1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

postgresql_idx: add trust_input parameter (#264)

* postgresql_idx: add trust_input parameter

* add changelog fragment
This commit is contained in:
Andrew Klychkov 2020-05-05 16:33:06 +03:00 committed by GitHub
parent 2bc89b56e8
commit 4c14956280
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 71 additions and 15 deletions

View file

@ -0,0 +1,2 @@
minor_changes:
- postgresql_idx - add the ``trust_input`` parameter (https://github.com/ansible-collections/community.general/pull/264).

View file

@ -114,6 +114,11 @@ options:
- Mutually exclusive with I(concurrent=yes) - Mutually exclusive with I(concurrent=yes)
type: bool type: bool
default: no default: no
trust_input:
description:
- If C(no), check whether values of some parameters are potentially dangerous.
type: bool
default: yes
seealso: seealso:
- module: postgresql_table - module: postgresql_table
@ -258,6 +263,7 @@ except ImportError:
pass pass
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
from ansible_collections.community.general.plugins.module_utils.database import check_input
from ansible_collections.community.general.plugins.module_utils.postgres import ( from ansible_collections.community.general.plugins.module_utils.postgres import (
connect_to_db, connect_to_db,
exec_sql, exec_sql,
@ -360,7 +366,8 @@ class Index(object):
self.exists = False self.exists = False
return False return False
def create(self, tblname, idxtype, columns, cond, tblspace, storage_params, concurrent=True, unique=False): def create(self, tblname, idxtype, columns, cond, tblspace,
storage_params, concurrent=True, unique=False):
"""Create PostgreSQL index. """Create PostgreSQL index.
Return True if success, otherwise, return False. Return True if success, otherwise, return False.
@ -391,12 +398,9 @@ class Index(object):
if concurrent: if concurrent:
query += ' CONCURRENTLY' query += ' CONCURRENTLY'
query += ' %s' % self.name query += ' "%s"' % self.name
if self.schema: query += ' ON "%s"."%s" ' % (self.schema, tblname)
query += ' ON %s.%s ' % (self.schema, tblname)
else:
query += 'public.%s ' % tblname
query += 'USING %s (%s)' % (idxtype, columns) query += 'USING %s (%s)' % (idxtype, columns)
@ -404,7 +408,7 @@ class Index(object):
query += ' WITH (%s)' % storage_params query += ' WITH (%s)' % storage_params
if tblspace: if tblspace:
query += ' TABLESPACE %s' % tblspace query += ' TABLESPACE "%s"' % tblspace
if cond: if cond:
query += ' WHERE %s' % cond query += ' WHERE %s' % cond
@ -438,9 +442,9 @@ class Index(object):
query += ' CONCURRENTLY' query += ' CONCURRENTLY'
if not schema: if not schema:
query += ' public.%s' % self.name query += ' "public"."%s"' % self.name
else: else:
query += ' %s.%s' % (schema, self.name) query += ' "%s"."%s"' % (schema, self.name)
if cascade: if cascade:
query += ' CASCADE' query += ' CASCADE'
@ -475,6 +479,7 @@ def main():
storage_params=dict(type='list', elements='str'), storage_params=dict(type='list', elements='str'),
cascade=dict(type='bool', default=False), cascade=dict(type='bool', default=False),
schema=dict(type='str'), schema=dict(type='str'),
trust_input=dict(type='bool', default=True),
) )
module = AnsibleModule( module = AnsibleModule(
argument_spec=argument_spec, argument_spec=argument_spec,
@ -493,6 +498,13 @@ def main():
storage_params = module.params["storage_params"] storage_params = module.params["storage_params"]
cascade = module.params["cascade"] cascade = module.params["cascade"]
schema = module.params["schema"] schema = module.params["schema"]
session_role = module.params["session_role"]
trust_input = module.params["trust_input"]
if not trust_input:
# Check input for potentially dangerous elements:
check_input(module, idxname, session_role, schema, table, columns,
tablespace, storage_params, cond)
if concurrent and cascade: if concurrent and cascade:
module.fail_json(msg="Concurrent mode and cascade parameters are mutually exclusive") module.fail_json(msg="Concurrent mode and cascade parameters are mutually exclusive")

