mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
postgresql_table: add the trust_input parameter (#307)
* postgresql_table: add the trust_input parameter * add changelog fragment
This commit is contained in:
parent
f2af41d842
commit
156d90ce90
3 changed files with 62 additions and 26 deletions
|
@ -0,0 +1,2 @@
|
||||||
|
minor_changes:
|
||||||
|
- postgresql_table - add the ``trust_input`` parameter (https://github.com/ansible-collections/community.general/pull/307).
|
|
@ -99,6 +99,12 @@ options:
|
||||||
Used with I(state=absent) only.
|
Used with I(state=absent) only.
|
||||||
type: bool
|
type: bool
|
||||||
default: no
|
default: no
|
||||||
|
trust_input:
|
||||||
|
description:
|
||||||
|
- If C(no), check whether values of parameters are potentially dangerous.
|
||||||
|
- It makes sense to use C(yes) only when SQL injections are possible.
|
||||||
|
type: bool
|
||||||
|
default: yes
|
||||||
notes:
|
notes:
|
||||||
- If you do not pass db parameter, tables will be created in the database
|
- If you do not pass db parameter, tables will be created in the database
|
||||||
named postgres.
|
named postgres.
|
||||||
|
@ -244,7 +250,10 @@ except ImportError:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
from ansible.module_utils.basic import AnsibleModule
|
from ansible.module_utils.basic import AnsibleModule
|
||||||
from ansible_collections.community.general.plugins.module_utils.database import pg_quote_identifier
|
from ansible_collections.community.general.plugins.module_utils.database import (
|
||||||
|
check_input,
|
||||||
|
pg_quote_identifier,
|
||||||
|
)
|
||||||
from ansible_collections.community.general.plugins.module_utils.postgres import (
|
from ansible_collections.community.general.plugins.module_utils.postgres import (
|
||||||
connect_to_db,
|
connect_to_db,
|
||||||
exec_sql,
|
exec_sql,
|
||||||
|
@ -365,7 +374,7 @@ class Table(object):
|
||||||
query += " WITH (%s)" % params
|
query += " WITH (%s)" % params
|
||||||
|
|
||||||
if tblspace:
|
if tblspace:
|
||||||
query += " TABLESPACE %s" % pg_quote_identifier(tblspace, 'database')
|
query += ' TABLESPACE "%s"' % tblspace
|
||||||
|
|
||||||
if exec_sql(self, query, return_bool=True):
|
if exec_sql(self, query, return_bool=True):
|
||||||
changed = True
|
changed = True
|
||||||
|
@ -412,7 +421,7 @@ class Table(object):
|
||||||
query += " WITH (%s)" % params
|
query += " WITH (%s)" % params
|
||||||
|
|
||||||
if tblspace:
|
if tblspace:
|
||||||
query += " TABLESPACE %s" % pg_quote_identifier(tblspace, 'database')
|
query += ' TABLESPACE "%s"' % tblspace
|
||||||
|
|
||||||
if exec_sql(self, query, return_bool=True):
|
if exec_sql(self, query, return_bool=True):
|
||||||
changed = True
|
changed = True
|
||||||
|
@ -432,8 +441,7 @@ class Table(object):
|
||||||
return exec_sql(self, query, return_bool=True)
|
return exec_sql(self, query, return_bool=True)
|
||||||
|
|
||||||
def set_owner(self, username):
|
def set_owner(self, username):
|
||||||
query = "ALTER TABLE %s OWNER TO %s" % (pg_quote_identifier(self.name, 'table'),
|
query = 'ALTER TABLE %s OWNER TO "%s"' % (pg_quote_identifier(self.name, 'table'), username)
|
||||||
pg_quote_identifier(username, 'role'))
|
|
||||||
return exec_sql(self, query, return_bool=True)
|
return exec_sql(self, query, return_bool=True)
|
||||||
|
|
||||||
def drop(self, cascade=False):
|
def drop(self, cascade=False):
|
||||||
|
@ -446,8 +454,7 @@ class Table(object):
|
||||||
return exec_sql(self, query, return_bool=True)
|
return exec_sql(self, query, return_bool=True)
|
||||||
|
|
||||||
def set_tblspace(self, tblspace):
|
def set_tblspace(self, tblspace):
|
||||||
query = "ALTER TABLE %s SET TABLESPACE %s" % (pg_quote_identifier(self.name, 'table'),
|
query = 'ALTER TABLE %s SET TABLESPACE "%s"' % (pg_quote_identifier(self.name, 'table'), tblspace)
|
||||||
pg_quote_identifier(tblspace, 'database'))
|
|
||||||
return exec_sql(self, query, return_bool=True)
|
return exec_sql(self, query, return_bool=True)
|
||||||
|
|
||||||
def set_stor_params(self, params):
|
def set_stor_params(self, params):
|
||||||
|
@ -464,7 +471,7 @@ def main():
|
||||||
