=absent) and I(state=present) (the second one if the tablespace doesn't exist) do not - I(state=absent) and I(state=present) (the second one if the tablespace doesn't exist) do not
@ -185,7 +190,12 @@ except ImportError:
pass pass
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
from ansible_collections.community.general.plugins.module_utils.database import pg_quote_identifier from ansible.module_utils.six import iteritems
from ansible_collections.community.general.plugins.module_utils.database import (
check_input,
pg_quote_identifier,
)
from ansible_collections.community.general.plugins.module_utils.postgres import ( from ansible_collections.community.general.plugins.module_utils.postgres import (
connect_to_db, connect_to_db,
exec_sql, exec_sql,
@ -286,7 +296,7 @@ class PgTablespace(object):
args: args:
location (str) -- tablespace directory path in the FS location (str) -- tablespace directory path in the FS
""" """
query = ("CREATE TABLESPACE %s LOCATION '%s'" % (pg_quote_identifier(self.name, 'database'), location)) query = ('CREATE TABLESPACE "%s" LOCATION \'%s\'' % (self.name, location))
return exec_sql(self, query, return_bool=True) return exec_sql(self, query, return_bool=True)
def drop(self): def drop(self):
@ -294,7 +304,7 @@ class PgTablespace(object):
Return True if success, otherwise, return False. Return True if success, otherwise, return False.
""" """
return exec_sql(self, "DROP TABLESPACE %s" % pg_quote_identifier(self.name, 'database'), return_bool=True) return exec_sql(self, 'DROP TABLESPACE "%s"' % self.name, return_bool=True)
def set_owner(self, new_owner): def set_owner(self, new_owner):
"""Set tablespace owner. """Set tablespace owner.
@ -307,7 +317,7 @@ class PgTablespace(object):
if new_owner == self.owner: if new_owner == self.owner:
return False return False
query = "ALTER TABLESPACE %s OWNER TO %s" % (pg_quote_identifier(self.name, 'database'), new_owner) query = 'ALTER TABLESPACE "%s" OWNER TO "%s"' % (self.name, new_owner)
return exec_sql(self, query, return_bool=True) return exec_sql(self, query, return_bool=True)
def rename(self, newname): def rename(self, newname):
@ -318,7 +328,7 @@ class PgTablespace(object):
args: args:
newname (str) -- new name for the tablespace" newname (str) -- new name for the tablespace"
""" """
query = "ALTER TABLESPACE %s RENAME TO %s" % (pg_quote_identifier(self.name, 'database'), newname) query = 'ALTER TABLESPACE "%s" RENAME TO "%s"' % (self.name, newname)
self.new_name = newname self.new_name = newname
return exec_sql(self, query, return_bool=True) return exec_sql(self, query, return_bool=True)
@ -357,7 +367,7 @@ class PgTablespace(object):
args: args:
setting (str) -- string in format "setting_name = 'setting_value'" setting (str) -- string in format "setting_name = 'setting_value'"
""" """
query = "ALTER TABLESPACE %s RESET (%s)" % (pg_quote_identifier(self.name, 'database'), setting) query = 'ALTER TABLESPACE "%s" RESET (%s)' % (self.name, setting)
return exec_sql(self, query, return_bool=True) return exec_sql(self, query, return_bool=True)
def __set_setting(self, setting): def __set_setting(self, setting):
@ -368,7 +378,7 @@ class PgTablespace(object):
args: args:
setting (str) -- string in format "setting_name = 'setting_value'" setting (str) -- string in format "setting_name = 'setting_value'"
""" """
query = "ALTER TABLESPACE %s SET (%s)" % (pg_quote_identifier(self.name, 'database'), setting) query = 'ALTER TABLESPACE "%s" SET (%s)' % (self.name, setting)
return exec_sql(self, query, return_bool=True) return exec_sql(self, query, return_bool=True)
@ -388,6 +398,7 @@ def main():
rename_to=dict(type='str'), rename_to=dict(type='str'),
db=dict(type='str', aliases=['login_db']), db=dict(type='str', aliases=['login_db']),
session_role=dict(type='str'), session_role=dict(type='str'),
trust_input=dict(type='bool', default=True),
) )
module = AnsibleModule( module = AnsibleModule(
@ -402,11 +413,23 @@ def main():
owner = module.params["owner"] owner = module.params["owner"]
rename_to = module.params["rename_to"] rename_to = module.params["rename_to"]
settings = module.params["set"] settings = module.params["set"]
session_role = module.params["session_role"]
trust_input = module.params["trust_input"]
if state == 'absent' and (location or owner or rename_to or settings): if state == 'absent' and (location or owner or rename_to or settings):
module.fail_json(msg="state=absent is mutually exclusive location, " module.fail_json(msg="state=absent is mutually exclusive location, "
"owner, rename_to, and set") "owner, rename_to, and set")
if not trust_input:
# Check input for potentially dangerous elements:
if not settings:
settings_list = None
else:
