ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

postgresql_owner: add trust_input parameter (#198)

Browse source 
* postgresql_owner: add trust_input parameter, allow to pass values containing dots to some parameters

* add changelog fragment

* fix CI

* fix CI
This commit is contained in:
Andrew Klychkov 2020-04-28 10:42:08 +03:00 committed by GitHub
parent da4e5d3592
commit 5febbca503
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 194 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/198-postgresql_owner_add_trust_input_parameter.yml Normal file
View file

@ -0,0 +1,2 @@
minor_changes:
- postgresql_owner - add the ``trust_input`` parameter (https://github.com/ansible-collections/community.general/pull/198).

49
plugins/modules/database/postgresql/postgresql_owner.py
View file

@ -70,6 +70,11 @@ options:
- Permissions checking for SQL commands is carried out as though
the session_role were the one that had logged in originally.
type: str
trust_input:
description:
- If C(no), check whether values of some parameters are potentially dangerous.
type: bool
default: yes
seealso:
- module: postgresql_user
- module: postgresql_privs
@ -147,7 +152,10 @@ except ImportError:
pass
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.community.general.plugins.module_utils.database import pg_quote_identifier
from ansible_collections.community.general.plugins.module_utils.database import (
check_input,
pg_quote_identifier,
)
from ansible_collections.community.general.plugins.module_utils.postgres import (
connect_to_db,
exec_sql,
@ -218,7 +226,7 @@ class PgOwnership(object):
roles = []
for r in old_owners:
if self.check_role_exists(r, fail_on_role):
roles.append(pg_quote_identifier(r, 'role'))
roles.append('"%s"' % r)
# Roles do not exist, nothing to do, exit:
if not roles:
@ -228,7 +236,7 @@ class PgOwnership(object):
query = ['REASSIGN OWNED BY']
query.append(old_owners)
query.append('TO %s' % pg_quote_identifier(self.role, 'role'))
query.append('TO "%s"' % self.role)
query = ' '.join(query)
self.changed = exec_sql(self, query, return_bool=True)
@ -323,50 +331,47 @@ class PgOwnership(object):
def __set_db_owner(self):
"""Set the database owner."""
query = "ALTER DATABASE %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'database'),
pg_quote_identifier(self.role, 'role'))
query = 'ALTER DATABASE "%s" OWNER TO "%s"' % (self.obj_name, self.role)
self.changed = exec_sql(self, query, return_bool=True)
def __set_func_owner(self):
"""Set the function owner."""
query = "ALTER FUNCTION %s OWNER TO %s" % (self.obj_name,
pg_quote_identifier(self.role, 'role'))
query = 'ALTER FUNCTION %s OWNER TO "%s"' % (self.obj_name, self.role)
self.changed = exec_sql(self, query, return_bool=True)
def __set_seq_owner(self):
"""Set the sequence owner."""
query = "ALTER SEQUENCE %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'table'),
pg_quote_identifier(self.role, 'role'))
query = 'ALTER SEQUENCE %s OWNER TO "%s"' % (pg_quote_identifier(self.obj_name, 'table'),
self.role)
self.changed = exec_sql(self, query, return_bool=True)
def __set_schema_owner(self):
"""Set the schema owner."""
query = "ALTER SCHEMA %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'schema'),
pg_quote_identifier(self.role, 'role'))
query = 'ALTER SCHEMA %s OWNER TO "%s"' % (pg_quote_identifier(self.obj_name, 'schema'),
self.role)
self.changed = exec_sql(self, query, return_bool=True)
def __set_table_owner(self):
"""Set the table owner."""
query = "ALTER TABLE %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'table'),
pg_quote_identifier(self.role, 'role'))
query = 'ALTER TABLE %s OWNER TO "%s"' % (pg_quote_identifier(self.obj_name, 'table'),
self.role)
self.changed = exec_sql(self, query, return_bool=True)
def __set_tablespace_owner(self):
"""Set the tablespace owner."""
query = "ALTER TABLESPACE %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'database'),
pg_quote_identifier(self.role, 'role'))
query = 'ALTER TABLESPACE "%s" OWNER TO "%s"' % (self.obj_name, self.role)
self.changed = exec_sql(self, query, return_bool=True)
def __set_view_owner(self):
"""Set the view owner."""
query = "ALTER VIEW %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'table'),
pg_quote_identifier(self.role, 'role'))
query = 'ALTER VIEW %s OWNER TO "%s"' % (pg_quote_identifier(self.obj_name, 'table'),
self.role)
self.changed = exec_sql(self, query, return_bool=True)
def __set_mat_view_owner(self):
"""Set the materialized view owner."""
query = "ALTER MATERIALIZED VIEW %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'table'),
pg_quote_identifier(self.role, 'role'))
query = 'ALTER MATERIALIZED VIEW %s OWNER TO "%s"' % (pg_quote_identifier(self.obj_name, 'table'),
self.role)
self.changed = exec_sql(self, query, return_bool=True)
def __role_exists(self, role):
@ -392,6 +397,7 @@ def main():
fail_on_role=dict(type='bool', default=True),
db=dict(type='str', aliases=['login_db']),
session_role=dict(type='str'),
trust_input=dict(type='bool', default=True),
)
module = AnsibleModule(
argument_spec=argument_spec,
@ -409,6 +415,11 @@ def main():
obj_type = module.params['obj_type']
reassign_owned_by = module.params['reassign_owned_by']
fail_on_role = module.params['fail_on_role']
session_role = module.params['session_role']
trust_input = module.params['trust_input']
if not trust_input:
# Check input for potentially dangerous elements:
check_input(module, new_owner, obj_name, reassign_owned_by, session_role)
conn_params = get_conn_params(module, module.params)
db_connection = connect_to_db(module, conn_params, autocommit=False)

