postgresql_privs: allow lowercased PUBLIC role (#858)

* postgresql_privs: allow lowercased PUBLIC role * add changelog fragment * improve CI * fix changelog fragment
2024-09-14 20:13:21 +02:00 · 2020-09-10 16:08:57 +03:00 · 2020-09-10 16:08:57 +03:00 · bfdb76e60d
commit bfdb76e60d
parent eb24b5707e
3 changed files with 24 additions and 1 deletions
--- a/changelogs/fragments/858-postgresql_privs_should_allow_public_role_lowercased.yml
+++ b/changelogs/fragments/858-postgresql_privs_should_allow_public_role_lowercased.yml
@ -0,0 +1,2 @@
+bugfixes:
+- postgresql_privs - allow to pass ``PUBLIC`` role written in lowercase letters (https://github.com/ansible-collections/community.general/issues/857).
--- a/plugins/modules/database/postgresql/postgresql_privs.py
+++ b/plugins/modules/database/postgresql/postgresql_privs.py
@ -169,6 +169,7 @@ notes:
  C(present) and I(grant_option) to C(no) (see examples).
 - Note that when revoking privileges from a role R, this role  may still have
  access via privileges granted to any role R is a member of including C(PUBLIC).
+- Note that when you use C(PUBLIC) role, the module always reports that the state has been changed.
 - Note that when revoking privileges from a role R, you do so as the user
  specified via I(login). If R has been granted the same privileges by
  another user also, R can still access database objects via these privileges.
@ -783,6 +784,9 @@ class Connection(object):

        executed_queries.append(query)
        self.cursor.execute(query)
+        if roles == 'PUBLIC':
+            return True
+
        status_after = get_status(objs)

        def nonesorted(e):
@ -1053,7 +1057,7 @@ def main():
                objs = [obj.replace(':', ',') for obj in objs]

        # roles
-        if p.roles == 'PUBLIC':
+        if p.roles.upper() == 'PUBLIC':
            roles = 'PUBLIC'
        else:
            roles = p.roles.split(',')
--- a/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml
+++ b/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml
@ -343,6 +343,23 @@
    target_roles: "{{ db_user_with_dots2 }}"
    trust_input: no

+# Bugfix for https://github.com/ansible-collections/community.general/issues/857
+- name: Test passing lowercase PUBLIC role
+  become_user: "{{ pg_user }}"
+  become: yes
+  postgresql_privs:
+    db: "{{ db_name }}"
+    login_user: "{{ pg_user }}"
+    type: 'database'
+    privs: 'connect'
+    role: 'public'
+  register: result
+
+- assert:
+    that:
+    - result is changed
+    - result.queries == ["GRANT CONNECT ON database \"{{ db_name }}\" TO PUBLIC;"]
+
 #
 # Cleanup
 #