settings_list = ['%s = %s' % (k, v) for k, v in iteritems(settings)]
check_input(module, tablespace, location, owner,
rename_to, session_role, settings_list)
conn_params = get_conn_params(module, module.params, warn_db_default=False) conn_params = get_conn_params(module, module.params, warn_db_default=False)
db_connection = connect_to_db(module, conn_params, autocommit=True) db_connection = connect_to_db(module, conn_params, autocommit=True)
cursor = db_connection.cursor(cursor_factory=DictCursor) cursor = db_connection.cursor(cursor_factory=DictCursor)
@ -428,7 +451,8 @@ def main():
# If tablespace exists with different location, exit: # If tablespace exists with different location, exit:
if tblspace.exists and location and location != tblspace.location: if tblspace.exists and location and location != tblspace.location:
module.fail_json(msg="Tablespace '%s' exists with different location '%s'" % (tblspace.name, tblspace.location)) module.fail_json(msg="Tablespace '%s' exists with "
"different location '%s'" % (tblspace.name, tblspace.location))
# Create new tablespace: # Create new tablespace:
if not tblspace.exists and state == 'present': if not tblspace.exists and state == 'present':

1
tests/integration/targets/postgresql_tablespace/defaults/main.yml
View file

@ -1,2 +1,3 @@
--- ---
test_tablespace_path: "/ssd" test_tablespace_path: "/ssd"
dangerous_name: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'

48
tests/integration/targets/postgresql_tablespace/tasks/postgresql_tablespace_initial.yml
View file

@ -4,10 +4,12 @@
path: '{{ test_tablespace_path }}' path: '{{ test_tablespace_path }}'
state: absent state: absent
ignore_errors: true ignore_errors: true
- name: postgresql_tablespace - disable selinux - name: postgresql_tablespace - disable selinux
become: true become: true
shell: setenforce 0 shell: setenforce 0
ignore_errors: true ignore_errors: true
- name: postgresql_tablespace - create dir for test tablespace - name: postgresql_tablespace - create dir for test tablespace
become: true become: true
file: file:
@ -17,6 +19,7 @@
group: '{{ pg_user }}' group: '{{ pg_user }}'
mode: '0700' mode: '0700'
ignore_errors: true ignore_errors: true
- name: postgresql_tablespace - create test role to test change ownership - name: postgresql_tablespace - create test role to test change ownership
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -26,6 +29,7 @@
name: bob name: bob
state: present state: present
ignore_errors: true ignore_errors: true
- name: postgresql_tablespace - create test role to test change ownership - name: postgresql_tablespace - create test role to test change ownership
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -35,6 +39,7 @@
name: alice name: alice
state: present state: present
ignore_errors: true ignore_errors: true
- name: postgresql_tablespace - create a new tablespace called acme and set bob as an its owner - name: postgresql_tablespace - create a new tablespace called acme and set bob as an its owner
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -46,15 +51,17 @@
location: /ssd location: /ssd
register: result register: result
ignore_errors: true ignore_errors: true
- assert: - assert:
that: that:
- result is changed - result is changed
- result.owner == 'bob' - result.owner == 'bob'
- result.queries == ["CREATE TABLESPACE \"acme\" LOCATION '/ssd'", "ALTER TABLESPACE \"acme\" OWNER TO bob"] - result.queries == ["CREATE TABLESPACE \"acme\" LOCATION '/ssd'", "ALTER TABLESPACE \"acme\" OWNER TO \"bob\""]
- result.state == 'present' - result.state == 'present'
- result.tablespace == 'acme' - result.tablespace == 'acme'
- result.options == {} - result.options == {}
- result.location == '/ssd' - result.location == '/ssd'
- name: postgresql_tablespace - try to create the same tablespace with different location - name: postgresql_tablespace - try to create the same tablespace with different location
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -65,10 +72,12 @@
location: /another-ssd location: /another-ssd
register: result register: result
ignore_errors: true ignore_errors: true
- assert: - assert:
that: that:
- result is not changed - result is not changed
- result.msg == "Tablespace 'acme' exists with different location '/ssd'" - result.msg == "Tablespace 'acme' exists with different location '/ssd'"
- name: postgresql_tablespace - change tablespace owner to alice - name: postgresql_tablespace - change tablespace owner to alice
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -79,14 +88,16 @@
owner: alice owner: alice
register: result register: result
ignore_errors: true ignore_errors: true
- assert: - assert:
that: that:
- result is changed - result is changed
