mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
postgresql modules: improve trust_input parameter's documentation, improve CI tests (#309)
* postgresql modules: improve trust_input parameter's documentation, improve CI tests * fix CI
This commit is contained in:
parent
85cbc27427
commit
55c1ece888
19 changed files with 110 additions and 15 deletions
|
@ -107,7 +107,9 @@ options:
|
||||||
type: str
|
type: str
|
||||||
trust_input:
|
trust_input:
|
||||||
description:
|
description:
|
||||||
- If C(no), check whether values of some parameters are potentially dangerous.
|
- If C(no), check whether values of parameters I(owner), I(conn_limit), I(encoding),
|
||||||
|
I(db), I(template), I(tablespace), I(session_role) are potentially dangerous.
|
||||||
|
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
|
||||||
type: bool
|
type: bool
|
||||||
default: yes
|
default: yes
|
||||||
seealso:
|
seealso:
|
||||||
|
|
|
@ -82,7 +82,9 @@ options:
|
||||||
type: str
|
type: str
|
||||||
trust_input:
|
trust_input:
|
||||||
description:
|
description:
|
||||||
- If C(no), check whether values of some parameters are potentially dangerous.
|
- If C(no), check whether values of parameters I(ext), I(schema),
|
||||||
|
I(version), I(session_role) are potentially dangerous.
|
||||||
|
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
|
||||||
type: bool
|
type: bool
|
||||||
default: yes
|
default: yes
|
||||||
seealso:
|
seealso:
|
||||||
|
|
|
@ -116,7 +116,10 @@ options:
|
||||||
default: no
|
default: no
|
||||||
trust_input:
|
trust_input:
|
||||||
description:
|
description:
|
||||||
- If C(no), check whether values of some parameters are potentially dangerous.
|
- If C(no), check whether values of parameters I(idxname), I(session_role),
|
||||||
|
I(schema), I(table), I(columns), I(tablespace), I(storage_params),
|
||||||
|
I(cond) are potentially dangerous.
|
||||||
|
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
|
||||||
type: bool
|
type: bool
|
||||||
default: yes
|
default: yes
|
||||||
|
|
||||||
|
|
|
@ -73,7 +73,8 @@ options:
|
||||||
description:
|
description:
|
||||||
- Switch to session_role after connecting.
|
- Switch to session_role after connecting.
|
||||||
- The specified I(session_role) must be a role that the current I(login_user) is a member of.
|
- The specified I(session_role) must be a role that the current I(login_user) is a member of.
|
||||||
- Permissions checking for SQL commands is carried out as though the I(session_role) were the one that had logged in originally.
|
- Permissions checking for SQL commands is carried out as though the
|
||||||
|
I(session_role) were the one that had logged in originally.
|
||||||
type: str
|
type: str
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
|
@ -106,7 +107,9 @@ options:
|
||||||
type: str
|
type: str
|
||||||
trust_input:
|
trust_input:
|
||||||
description:
|
description:
|
||||||
- If C(no), check whether values of some parameters are potentially dangerous.
|
- If C(no), check whether values of parameters I(lang), I(session_role),
|
||||||
|
I(owner) are potentially dangerous.
|
||||||
|
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
|
||||||
type: bool
|
type: bool
|
||||||
default: yes
|
default: yes
|
||||||
seealso:
|
seealso:
|
||||||
|
|
|
@ -74,7 +74,9 @@ options:
|
||||||
type: str
|
type: str
|
||||||
trust_input:
|
trust_input:
|
||||||
description:
|
description:
|
||||||
- If C(no), check whether values of some parameters are potentially dangerous.
|
- If C(no), check whether values of parameters I(groups),
|
||||||
|
I(target_roles), I(session_role) are potentially dangerous.
|
||||||
|
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
|
||||||
type: bool
|
type: bool
|
||||||
default: yes
|
default: yes
|
||||||
seealso:
|
seealso:
|
||||||
|
|
|
@ -72,7 +72,9 @@ options:
|
||||||
type: str
|
type: str
|
||||||
trust_input:
|
trust_input:
|
||||||
description:
|
description:
|
||||||
- If C(no), check whether values of some parameters are potentially dangerous.
