# Setup - name: Create a test user become_user: "{{ pg_user }}" become: yes postgresql_user: name: "{{ db_user1 }}" login_user: "{{ pg_user }}" db: postgres - name: Create DB become_user: "{{ pg_user }}" become: yes postgresql_db: state: present name: "{{ db_name }}" owner: "{{ db_user1 }}" login_user: "{{ pg_user }}" - name: Create a user to be given permissions and other tests postgresql_user: name: "{{ db_user2 }}" state: present encrypted: yes password: password role_attr_flags: LOGIN db: "{{ db_name }}" login_user: "{{ pg_user }}" ####################################### # Test default_privs with target_role # ####################################### # Test - name: Grant default privileges for new table objects become_user: "{{ pg_user }}" become: yes postgresql_privs: db: "{{ db_name }}" objs: TABLES privs: SELECT type: default_privs role: "{{ db_user2 }}" target_roles: "{{ db_user1 }}" login_user: "{{ pg_user }}" register: result # Checks - assert: that: result is changed - name: Check that default privileges are set become: yes become_user: "{{ pg_user }}" shell: psql {{ db_name }} -c "SELECT defaclrole, defaclobjtype, defaclacl FROM pg_default_acl a JOIN pg_roles b ON a.defaclrole=b.oid;" -t register: result - assert: that: "'{{ db_user2 }}=r/{{ db_user1 }}' in '{{ result.stdout_lines[0] }}'" # Test - name: Revoke default privileges for new table objects become_user: "{{ pg_user }}" become: yes postgresql_privs: db: "{{ db_name }}" state: absent objs: TABLES privs: SELECT type: default_privs role: "{{ db_user2 }}" target_roles: "{{ db_user1 }}" login_user: "{{ pg_user }}" register: result # Checks - assert: that: result is changed # Cleanup - name: Remove user given permissions become_user: "{{ pg_user }}" become: yes postgresql_user: name: "{{ db_user2 }}" state: absent db: "{{ db_name }}" login_user: "{{ pg_user }}" - name: Remove user owner of objects become_user: "{{ pg_user }}" become: yes postgresql_user: name: "{{ db_user3 }}" state: absent db: "{{ db_name }}" login_user: "{{ pg_user }}" - name: Destroy DBs become_user: "{{ pg_user }}" become: yes postgresql_db: state: absent name: "{{ item }}" login_user: "{{ pg_user }}" loop: - "{{ db_name }}" - "{{ db_session_role1 }}" - name: Remove test users become_user: "{{ pg_user }}" become: yes postgresql_user: name: "{{ item }}" state: absent db: postgres login_user: "{{ pg_user }}" loop: - "{{ db_user1 }}" - "{{ db_session_role1 }}" - "{{ db_session_role2 }}"