- result.owner == 'alice' - result.owner == 'alice'
- result.queries == ["ALTER TABLESPACE \"acme\" OWNER TO alice"] - result.queries == ["ALTER TABLESPACE \"acme\" OWNER TO \"alice\""]
- result.state == 'present' - result.state == 'present'
- result.tablespace == 'acme' - result.tablespace == 'acme'
- result.options == {} - result.options == {}
- name: postgresql_tablespace - try to change tablespace owner to alice again to be sure that nothing changes - name: postgresql_tablespace - try to change tablespace owner to alice again to be sure that nothing changes
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -97,6 +108,7 @@
owner: alice owner: alice
register: result register: result
ignore_errors: true ignore_errors: true
- assert: - assert:
that: that:
- result is not changed - result is not changed
@ -105,6 +117,7 @@
- result.state == 'present' - result.state == 'present'
- result.tablespace == 'acme' - result.tablespace == 'acme'
- result.options == {} - result.options == {}
- name: postgresql_tablespace - change tablespace options - name: postgresql_tablespace - change tablespace options
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -116,6 +129,7 @@
seq_page_cost: 4 seq_page_cost: 4
register: result register: result
ignore_errors: true ignore_errors: true
- assert: - assert:
that: that:
- result is changed - result is changed
@ -125,6 +139,7 @@
- result.tablespace == 'acme' - result.tablespace == 'acme'
- result.options.seq_page_cost == '4' - result.options.seq_page_cost == '4'
when: postgres_version_resp.stdout is version('9.0', '>=') when: postgres_version_resp.stdout is version('9.0', '>=')
- name: postgresql_tablespace - reset seq_page_cost option - name: postgresql_tablespace - reset seq_page_cost option
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -136,11 +151,13 @@
seq_page_cost: reset seq_page_cost: reset
register: result register: result
ignore_errors: true ignore_errors: true
- assert: - assert:
that: that:
- result is changed - result is changed
- result.queries == ["ALTER TABLESPACE \"acme\" RESET (seq_page_cost)"] - result.queries == ["ALTER TABLESPACE \"acme\" RESET (seq_page_cost)"]
when: postgres_version_resp.stdout is version('9.0', '>=') when: postgres_version_resp.stdout is version('9.0', '>=')
- name: postgresql_tablespace - reset seq_page_cost option again - name: postgresql_tablespace - reset seq_page_cost option again
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -152,11 +169,13 @@
seq_page_cost: reset seq_page_cost: reset
register: result register: result
ignore_errors: true ignore_errors: true
- assert: - assert:
that: that:
- result is not changed - result is not changed
- result.queries == [] - result.queries == []
when: postgres_version_resp.stdout is version('9.0', '>=') when: postgres_version_resp.stdout is version('9.0', '>=')
- name: postgresql_tablespace - rename tablespace - name: postgresql_tablespace - rename tablespace
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -167,11 +186,30 @@
rename_to: foo rename_to: foo
register: result register: result
ignore_errors: true ignore_errors: true
- assert: - assert:
that: that:
- result is changed - result is changed
- result.newname == 'foo' - result.newname == 'foo'
- result.queries == ["ALTER TABLESPACE \"acme\" RENAME TO foo"] - result.queries == ["ALTER TABLESPACE \"acme\" RENAME TO \"foo\""]
- name: postgresql_tablespace - rename tablespace to potentially dangerous name
become_user: '{{ pg_user }}'
become: true
postgresql_tablespace:
db: postgres
login_user: '{{ pg_user }}'
name: foo
rename_to: '{{ dangerous_name }}'
trust_input: no
register: result
ignore_errors: true
- assert:
that:
- result is failed
- result.msg == 'Passed input \'{{ dangerous_name }}\' is potentially dangerous'
- name: postgresql_tablespace - drop tablespace - name: postgresql_tablespace - drop tablespace
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -180,13 +218,16 @@
login_user: '{{ pg_user }}' login_user: '{{ pg_user }}'
name: foo name: foo
state: absent state: absent
trust_input: yes
register: result register: result
ignore_errors: true ignore_errors: true
- assert: - assert:
that: that:
- result is changed - result is changed
- result.state == 'absent' - result.state == 'absent'
- result.queries == ["DROP TABLESPACE \"foo\""] - result.queries == ["DROP TABLESPACE \"foo\""]
- name: postgresql_tablespace - try to drop nonexistent tablespace - name: postgresql_tablespace - try to drop nonexistent tablespace
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -197,6 +238,7 @@
state: absent state: absent
register: result register: result
ignore_errors: true ignore_errors: true
- assert: - assert:
that: that:
- result is not changed - result is not changed