|
- If C(no), check whether values of parameters I(new_owner), I(obj_name),
|
||||||
|
I(reassign_owned_by), I(session_role) are potentially dangerous.
|
||||||
|
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
|
||||||
type: bool
|
type: bool
|
||||||
default: yes
|
default: yes
|
||||||
seealso:
|
seealso:
|
||||||
|
|
|
@ -159,7 +159,9 @@ options:
|
||||||
- ssl_rootcert
|
- ssl_rootcert
|
||||||
trust_input:
|
trust_input:
|
||||||
description:
|
description:
|
||||||
- If C(no), check whether values of some parameters are potentially dangerous.
|
- If C(no), check whether values of parameters I(roles), I(target_roles), I(session_role),
|
||||||
|
I(schema) are potentially dangerous.
|
||||||
|
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
|
||||||
type: bool
|
type: bool
|
||||||
default: yes
|
default: yes
|
||||||
|
|
||||||
|
|
|
@ -71,7 +71,9 @@ options:
|
||||||
type: str
|
type: str
|
||||||
trust_input:
|
trust_input:
|
||||||
description:
|
description:
|
||||||
- If C(no), check whether values of some parameters are potentially dangerous.
|
- If C(no), check whether values of parameters I(name), I(tables), I(owner),
|
||||||
|
I(session_role), I(params) are potentially dangerous.
|
||||||
|
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
|
||||||
type: bool
|
type: bool
|
||||||
default: yes
|
default: yes
|
||||||
notes:
|
notes:
|
||||||
|
|
|
@ -71,7 +71,8 @@ options:
|
||||||
aliases: [ ssl_rootcert ]
|
aliases: [ ssl_rootcert ]
|
||||||
trust_input:
|
trust_input:
|
||||||
description:
|
description:
|
||||||
- If C(no), check whether values of some parameters are potentially dangerous.
|
- If C(no), check whether values of parameters I(schema), I(owner), I(session_role) are potentially dangerous.
|
||||||
|
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
|
||||||
type: bool
|
type: bool
|
||||||
default: yes
|
default: yes
|
||||||
seealso:
|
seealso:
|
||||||
|
|
|
@ -137,7 +137,9 @@ options:
|
||||||
- login_db
|
- login_db
|
||||||
trust_input:
|
trust_input:
|
||||||
description:
|
description:
|
||||||
- If C(no), check whether values of some parameters are potentially dangerous.
|
- If C(no), check whether values of parameters I(sequence), I(schema), I(rename_to),
|
||||||
|
I(owner), I(newschema), I(session_role) are potentially dangerous.
|
||||||
|
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
|
||||||
type: bool
|
type: bool
|
||||||
default: yes
|
default: yes
|
||||||
notes:
|
notes:
|
||||||
|
|
|
@ -89,7 +89,9 @@ options:
|
||||||
type: str
|
type: str
|
||||||
trust_input:
|
trust_input:
|
||||||
description:
|
description:
|
||||||
- If C(no), check whether values of some parameters are potentially dangerous.
|
- If C(no), check whether values of parameters I(name), I(publications), I(owner),
|
||||||
|
I(session_role), I(connparams), I(subsparams) are potentially dangerous.
|
||||||
|
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
|
||||||
type: bool
|
type: bool
|
||||||
default: yes
|
default: yes
|
||||||
|
|
||||||
|
|
|
@ -77,7 +77,9 @@ options:
|
||||||
- login_db
|
- login_db
|
||||||
trust_input:
|
trust_input:
|
||||||
description:
|
description:
|
||||||
- If C(no), check whether values of some parameters are potentially dangerous.
|
- If C(no), check whether values of parameters I(tablespace), I(location), I(owner),
|
||||||
|
I(rename_to), I(session_role), I(settings_list) are potentially dangerous.
|
||||||
|
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
|
||||||
type: bool
|
type: bool
|
||||||
default: yes
|
default: yes
|
||||||
|
|
||||||
|
|
|
@ -149,7 +149,9 @@ options:
|
||||||
type: str
|
type: str
|
||||||
trust_input:
|
trust_input:
|
||||||
description:
|
description:
|
||||||
- If C(no), check whether values of some parameters are potentially dangerous.
