ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

postgresql_privs: allow lowercased PUBLIC role (#858)

Browse source 
* postgresql_privs: allow lowercased PUBLIC role

* add changelog fragment

* improve CI

* fix changelog fragment
This commit is contained in:
Andrew Klychkov 2020-09-10 16:08:57 +03:00 committed by GitHub
parent eb24b5707e
commit bfdb76e60d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 24 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/858-postgresql_privs_should_allow_public_role_lowercased.yml Normal file
View file

@ -0,0 +1,2 @@
bugfixes:
- postgresql_privs - allow to pass ``PUBLIC`` role written in lowercase letters (https://github.com/ansible-collections/community.general/issues/857).

6
plugins/modules/database/postgresql/postgresql_privs.py
View file

@ -169,6 +169,7 @@ notes:
C(present) and I(grant_option) to C(no) (see examples). C(present) and I(grant_option) to C(no) (see examples).
- Note that when revoking privileges from a role R, this role may still have - Note that when revoking privileges from a role R, this role may still have
access via privileges granted to any role R is a member of including C(PUBLIC). access via privileges granted to any role R is a member of including C(PUBLIC).
- Note that when you use C(PUBLIC) role, the module always reports that the state has been changed.
- Note that when revoking privileges from a role R, you do so as the user - Note that when revoking privileges from a role R, you do so as the user
specified via I(login). If R has been granted the same privileges by specified via I(login). If R has been granted the same privileges by
another user also, R can still access database objects via these privileges. another user also, R can still access database objects via these privileges.
@ -783,6 +784,9 @@ class Connection(object):
executed_queries.append(query) executed_queries.append(query)
self.cursor.execute(query) self.cursor.execute(query)
if roles == 'PUBLIC':
return True
status_after = get_status(objs) status_after = get_status(objs)
def nonesorted(e): def nonesorted(e):
@ -1053,7 +1057,7 @@ def main():
objs = [obj.replace(':', ',') for obj in objs] objs = [obj.replace(':', ',') for obj in objs]
# roles # roles
if p.roles == 'PUBLIC': if p.roles.upper() == 'PUBLIC':
roles = 'PUBLIC' roles = 'PUBLIC'
else: else:
roles = p.roles.split(',') roles = p.roles.split(',')

17
tests/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml
View file

@ -343,6 +343,23 @@
target_roles: "{{ db_user_with_dots2 }}" target_roles: "{{ db_user_with_dots2 }}"
trust_input: no trust_input: no
# Bugfix for https://github.com/ansible-collections/community.general/issues/857
- name: Test passing lowercase PUBLIC role
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
type: 'database'
privs: 'connect'
role: 'public'
register: result
- assert:
that:
- result is changed
- result.queries == ["GRANT CONNECT ON database \"{{ db_name }}\" TO PUBLIC;"]
# #
# Cleanup # Cleanup
# #