# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #################### # Prepare for tests: # Create test roles: - name: postgresql_owner - create test roles become_user: '{{ pg_user }}' become: true postgresql_user: login_user: '{{ pg_user }}' db: postgres name: '{{ item }}' ignore_errors: true with_items: - alice - bob - name: postgresql_owner - create test database become_user: '{{ pg_user }}' become: true postgresql_db: login_user: '{{ pg_user }}' db: acme - name: postgresql_owner - create test table become_user: '{{ pg_user }}' become: true postgresql_query: login_user: '{{ pg_user }}' db: acme query: CREATE TABLE my_table (id int) - name: postgresql_owner - set owner become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: my_table obj_type: table - name: postgresql_owner - create test sequence become_user: '{{ pg_user }}' become: true postgresql_query: login_user: '{{ pg_user }}' db: acme query: CREATE SEQUENCE test_seq - name: postgresql_owner - create test function become_user: '{{ pg_user }}' become: true postgresql_query: login_user: '{{ pg_user }}' db: acme query: > CREATE FUNCTION increment(integer) RETURNS integer AS 'select $1 + 1;' LANGUAGE SQL IMMUTABLE RETURNS NULL ON NULL INPUT; - name: postgresql_owner - create test schema become_user: '{{ pg_user }}' become: true postgresql_query: login_user: '{{ pg_user }}' db: acme query: CREATE SCHEMA test_schema - name: postgresql_owner - create test view become_user: '{{ pg_user }}' become: true postgresql_query: login_user: '{{ pg_user }}' db: acme query: CREATE VIEW test_view AS SELECT * FROM my_table - name: postgresql_owner - create test materialized view become_user: '{{ pg_user }}' become: true postgresql_query: login_user: '{{ pg_user }}' db: acme query: CREATE MATERIALIZED VIEW test_mat_view AS SELECT * FROM my_table when: postgres_version_resp.stdout is version('9.4', '>=') - name: postgresql_owner - drop dir for test tablespace become: true file: path: '{{ test_tablespace_path }}' state: absent ignore_errors: true - name: postgresql_owner - disable selinux become: true shell: setenforce 0 ignore_errors: true - name: postgresql_owner - create dir for test tablespace become: true file: path: '{{ test_tablespace_path }}' state: directory owner: '{{ pg_user }}' group: '{{ pg_user }}' mode: '0700' ignore_errors: true - name: > postgresql_owner - create a new tablespace called acme and set bob as an its owner become_user: '{{ pg_user }}' become: true postgresql_tablespace: db: acme login_user: '{{ pg_user }}' name: acme owner: alice location: '{{ test_tablespace_path }}' ################ # Do main tests: # # check reassign_owned_by param # # try to reassign ownership to non existent user: - name: postgresql_owner - reassign_owned_by to non existent user become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: non_existent reassign_owned_by: bob register: result ignore_errors: true - assert: that: - result.failed == true - name: postgresql_owner - reassign_owned_by, check fail_on_role become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: alice reassign_owned_by: non_existent fail_on_role: false register: result - assert: that: - result.failed == false - name: postgresql_owner - reassign_owned_by in check_mode become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: alice reassign_owned_by: bob check_mode: true register: result - assert: that: - result is changed - result.queries == ['REASSIGN OWNED BY "bob" TO "alice"'] - name: postgresql_owner - check that nothing changed after the previous step become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: > SELECT 1 FROM pg_tables WHERE tablename = 'my_table' AND tableowner = 'alice' ignore_errors: true register: result - assert: that: - result.rowcount == 0 - name: postgresql_owner - reassign_owned_by become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: alice reassign_owned_by: bob trust_input: yes register: result - assert: that: - result is changed - result.queries == ['REASSIGN OWNED BY "bob" TO "alice"'] - name: postgresql_owner - check that ownership has been changed after the previous step become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: SELECT 1 FROM pg_tables WHERE tablename = 'my_table' AND tableowner = 'alice' ignore_errors: true register: result - assert: that: - result.rowcount == 1 ########################### # Test trust_inpt parameter - name: postgresql_owner - reassign_owned_by, trust_input no become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: '{{ dangerous_name }}' reassign_owned_by: alice trust_input: no register: result ignore_errors: yes - assert: that: - result is failed - result.msg == 'Passed input \'{{ dangerous_name }}\' is potentially dangerous' - name: postgresql_owner - reassign_owned_by, trust_input yes by default become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: '{{ dangerous_name }}' reassign_owned_by: alice register: result ignore_errors: yes - assert: that: - result is not changed - result.msg is search('does not exist') # End of testing trust_input # # Check obj_type for each type # # ############################# # check_mode obj_type: database - name: postgresql_owner - set db owner in check_mode become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: acme obj_type: database check_mode: true register: result - assert: that: - result is changed - result.queries == ['ALTER DATABASE "acme" OWNER TO "bob"'] - name: postgresql_owner - check that nothing changed after the previous step become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: > SELECT 1 FROM pg_database AS d JOIN pg_roles AS r ON d.datdba = r.oid WHERE d.datname = 'acme' AND r.rolname = 'bob' ignore_errors: true register: result - assert: that: - result.rowcount == 0 - name: postgresql_owner - set db owner become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: acme obj_type: database register: result - assert: that: - result is changed - result.queries == ['ALTER DATABASE "acme" OWNER TO "bob"'] - name: postgresql_owner - check that db owner has been changed after the previous step become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: > SELECT 1 FROM pg_database AS d JOIN pg_roles AS r ON d.datdba = r.oid WHERE d.datname = 'acme' AND r.rolname = 'bob' ignore_errors: true register: result - assert: that: - result.rowcount == 1 - name: postgresql_owner - set db owner again become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: acme obj_type: database register: result - assert: that: - result is not changed - result.queries == [] - name: postgresql_owner - check that db owner is bob become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: > SELECT 1 FROM pg_database AS d JOIN pg_roles AS r ON d.datdba = r.oid WHERE d.datname = 'acme' AND r.rolname = 'bob' ignore_errors: true register: result - assert: that: - result.rowcount == 1 - name: postgresql_owner - set table owner in check_mode become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: my_table obj_type: table check_mode: true register: result - assert: that: - result is changed - result.queries == ['ALTER TABLE "my_table" OWNER TO "bob"'] - name: postgresql_owner - check that nothing changed after the previous step become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: > SELECT 1 FROM pg_tables WHERE tablename = 'my_table' AND tableowner = 'bob' ignore_errors: true register: result - assert: that: - result.rowcount == 0 - name: postgresql_owner - set db owner become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: my_table obj_type: table register: result - assert: that: - result is changed - result.queries == ['ALTER TABLE "my_table" OWNER TO "bob"'] - name: postgresql_owner - check that table owner has been changed after the previous step become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: > SELECT 1 FROM pg_tables WHERE tablename = 'my_table' AND tableowner = 'bob' ignore_errors: true register: result - assert: that: - result.rowcount == 1 - name: postgresql_owner - set db owner again become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: my_table obj_type: table register: result - assert: that: - result is not changed - result.queries == [] - name: postgresql_owner - check that table owner is bob become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: > SELECT 1 FROM pg_tables WHERE tablename = 'my_table' AND tableowner = 'bob' ignore_errors: true register: result - assert: that: - result.rowcount == 1 - name: postgresql_owner - set sequence owner in check_mode become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: test_seq obj_type: sequence check_mode: true register: result - assert: that: - result is changed - result.queries == ['ALTER SEQUENCE "test_seq" OWNER TO "bob"'] - name: postgresql_owner - check that nothing changed after the previous step become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: > SELECT 1 FROM pg_class AS c JOIN pg_roles AS r ON c.relowner = r.oid WHERE c.relkind = 'S' AND c.relname = 'test_seq' AND r.rolname = 'bob' ignore_errors: true register: result - assert: that: - result.rowcount == 0 - name: postgresql_owner - set db owner become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: test_seq obj_type: sequence register: result - assert: that: - result is changed - result.queries == ['ALTER SEQUENCE "test_seq" OWNER TO "bob"'] - name: postgresql_owner - check that table owner has been changed after the previous step become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: > SELECT 1 FROM pg_class AS c JOIN pg_roles AS r ON c.relowner = r.oid WHERE c.relkind = 'S' AND c.relname = 'test_seq' AND r.rolname = 'bob' ignore_errors: true register: result - assert: that: - result.rowcount == 1 - name: postgresql_owner - set db owner again become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: test_seq obj_type: sequence register: result - assert: that: - result is not changed - result.queries == [] - name: postgresql_owner - check that sequence owner is bob become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: > SELECT 1 FROM pg_class AS c JOIN pg_roles AS r ON c.relowner = r.oid WHERE c.relkind = 'S' AND c.relname = 'test_seq' AND r.rolname = 'bob' ignore_errors: true register: result - assert: that: - result.rowcount == 1 - name: postgresql_owner - set function owner