|
- If C(no), check whether values of parameters I(name), I(password), I(privs), I(expires),
|
||||||
|
I(role_attr_flags), I(groups), I(comment), I(session_role) are potentially dangerous.
|
||||||
|
- It makes sense to use C(yes) only when SQL injections via the parameters are possible.
|
||||||
type: bool
|
type: bool
|
||||||
default: yes
|
default: yes
|
||||||
notes:
|
notes:
|
||||||
|
|
|
@ -96,6 +96,7 @@
|
||||||
type: table
|
type: table
|
||||||
objs: test_view
|
objs: test_view
|
||||||
roles: "{{ db_user2 }}"
|
roles: "{{ db_user2 }}"
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
|
@ -128,6 +129,7 @@
|
||||||
type: table
|
type: table
|
||||||
objs: test_view
|
objs: test_view
|
||||||
roles: "{{ db_user2 }}"
|
roles: "{{ db_user2 }}"
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
|
@ -182,6 +184,7 @@
|
||||||
objs: dummy
|
objs: dummy
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
|
|
||||||
|
@ -215,6 +218,7 @@
|
||||||
objs: dummy
|
objs: dummy
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
|
|
||||||
|
@ -233,6 +237,7 @@
|
||||||
objs: dummy
|
objs: dummy
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
|
|
||||||
|
@ -266,6 +271,7 @@
|
||||||
objs: dummy
|
objs: dummy
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
|
|
||||||
|
@ -284,6 +290,7 @@
|
||||||
objs: dummy_server
|
objs: dummy_server
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
|
|
||||||
|
@ -317,6 +324,7 @@
|
||||||
objs: dummy_server
|
objs: dummy_server
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
|
|
||||||
|
@ -335,6 +343,7 @@
|
||||||
objs: dummy_server
|
objs: dummy_server
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
|
|
||||||
|
@ -368,6 +377,7 @@
|
||||||
objs: dummy_server
|
objs: dummy_server
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
|
|
||||||
|
@ -416,6 +426,7 @@
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ db_user3 }}"
|
login_user: "{{ db_user3 }}"
|
||||||
login_password: password
|
login_password: password
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
|
|
||||||
|
@ -444,6 +455,7 @@
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ db_user3 }}"
|
login_user: "{{ db_user3 }}"
|
||||||
login_password: password
|
login_password: password
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
|
|
||||||
|
@ -463,6 +475,7 @@
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ db_user3 }}"
|
login_user: "{{ db_user3 }}"
|
||||||
login_password: password
|
login_password: password
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
|
|
||||||
|
@ -482,6 +495,7 @@
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ db_user3 }}"
|
login_user: "{{ db_user3 }}"
|
||||||
login_password: password
|
login_password: password
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
|
|
||||||
|
@ -525,6 +539,7 @@
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ db_user3 }}"
|
login_user: "{{ db_user3 }}"
|
||||||
login_password: password
|
login_password: password
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
when: postgres_version_resp.stdout is version('10', '>=')
|
when: postgres_version_resp.stdout is version('10', '>=')
|
||||||
|
@ -562,6 +577,7 @@
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ db_user3 }}"
|
login_user: "{{ db_user3 }}"
|
||||||
login_password: password
|
login_password: password
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
when: postgres_version_resp.stdout is version('10', '>=')
|
when: postgres_version_resp.stdout is version('10', '>=')
|
||||||
|
@ -601,6 +617,7 @@
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ db_user3 }}"
|
login_user: "{{ db_user3 }}"
|
||||||
login_password: password
|
login_password: password
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
when: postgres_version_resp.stdout is version('10', '>=')