View file

@ -3,17 +3,20 @@
become: true become: true
shell: psql postgres -U "{{ pg_user }}" -t -c "CREATE TABLE test_table (id int, story text);" shell: psql postgres -U "{{ pg_user }}" -t -c "CREATE TABLE test_table (id int, story text);"
ignore_errors: true ignore_errors: true
- name: postgresql_idx - drop test tablespace called ssd if exists - name: postgresql_idx - drop test tablespace called ssd if exists
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
shell: psql postgres -U "{{ pg_user }}" -t -c "DROP TABLESPACE IF EXISTS ssd;" shell: psql postgres -U "{{ pg_user }}" -t -c "DROP TABLESPACE IF EXISTS ssd;"
ignore_errors: true ignore_errors: true
- name: postgresql_idx - drop dir for test tablespace - name: postgresql_idx - drop dir for test tablespace
become: true become: true
file: file:
path: /mnt/ssd path: /mnt/ssd
state: absent state: absent
ignore_errors: true ignore_errors: true
- name: postgresql_idx - create dir for test tablespace - name: postgresql_idx - create dir for test tablespace
become: true become: true
file: file:
@ -22,22 +25,26 @@
owner: '{{ pg_user }}' owner: '{{ pg_user }}'
mode: '0755' mode: '0755'
ignore_errors: true ignore_errors: true
- name: postgresql_idx - create test tablespace called ssd - name: postgresql_idx - create test tablespace called ssd
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
shell: psql postgres -U "{{ pg_user }}" -t -c "CREATE TABLESPACE ssd LOCATION '/mnt/ssd';" shell: psql postgres -U "{{ pg_user }}" -t -c "CREATE TABLESPACE ssd LOCATION '/mnt/ssd';"
ignore_errors: true ignore_errors: true
register: tablespace register: tablespace
- name: postgresql_idx - create test schema - name: postgresql_idx - create test schema
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
shell: psql postgres -U "{{ pg_user }}" -t -c "CREATE SCHEMA foo;" shell: psql postgres -U "{{ pg_user }}" -t -c "CREATE SCHEMA foo;"
ignore_errors: true ignore_errors: true
- name: postgresql_idx - create table in non-default schema - name: postgresql_idx - create table in non-default schema
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
shell: psql postgres -U "{{ pg_user }}" -t -c "CREATE TABLE foo.foo_table (id int, story text);" shell: psql postgres -U "{{ pg_user }}" -t -c "CREATE TABLE foo.foo_table (id int, story text);"
ignore_errors: true ignore_errors: true
- name: postgresql_idx - create btree index in check_mode - name: postgresql_idx - create btree index in check_mode
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -50,6 +57,7 @@
check_mode: true check_mode: true
register: result register: result
ignore_errors: true ignore_errors: true
- assert: - assert:
that: that:
- result is changed - result is changed
@ -61,6 +69,7 @@
- result.storage_params == [] - result.storage_params == []
- result.schema == '' - result.schema == ''
- result.query == '' - result.query == ''
- name: postgresql_idx - check nothing changed after the previous step - name: postgresql_idx - check nothing changed after the previous step
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -69,9 +78,11 @@
login_user: '{{ pg_user }}' login_user: '{{ pg_user }}'
query: SELECT 1 FROM pg_indexes WHERE indexname = 'test0_idx' query: SELECT 1 FROM pg_indexes WHERE indexname = 'test0_idx'
register: result register: result
- assert: - assert:
that: that:
- result.rowcount == 0 - result.rowcount == 0
- name: postgresql_idx - create btree index concurrently - name: postgresql_idx - create btree index concurrently
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -81,8 +92,10 @@
table: test_table table: test_table
columns: id, story columns: id, story
idxname: test0_idx idxname: test0_idx
trust_input: no
register: result register: result
ignore_errors: true ignore_errors: true
- assert: - assert:
that: that:
- result is changed - result is changed
@ -93,7 +106,8 @@
- result.tblspace == '' - result.tblspace == ''
- result.storage_params == [] - result.storage_params == []
- result.schema == 'public' - result.schema == 'public'
- result.query == 'CREATE INDEX CONCURRENTLY test0_idx ON public.test_table USING BTREE (id, story)' - result.query == 'CREATE INDEX CONCURRENTLY "test0_idx" ON "public"."test_table" USING BTREE (id, story)'