2
tests/integration/targets/postgresql_owner/defaults/main.yml
View file

@ -1 +1,3 @@
test_tablespace_path: "/ssd"
dangerous_name: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'

160
tests/integration/targets/postgresql_owner/tasks/postgresql_owner_initial.yml
View file

@ -9,12 +9,14 @@
with_items:
- alice
- bob
- name: postgresql_owner - create test database
become_user: '{{ pg_user }}'
become: true
postgresql_db:
login_user: '{{ pg_user }}'
db: acme
- name: postgresql_owner - create test table
become_user: '{{ pg_user }}'
become: true
@ -22,6 +24,7 @@
login_user: '{{ pg_user }}'
db: acme
query: CREATE TABLE my_table (id int)
- name: postgresql_owner - set owner
become_user: '{{ pg_user }}'
become: true
@ -31,6 +34,7 @@
new_owner: bob
obj_name: my_table
obj_type: table
- name: postgresql_owner - create test sequence
become_user: '{{ pg_user }}'
become: true
@ -38,6 +42,7 @@
login_user: '{{ pg_user }}'
db: acme
query: CREATE SEQUENCE test_seq
- name: postgresql_owner - create test function
become_user: '{{ pg_user }}'
become: true
@ -45,6 +50,7 @@
login_user: '{{ pg_user }}'
db: acme
query: CREATE FUNCTION increment(integer) RETURNS integer AS 'select $1 + 1;' LANGUAGE SQL IMMUTABLE RETURNS NULL ON NULL INPUT;
- name: postgresql_owner - create test schema
become_user: '{{ pg_user }}'
become: true
@ -52,6 +58,7 @@
login_user: '{{ pg_user }}'
db: acme
query: CREATE SCHEMA test_schema
- name: postgresql_owner - create test view
become_user: '{{ pg_user }}'
become: true
@ -59,6 +66,7 @@
login_user: '{{ pg_user }}'
db: acme
query: CREATE VIEW test_view AS SELECT * FROM my_table
- name: postgresql_owner - create test materialized view
become_user: '{{ pg_user }}'
become: true
@ -67,16 +75,19 @@
db: acme
query: CREATE MATERIALIZED VIEW test_mat_view AS SELECT * FROM my_table
when: postgres_version_resp.stdout is version('9.4', '>=')
- name: postgresql_owner - drop dir for test tablespace
become: true
file:
path: '{{ test_tablespace_path }}'
state: absent
ignore_errors: true
- name: postgresql_owner - disable selinux
become: true
shell: setenforce 0
ignore_errors: true
- name: postgresql_owner - create dir for test tablespace
become: true
file:
@ -86,6 +97,7 @@
group: '{{ pg_user }}'
mode: '0700'
ignore_errors: true
- name: postgresql_owner - create a new tablespace called acme and set bob as an its owner
become_user: '{{ pg_user }}'
become: true
@ -95,6 +107,7 @@
name: acme
owner: alice
location: '{{ test_tablespace_path }}'
- name: postgresql_owner - reassign_owned_by to non existent user
become_user: '{{ pg_user }}'
become: true
@ -105,9 +118,11 @@
reassign_owned_by: bob
register: result
ignore_errors: true
- assert:
that:
- result.failed == true
- name: postgresql_owner - reassign_owned_by, check fail_on_role
become_user: '{{ pg_user }}'
become: true
@ -118,9 +133,11 @@
reassign_owned_by: non_existent
fail_on_role: false
register: result
- assert:
that:
- result.failed == false
- name: postgresql_owner - reassign_owned_by in check_mode
become_user: '{{ pg_user }}'
become: true
@ -131,10 +148,12 @@
reassign_owned_by: bob
check_mode: true
register: result
- assert:
that:
- result is changed
- result.queries == ['REASSIGN OWNED BY "bob" TO "alice"']
- name: postgresql_owner - check that nothing changed after the previous step
become_user: '{{ pg_user }}'
become: true
@ -144,9 +163,11 @@
query: SELECT 1 FROM pg_tables WHERE tablename = 'my_table' AND tableowner = 'alice'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 0
- name: postgresql_owner - reassign_owned_by
become_user: '{{ pg_user }}'
become: true
@ -155,11 +176,14 @@
db: acme
new_owner: alice
reassign_owned_by: bob
trust_input: yes
register: result
- assert:
that:
- result is changed
- result.queries == ['REASSIGN OWNED BY "bob" TO "alice"']
- name: postgresql_owner - check that ownership has been changed after the previous step
