mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
3c4db1e8dd
* postgresql_user module - transaction logic hacks to allow recovery from failed select * postgresql_user - PEP8 and style fixes to make debugging easier * postgresql_user - move password changing logic to separate function * postgresql_user - trap failure in case where there is no access to pg_authid * postgresql_user - further PEP8 fixes * postgresql_user - Simplify password change logic and improve imports according to suggestions from PR review * postgresql_user - Eliminate pep8/blank line errors introduced in merge * Check behaviour when pg_authid relation isn't readable TASK [postgresql : Normal user isn't allowed to access pg_authid relation: password comparison will fail, password will be updated] *** An exception occurred during task execution. To see the full traceback, use -vvv. The error was: psycopg2.ProgrammingError: permission denied for relation pg_authid * Don't reintroduce passlib, remove useless query
50 lines
1.7 KiB
YAML
50 lines
1.7 KiB
YAML
- name: "Admin user is allowed to access pg_authid relation: password comparison will succeed, password won't be updated"
|
|
become_user: "{{ pg_user }}"
|
|
become: True
|
|
postgresql_user:
|
|
name: "{{ db_user1 }}"
|
|
encrypted: 'yes'
|
|
password: "md5{{ (db_password ~ db_user1) | hash('md5')}}"
|
|
db: "{{ db_name }}"
|
|
priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP'
|
|
login_user: "{{ pg_user }}"
|
|
register: redo_as_admin
|
|
|
|
- name: "Check that task succeeded without any change"
|
|
assert:
|
|
that:
|
|
- 'not redo_as_admin|failed'
|
|
- 'not redo_as_admin|changed'
|
|
- 'redo_as_admin|success'
|
|
|
|
- name: "Check that normal user isn't allowed to access pg_authid"
|
|
shell: 'psql -c "select * from pg_authid;" {{ db_name }} {{ db_user1 }}'
|
|
environment:
|
|
PGPASSWORD: '{{ db_password }}'
|
|
ignore_errors: True
|
|
register: pg_authid
|
|
|
|
- assert:
|
|
that:
|
|
- 'pg_authid|failed'
|
|
- '"permission denied for relation pg_authid" in pg_authid.stderr'
|
|
|
|
- name: "Normal user isn't allowed to access pg_authid relation: password comparison will fail, password will be updated"
|
|
become_user: "{{ pg_user }}"
|
|
become: True
|
|
postgresql_user:
|
|
name: "{{ db_user1 }}"
|
|
encrypted: 'yes'
|
|
password: "md5{{ (db_password ~ db_user1) | hash('md5')}}"
|
|
db: "{{ db_name }}"
|
|
priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP'
|
|
login_user: "{{ db_user1 }}"
|
|
login_password: "{{ db_password }}"
|
|
register: redo_as_normal_user
|
|
|
|
- name: "Check that task succeeded and that result is changed"
|
|
assert:
|
|
that:
|
|
- 'not redo_as_normal_user|failed'
|
|
- 'redo_as_normal_user|changed'
|
|
- 'redo_as_normal_user|success'
|