postgresql_privs: fix module fails when passing roles containing hyphens (#1059)

* postgresql_privs: fix module fails when passing roles containing hyphens * fix * Improve testing * Improve testing * Add changelog fragment * Improve testing * fix CI Free BSD
2024-09-14 20:13:21 +02:00 · 2020-10-11 12:57:19 +03:00 · 2020-10-11 12:57:19 +03:00 · 434b83170a
commit 434b83170a
parent e3e66a57ec
3 changed files with 99 additions and 3 deletions
--- a/changelogs/fragments/1059-postgresql_privs_fix_failings_when_using_roles_with_hyphen.yml
+++ b/changelogs/fragments/1059-postgresql_privs_fix_failings_when_using_roles_with_hyphen.yml
@ -0,0 +1,2 @@
+bugfixes:
+- postgresql_privs - fix module fails when ``type`` group and passing ``objs`` value containing hyphens (https://github.com/ansible-collections/community.general/issues/1058).
--- a/plugins/modules/database/postgresql/postgresql_privs.py
+++ b/plugins/modules/database/postgresql/postgresql_privs.py
@ -772,7 +772,7 @@ class Connection(object):
        # set_what: SQL-fragment specifying what to set for the target roles:
        # Either group membership or privileges on objects of a certain type
        if obj_type == 'group':
-            set_what = ','.join('"%s"' % i for i in obj_ids)
+            set_what = ','.join(obj_ids)
        elif obj_type == 'default_privs':
            # We don't want privs to be quoted here
            set_what = ','.join(privs)
@ -1154,7 +1154,7 @@ def main():

    except Error as e:
        conn.rollback()
-        module.fail_json(msg=e.message, exception=traceback.format_exc())
+        module.fail_json(msg=to_native(e), exception=traceback.format_exc())

    except psycopg2.Error as e:
        conn.rollback()
--- a/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_general.yml
+++ b/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_general.yml
@ -1385,6 +1385,97 @@
      - "'{{ db_user2 }}' in typ_result.query_result[0].typacl"
  when: postgres_version_resp.stdout is version('10', '>=')

+######################################################################
+# https://github.com/ansible-collections/community.general/issues/1058
+- name: Create user for test
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_user:
+    login_user: "{{ pg_user }}"
+    login_db: "{{ db_name }}"
+    name: "test-role"
+    role_attr_flags: "NOLOGIN,NOSUPERUSER,INHERIT,NOCREATEDB,NOCREATEROLE,NOREPLICATION"
+
+- name: Test community.general/issue/1058 GRANT with hyphen
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_privs:
+    login_user: "{{ pg_user }}"
+    login_db: "{{ db_name }}"
+    roles: "test-role"
+    objs: "{{ pg_user }}"
+    type: "group"
+  register: result
+
+- assert:
+    that:
+    - result is changed
+    - result.queries == ["GRANT \"{{ pg_user }}\" TO \"test-role\";"]
+
+- name: Test community.general/issue/1058 REVOKE
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_privs:
+    login_user: "{{ pg_user }}"
+    login_db: "{{ db_name }}"
+    roles: "test-role"
+    objs: "{{ pg_user }}"
+    type: "group"
+    state: absent
+  register: result
+
+- assert:
+    that:
+    - result is changed
+    - result.queries == ["REVOKE \"{{ pg_user }}\" FROM \"test-role\";"]
+
+- name: Test community.general/issue/1058 GRANT without hyphen
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_privs:
+    login_user: "{{ pg_user }}"
+    login_db: "{{ db_name }}"
+    roles: "{{ db_user3 }}"
+    objs: "{{ pg_user }}"
+    type: "group"
+  register: result
+
+- assert:
+    that:
+    - result is changed
+    - result.queries == ["GRANT \"{{ pg_user }}\" TO \"{{ db_user3 }}\";"]
+
+- name: Test community.general/issue/1058 GRANT with hyphen as an object
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_privs:
+    login_user: "{{ pg_user }}"
+    login_db: "{{ db_name }}"
+    roles: "{{ db_user3 }}"
+    objs: "test-role,{{ db_user2 }}"
+    type: "group"
+  register: result
+
+- assert:
+    that:
+    - result is changed
+    - result.queries == ["GRANT \"test-role\",\"{{ db_user2 }}\" TO \"{{ db_user3 }}\";"]
+
+- name: Test community.general/issue/1058 GRANT with hyphen as an object
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_privs:
+    login_user: "{{ pg_user }}"
+    login_db: "{{ db_name }}"
+    roles: "{{ db_user3 }}"
+    objs: "test-role"
+    type: "group"
+  register: result
+
+- assert:
+    that:
+    - result is not changed
+
 # Cleanup
 - name: Remove privs
  become: yes
@ -1425,10 +1516,13 @@
  become: yes
  become_user: "{{ pg_user }}"
  postgresql_user:
-    name: "{{ db_user3 }}"
+    name: "{{ item }}"
    state: absent
    db: "{{ db_name }}"
    login_user: "{{ pg_user }}"
+  loop:
+  - '{{ db_user3 }}'
+  - 'test-role'

 - name: Destroy DB
  become_user: "{{ pg_user }}"