From 71633249c401a0f50013a768dcb2e3cbc5f3e76a Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Thu, 17 Sep 2020 20:59:27 +0200 Subject: [PATCH] postgresql_privs: allow lowercased PUBLIC role (#858) (#921) * postgresql_privs: allow lowercased PUBLIC role * add changelog fragment * improve CI * fix changelog fragment (cherry picked from commit bfdb76e60dab6e01f118cf1d36f52787f2c00e0e) Co-authored-by: Andrew Klychkov --- ...rivs_should_allow_public_role_lowercased.yml | 2 ++ .../database/postgresql/postgresql_privs.py | 6 +++++- .../tasks/postgresql_privs_initial.yml | 17 +++++++++++++++++ 3 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/858-postgresql_privs_should_allow_public_role_lowercased.yml diff --git a/changelogs/fragments/858-postgresql_privs_should_allow_public_role_lowercased.yml b/changelogs/fragments/858-postgresql_privs_should_allow_public_role_lowercased.yml new file mode 100644 index 0000000000..1e51ec729b --- /dev/null +++ b/changelogs/fragments/858-postgresql_privs_should_allow_public_role_lowercased.yml @@ -0,0 +1,2 @@ +bugfixes: +- postgresql_privs - allow to pass ``PUBLIC`` role written in lowercase letters (https://github.com/ansible-collections/community.general/issues/857). diff --git a/plugins/modules/database/postgresql/postgresql_privs.py b/plugins/modules/database/postgresql/postgresql_privs.py index 989279e9ed..30f2de7988 100644 --- a/plugins/modules/database/postgresql/postgresql_privs.py +++ b/plugins/modules/database/postgresql/postgresql_privs.py @@ -169,6 +169,7 @@ notes: C(present) and I(grant_option) to C(no) (see examples). - Note that when revoking privileges from a role R, this role may still have access via privileges granted to any role R is a member of including C(PUBLIC). +- Note that when you use C(PUBLIC) role, the module always reports that the state has been changed. - Note that when revoking privileges from a role R, you do so as the user specified via I(login). If R has been granted the same privileges by another user also, R can still access database objects via these privileges. @@ -783,6 +784,9 @@ class Connection(object): executed_queries.append(query) self.cursor.execute(query) + if roles == 'PUBLIC': + return True + status_after = get_status(objs) def nonesorted(e): @@ -1053,7 +1057,7 @@ def main(): objs = [obj.replace(':', ',') for obj in objs] # roles - if p.roles == 'PUBLIC': + if p.roles.upper() == 'PUBLIC': roles = 'PUBLIC' else: roles = p.roles.split(',') diff --git a/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml b/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml index e2b06c21c7..8aa6b409ff 100644 --- a/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml +++ b/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml @@ -343,6 +343,23 @@ target_roles: "{{ db_user_with_dots2 }}" trust_input: no +# Bugfix for https://github.com/ansible-collections/community.general/issues/857 +- name: Test passing lowercase PUBLIC role + become_user: "{{ pg_user }}" + become: yes + postgresql_privs: + db: "{{ db_name }}" + login_user: "{{ pg_user }}" + type: 'database' + privs: 'connect' + role: 'public' + register: result + +- assert: + that: + - result is changed + - result.queries == ["GRANT CONNECT ON database \"{{ db_name }}\" TO PUBLIC;"] + # # Cleanup #