mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
postgresql_privs: allow lowercased PUBLIC role (#858)
* postgresql_privs: allow lowercased PUBLIC role * add changelog fragment * improve CI * fix changelog fragment
This commit is contained in:
parent
eb24b5707e
commit
bfdb76e60d
3 changed files with 24 additions and 1 deletions
|
@ -0,0 +1,2 @@
|
|||
bugfixes:
|
||||
- postgresql_privs - allow to pass ``PUBLIC`` role written in lowercase letters (https://github.com/ansible-collections/community.general/issues/857).
|
|
@ -169,6 +169,7 @@ notes:
|
|||
C(present) and I(grant_option) to C(no) (see examples).
|
||||
- Note that when revoking privileges from a role R, this role may still have
|
||||
access via privileges granted to any role R is a member of including C(PUBLIC).
|
||||
- Note that when you use C(PUBLIC) role, the module always reports that the state has been changed.
|
||||
- Note that when revoking privileges from a role R, you do so as the user
|
||||
specified via I(login). If R has been granted the same privileges by
|
||||
another user also, R can still access database objects via these privileges.
|
||||
|
@ -783,6 +784,9 @@ class Connection(object):
|
|||
|
||||
executed_queries.append(query)
|
||||
self.cursor.execute(query)
|
||||
if roles == 'PUBLIC':
|
||||
return True
|
||||
|
||||
status_after = get_status(objs)
|
||||
|
||||
def nonesorted(e):
|
||||
|
@ -1053,7 +1057,7 @@ def main():
|
|||
objs = [obj.replace(':', ',') for obj in objs]
|
||||
|
||||
# roles
|
||||
if p.roles == 'PUBLIC':
|
||||
if p.roles.upper() == 'PUBLIC':
|
||||
roles = 'PUBLIC'
|
||||
else:
|
||||
roles = p.roles.split(',')
|
||||
|
|
|
@ -343,6 +343,23 @@
|
|||
target_roles: "{{ db_user_with_dots2 }}"
|
||||
trust_input: no
|
||||
|
||||
# Bugfix for https://github.com/ansible-collections/community.general/issues/857
|
||||
- name: Test passing lowercase PUBLIC role
|
||||
become_user: "{{ pg_user }}"
|
||||
become: yes
|
||||
postgresql_privs:
|
||||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
type: 'database'
|
||||
privs: 'connect'
|
||||
role: 'public'
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["GRANT CONNECT ON database \"{{ db_name }}\" TO PUBLIC;"]
|
||||
|
||||
#
|
||||
# Cleanup
|
||||
#
|
||||
|
|
Loading…
Reference in a new issue