|
when: postgres_version_resp.stdout is version('10', '>=')
|
||||||
|
@ -622,6 +639,7 @@
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ db_user3 }}"
|
login_user: "{{ db_user3 }}"
|
||||||
login_password: password
|
login_password: password
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
when: postgres_version_resp.stdout is version('10', '>=')
|
when: postgres_version_resp.stdout is version('10', '>=')
|
||||||
|
@ -661,6 +679,7 @@
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ db_user3 }}"
|
login_user: "{{ db_user3 }}"
|
||||||
login_password: password
|
login_password: password
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
when: postgres_version_resp.stdout is version('10', '>=')
|
when: postgres_version_resp.stdout is version('10', '>=')
|
||||||
|
@ -676,6 +695,7 @@
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ db_user3 }}"
|
login_user: "{{ db_user3 }}"
|
||||||
login_password: password
|
login_password: password
|
||||||
|
trust_input: no
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
when: postgres_version_resp.stdout is version('10', '>=')
|
when: postgres_version_resp.stdout is version('10', '>=')
|
||||||
|
|
||||||
|
@ -696,6 +716,7 @@
|
||||||
schema: pg_catalog
|
schema: pg_catalog
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
when: postgres_version_resp.stdout is version('10', '>=')
|
when: postgres_version_resp.stdout is version('10', '>=')
|
||||||
|
|
||||||
|
@ -732,6 +753,7 @@
|
||||||
schema: pg_catalog
|
schema: pg_catalog
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
check_mode: yes
|
check_mode: yes
|
||||||
when: postgres_version_resp.stdout is version('10', '>=')
|
when: postgres_version_resp.stdout is version('10', '>=')
|
||||||
|
@ -769,6 +791,7 @@
|
||||||
schema: pg_catalog
|
schema: pg_catalog
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
when: postgres_version_resp.stdout is version('10', '>=')
|
when: postgres_version_resp.stdout is version('10', '>=')
|
||||||
|
|
||||||
|
@ -805,6 +828,7 @@
|
||||||
schema: pg_catalog
|
schema: pg_catalog
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
check_mode: yes
|
check_mode: yes
|
||||||
when: postgres_version_resp.stdout is version('10', '>=')
|
when: postgres_version_resp.stdout is version('10', '>=')
|
||||||
|
@ -842,6 +866,7 @@
|
||||||
schema: pg_catalog
|
schema: pg_catalog
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
when: postgres_version_resp.stdout is version('10', '>=')
|
when: postgres_version_resp.stdout is version('10', '>=')
|
||||||
|
|
||||||
|
@ -888,6 +913,7 @@
|
||||||
objs: compfoo
|
objs: compfoo
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
when: postgres_version_resp.stdout is version('10', '>=')
|
when: postgres_version_resp.stdout is version('10', '>=')
|
||||||
|
|
||||||
|
@ -926,6 +952,7 @@
|
||||||
objs: compfoo
|
objs: compfoo
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
when: postgres_version_resp.stdout is version('10', '>=')
|
when: postgres_version_resp.stdout is version('10', '>=')
|
||||||
|
|
||||||
- name: Reassign ownership
|
- name: Reassign ownership
|
||||||
|
|
|
@ -116,6 +116,7 @@
|
||||||
objs: "test_table2"
|
objs: "test_table2"
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
|
|
||||||
- name: Check that ansible reports it changed the user
|
- name: Check that ansible reports it changed the user
|
||||||
|
@ -144,6 +145,7 @@
|
||||||
objs: "test_table2,test_table1"
|
objs: "test_table2,test_table1"
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
|
|
||||||
- name: Check that ansible reports it changed the user
|
- name: Check that ansible reports it changed the user
|
||||||
|
@ -179,6 +181,7 @@
|
||||||
objs: "{{ db_name }}"
|
objs: "{{ db_name }}"