- name: postgresql_idx - check the index exists after the previous step - name: postgresql_idx - check the index exists after the previous step
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -102,9 +116,11 @@
login_user: '{{ pg_user }}' login_user: '{{ pg_user }}'
query: SELECT 1 FROM pg_indexes WHERE indexname = 'test0_idx' query: SELECT 1 FROM pg_indexes WHERE indexname = 'test0_idx'
register: result register: result
- assert: - assert:
that: that:
- result.rowcount == 1 - result.rowcount == 1
- name: postgresql_idx - try to create existing index again - name: postgresql_idx - try to create existing index again
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -116,6 +132,7 @@
idxname: test0_idx idxname: test0_idx
register: result register: result
ignore_errors: true ignore_errors: true
- assert: - assert:
that: that:
- result is not changed - result is not changed
@ -127,6 +144,7 @@
- result.storage_params == [] - result.storage_params == []
- result.schema == 'public' - result.schema == 'public'
- result.query == '' - result.query == ''
- name: postgresql_idx - create btree index - non-default schema, tablespace, storage parameter - name: postgresql_idx - create btree index - non-default schema, tablespace, storage parameter
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -141,9 +159,11 @@
idxname: foo_test_idx idxname: foo_test_idx
tablespace: ssd tablespace: ssd
storage_params: fillfactor=90 storage_params: fillfactor=90
trust_input: no
register: result register: result
ignore_errors: true ignore_errors: true
when: tablespace.rc == 0 when: tablespace.rc == 0
- assert: - assert:
that: that:
- result is changed - result is changed
@ -154,8 +174,9 @@
- result.tblspace == 'ssd' - result.tblspace == 'ssd'
- result.storage_params == [ "fillfactor=90" ] - result.storage_params == [ "fillfactor=90" ]
- result.schema == 'foo' - result.schema == 'foo'
- result.query == 'CREATE INDEX CONCURRENTLY foo_test_idx ON foo.foo_table USING BTREE (id,story) WITH (fillfactor=90) TABLESPACE ssd' - result.query == 'CREATE INDEX CONCURRENTLY "foo_test_idx" ON "foo"."foo_table" USING BTREE (id,story) WITH (fillfactor=90) TABLESPACE "ssd"'
when: tablespace.rc == 0 when: tablespace.rc == 0
- name: postgresql_idx - create brin index not concurrently - name: postgresql_idx - create brin index not concurrently
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -169,8 +190,10 @@
columns: id columns: id
idxname: test_brin_idx idxname: test_brin_idx
concurrent: false concurrent: false
trust_input: no
register: result register: result
ignore_errors: true ignore_errors: true
- assert: - assert:
that: that:
- result is changed - result is changed
@ -181,8 +204,9 @@
- result.tblspace == '' - result.tblspace == ''
- result.storage_params == [] - result.storage_params == []
- result.schema == 'public' - result.schema == 'public'
- result.query == 'CREATE INDEX test_brin_idx ON public.test_table USING brin (id)' - result.query == 'CREATE INDEX "test_brin_idx" ON "public"."test_table" USING brin (id)'
when: postgres_version_resp.stdout is version('9.5', '>=') when: postgres_version_resp.stdout is version('9.5', '>=')
- name: postgresql_idx - create index with condition - name: postgresql_idx - create index with condition
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -193,8 +217,10 @@
columns: id columns: id
idxname: test1_idx idxname: test1_idx
cond: id > 1 AND id != 10 cond: id > 1 AND id != 10
trust_input: no
register: result register: result
ignore_errors: true ignore_errors: true
- assert: - assert:
that: that:
- result is changed - result is changed
@ -205,7 +231,8 @@
- result.tblspace == '' - result.tblspace == ''
- result.storage_params == [] - result.storage_params == []
- result.schema == 'public' - result.schema == 'public'
- result.query == 'CREATE INDEX CONCURRENTLY test1_idx ON public.test_table USING BTREE (id) WHERE id > 1 AND id != 10' - result.query == 'CREATE INDEX CONCURRENTLY "test1_idx" ON "public"."test_table" USING BTREE (id) WHERE id > 1 AND id != 10'
- name: postgresql_idx - create unique index - name: postgresql_idx - create unique index
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -216,8 +243,10 @@
columns: story columns: story