become_user: '{{ pg_user }}'
become: true
@ -169,9 +193,48 @@
query: SELECT 1 FROM pg_tables WHERE tablename = 'my_table' AND tableowner = 'alice'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 1
###########################
# Test trust_inpt parameter
- name: postgresql_owner - reassign_owned_by, trust_input no
become_user: '{{ pg_user }}'
become: true
postgresql_owner:
login_user: '{{ pg_user }}'
db: acme
new_owner: '{{ dangerous_name }}'
reassign_owned_by: alice
trust_input: no
register: result
ignore_errors: yes
- assert:
that:
- result is failed
- result.msg == 'Passed input \'{{ dangerous_name }}\' is potentially dangerous'
- name: postgresql_owner - reassign_owned_by, trust_input yes by default
become_user: '{{ pg_user }}'
become: true
postgresql_owner:
login_user: '{{ pg_user }}'
db: acme
new_owner: '{{ dangerous_name }}'
reassign_owned_by: alice
register: result
ignore_errors: yes
- assert:
that:
- result is not changed
- result.msg is search('does not exist')
# End of testing trust_input
- name: postgresql_owner - set db owner in check_mode
become_user: '{{ pg_user }}'
become: true
@ -183,10 +246,12 @@
obj_type: database
check_mode: true
register: result
- assert:
that:
- result is changed
- result.queries == ['ALTER DATABASE "acme" OWNER TO "bob"']
- name: postgresql_owner - check that nothing changed after the previous step
become_user: '{{ pg_user }}'
become: true
@ -196,9 +261,11 @@
query: SELECT 1 FROM pg_database AS d JOIN pg_roles AS r ON d.datdba = r.oid WHERE d.datname = 'acme' AND r.rolname = 'bob'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 0
- name: postgresql_owner - set db owner
become_user: '{{ pg_user }}'
become: true
@ -209,10 +276,12 @@
obj_name: acme
obj_type: database
register: result
- assert:
that:
- result is changed
- result.queries == ['ALTER DATABASE "acme" OWNER TO "bob"']
- name: postgresql_owner - check that db owner has been changed after the previous step
become_user: '{{ pg_user }}'
become: true
@ -222,9 +291,11 @@
query: SELECT 1 FROM pg_database AS d JOIN pg_roles AS r ON d.datdba = r.oid WHERE d.datname = 'acme' AND r.rolname = 'bob'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 1
- name: postgresql_owner - set db owner again
become_user: '{{ pg_user }}'
become: true
@ -235,10 +306,12 @@
obj_name: acme
obj_type: database
register: result
- assert:
that:
- result is not changed
- result.queries == []
- name: postgresql_owner - check that db owner is bob
become_user: '{{ pg_user }}'
become: true
@ -248,9 +321,11 @@
query: SELECT 1 FROM pg_database AS d JOIN pg_roles AS r ON d.datdba = r.oid WHERE d.datname = 'acme' AND r.rolname = 'bob'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 1
- name: postgresql_owner - set table owner in check_mode
become_user: '{{ pg_user }}'
become: true
@ -262,10 +337,12 @@
obj_type: table
check_mode: true
register: result
- assert:
that:
- result is changed
- result.queries == ['ALTER TABLE "my_table" OWNER TO "bob"']
- name: postgresql_owner - check that nothing changed after the previous step
become_user: '{{ pg_user }}'
become: true
@ -275,9 +352,11 @@
query: SELECT 1 FROM pg_tables WHERE tablename = 'my_table' AND tableowner = 'bob'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 0
- name: postgresql_owner - set db owner
become_user: '{{ pg_user }}'
become: true
@ -288,10 +367,12 @@
obj_name: my_table
obj_type: table
register: result
- assert:
that:
- result is changed
- result.queries == ['ALTER TABLE "my_table" OWNER TO "bob"']
- name: postgresql_owner - check that table owner has been changed after the previous step
become_user: '{{ pg_user }}'
become: true
@ -301,9 +382,11 @@
query: SELECT 1 FROM pg_tables WHERE tablename = 'my_table' AND tableowner = 'bob'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 1
- name: postgresql_owner - set db owner again
become_user: '{{ pg_user }}'