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- name: Check that the user has the requested permissions (database)
|
- name: Check that the user has the requested permissions (database)
|
||||||
become_user: "{{ pg_user }}"
|
become_user: "{{ pg_user }}"
|
||||||
|
@ -202,6 +205,7 @@
|
||||||
objs: "{{ db_name }}"
|
objs: "{{ db_name }}"
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
register: result
|
register: result
|
||||||
|
|
||||||
- name: Check that ansible reports it changed the user
|
- name: Check that ansible reports it changed the user
|
||||||
|
@ -230,6 +234,7 @@
|
||||||
objs: "test_table1"
|
objs: "test_table1"
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- name: Check that permissions were added (table1)
|
- name: Check that permissions were added (table1)
|
||||||
become_user: "{{ pg_user }}"
|
become_user: "{{ pg_user }}"
|
||||||
|
@ -252,6 +257,7 @@
|
||||||
objs: "test_table2,test_table1"
|
objs: "test_table2,test_table1"
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- name: Check that permissions were added (table1)
|
- name: Check that permissions were added (table1)
|
||||||
become_user: "{{ pg_user }}"
|
become_user: "{{ pg_user }}"
|
||||||
|
@ -307,6 +313,7 @@
|
||||||
objs: "test_table1"
|
objs: "test_table1"
|
||||||
db: "{{ db_name }}"
|
db: "{{ db_name }}"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- name: Check that permissions were added (table1)
|
- name: Check that permissions were added (table1)
|
||||||
become_user: "{{ pg_user }}"
|
become_user: "{{ pg_user }}"
|
||||||
|
@ -334,6 +341,7 @@
|
||||||
objs: TABLES
|
objs: TABLES
|
||||||
type: default_privs
|
type: default_privs
|
||||||
target_roles: "{{ db_user_with_dots2 }}"
|
target_roles: "{{ db_user_with_dots2 }}"
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
#
|
#
|
||||||
# Cleanup
|
# Cleanup
|
||||||
|
|
|
@ -64,6 +64,7 @@
|
||||||
postgresql_publication:
|
postgresql_publication:
|
||||||
<<: *pg_parameters
|
<<: *pg_parameters
|
||||||
name: '{{ test_pub }}'
|
name: '{{ test_pub }}'
|
||||||
|
trust_input: no
|
||||||
check_mode: yes
|
check_mode: yes
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
|
@ -89,6 +90,7 @@
|
||||||
postgresql_publication:
|
postgresql_publication:
|
||||||
<<: *pg_parameters
|
<<: *pg_parameters
|
||||||
name: '{{ test_pub }}'
|
name: '{{ test_pub }}'
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
@ -120,6 +122,7 @@
|
||||||
<<: *pg_parameters
|
<<: *pg_parameters
|
||||||
name: '{{ test_pub }}'
|
name: '{{ test_pub }}'
|
||||||
state: absent
|
state: absent
|
||||||
|
trust_input: no
|
||||||
check_mode: yes
|
check_mode: yes
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
|
@ -179,9 +182,9 @@
|
||||||
tables:
|
tables:
|
||||||
- '{{ test_table1 }}'
|
- '{{ test_table1 }}'
|
||||||
- '{{ test_schema }}.{{ test_table2 }}'
|
- '{{ test_schema }}.{{ test_table2 }}'
|
||||||
trust_input: yes
|
|
||||||
parameters:
|
parameters:
|
||||||
publish: 'insert'
|
publish: 'insert'
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
@ -254,6 +257,7 @@
|
||||||
- '{{ test_table1 }}'
|
- '{{ test_table1 }}'
|
||||||
- '{{ test_schema }}.{{ test_table2 }}'
|
- '{{ test_schema }}.{{ test_table2 }}'
|
||||||
- '{{ test_table3 }}'
|
- '{{ test_table3 }}'
|
||||||
|
trust_input: no
|
||||||
check_mode: yes
|
check_mode: yes
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
|
@ -297,6 +301,7 @@
|
||||||
- '{{ test_table1 }}'
|
- '{{ test_table1 }}'
|
||||||
- '{{ test_schema }}.{{ test_table2 }}'
|
- '{{ test_schema }}.{{ test_table2 }}'
|
||||||
- '{{ test_table3 }}'
|
- '{{ test_table3 }}'
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
@ -338,6 +343,7 @@
|
||||||
- '{{ test_schema }}.{{ test_table2 }}'
|
- '{{ test_schema }}.{{ test_table2 }}'
|
||||||
parameters:
|
parameters:
|
||||||
