1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

postgresql modules: improve trust_input parameter's documentation, improve CI tests (#309)

* postgresql modules: improve trust_input parameter's documentation, improve CI tests

* fix CI
This commit is contained in:
Andrew Klychkov 2020-05-09 09:25:12 +03:00 committed by GitHub
parent 85cbc27427
commit 55c1ece888
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 110 additions and 15 deletions

View file

@ -107,7 +107,9 @@ options:
type: str type: str
trust_input: trust_input:
description: description:
- If C(no), check whether values of some parameters are potentially dangerous. - If C(no), check whether values of parameters I(owner), I(conn_limit), I(encoding),
I(db), I(template), I(tablespace), I(session_role) are potentially dangerous.
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
type: bool type: bool
default: yes default: yes
seealso: seealso:

View file

@ -82,7 +82,9 @@ options:
type: str type: str
trust_input: trust_input:
description: description:
- If C(no), check whether values of some parameters are potentially dangerous. - If C(no), check whether values of parameters I(ext), I(schema),
I(version), I(session_role) are potentially dangerous.
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
type: bool type: bool
default: yes default: yes
seealso: seealso:

View file

@ -116,7 +116,10 @@ options:
default: no default: no
trust_input: trust_input:
description: description:
- If C(no), check whether values of some parameters are potentially dangerous. - If C(no), check whether values of parameters I(idxname), I(session_role),
I(schema), I(table), I(columns), I(tablespace), I(storage_params),
I(cond) are potentially dangerous.
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
type: bool type: bool
default: yes default: yes

View file

@ -73,7 +73,8 @@ options:
description: description:
- Switch to session_role after connecting. - Switch to session_role after connecting.
- The specified I(session_role) must be a role that the current I(login_user) is a member of. - The specified I(session_role) must be a role that the current I(login_user) is a member of.
- Permissions checking for SQL commands is carried out as though the I(session_role) were the one that had logged in originally. - Permissions checking for SQL commands is carried out as though the
I(session_role) were the one that had logged in originally.
type: str type: str
state: state:
description: description:
@ -106,7 +107,9 @@ options:
type: str type: str
trust_input: trust_input:
description: description:
- If C(no), check whether values of some parameters are potentially dangerous. - If C(no), check whether values of parameters I(lang), I(session_role),
I(owner) are potentially dangerous.
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
type: bool type: bool
default: yes default: yes
seealso: seealso:

View file

@ -74,7 +74,9 @@ options:
type: str type: str
trust_input: trust_input:
description: description:
- If C(no), check whether values of some parameters are potentially dangerous. - If C(no), check whether values of parameters I(groups),
I(target_roles), I(session_role) are potentially dangerous.
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
type: bool type: bool
default: yes default: yes
seealso: seealso:

View file

@ -72,7 +72,9 @@ options:
type: str type: str
trust_input: trust_input:
description: description:
- If C(no), check whether values of some parameters are potentially dangerous. - If C(no), check whether values of parameters I(new_owner), I(obj_name),
I(reassign_owned_by), I(session_role) are potentially dangerous.
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
type: bool type: bool
default: yes default: yes
seealso: seealso:

View file

@ -159,7 +159,9 @@ options:
- ssl_rootcert - ssl_rootcert
trust_input: trust_input:
description: description:
- If C(no), check whether values of some parameters are potentially dangerous. - If C(no), check whether values of parameters I(roles), I(target_roles), I(session_role),
I(schema) are potentially dangerous.
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
type: bool type: bool
default: yes default: yes

View file

@ -71,7 +71,9 @@ options:
type: str type: str
trust_input: trust_input:
description: description:
- If C(no), check whether values of some parameters are potentially dangerous. - If C(no), check whether values of parameters I(name), I(tables), I(owner),
I(session_role), I(params) are potentially dangerous.
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
type: bool type: bool
default: yes default: yes
notes: notes:

View file

@ -71,7 +71,8 @@ options:
aliases: [ ssl_rootcert ] aliases: [ ssl_rootcert ]
trust_input: trust_input:
description: description:
- If C(no), check whether values of some parameters are potentially dangerous. - If C(no), check whether values of parameters I(schema), I(owner), I(session_role) are potentially dangerous.
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
type: bool type: bool
default: yes default: yes
seealso: seealso:

View file

@ -137,7 +137,9 @@ options:
- login_db - login_db
trust_input: trust_input:
description: description:
- If C(no), check whether values of some parameters are potentially dangerous. - If C(no), check whether values of parameters I(sequence), I(schema), I(rename_to),
I(owner), I(newschema), I(session_role) are potentially dangerous.
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
type: bool type: bool
default: yes default: yes
notes: notes:

View file

@ -89,7 +89,9 @@ options:
type: str type: str
trust_input: trust_input:
description: description:
- If C(no), check whether values of some parameters are potentially dangerous. - If C(no), check whether values of parameters I(name), I(publications), I(owner),
I(session_role), I(connparams), I(subsparams) are potentially dangerous.
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
type: bool type: bool
default: yes default: yes

View file

@ -77,7 +77,9 @@ options:
- login_db - login_db
trust_input: trust_input:
description: description:
- If C(no), check whether values of some parameters are potentially dangerous. - If C(no), check whether values of parameters I(tablespace), I(location), I(owner),
I(rename_to), I(session_role), I(settings_list) are potentially dangerous.
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
type: bool type: bool
default: yes default: yes

View file

@ -149,7 +149,9 @@ options:
type: str type: str
trust_input: trust_input:
description: description:
- If C(no), check whether values of some parameters are potentially dangerous. - If C(no), check whether values of parameters I(name), I(password), I(privs), I(expires),
I(role_attr_flags), I(groups), I(comment), I(session_role) are potentially dangerous.
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
type: bool type: bool
default: yes default: yes
notes: notes:

View file

@ -96,6 +96,7 @@
type: table type: table
objs: test_view objs: test_view
roles: "{{ db_user2 }}" roles: "{{ db_user2 }}"
trust_input: no
register: result register: result
- assert: - assert:
@ -128,6 +129,7 @@
type: table type: table
objs: test_view objs: test_view
roles: "{{ db_user2 }}" roles: "{{ db_user2 }}"
trust_input: no
register: result register: result
- assert: - assert:
@ -182,6 +184,7 @@
objs: dummy objs: dummy
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
register: result register: result
ignore_errors: yes ignore_errors: yes
@ -215,6 +218,7 @@
objs: dummy objs: dummy
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
register: result register: result
ignore_errors: yes ignore_errors: yes
@ -233,6 +237,7 @@
objs: dummy objs: dummy
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
register: result register: result
ignore_errors: yes ignore_errors: yes
@ -266,6 +271,7 @@
objs: dummy objs: dummy
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
register: result register: result
ignore_errors: yes ignore_errors: yes
@ -284,6 +290,7 @@
objs: dummy_server objs: dummy_server
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
register: result register: result
ignore_errors: yes ignore_errors: yes
@ -317,6 +324,7 @@
objs: dummy_server objs: dummy_server
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
register: result register: result
ignore_errors: yes ignore_errors: yes
@ -335,6 +343,7 @@
objs: dummy_server objs: dummy_server
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
register: result register: result
ignore_errors: yes ignore_errors: yes
@ -368,6 +377,7 @@
objs: dummy_server objs: dummy_server
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
register: result register: result
ignore_errors: yes ignore_errors: yes
@ -416,6 +426,7 @@
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ db_user3 }}" login_user: "{{ db_user3 }}"
login_password: password login_password: password
trust_input: no
register: result register: result
ignore_errors: yes ignore_errors: yes
@ -444,6 +455,7 @@
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ db_user3 }}" login_user: "{{ db_user3 }}"
login_password: password login_password: password
trust_input: no
register: result register: result
ignore_errors: yes ignore_errors: yes
@ -463,6 +475,7 @@
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ db_user3 }}" login_user: "{{ db_user3 }}"
login_password: password login_password: password
trust_input: no
register: result register: result
ignore_errors: yes ignore_errors: yes
@ -482,6 +495,7 @@
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ db_user3 }}" login_user: "{{ db_user3 }}"
login_password: password login_password: password
trust_input: no
register: result register: result
ignore_errors: yes ignore_errors: yes
@ -525,6 +539,7 @@
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ db_user3 }}" login_user: "{{ db_user3 }}"
login_password: password login_password: password
trust_input: no
register: result register: result
ignore_errors: yes ignore_errors: yes
when: postgres_version_resp.stdout is version('10', '>=') when: postgres_version_resp.stdout is version('10', '>=')
@ -562,6 +577,7 @@
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ db_user3 }}" login_user: "{{ db_user3 }}"
login_password: password login_password: password
trust_input: no
register: result register: result
ignore_errors: yes ignore_errors: yes
when: postgres_version_resp.stdout is version('10', '>=') when: postgres_version_resp.stdout is version('10', '>=')
@ -601,6 +617,7 @@
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ db_user3 }}" login_user: "{{ db_user3 }}"
login_password: password login_password: password
trust_input: no
register: result register: result
ignore_errors: yes ignore_errors: yes
when: postgres_version_resp.stdout is version('10', '>=') when: postgres_version_resp.stdout is version('10', '>=')
@ -622,6 +639,7 @@
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ db_user3 }}" login_user: "{{ db_user3 }}"
login_password: password login_password: password
trust_input: no
register: result register: result
ignore_errors: yes ignore_errors: yes
when: postgres_version_resp.stdout is version('10', '>=') when: postgres_version_resp.stdout is version('10', '>=')
@ -661,6 +679,7 @@
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ db_user3 }}" login_user: "{{ db_user3 }}"
login_password: password login_password: password
trust_input: no
register: result register: result
ignore_errors: yes ignore_errors: yes
when: postgres_version_resp.stdout is version('10', '>=') when: postgres_version_resp.stdout is version('10', '>=')
@ -676,6 +695,7 @@
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ db_user3 }}" login_user: "{{ db_user3 }}"
login_password: password login_password: password
trust_input: no
ignore_errors: yes ignore_errors: yes
when: postgres_version_resp.stdout is version('10', '>=') when: postgres_version_resp.stdout is version('10', '>=')
@ -696,6 +716,7 @@
schema: pg_catalog schema: pg_catalog
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
register: result register: result
when: postgres_version_resp.stdout is version('10', '>=') when: postgres_version_resp.stdout is version('10', '>=')
@ -732,6 +753,7 @@
schema: pg_catalog schema: pg_catalog
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
register: result register: result
check_mode: yes check_mode: yes
when: postgres_version_resp.stdout is version('10', '>=') when: postgres_version_resp.stdout is version('10', '>=')
@ -769,6 +791,7 @@
schema: pg_catalog schema: pg_catalog
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
register: result register: result
when: postgres_version_resp.stdout is version('10', '>=') when: postgres_version_resp.stdout is version('10', '>=')
@ -805,6 +828,7 @@
schema: pg_catalog schema: pg_catalog
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
register: result register: result
check_mode: yes check_mode: yes
when: postgres_version_resp.stdout is version('10', '>=') when: postgres_version_resp.stdout is version('10', '>=')
@ -842,6 +866,7 @@
schema: pg_catalog schema: pg_catalog
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
register: result register: result
when: postgres_version_resp.stdout is version('10', '>=') when: postgres_version_resp.stdout is version('10', '>=')
@ -888,6 +913,7 @@
objs: compfoo objs: compfoo
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
register: result register: result
when: postgres_version_resp.stdout is version('10', '>=') when: postgres_version_resp.stdout is version('10', '>=')
@ -926,6 +952,7 @@
objs: compfoo objs: compfoo
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
when: postgres_version_resp.stdout is version('10', '>=') when: postgres_version_resp.stdout is version('10', '>=')
- name: Reassign ownership - name: Reassign ownership