become: true
@ -314,10 +397,12 @@
obj_name: my_table
obj_type: table
register: result
- assert:
that:
- result is not changed
- result.queries == []
- name: postgresql_owner - check that table owner is bob
become_user: '{{ pg_user }}'
become: true
@ -327,9 +412,11 @@
query: SELECT 1 FROM pg_tables WHERE tablename = 'my_table' AND tableowner = 'bob'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 1
- name: postgresql_owner - set sequence owner in check_mode
become_user: '{{ pg_user }}'
become: true
@ -341,10 +428,12 @@
obj_type: sequence
check_mode: true
register: result
- assert:
that:
- result is changed
- result.queries == ['ALTER SEQUENCE "test_seq" OWNER TO "bob"']
- name: postgresql_owner - check that nothing changed after the previous step
become_user: '{{ pg_user }}'
become: true
@ -354,9 +443,11 @@
query: SELECT 1 FROM pg_class AS c JOIN pg_roles AS r ON c.relowner = r.oid WHERE c.relkind = 'S' AND c.relname = 'test_seq' AND r.rolname = 'bob'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 0
- name: postgresql_owner - set db owner
become_user: '{{ pg_user }}'
become: true
@ -367,10 +458,12 @@
obj_name: test_seq
obj_type: sequence
register: result
- assert:
that:
- result is changed
- result.queries == ['ALTER SEQUENCE "test_seq" OWNER TO "bob"']
- name: postgresql_owner - check that table owner has been changed after the previous step
become_user: '{{ pg_user }}'
become: true
@ -380,9 +473,11 @@
query: SELECT 1 FROM pg_class AS c JOIN pg_roles AS r ON c.relowner = r.oid WHERE c.relkind = 'S' AND c.relname = 'test_seq' AND r.rolname = 'bob'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 1
- name: postgresql_owner - set db owner again
become_user: '{{ pg_user }}'
become: true
@ -393,10 +488,12 @@
obj_name: test_seq
obj_type: sequence
register: result
- assert:
that:
- result is not changed
- result.queries == []
- name: postgresql_owner - check that sequence owner is bob
become_user: '{{ pg_user }}'
become: true
@ -406,9 +503,11 @@
query: SELECT 1 FROM pg_class AS c JOIN pg_roles AS r ON c.relowner = r.oid WHERE c.relkind = 'S' AND c.relname = 'test_seq' AND r.rolname = 'bob'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 1
- name: postgresql_owner - set function owner in check_mode
become_user: '{{ pg_user }}'
become: true
@ -421,11 +520,13 @@
check_mode: true
register: result
when: postgres_version_resp.stdout is version('10', '>=')
- assert:
that:
- result is changed
- result.queries == ['ALTER FUNCTION increment OWNER TO "bob"']
when: postgres_version_resp.stdout is version('10', '>=')
- name: postgresql_owner - check that nothing changed after the previous step
become_user: '{{ pg_user }}'
become: true
@ -436,10 +537,12 @@
ignore_errors: true
register: result
when: postgres_version_resp.stdout is version('10', '>=')
- assert:
that:
- result.rowcount == 0
when: postgres_version_resp.stdout is version('10', '>=')
- name: postgresql_owner - set func owner
become_user: '{{ pg_user }}'
become: true
@ -451,11 +554,13 @@
obj_type: function
register: result
when: postgres_version_resp.stdout is version('10', '>=')
- assert:
that:
- result is changed
- result.queries == ['ALTER FUNCTION increment OWNER TO "bob"']
when: postgres_version_resp.stdout is version('10', '>=')
- name: postgresql_owner - check that func owner has been changed after the previous step
become_user: '{{ pg_user }}'
become: true
@ -466,10 +571,12 @@
ignore_errors: true
register: result
when: postgres_version_resp.stdout is version('10', '>=')
- assert:
that:
- result.rowcount == 1
when: postgres_version_resp.stdout is version('10', '>=')
- name: postgresql_owner - set func owner again
become_user: '{{ pg_user }}'
become: true
@ -481,11 +588,13 @@
obj_type: function
register: result
when: postgres_version_resp.stdout is version('10', '>=')
- assert:
that:
- result is not changed
- result.queries == []