publish: 'insert'
|
publish: 'insert'
|
||||||
|
trust_input: no
|
||||||
check_mode: yes
|
check_mode: yes
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
|
@ -379,6 +385,7 @@
|
||||||
- '{{ test_schema }}.{{ test_table2 }}'
|
- '{{ test_schema }}.{{ test_table2 }}'
|
||||||
parameters:
|
parameters:
|
||||||
publish: 'delete'
|
publish: 'delete'
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
|
|
@ -41,6 +41,7 @@
|
||||||
user: '{{ replication_role }}'
|
user: '{{ replication_role }}'
|
||||||
password: '{{ replication_pass }}'
|
password: '{{ replication_pass }}'
|
||||||
dbname: '{{ test_db }}'
|
dbname: '{{ test_db }}'
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
@ -82,6 +83,7 @@
|
||||||
login_port: '{{ replica_port }}'
|
login_port: '{{ replica_port }}'
|
||||||
name: '{{ test_subscription }}'
|
name: '{{ test_subscription }}'
|
||||||
state: absent
|
state: absent
|
||||||
|
trust_input: no
|
||||||
check_mode: yes
|
check_mode: yes
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
|
@ -145,6 +147,7 @@
|
||||||
user: '{{ replication_role }}'
|
user: '{{ replication_role }}'
|
||||||
password: '{{ replication_pass }}'
|
password: '{{ replication_pass }}'
|
||||||
dbname: '{{ test_db }}'
|
dbname: '{{ test_db }}'
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
@ -160,6 +163,7 @@
|
||||||
state: present
|
state: present
|
||||||
publications: '{{ test_pub }}'
|
publications: '{{ test_pub }}'
|
||||||
owner: '{{ test_role1 }}'
|
owner: '{{ test_role1 }}'
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
@ -190,6 +194,7 @@
|
||||||
state: present
|
state: present
|
||||||
publications: '{{ test_pub }}'
|
publications: '{{ test_pub }}'
|
||||||
owner: '{{ test_role2 }}'
|
owner: '{{ test_role2 }}'
|
||||||
|
trust_input: no
|
||||||
check_mode: yes
|
check_mode: yes
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
|
@ -222,6 +227,7 @@
|
||||||
state: present
|
state: present
|
||||||
publications: '{{ test_pub }}'
|
publications: '{{ test_pub }}'
|
||||||
owner: '{{ test_role2 }}'
|
owner: '{{ test_role2 }}'
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
@ -284,6 +290,7 @@
|
||||||
name: '{{ test_subscription }}'
|
name: '{{ test_subscription }}'
|
||||||
state: absent
|
state: absent
|
||||||
cascade: yes
|
cascade: yes
|
||||||
|
trust_input: no
|
||||||
check_mode: yes
|
check_mode: yes
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
|
@ -350,6 +357,7 @@
|
||||||
subsparams:
|
subsparams:
|
||||||
enabled: no
|
enabled: no
|
||||||
synchronous_commit: no
|
synchronous_commit: no
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
@ -383,6 +391,7 @@
|
||||||
subsparams:
|
subsparams:
|
||||||
enabled: yes
|
enabled: yes
|
||||||
synchronous_commit: yes
|
synchronous_commit: yes
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
@ -416,6 +425,7 @@
|
||||||
subsparams:
|
subsparams:
|
||||||
enabled: yes
|
enabled: yes
|
||||||
synchronous_commit: yes
|
synchronous_commit: yes
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
@ -441,6 +451,7 @@
|
||||||
publications:
|
publications:
|
||||||
- '{{ test_pub }}'
|
- '{{ test_pub }}'
|
||||||
- '{{ test_pub2 }}'
|
- '{{ test_pub2 }}'
|
||||||
|
trust_input: no
|
||||||
check_mode: yes
|
check_mode: yes
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
|
@ -474,6 +485,7 @@
|
||||||
publications:
|
publications:
|
||||||
- '{{ test_pub }}'
|
- '{{ test_pub }}'
|
||||||
- '{{ test_pub2 }}'
|
- '{{ test_pub2 }}'
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
@ -506,6 +518,7 @@
|
||||||
publications:
|
publications:
|
||||||
- '{{ test_pub }}'
|
- '{{ test_pub }}'
|
||||||
- '{{ test_pub2 }}'
|
- '{{ test_pub2 }}'
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
@ -546,6 +559,7 @@
|
||||||
password: '{{ replication_pass }}'
