From 19cad71f25d986236d034b3b11659cb00807cf67 Mon Sep 17 00:00:00 2001
From: Andrew Klychkov <aaklychkov@mail.ru>
Date: Tue, 5 May 2020 16:37:08 +0300
Subject: [PATCH] postgresql_lang: add trust_input parameter (#272)

* postgresql_lan: add trust_input parameter

* add changelog fragment
---
 ...-postgresql_lang_add_trust_input_parameter.yml |  2 ++
 .../database/postgresql/postgresql_lang.py        | 15 ++++++++++++++-
 .../tasks/postgresql_lang_add_owner_param.yml     |  9 ++++++---
 3 files changed, 22 insertions(+), 4 deletions(-)
 create mode 100644 changelogs/fragments/272-postgresql_lang_add_trust_input_parameter.yml

diff --git a/changelogs/fragments/272-postgresql_lang_add_trust_input_parameter.yml b/changelogs/fragments/272-postgresql_lang_add_trust_input_parameter.yml
new file mode 100644
index 0000000000..4f40ebf198
--- /dev/null
+++ b/changelogs/fragments/272-postgresql_lang_add_trust_input_parameter.yml
@@ -0,0 +1,2 @@
+minor_changes:
+- postgresql_lang - add the ``trust_input`` parameter (https://github.com/ansible-collections/community.general/pull/272).
diff --git a/plugins/modules/database/postgresql/postgresql_lang.py b/plugins/modules/database/postgresql/postgresql_lang.py
index 2ab3127bb8..46d11bae99 100644
--- a/plugins/modules/database/postgresql/postgresql_lang.py
+++ b/plugins/modules/database/postgresql/postgresql_lang.py
@@ -104,6 +104,11 @@ options:
       - Set an owner for the language.
       - Ignored when I(state=absent).
     type: str
+  trust_input:
+    description:
+    - If C(no), check whether values of some parameters are potentially dangerous.
+    type: bool
+    default: yes
 seealso:
 - name: PostgreSQL languages
   description: General information about PostgreSQL languages.
@@ -176,6 +181,7 @@ queries:
 '''
 
 from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.community.general.plugins.module_utils.database import check_input
 from ansible_collections.community.general.plugins.module_utils.postgres import (
     connect_to_db,
     get_conn_params,
@@ -258,7 +264,7 @@ def set_lang_owner(cursor, lang, owner):
         lang (str): language name.
         owner (str): name of new owner.
     """
-    query = "ALTER LANGUAGE \"%s\" OWNER TO %s" % (lang, owner)
+    query = "ALTER LANGUAGE \"%s\" OWNER TO \"%s\"" % (lang, owner)
     executed_queries.append(query)
     cursor.execute(query)
     return True
@@ -276,6 +282,7 @@ def main():
         fail_on_drop=dict(type="bool", default="yes"),
         session_role=dict(type="str"),
         owner=dict(type="str"),
+        trust_input=dict(type="bool", default="yes")
     )
 
     module = AnsibleModule(
@@ -291,6 +298,12 @@ def main():
     cascade = module.params["cascade"]
     fail_on_drop = module.params["fail_on_drop"]
     owner = module.params["owner"]
+    session_role = module.params["session_role"]
+    trust_input = module.params["trust_input"]
+
+    if not trust_input:
+        # Check input for potentially dangerous elements:
+        check_input(module, lang, session_role, owner)
 
     conn_params = get_conn_params(module, module.params)
     db_connection = connect_to_db(module, conn_params, autocommit=False)
diff --git a/tests/integration/targets/postgresql_lang/tasks/postgresql_lang_add_owner_param.yml b/tests/integration/targets/postgresql_lang/tasks/postgresql_lang_add_owner_param.yml
index 9e259af73b..5d21db56dc 100644
--- a/tests/integration/targets/postgresql_lang/tasks/postgresql_lang_add_owner_param.yml
+++ b/tests/integration/targets/postgresql_lang/tasks/postgresql_lang_add_owner_param.yml
@@ -30,6 +30,7 @@
       <<: *pg_parameters
       name: '{{ test_lang }}'
       owner: '{{ test_user1 }}'
+      trust_input: no
     check_mode: yes
 
   - assert:
@@ -57,11 +58,12 @@
       <<: *pg_parameters
       name: '{{ test_lang }}'
       owner: '{{ test_user1 }}'
+      trust_input: no
 
   - assert:
       that:
       - result is changed
-      - result.queries == ['CREATE LANGUAGE "{{ test_lang }}"', 'ALTER LANGUAGE "{{ test_lang }}" OWNER TO {{ test_user1 }}']
+      - result.queries == ['CREATE LANGUAGE "{{ test_lang }}"', 'ALTER LANGUAGE "{{ test_lang }}" OWNER TO "{{ test_user1 }}"']
 
   - name: Check
     <<: *task_parameters
@@ -83,12 +85,13 @@
       <<: *pg_parameters
       name: '{{ test_lang }}'
       owner: '{{ test_user2 }}'
+      trust_input: yes
     check_mode: yes
 
   - assert:
       that:
       - result is changed
-      - result.queries == ['ALTER LANGUAGE "{{ test_lang }}" OWNER TO {{ test_user2 }}']
+      - result.queries == ['ALTER LANGUAGE "{{ test_lang }}" OWNER TO "{{ test_user2 }}"']
 
   - name: Check that nothing was actually changed
     <<: *task_parameters
@@ -116,7 +119,7 @@
       - result is changed
       # TODO: the first elem of the returned list below
       # looks like a bug, not related with the option owner, needs to be checked
-      - result.queries == ["UPDATE pg_language SET lanpltrusted = false WHERE lanname = '{{ test_lang }}'", 'ALTER LANGUAGE "{{ test_lang }}" OWNER TO {{ test_user2 }}']
+      - result.queries == ["UPDATE pg_language SET lanpltrusted = false WHERE lanname = '{{ test_lang }}'", 'ALTER LANGUAGE "{{ test_lang }}" OWNER TO "{{ test_user2 }}"']
 
   - name: Check
     <<: *task_parameters