View file

@ -116,6 +116,7 @@
objs: "test_table2" objs: "test_table2"
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
register: result register: result
- name: Check that ansible reports it changed the user - name: Check that ansible reports it changed the user
@ -144,6 +145,7 @@
objs: "test_table2,test_table1" objs: "test_table2,test_table1"
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
register: result register: result
- name: Check that ansible reports it changed the user - name: Check that ansible reports it changed the user
@ -179,6 +181,7 @@
objs: "{{ db_name }}" objs: "{{ db_name }}"
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
- name: Check that the user has the requested permissions (database) - name: Check that the user has the requested permissions (database)
become_user: "{{ pg_user }}" become_user: "{{ pg_user }}"
@ -202,6 +205,7 @@
objs: "{{ db_name }}" objs: "{{ db_name }}"
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
register: result register: result
- name: Check that ansible reports it changed the user - name: Check that ansible reports it changed the user
@ -230,6 +234,7 @@
objs: "test_table1" objs: "test_table1"
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
- name: Check that permissions were added (table1) - name: Check that permissions were added (table1)
become_user: "{{ pg_user }}" become_user: "{{ pg_user }}"
@ -252,6 +257,7 @@
objs: "test_table2,test_table1" objs: "test_table2,test_table1"
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
- name: Check that permissions were added (table1) - name: Check that permissions were added (table1)
become_user: "{{ pg_user }}" become_user: "{{ pg_user }}"
@ -307,6 +313,7 @@
objs: "test_table1" objs: "test_table1"
db: "{{ db_name }}" db: "{{ db_name }}"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
- name: Check that permissions were added (table1) - name: Check that permissions were added (table1)
become_user: "{{ pg_user }}" become_user: "{{ pg_user }}"
@ -334,6 +341,7 @@
objs: TABLES objs: TABLES
type: default_privs type: default_privs
target_roles: "{{ db_user_with_dots2 }}" target_roles: "{{ db_user_with_dots2 }}"
trust_input: no
# #
# Cleanup # Cleanup

View file

@ -64,6 +64,7 @@
postgresql_publication: postgresql_publication:
<<: *pg_parameters <<: *pg_parameters
name: '{{ test_pub }}' name: '{{ test_pub }}'
trust_input: no
check_mode: yes check_mode: yes
- assert: - assert:
@ -89,6 +90,7 @@
postgresql_publication: postgresql_publication:
<<: *pg_parameters <<: *pg_parameters
name: '{{ test_pub }}' name: '{{ test_pub }}'
trust_input: no
- assert: - assert:
that: that:
@ -120,6 +122,7 @@
<<: *pg_parameters <<: *pg_parameters
name: '{{ test_pub }}' name: '{{ test_pub }}'
state: absent state: absent
trust_input: no
check_mode: yes check_mode: yes
- assert: - assert:
@ -179,9 +182,9 @@
tables: tables:
- '{{ test_table1 }}' - '{{ test_table1 }}'
- '{{ test_schema }}.{{ test_table2 }}' - '{{ test_schema }}.{{ test_table2 }}'
trust_input: yes
parameters: parameters:
publish: 'insert' publish: 'insert'
trust_input: no
- assert: - assert:
that: that:
@ -254,6 +257,7 @@
- '{{ test_table1 }}' - '{{ test_table1 }}'
- '{{ test_schema }}.{{ test_table2 }}' - '{{ test_schema }}.{{ test_table2 }}'
- '{{ test_table3 }}' - '{{ test_table3 }}'
trust_input: no
check_mode: yes check_mode: yes
- assert: - assert:
@ -297,6 +301,7 @@
- '{{ test_table1 }}' - '{{ test_table1 }}'
- '{{ test_schema }}.{{ test_table2 }}' - '{{ test_schema }}.{{ test_table2 }}'
- '{{ test_table3 }}' - '{{ test_table3 }}'
trust_input: no
- assert: - assert:
that: that:
@ -338,6 +343,7 @@
- '{{ test_schema }}.{{ test_table2 }}' - '{{ test_schema }}.{{ test_table2 }}'
parameters: parameters:
publish: 'insert' publish: 'insert'
trust_input: no
check_mode: yes check_mode: yes
- assert: - assert:
@ -379,6 +385,7 @@
- '{{ test_schema }}.{{ test_table2 }}' - '{{ test_schema }}.{{ test_table2 }}'
parameters: parameters:
publish: 'delete' publish: 'delete'
trust_input: no
- assert: - assert:
that: that:

View file

@ -41,6 +41,7 @@
user: '{{ replication_role }}' user: '{{ replication_role }}'
password: '{{ replication_pass }}' password: '{{ replication_pass }}'
dbname: '{{ test_db }}' dbname: '{{ test_db }}'
trust_input: no
- assert: - assert:
that: that:
@ -82,6 +83,7 @@
login_port: '{{ replica_port }}' login_port: '{{ replica_port }}'
name: '{{ test_subscription }}' name: '{{ test_subscription }}'
state: absent state: absent
trust_input: no
check_mode: yes check_mode: yes
- assert: - assert:
@ -145,6 +147,7 @@
user: '{{ replication_role }}' user: '{{ replication_role }}'
password: '{{ replication_pass }}' password: '{{ replication_pass }}'
dbname: '{{ test_db }}' dbname: '{{ test_db }}'
trust_input: no
- assert: - assert:
that: that:
@ -160,6 +163,7 @@
state: present state: present
publications: '{{ test_pub }}' publications: '{{ test_pub }}'
owner: '{{ test_role1 }}' owner: '{{ test_role1 }}'
trust_input: no
- assert: - assert:
that: that:
@ -190,6 +194,7 @@
state: present state: present
publications: '{{ test_pub }}' publications: '{{ test_pub }}'
owner: '{{ test_role2 }}' owner: '{{ test_role2 }}'
trust_input: no
check_mode: yes check_mode: yes
- assert: - assert:
@ -222,6 +227,7 @@
state: present state: present
publications: '{{ test_pub }}' publications: '{{ test_pub }}'
owner: '{{ test_role2 }}' owner: '{{ test_role2 }}'
trust_input: no
- assert: - assert:
that: that:
@ -284,6 +290,7 @@
name: '{{ test_subscription }}' name: '{{ test_subscription }}'
state: absent state: absent
cascade: yes cascade: yes
trust_input: no
check_mode: yes check_mode: yes
- assert: - assert:
@ -350,6 +357,7 @@
subsparams: subsparams:
enabled: no enabled: no
synchronous_commit: no synchronous_commit: no
trust_input: no
- assert: - assert:
that: that:
@ -383,6 +391,7 @@
subsparams: subsparams:
enabled: yes enabled: yes
synchronous_commit: yes synchronous_commit: yes
trust_input: no
- assert: - assert:
that: that:
@ -416,6 +425,7 @@
subsparams: subsparams:
enabled: yes enabled: yes
synchronous_commit: yes synchronous_commit: yes
trust_input: no
- assert: - assert:
that: that:
@ -441,6 +451,7 @@
publications: publications:
- '{{ test_pub }}' - '{{ test_pub }}'
- '{{ test_pub2 }}' - '{{ test_pub2 }}'
trust_input: no
check_mode: yes check_mode: yes
- assert: - assert:
@ -474,6 +485,7 @@
publications: publications:
- '{{ test_pub }}' - '{{ test_pub }}'
- '{{ test_pub2 }}' - '{{ test_pub2 }}'
trust_input: no
- assert: - assert:
that: that:
@ -506,6 +518,7 @@
publications: publications:
- '{{ test_pub }}' - '{{ test_pub }}'
- '{{ test_pub2 }}' - '{{ test_pub2 }}'
trust_input: no
- assert: - assert:
that: that:
@ -546,6 +559,7 @@
password: '{{ replication_pass }}' password: '{{ replication_pass }}'
dbname: '{{ test_db }}' dbname: '{{ test_db }}'
connect_timeout: '{{ conn_timeout }}' connect_timeout: '{{ conn_timeout }}'
trust_input: no
check_mode: yes check_mode: yes
- assert: - assert:
@ -569,6 +583,7 @@
password: '{{ replication_pass }}' password: '{{ replication_pass }}'
dbname: '{{ test_db }}' dbname: '{{ test_db }}'
connect_timeout: '{{ conn_timeout }}' connect_timeout: '{{ conn_timeout }}'
trust_input: no
- assert: - assert:
that: that:
@ -602,6 +617,7 @@
password: '{{ replication_pass }}' password: '{{ replication_pass }}'
dbname: '{{ test_db }}' dbname: '{{ test_db }}'
connect_timeout: '{{ conn_timeout }}' connect_timeout: '{{ conn_timeout }}'
trust_input: no
- assert: - assert:
that: that:

View file

@ -28,6 +28,7 @@
postgresql_user: postgresql_user:
<<: *pg_parameters <<: *pg_parameters
name: '{{ test_user }}' name: '{{ test_user }}'
trust_input: no
- assert: - assert:
that: that:
@ -96,6 +97,7 @@
<<: *pg_parameters <<: *pg_parameters
name: '{{ test_user }}' name: '{{ test_user }}'
comment: '{{ test_comment1 }}' comment: '{{ test_comment1 }}'
trust_input: no
- assert: - assert:
that: that:
@ -346,6 +348,7 @@
<<: *pg_parameters <<: *pg_parameters
name: '{{ test_user }}' name: '{{ test_user }}'
expires: 'Jan 31 2020' expires: 'Jan 31 2020'
trust_input: no
- assert: - assert:
that: that:
@ -397,6 +400,7 @@
<<: *pg_parameters <<: *pg_parameters
name: '{{ test_user }}' name: '{{ test_user }}'
role_attr_flags: CREATEROLE,CREATEDB role_attr_flags: CREATEROLE,CREATEDB
trust_input: no
- assert: - assert:
that: that:
@ -516,6 +520,7 @@
<<: *pg_parameters <<: *pg_parameters
name: '{{ test_user }}' name: '{{ test_user }}'
priv: '{{ test_table }}:SELECT' priv: '{{ test_table }}:SELECT'
trust_input: no
- assert: - assert:
that: that:
@ -643,6 +648,7 @@
name: '{{ test_group1 }}' name: '{{ test_group1 }}'
groups: '{{ test_group2 }}' groups: '{{ test_group2 }}'
role_attr_flags: NOLOGIN role_attr_flags: NOLOGIN
trust_input: no
- assert: - assert:
that: that:
@ -700,6 +706,7 @@
groups: groups:
- '{{ test_group1 }}' - '{{ test_group1 }}'
- '{{ test_group2 }}' - '{{ test_group2 }}'
trust_input: no
- assert: - assert:
that: that:

View file

@ -50,6 +50,7 @@
password: "password" password: "password"
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE" role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
login_user: "{{ pg_user }}" login_user: "{{ pg_user }}"
trust_input: no
db: postgres db: postgres
- name: Create db - name: Create db
@ -80,6 +81,7 @@
login_user: "{{ db_user1 }}" login_user: "{{ db_user1 }}"
login_password: "password" login_password: "password"
login_host: "localhost" login_host: "localhost"
trust_input: no
- name: Check that it was created - name: Check that it was created
become: yes become: yes
@ -123,6 +125,7 @@
login_user: "{{ db_user1 }}" login_user: "{{ db_user1 }}"
login_password: "password" login_password: "password"
login_host: "localhost" login_host: "localhost"
trust_input: no
- name: Check that they were removed - name: Check that they were removed
become: yes become: yes