---

# Setup
- name: Create DB
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_db:
    state: present
    name: "{{ db_name }}"
    owner: "{{ db_user1 }}"
    login_user: "{{ pg_user }}"

- name: Create a user to be given permissions and other tests
  postgresql_user:
    name: "{{ db_user2 }}"
    state: present
    encrypted: yes
    password: password
    role_attr_flags: LOGIN
    db: "{{ db_name }}"
    login_user: "{{ pg_user }}"

#######################################
# Test default_privs with target_role #
#######################################

# Test
- name: Grant default privileges for new table objects
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_privs:
    db: "{{ db_name }}"
    objs: TABLES
    privs: SELECT
    type: default_privs
    role: "{{ db_user2 }}"
    target_roles: "{{ db_user1 }}"
    login_user: "{{ pg_user }}"
  register: result

# Checks
- assert:
    that: result.changed == true

- name: Check that default privileges are set
  become: yes
  become_user: "{{ pg_user }}"
  shell: psql {{ db_name }} -c "SELECT defaclrole, defaclobjtype, defaclacl FROM pg_default_acl a JOIN pg_roles b ON a.defaclrole=b.oid;" -t
  register: result

- assert:
    that: "'{{ db_user2 }}=r/{{ db_user1 }}' in '{{ result.stdout_lines[0] }}'"

# Test
- name: Revoke default privileges for new table objects
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_privs:
    db: "{{ db_name }}"
    state: absent
    objs: TABLES
    privs: SELECT
    type: default_privs
    role: "{{ db_user2 }}"
    target_roles: "{{ db_user1 }}"
    login_user: "{{ pg_user }}"
  register: result

# Checks
- assert:
    that: result.changed == true

# Cleanup
- name: Remove user given permissions
  postgresql_user:
    name: "{{ db_user2 }}"
    state: absent
    db: "{{ db_name }}"
    login_user: "{{ pg_user }}"

- name: Remove user owner of objects
  postgresql_user:
    name: "{{ db_user3 }}"
    state: absent
    db: "{{ db_name }}"
    login_user: "{{ pg_user }}"

- name: Destroy DB
  become_user: "{{ pg_user }}"
  become: yes
  postgresql_db:
    state: absent
    name: "{{ db_name }}"
    login_user: "{{ pg_user }}"