idxname: test_unique0_idx idxname: test_unique0_idx
unique: true unique: true
trust_input: no
register: result register: result
ignore_errors: true ignore_errors: true
- assert: - assert:
that: that:
- result is changed - result is changed
@ -228,7 +257,8 @@
- result.tblspace == '' - result.tblspace == ''
- result.storage_params == [] - result.storage_params == []
- result.schema == 'public' - result.schema == 'public'
- result.query == 'CREATE UNIQUE INDEX CONCURRENTLY test_unique0_idx ON public.test_table USING BTREE (story)' - result.query == 'CREATE UNIQUE INDEX CONCURRENTLY "test_unique0_idx" ON "public"."test_table" USING BTREE (story)'
- name: postgresql_idx - avoid unique index with type different of btree - name: postgresql_idx - avoid unique index with type different of btree
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -243,10 +273,12 @@
type: brin type: brin
register: result register: result
ignore_errors: true ignore_errors: true
- assert: - assert:
that: that:
- result is not changed - result is not changed
- result.msg == 'Only btree currently supports unique indexes' - result.msg == 'Only btree currently supports unique indexes'
- name: postgresql_idx - drop index from specific schema cascade in check_mode - name: postgresql_idx - drop index from specific schema cascade in check_mode
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -258,10 +290,12 @@
cascade: true cascade: true
state: absent state: absent
concurrent: false concurrent: false
trust_input: yes
check_mode: true check_mode: true
register: result register: result
ignore_errors: true ignore_errors: true
when: tablespace.rc == 0 when: tablespace.rc == 0
- assert: - assert:
that: that:
- result is changed - result is changed
@ -270,6 +304,7 @@
- result.schema == 'foo' - result.schema == 'foo'
- result.query == '' - result.query == ''
when: tablespace.rc == 0 when: tablespace.rc == 0
- name: postgresql_idx - check the index exists after the previous step - name: postgresql_idx - check the index exists after the previous step
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -279,10 +314,12 @@
query: SELECT 1 FROM pg_indexes WHERE indexname = 'foo_test_idx' AND schemaname = 'foo' query: SELECT 1 FROM pg_indexes WHERE indexname = 'foo_test_idx' AND schemaname = 'foo'
register: result register: result
when: tablespace.rc == 0 when: tablespace.rc == 0
- assert: - assert:
that: that:
- result.rowcount == 1 - result.rowcount == 1
when: tablespace.rc == 0 when: tablespace.rc == 0
- name: postgresql_idx - drop index from specific schema cascade - name: postgresql_idx - drop index from specific schema cascade
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -297,14 +334,16 @@
register: result register: result
ignore_errors: true ignore_errors: true
when: tablespace.rc == 0 when: tablespace.rc == 0
- assert: - assert:
that: that:
- result is changed - result is changed
- result.name == 'foo_test_idx' - result.name == 'foo_test_idx'
- result.state == 'absent' - result.state == 'absent'
- result.schema == 'foo' - result.schema == 'foo'
- result.query == 'DROP INDEX foo.foo_test_idx CASCADE' - result.query == 'DROP INDEX "foo"."foo_test_idx" CASCADE'
when: tablespace.rc == 0 when: tablespace.rc == 0
- name: postgresql_idx - check the index doesn't exist after the previous step - name: postgresql_idx - check the index doesn't exist after the previous step
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -314,10 +353,12 @@
query: SELECT 1 FROM pg_indexes WHERE indexname = 'foo_test_idx' and schemaname = 'foo' query: SELECT 1 FROM pg_indexes WHERE indexname = 'foo_test_idx' and schemaname = 'foo'
register: result register: result
when: tablespace.rc == 0 when: tablespace.rc == 0
- assert: - assert:
that: that:
- result.rowcount == 0 - result.rowcount == 0
when: tablespace.rc == 0 when: tablespace.rc == 0
- name: postgresql_idx - try to drop not existing index - name: postgresql_idx - try to drop not existing index
become_user: '{{ pg_user }}' become_user: '{{ pg_user }}'
become: true become: true
@ -329,6 +370,7 @@
state: absent state: absent
register: result register: result
ignore_errors: true ignore_errors: true
- assert: - assert:
that: that:
- result is not changed - result is not changed