in check_mode become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: increment obj_type: function check_mode: true register: result when: postgres_version_resp.stdout is version('10', '>=') - assert: that: - result is changed - result.queries == ['ALTER FUNCTION increment OWNER TO "bob"'] when: postgres_version_resp.stdout is version('10', '>=') - name: postgresql_owner - check that nothing changed after the previous step become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: > SELECT 1 FROM pg_proc AS f JOIN pg_roles AS r ON f.proowner = r.oid WHERE f.proname = 'increment' AND r.rolname = 'bob' ignore_errors: true register: result when: postgres_version_resp.stdout is version('10', '>=') - assert: that: - result.rowcount == 0 when: postgres_version_resp.stdout is version('10', '>=') - name: postgresql_owner - set func owner become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: increment obj_type: function register: result when: postgres_version_resp.stdout is version('10', '>=') - assert: that: - result is changed - result.queries == ['ALTER FUNCTION increment OWNER TO "bob"'] when: postgres_version_resp.stdout is version('10', '>=') - name: postgresql_owner - check that func owner has been changed after the previous step become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: > SELECT 1 FROM pg_proc AS f JOIN pg_roles AS r ON f.proowner = r.oid WHERE f.proname = 'increment' AND r.rolname = 'bob' ignore_errors: true register: result when: postgres_version_resp.stdout is version('10', '>=') - assert: that: - result.rowcount == 1 when: postgres_version_resp.stdout is version('10', '>=') - name: postgresql_owner - set func owner again become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: increment obj_type: function register: result when: postgres_version_resp.stdout is version('10', '>=') - assert: that: - result is not changed - result.queries == [] when: postgres_version_resp.stdout is version('10', '>=') - name: postgresql_owner - check that function owner is bob become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: > SELECT 1 FROM pg_proc AS f JOIN pg_roles AS r ON f.proowner = r.oid WHERE f.proname = 'increment' AND r.rolname = 'bob' ignore_errors: true register: result when: postgres_version_resp.stdout is version('10', '>=') - assert: that: - result.rowcount == 1 when: postgres_version_resp.stdout is version('10', '>=') - name: postgresql_owner - set schema owner in check_mode become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: test_schema obj_type: schema check_mode: true register: result - assert: that: - result is changed - result.queries == ['ALTER SCHEMA "test_schema" OWNER TO "bob"'] - name: postgresql_owner - check that nothing changed after the previous step become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: > SELECT 1 FROM information_schema.schemata WHERE schema_name = 'test_schema' AND schema_owner = 'bob' ignore_errors: true register: result - assert: that: - result.rowcount == 0 - name: postgresql_owner - set schema owner become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: test_schema obj_type: schema register: result - assert: that: - result is changed - result.queries == ['ALTER SCHEMA "test_schema" OWNER TO "bob"'] - name: postgresql_owner - check that schema owner has been changed after the previous step become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: > SELECT 1 FROM information_schema.schemata WHERE schema_name = 'test_schema' AND schema_owner = 'bob' ignore_errors: true register: result - assert: that: - result.rowcount == 1 - name: postgresql_owner - set schema owner again become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: test_seq obj_type: sequence register: result - assert: that: - result is not changed - result.queries == [] - name: postgresql_owner - check that schema owner is bob become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: > SELECT 1 FROM information_schema.schemata WHERE schema_name = 'test_schema' AND schema_owner = 'bob' ignore_errors: true register: result - assert: that: - result.rowcount == 1 - name: postgresql_owner - set view owner in check_mode become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: test_view obj_type: view check_mode: true register: result - assert: that: - result is changed - result.queries == ['ALTER VIEW "test_view" OWNER TO "bob"'] - name: postgresql_owner - check that nothing changed after the previous step become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: SELECT 1 FROM pg_views WHERE viewname = 'test_view' AND viewowner = 'bob' ignore_errors: true register: result - assert: that: - result.rowcount == 0 - name: postgresql_owner - set view owner become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: test_view obj_type: view register: result - assert: that: - result is changed - result.queries == ['ALTER VIEW "test_view" OWNER TO "bob"'] - name: postgresql_owner - check that view owner has been changed after the previous step become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: SELECT 1 FROM pg_views WHERE viewname = 'test_view' AND viewowner = 'bob' ignore_errors: true