argument_spec = postgres_common_argument_spec()
|
argument_spec = postgres_common_argument_spec()
|
||||||
argument_spec.update(
|
argument_spec.update(
|
||||||
table=dict(type='str', required=True, aliases=['name']),
|
table=dict(type='str', required=True, aliases=['name']),
|
||||||
state=dict(type='str', default="present", choices=["absent", "present"]),
|
state=dict(type='str', default='present', choices=['absent', 'present']),
|
||||||
db=dict(type='str', default='', aliases=['login_db']),
|
db=dict(type='str', default='', aliases=['login_db']),
|
||||||
tablespace=dict(type='str'),
|
tablespace=dict(type='str'),
|
||||||
owner=dict(type='str'),
|
owner=dict(type='str'),
|
||||||
|
@ -477,24 +484,32 @@ def main():
|
||||||
storage_params=dict(type='list', elements='str'),
|
storage_params=dict(type='list', elements='str'),
|
||||||
session_role=dict(type='str'),
|
session_role=dict(type='str'),
|
||||||
cascade=dict(type='bool', default=False),
|
cascade=dict(type='bool', default=False),
|
||||||
|
trust_input=dict(type='bool', default=True),
|
||||||
)
|
)
|
||||||
module = AnsibleModule(
|
module = AnsibleModule(
|
||||||
argument_spec=argument_spec,
|
argument_spec=argument_spec,
|
||||||
supports_check_mode=True,
|
supports_check_mode=True,
|
||||||
)
|
)
|
||||||
|
|
||||||
table = module.params["table"]
|
table = module.params['table']
|
||||||
state = module.params["state"]
|
state = module.params['state']
|
||||||
tablespace = module.params["tablespace"]
|
tablespace = module.params['tablespace']
|
||||||
owner = module.params["owner"]
|
owner = module.params['owner']
|
||||||
unlogged = module.params["unlogged"]
|
unlogged = module.params['unlogged']
|
||||||
like = module.params["like"]
|
like = module.params['like']
|
||||||
including = module.params["including"]
|
including = module.params['including']
|
||||||
newname = module.params["rename"]
|
newname = module.params['rename']
|
||||||
storage_params = module.params["storage_params"]
|
storage_params = module.params['storage_params']
|
||||||
truncate = module.params["truncate"]
|
truncate = module.params['truncate']
|
||||||
columns = module.params["columns"]
|
columns = module.params['columns']
|
||||||
cascade = module.params["cascade"]
|
cascade = module.params['cascade']
|
||||||
|
session_role = module.params['session_role']
|
||||||
|
trust_input = module.params['trust_input']
|
||||||
|
|
||||||
|
if not trust_input:
|
||||||
|
# Check input for potentially dangerous elements:
|
||||||
|
check_input(module, table, tablespace, owner, like, including,
|
||||||
|
newname, storage_params, columns, session_role)
|
||||||
|
|
||||||
if state == 'present' and cascade:
|
if state == 'present' and cascade:
|
||||||
module.warn("cascade=true is ignored when state=present")
|
module.warn("cascade=true is ignored when state=present")
|
||||||
|
|
|
@ -846,6 +846,7 @@
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
name: public.test_schema_table
|
name: public.test_schema_table
|
||||||
rename: new_test_schema_table
|
rename: new_test_schema_table
|
||||||
|
trust_input: yes
|
||||||
register: result
|
register: result
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
|
@ -853,6 +854,24 @@
|
||||||
- result is changed
|
- result is changed
|
||||||
- result.queries == ['ALTER TABLE "public"."test_schema_table" RENAME TO "new_test_schema_table"']
|
- result.queries == ['ALTER TABLE "public"."test_schema_table" RENAME TO "new_test_schema_table"']
|
||||||
|
|
||||||
|
############################
|
||||||
|
# Test trust_input parameter
|
||||||
|
- name: postgresql_table - check trust_input
|
||||||
|
postgresql_table:
|
||||||
|
db: postgres
|
||||||
|
login_user: "{{ pg_user }}"
|
||||||
|
name: postgres.acme.test_schema_table
|
||||||
|
state: absent
|
||||||
|
trust_input: no
|
||||||
|
session_role: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
|
||||||
|
register: result
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- result is failed
|
||||||
|
- result.msg is search('is potentially dangerous')
|
||||||
|
|
||||||
#
|
#
|
||||||
# Clean up
|
# Clean up
|
||||||
#
|
#
|
||||||
|
|
Loading…
Reference in a new issue