when: postgres_version_resp.stdout is version('10', '>=')
- name: postgresql_owner - check that function owner is bob
become_user: '{{ pg_user }}'
become: true
@ -496,10 +605,12 @@
ignore_errors: true
register: result
when: postgres_version_resp.stdout is version('10', '>=')
- assert:
that:
- result.rowcount == 1
when: postgres_version_resp.stdout is version('10', '>=')
- name: postgresql_owner - set schema owner in check_mode
become_user: '{{ pg_user }}'
become: true
@ -511,10 +622,12 @@
obj_type: schema
check_mode: true
register: result
- assert:
that:
- result is changed
- result.queries == ['ALTER SCHEMA "test_schema" OWNER TO "bob"']
- name: postgresql_owner - check that nothing changed after the previous step
become_user: '{{ pg_user }}'
become: true
@ -524,9 +637,11 @@
query: SELECT 1 FROM information_schema.schemata WHERE schema_name = 'test_schema' AND schema_owner = 'bob'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 0
- name: postgresql_owner - set schema owner
become_user: '{{ pg_user }}'
become: true
@ -537,10 +652,12 @@
obj_name: test_schema
obj_type: schema
register: result
- assert:
that:
- result is changed
- result.queries == ['ALTER SCHEMA "test_schema" OWNER TO "bob"']
- name: postgresql_owner - check that schema owner has been changed after the previous step
become_user: '{{ pg_user }}'
become: true
@ -550,9 +667,11 @@
query: SELECT 1 FROM information_schema.schemata WHERE schema_name = 'test_schema' AND schema_owner = 'bob'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 1
- name: postgresql_owner - set schema owner again
become_user: '{{ pg_user }}'
become: true
@ -563,10 +682,12 @@
obj_name: test_seq
obj_type: sequence
register: result
- assert:
that:
- result is not changed
- result.queries == []
- name: postgresql_owner - check that schema owner is bob
become_user: '{{ pg_user }}'
become: true
@ -576,9 +697,11 @@
query: SELECT 1 FROM information_schema.schemata WHERE schema_name = 'test_schema' AND schema_owner = 'bob'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 1
- name: postgresql_owner - set view owner in check_mode
become_user: '{{ pg_user }}'
become: true
@ -590,10 +713,12 @@
obj_type: view
check_mode: true
register: result
- assert:
that:
- result is changed
- result.queries == ['ALTER VIEW "test_view" OWNER TO "bob"']
- name: postgresql_owner - check that nothing changed after the previous step
become_user: '{{ pg_user }}'
become: true
@ -603,9 +728,11 @@
query: SELECT 1 FROM pg_views WHERE viewname = 'test_view' AND viewowner = 'bob'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 0
- name: postgresql_owner - set view owner
become_user: '{{ pg_user }}'
become: true
@ -616,10 +743,12 @@
obj_name: test_view
obj_type: view
register: result
- assert:
that:
- result is changed
- result.queries == ['ALTER VIEW "test_view" OWNER TO "bob"']
- name: postgresql_owner - check that view owner has been changed after the previous step
become_user: '{{ pg_user }}'
become: true
@ -629,9 +758,11 @@
query: SELECT 1 FROM pg_views WHERE viewname = 'test_view' AND viewowner = 'bob'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 1
- name: postgresql_owner - set view owner again
become_user: '{{ pg_user }}'
become: true
@ -642,10 +773,12 @@
obj_name: test_view
obj_type: view
register: result
- assert:
that:
- result is not changed
- result.queries == []
- name: postgresql_owner - check that view owner is bob
become_user: '{{ pg_user }}'
become: true
@ -655,9 +788,11 @@
query: SELECT 1 FROM pg_views WHERE viewname = 'test_view' AND viewowner = 'bob'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 1
- name: postgresql_owner - set matview owner in check_mode
become_user: '{{ pg_user }}'
become: true
@ -670,11 +805,13 @@
check_mode: true
register: result
when: postgres_version_resp.stdout is version('9.4', '>=')
- assert:
that:
- result is changed
