mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
* postgresql_privs: allow lowercased PUBLIC role
* add changelog fragment
* improve CI
* fix changelog fragment
(cherry picked from commit bfdb76e60d
)
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
This commit is contained in:
parent
fdf244d488
commit
71633249c4
3 changed files with 24 additions and 1 deletions
|
@ -0,0 +1,2 @@
|
||||||
|
bugfixes:
|
||||||
|
- postgresql_privs - allow to pass ``PUBLIC`` role written in lowercase letters (https://github.com/ansible-collections/community.general/issues/857).
|
|
@ -169,6 +169,7 @@ notes:
|
||||||
C(present) and I(grant_option) to C(no) (see examples).
|
C(present) and I(grant_option) to C(no) (see examples).
|
||||||
- Note that when revoking privileges from a role R, this role may still have
|
- Note that when revoking privileges from a role R, this role may still have
|
||||||
access via privileges granted to any role R is a member of including C(PUBLIC).
|
access via privileges granted to any role R is a member of including C(PUBLIC).
|
||||||
|
- Note that when you use C(PUBLIC) role, the module always reports that the state has been changed.
|
||||||
- Note that when revoking privileges from a role R, you do so as the user
|
- Note that when revoking privileges from a role R, you do so as the user
|
||||||
specified via I(login). If R has been granted the same privileges by
|
specified via I(login). If R has been granted the same privileges by
|
||||||
another user also, R can still access database objects via these privileges.
|
another user also, R can still access database objects via these privileges.
|
||||||
|
@ -783,6 +784,9 @@ class Connection(object):
|
||||||
|
|
||||||
executed_queries.append(query)
|
executed_queries.append(query)
|
||||||
self.cursor.execute(query)
|
self.cursor.execute(query)
|
||||||
|
if roles == 'PUBLIC':
|
||||||
|
return True
|
||||||
|
|
||||||
status_after = get_status(objs)
|
status_after = get_status(objs)
|
||||||
|
|
||||||
def nonesorted(e):
|
def nonesorted(e):
|
||||||
|
@ -1053,7 +1057,7 @@ def main():
|
||||||
objs = [obj.replace(':', ',') for obj in objs]
|
objs = [obj.replace(':', ',') for obj in objs]
|
||||||
|
|
||||||
# roles
|
# roles
|
||||||
if p.roles == 'PUBLIC':
|
if p.roles.upper() == 'PUBLIC':
|
||||||
roles = 'PUBLIC'
|
roles = 'PUBLIC'
|
||||||
else:
|
else:
|
||||||
roles = p.roles.split(',')
|
roles = p.roles.split(',')
|
||||||
|
|
|
@ -343,6 +343,23 @@
|
||||||
target_roles: "{{ db_user_with_dots2 }}"
|
target_roles: "{{ db_user_with_dots2 }}"
|
||||||
trust_input: no
|
trust_input: no
|
||||||
|
|
||||||
|
# Bugfix for https://github.com/ansible-collections/community.general/issues/857
|
||||||
|
- name: Test passing lowercase PUBLIC role
|
||||||
|
become_user: "{{ pg_user }}"
|
||||||
|
become: yes
|
||||||
|
postgresql_privs:
|
||||||
|
db: "{{ db_name }}"
|
||||||
|
login_user: "{{ pg_user }}"
|
||||||
|
type: 'database'
|
||||||
|
privs: 'connect'
|
||||||
|
role: 'public'
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- result is changed
|
||||||
|
- result.queries == ["GRANT CONNECT ON database \"{{ db_name }}\" TO PUBLIC;"]
|
||||||
|
|
||||||
#
|
#
|
||||||
# Cleanup
|
# Cleanup
|
||||||
#
|
#
|
||||||
|
|
Loading…
Reference in a new issue