|
password: '{{ replication_pass }}'
|
||||||
dbname: '{{ test_db }}'
|
dbname: '{{ test_db }}'
|
||||||
connect_timeout: '{{ conn_timeout }}'
|
connect_timeout: '{{ conn_timeout }}'
|
||||||
|
trust_input: no
|
||||||
check_mode: yes
|
check_mode: yes
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
|
@ -569,6 +583,7 @@
|
||||||
password: '{{ replication_pass }}'
|
password: '{{ replication_pass }}'
|
||||||
dbname: '{{ test_db }}'
|
dbname: '{{ test_db }}'
|
||||||
connect_timeout: '{{ conn_timeout }}'
|
connect_timeout: '{{ conn_timeout }}'
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
@ -602,6 +617,7 @@
|
||||||
password: '{{ replication_pass }}'
|
password: '{{ replication_pass }}'
|
||||||
dbname: '{{ test_db }}'
|
dbname: '{{ test_db }}'
|
||||||
connect_timeout: '{{ conn_timeout }}'
|
connect_timeout: '{{ conn_timeout }}'
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
|
|
@ -28,6 +28,7 @@
|
||||||
postgresql_user:
|
postgresql_user:
|
||||||
<<: *pg_parameters
|
<<: *pg_parameters
|
||||||
name: '{{ test_user }}'
|
name: '{{ test_user }}'
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
@ -96,6 +97,7 @@
|
||||||
<<: *pg_parameters
|
<<: *pg_parameters
|
||||||
name: '{{ test_user }}'
|
name: '{{ test_user }}'
|
||||||
comment: '{{ test_comment1 }}'
|
comment: '{{ test_comment1 }}'
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
@ -346,6 +348,7 @@
|
||||||
<<: *pg_parameters
|
<<: *pg_parameters
|
||||||
name: '{{ test_user }}'
|
name: '{{ test_user }}'
|
||||||
expires: 'Jan 31 2020'
|
expires: 'Jan 31 2020'
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
@ -397,6 +400,7 @@
|
||||||
<<: *pg_parameters
|
<<: *pg_parameters
|
||||||
name: '{{ test_user }}'
|
name: '{{ test_user }}'
|
||||||
role_attr_flags: CREATEROLE,CREATEDB
|
role_attr_flags: CREATEROLE,CREATEDB
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
@ -516,6 +520,7 @@
|
||||||
<<: *pg_parameters
|
<<: *pg_parameters
|
||||||
name: '{{ test_user }}'
|
name: '{{ test_user }}'
|
||||||
priv: '{{ test_table }}:SELECT'
|
priv: '{{ test_table }}:SELECT'
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
@ -643,6 +648,7 @@
|
||||||
name: '{{ test_group1 }}'
|
name: '{{ test_group1 }}'
|
||||||
groups: '{{ test_group2 }}'
|
groups: '{{ test_group2 }}'
|
||||||
role_attr_flags: NOLOGIN
|
role_attr_flags: NOLOGIN
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
@ -700,6 +706,7 @@
|
||||||
groups:
|
groups:
|
||||||
- '{{ test_group1 }}'
|
- '{{ test_group1 }}'
|
||||||
- '{{ test_group2 }}'
|
- '{{ test_group2 }}'
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
|
|
@ -50,6 +50,7 @@
|
||||||
password: "password"
|
password: "password"
|
||||||
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
|
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
|
||||||
login_user: "{{ pg_user }}"
|
login_user: "{{ pg_user }}"
|
||||||
|
trust_input: no
|
||||||
db: postgres
|
db: postgres
|
||||||
|
|
||||||
- name: Create db
|
- name: Create db
|
||||||
|
@ -80,6 +81,7 @@
|
||||||
login_user: "{{ db_user1 }}"
|
login_user: "{{ db_user1 }}"
|
||||||
login_password: "password"
|
login_password: "password"
|
||||||
login_host: "localhost"
|
login_host: "localhost"
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- name: Check that it was created
|
- name: Check that it was created
|
||||||
become: yes
|
become: yes
|
||||||
|
@ -123,6 +125,7 @@
|
||||||
login_user: "{{ db_user1 }}"
|
login_user: "{{ db_user1 }}"
|
||||||
login_password: "password"
|
login_password: "password"
|
||||||
login_host: "localhost"
|
login_host: "localhost"
|
||||||
|
trust_input: no
|
||||||
|
|
||||||
- name: Check that they were removed
|
- name: Check that they were removed
|
||||||
become: yes
|
become: yes
|
||||||
|
|
Loading…
Reference in a new issue