- result.queries == ['ALTER MATERIALIZED VIEW "test_mat_view" OWNER TO "bob"']
when: postgres_version_resp.stdout is version('9.4', '>=')
- name: postgresql_owner - check that nothing changed after the previous step
become_user: '{{ pg_user }}'
become: true
@ -685,10 +822,12 @@
ignore_errors: true
register: result
when: postgres_version_resp.stdout is version('9.4', '>=')
- assert:
that:
- result.rowcount == 0
when: postgres_version_resp.stdout is version('9.4', '>=')
- name: postgresql_owner - set matview owner
become_user: '{{ pg_user }}'
become: true
@ -700,11 +839,13 @@
obj_type: matview
register: result
when: postgres_version_resp.stdout is version('9.4', '>=')
- assert:
that:
- result is changed
- result.queries == ['ALTER MATERIALIZED VIEW "test_mat_view" OWNER TO "bob"']
when: postgres_version_resp.stdout is version('9.4', '>=')
- name: postgresql_owner - check that matview owner has been changed after the previous step
become_user: '{{ pg_user }}'
become: true
@ -715,10 +856,12 @@
ignore_errors: true
register: result
when: postgres_version_resp.stdout is version('9.4', '>=')
- assert:
that:
- result.rowcount == 1
when: postgres_version_resp.stdout is version('9.4', '>=')
- name: postgresql_owner - set matview owner again
become_user: '{{ pg_user }}'
become: true
@ -730,11 +873,13 @@
obj_type: matview
register: result
when: postgres_version_resp.stdout is version('9.4', '>=')
- assert:
that:
- result is not changed
- result.queries == []
when: postgres_version_resp.stdout is version('9.4', '>=')
- name: postgresql_owner - check that matview owner is bob
become_user: '{{ pg_user }}'
become: true
@ -745,10 +890,12 @@
ignore_errors: true
register: result
when: postgres_version_resp.stdout is version('9.4', '>=')
- assert:
that:
- result.rowcount == 1
when: postgres_version_resp.stdout is version('9.4', '>=')
- name: postgresql_owner - set tablespace owner in check_mode
become_user: '{{ pg_user }}'
become: true
@ -760,10 +907,12 @@
obj_type: tablespace
check_mode: true
register: result
- assert:
that:
- result is changed
- result.queries == ['ALTER TABLESPACE "acme" OWNER TO "bob"']
- name: postgresql_owner - check that nothing changed after the previous step
become_user: '{{ pg_user }}'
become: true
@ -773,9 +922,11 @@
query: SELECT 1 FROM pg_tablespace AS t JOIN pg_roles AS r ON t.spcowner = r.oid WHERE t.spcname = 'acme' AND r.rolname = 'bob'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 0
- name: postgresql_owner - set tablespace owner
become_user: '{{ pg_user }}'
become: true
@ -786,10 +937,12 @@
obj_name: acme
obj_type: tablespace
register: result
- assert:
that:
- result is changed
- result.queries == ['ALTER TABLESPACE "acme" OWNER TO "bob"']
- name: postgresql_owner - check that tablespace owner has been changed after the previous step
become_user: '{{ pg_user }}'
become: true
@ -799,9 +952,11 @@
query: SELECT 1 FROM pg_tablespace AS t JOIN pg_roles AS r ON t.spcowner = r.oid WHERE t.spcname = 'acme' AND r.rolname = 'bob'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 1
- name: postgresql_owner - set tablespace owner again
become_user: '{{ pg_user }}'
become: true
@ -812,10 +967,12 @@
obj_name: acme
obj_type: tablespace
register: result
- assert:
that:
- result is not changed
- result.queries == []
- name: postgresql_owner - check that tablespace owner is bob
become_user: '{{ pg_user }}'
become: true
@ -825,9 +982,11 @@
query: SELECT 1 FROM pg_tablespace AS t JOIN pg_roles AS r ON t.spcowner = r.oid WHERE t.spcname = 'acme' AND r.rolname = 'bob'
ignore_errors: true
register: result
- assert:
that:
- result.rowcount == 1
- name: postgresql_owner - create test database
become_user: '{{ pg_user }}'
become: true
@ -835,6 +994,7 @@
login_user: '{{ pg_user }}'
db: acme
state: absent
- name: postgresql_owner - drop test tablespace
become_user: '{{ pg_user }}'
become: true