register: result - assert: that: - result.rowcount == 1 - name: postgresql_owner - set view owner again become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: test_view obj_type: view register: result - assert: that: - result is not changed - result.queries == [] - name: postgresql_owner - check that view owner is bob become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: SELECT 1 FROM pg_views WHERE viewname = 'test_view' AND viewowner = 'bob' ignore_errors: true register: result - assert: that: - result.rowcount == 1 - name: postgresql_owner - set matview owner in check_mode become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: test_mat_view obj_type: matview check_mode: true register: result when: postgres_version_resp.stdout is version('9.4', '>=') - assert: that: - result is changed - result.queries == ['ALTER MATERIALIZED VIEW "test_mat_view" OWNER TO "bob"'] when: postgres_version_resp.stdout is version('9.4', '>=') - name: postgresql_owner - check that nothing changed after the previous step become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: SELECT 1 FROM pg_matviews WHERE matviewname = 'test_view' AND matviewowner = 'bob' ignore_errors: true register: result when: postgres_version_resp.stdout is version('9.4', '>=') - assert: that: - result.rowcount == 0 when: postgres_version_resp.stdout is version('9.4', '>=') - name: postgresql_owner - set matview owner become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: test_mat_view obj_type: matview register: result when: postgres_version_resp.stdout is version('9.4', '>=') - assert: that: - result is changed - result.queries == ['ALTER MATERIALIZED VIEW "test_mat_view" OWNER TO "bob"'] when: postgres_version_resp.stdout is version('9.4', '>=') - name: postgresql_owner - check that matview owner has been changed after the previous step become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: SELECT 1 FROM pg_matviews WHERE matviewname = 'test_mat_view' AND matviewowner = 'bob' ignore_errors: true register: result when: postgres_version_resp.stdout is version('9.4', '>=') - assert: that: - result.rowcount == 1 when: postgres_version_resp.stdout is version('9.4', '>=') - name: postgresql_owner - set matview owner again become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: test_mat_view obj_type: matview register: result when: postgres_version_resp.stdout is version('9.4', '>=') - assert: that: - result is not changed - result.queries == [] when: postgres_version_resp.stdout is version('9.4', '>=') - name: postgresql_owner - check that matview owner is bob become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: SELECT 1 FROM pg_matviews WHERE matviewname = 'test_mat_view' AND matviewowner = 'bob' ignore_errors: true register: result when: postgres_version_resp.stdout is version('9.4', '>=') - assert: that: - result.rowcount == 1 when: postgres_version_resp.stdout is version('9.4', '>=') - name: postgresql_owner - set tablespace owner in check_mode become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: acme obj_type: tablespace check_mode: true register: result - assert: that: - result is changed - result.queries == ['ALTER TABLESPACE "acme" OWNER TO "bob"'] - name: postgresql_owner - check that nothing changed after the previous step become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: > SELECT 1 FROM pg_tablespace AS t JOIN pg_roles AS r ON t.spcowner = r.oid WHERE t.spcname = 'acme' AND r.rolname = 'bob' ignore_errors: true register: result - assert: that: - result.rowcount == 0 - name: postgresql_owner - set tablespace owner become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: acme obj_type: tablespace register: result - assert: that: - result is changed - result.queries == ['ALTER TABLESPACE "acme" OWNER TO "bob"'] - name: postgresql_owner - check that tablespace owner has been changed after the previous step become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: > SELECT 1 FROM pg_tablespace AS t JOIN pg_roles AS r ON t.spcowner = r.oid WHERE t.spcname = 'acme' AND r.rolname = 'bob' ignore_errors: true register: result - assert: that: - result.rowcount == 1 - name: postgresql_owner - set tablespace owner again become_user: '{{ pg_user }}' become: true postgresql_owner: login_user: '{{ pg_user }}' db: acme new_owner: bob obj_name: acme obj_type: tablespace register: result - assert: that: - result is not changed - result.queries == [] - name: postgresql_owner - check that tablespace owner is bob become_user: '{{ pg_user }}' become: true postgresql_query: db: acme login_user: '{{ pg_user }}' query: > SELECT 1 FROM pg_tablespace AS t JOIN pg_roles AS r ON t.spcowner = r.oid WHERE t.spcname = 'acme' AND r.rolname = 'bob' ignore_errors: true register: result - assert: that: - result.rowcount == 1 # # Crean up # - name: postgresql_owner - drop test database become_user: '{{ pg_user }}' become: true postgresql_db: login_user: '{{ pg_user }}' db: acme state: absent - name: postgresql_owner - drop test tablespace become_user: '{{ pg_user }}' become: true postgresql_tablespace: db: postgres login_user: '{{ pg_user }}' name: acme state: absent