mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
(postgresql_user changing role_attr_flags with no_password_checks fails)
This commit is contained in:
parent
6fae1d2bbf
commit
499d3a1b53
2 changed files with 107 additions and 0 deletions
|
@ -3,5 +3,6 @@
|
|||
db_name: 'ansible_db'
|
||||
db_user1: 'ansible_db_user1'
|
||||
db_user2: 'ansible_db_user2'
|
||||
db_user3: 'ansible_db_user3'
|
||||
|
||||
tmp_dir: '/tmp'
|
||||
|
|
|
@ -374,6 +374,112 @@
|
|||
that:
|
||||
- "result.stdout_lines[-1] == '(0 rows)'"
|
||||
|
||||
# Test cases to replicate issue 19835
|
||||
- name: Create a user "{{ db_user3 }}" to test issue 19835
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_user:
|
||||
name: "{{ db_user3 }}"
|
||||
encrypted: 'yes'
|
||||
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
|
||||
login_user: "{{ pg_user }}"
|
||||
#role_attr_flags: "NOSUPERUSER,NOCREATEROLE,NOCREATEDB,noinherit,NOLOGIN"
|
||||
db: postgres
|
||||
register: result
|
||||
|
||||
- name: Check that ansible reports that "{{ db_user3 }}" was created for testing issue 19835
|
||||
assert:
|
||||
that:
|
||||
- "result.changed == True"
|
||||
|
||||
- name: debug result
|
||||
debug:
|
||||
var: result
|
||||
|
||||
- name: Check that "{{ db_user3 }}" was created for testing issue 19835
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select * from pg_user where usename='{{ db_user3 }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result.stdout_lines[-1] == '(1 row)'"
|
||||
|
||||
- name: Modify user "{{ db_user3 }}" to have only login role attributes for testing issue 19835
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_user:
|
||||
name: "{{ db_user3 }}"
|
||||
state: "present"
|
||||
role_attr_flags: "NOSUPERUSER,NOCREATEROLE,NOCREATEDB,noinherit"
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
register: result
|
||||
|
||||
- name: Check that ansible reports it modified the roles for testing issue 19835
|
||||
assert:
|
||||
that:
|
||||
- "result.changed == True"
|
||||
|
||||
- name: Check that the user "{{ db_user3 }}" has the requested role attributes for testing issue 19835
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user3 }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- name: Modify a single role attribute on the user "{{ db_user3 }}" with no_password_changes set to yes. issue 19835
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_user:
|
||||
name: "{{ db_user3 }}"
|
||||
state: "present"
|
||||
role_attr_flags: "CREATEDB"
|
||||
no_password_changes: yes
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
register: result
|
||||
|
||||
- name: Check that ansible reports it modified the role with no_password_changes set to yes. issue 19835
|
||||
assert:
|
||||
that:
|
||||
- "result.changed == True"
|
||||
|
||||
- name: Check that the user "{{ db_user3 }}" has the requested role attributes with no_password_changes set to yes. issue 19835
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user3 }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- name: Assert that the request role attributes check for user "{{ db_user3 }}" was correct with no_password_changes set to yes. issue 19835
|
||||
assert:
|
||||
that:
|
||||
- "result.stdout_lines[-1] == '(1 row)'"
|
||||
- "'super:f' in result.stdout_lines[-2]"
|
||||
- "'createrole:f' in result.stdout_lines[-2]"
|
||||
- "'create:t' in result.stdout_lines[-2]"
|
||||
- "'inherit:f' in result.stdout_lines[-2]"
|
||||
- "'login:t' in result.stdout_lines[-2]"
|
||||
|
||||
- name: Cleanup the "{{ db_user3 }}" user
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
postgresql_user:
|
||||
name: "{{ db_user3 }}"
|
||||
state: 'absent'
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
|
||||
- name: Check that "{{ db_user3 }}" was removed
|
||||
become_user: "{{ pg_user }}"
|
||||
become: True
|
||||
shell: echo "select * from pg_user where usename='{{ db_user3 }}';" | psql -d postgres
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "result.stdout_lines[-1] == '(0 rows)'"
|
||||
|
||||
### TODO: test expires, fail_on_user
|
||||
|
||||
#
|
||||
|
|
Loading…
Reference in a new issue