diff --git a/changelogs/fragments/1059-postgresql_privs_fix_failings_when_using_roles_with_hyphen.yml b/changelogs/fragments/1059-postgresql_privs_fix_failings_when_using_roles_with_hyphen.yml new file mode 100644 index 0000000000..d814799cf1 --- /dev/null +++ b/changelogs/fragments/1059-postgresql_privs_fix_failings_when_using_roles_with_hyphen.yml @@ -0,0 +1,2 @@ +bugfixes: +- postgresql_privs - fix module fails when ``type`` group and passing ``objs`` value containing hyphens (https://github.com/ansible-collections/community.general/issues/1058). diff --git a/plugins/modules/database/postgresql/postgresql_privs.py b/plugins/modules/database/postgresql/postgresql_privs.py index 695c7bd46b..58ae0911b2 100644 --- a/plugins/modules/database/postgresql/postgresql_privs.py +++ b/plugins/modules/database/postgresql/postgresql_privs.py @@ -772,7 +772,7 @@ class Connection(object): # set_what: SQL-fragment specifying what to set for the target roles: # Either group membership or privileges on objects of a certain type if obj_type == 'group': - set_what = ','.join('"%s"' % i for i in obj_ids) + set_what = ','.join(obj_ids) elif obj_type == 'default_privs': # We don't want privs to be quoted here set_what = ','.join(privs) @@ -1154,7 +1154,7 @@ def main(): except Error as e: conn.rollback() - module.fail_json(msg=e.message, exception=traceback.format_exc()) + module.fail_json(msg=to_native(e), exception=traceback.format_exc()) except psycopg2.Error as e: conn.rollback() diff --git a/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_general.yml b/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_general.yml index 54784fb5da..530e0d1ed4 100644 --- a/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_general.yml +++ b/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_general.yml @@ -1385,6 +1385,97 @@ - "'{{ db_user2 }}' in typ_result.query_result[0].typacl" when: postgres_version_resp.stdout is version('10', '>=') +###################################################################### +# https://github.com/ansible-collections/community.general/issues/1058 +- name: Create user for test + become: yes + become_user: "{{ pg_user }}" + postgresql_user: + login_user: "{{ pg_user }}" + login_db: "{{ db_name }}" + name: "test-role" + role_attr_flags: "NOLOGIN,NOSUPERUSER,INHERIT,NOCREATEDB,NOCREATEROLE,NOREPLICATION" + +- name: Test community.general/issue/1058 GRANT with hyphen + become: yes + become_user: "{{ pg_user }}" + postgresql_privs: + login_user: "{{ pg_user }}" + login_db: "{{ db_name }}" + roles: "test-role" + objs: "{{ pg_user }}" + type: "group" + register: result + +- assert: + that: + - result is changed + - result.queries == ["GRANT \"{{ pg_user }}\" TO \"test-role\";"] + +- name: Test community.general/issue/1058 REVOKE + become: yes + become_user: "{{ pg_user }}" + postgresql_privs: + login_user: "{{ pg_user }}" + login_db: "{{ db_name }}" + roles: "test-role" + objs: "{{ pg_user }}" + type: "group" + state: absent + register: result + +- assert: + that: + - result is changed + - result.queries == ["REVOKE \"{{ pg_user }}\" FROM \"test-role\";"] + +- name: Test community.general/issue/1058 GRANT without hyphen + become: yes + become_user: "{{ pg_user }}" + postgresql_privs: + login_user: "{{ pg_user }}" + login_db: "{{ db_name }}" + roles: "{{ db_user3 }}" + objs: "{{ pg_user }}" + type: "group" + register: result + +- assert: + that: + - result is changed + - result.queries == ["GRANT \"{{ pg_user }}\" TO \"{{ db_user3 }}\";"] + +- name: Test community.general/issue/1058 GRANT with hyphen as an object + become: yes + become_user: "{{ pg_user }}" + postgresql_privs: + login_user: "{{ pg_user }}" + login_db: "{{ db_name }}" + roles: "{{ db_user3 }}" + objs: "test-role,{{ db_user2 }}" + type: "group" + register: result + +- assert: + that: + - result is changed + - result.queries == ["GRANT \"test-role\",\"{{ db_user2 }}\" TO \"{{ db_user3 }}\";"] + +- name: Test community.general/issue/1058 GRANT with hyphen as an object + become: yes + become_user: "{{ pg_user }}" + postgresql_privs: + login_user: "{{ pg_user }}" + login_db: "{{ db_name }}" + roles: "{{ db_user3 }}" + objs: "test-role" + type: "group" + register: result + +- assert: + that: + - result is not changed + # Cleanup - name: Remove privs become: yes @@ -1425,10 +1516,13 @@ become: yes become_user: "{{ pg_user }}" postgresql_user: - name: "{{ db_user3 }}" + name: "{{ item }}" state: absent db: "{{ db_name }}" login_user: "{{ pg_user }}" + loop: + - '{{ db_user3 }}' + - 'test-role' - name: Destroy DB become_user: "{{ pg_user }}"