mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
460d932aa8
* Factorize tests related to no_password_change using an include task * Refactor: deduplicate tasks * postgresql_user: test 'expires' parameter * Change 'valid until' even it's the only updated field * value is changed when another value is provided * value isn't returned when unset * Remove unused variable * psycopg2.extras.DictRow is able to handle comparison * postgresql_user: simplify helper method * postgresql_user: define variable just before using it * Fix comparison between user input and applied configuration * new test: adding an invalid attribute * Refactor, add cleaning task * Check that using same attribute a 2nd time does nothing * Always try to remove created user * postgresql_user: fix pep8
239 lines
7.1 KiB
YAML
239 lines
7.1 KiB
YAML
- vars:
|
||
task_parameters: &task_parameters
|
||
become_user: "{{ pg_user }}"
|
||
become: True
|
||
register: result
|
||
postgresql_parameters: ¶meters
|
||
db: postgres
|
||
name: "{{ db_user1 }}"
|
||
login_user: "{{ pg_user }}"
|
||
|
||
block:
|
||
- name: 'Check that PGOPTIONS environment variable is effective (1/2)'
|
||
<<: *task_parameters
|
||
postgresql_user:
|
||
<<: *parameters
|
||
password: '{{ db_password1 }}'
|
||
ignore_errors: true
|
||
environment:
|
||
PGCLIENTENCODING: 'UTF8'
|
||
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
|
||
|
||
- name: 'Check that PGOPTIONS environment variable is effective (2/2)'
|
||
assert:
|
||
that:
|
||
- "{{ result|failed }}"
|
||
|
||
- name: 'Create a user (password encrypted: {{ encrypted }})'
|
||
<<: *task_parameters
|
||
postgresql_user:
|
||
<<: *parameters
|
||
password: '{{ db_password1 }}'
|
||
encrypted: '{{ encrypted }}'
|
||
environment:
|
||
PGCLIENTENCODING: 'UTF8'
|
||
|
||
- block: &changed # block is only used here in order to be able to define YAML anchor
|
||
- name: Check that ansible reports it was created
|
||
assert:
|
||
that:
|
||
- "{{ result|changed }}"
|
||
|
||
- name: Check that it was created
|
||
<<: *task_parameters
|
||
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
|
||
|
||
- assert:
|
||
that:
|
||
- "result.stdout_lines[-1] == '(1 row)'"
|
||
|
||
- name: Check that creating user a second time does nothing
|
||
<<: *task_parameters
|
||
postgresql_user:
|
||
<<: *parameters
|
||
password: '{{ db_password1 }}'
|
||
encrypted: '{{ encrypted }}'
|
||
environment:
|
||
PGCLIENTENCODING: 'UTF8'
|
||
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
|
||
|
||
- block: ¬_changed # block is only used here in order to be able to define YAML anchor
|
||
- name: Check that ansible reports no change
|
||
assert:
|
||
that:
|
||
- "{{ not result|changed }}"
|
||
|
||
- name: 'Define an expiration time'
|
||
<<: *task_parameters
|
||
postgresql_user:
|
||
<<: *parameters
|
||
expires: '2025-01-01'
|
||
environment:
|
||
PGCLIENTENCODING: 'UTF8'
|
||
|
||
- <<: *changed
|
||
|
||
- name: 'Redefine the same expiration time'
|
||
<<: *task_parameters
|
||
postgresql_user:
|
||
expires: '2025-01-01'
|
||
<<: *parameters
|
||
environment:
|
||
PGCLIENTENCODING: 'UTF8'
|
||
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
|
||
|
||
- <<: *not_changed
|
||
|
||
- block:
|
||
|
||
- name: 'Using MD5-hashed password: check that password not changed when using cleartext password'
|
||
<<: *task_parameters
|
||
postgresql_user:
|
||
<<: *parameters
|
||
password: '{{ db_password1 }}'
|
||
encrypted: 'yes'
|
||
environment:
|
||
PGCLIENTENCODING: 'UTF8'
|
||
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
|
||
|
||
- <<: *not_changed
|
||
|
||
- name: "Using MD5-hashed password: check that password not changed when using md5 hash with 'ENCRYPTED'"
|
||
<<: *task_parameters
|
||
postgresql_user:
|
||
<<: *parameters
|
||
password: "md5{{ (db_password1 ~ db_user1) | hash('md5')}}"
|
||
encrypted: 'yes'
|
||
environment:
|
||
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
|
||
|
||
- <<: *not_changed
|
||
|
||
- name: "Using MD5-hashed password: check that password not changed when using md5 hash with 'UNENCRYPTED'"
|
||
<<: *task_parameters
|
||
postgresql_user:
|
||
<<: *parameters
|
||
password: "md5{{ (db_password1 ~ db_user1) | hash('md5')}}"
|
||
encrypted: 'no'
|
||
environment:
|
||
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
|
||
|
||
- <<: *not_changed
|
||
|
||
- name: 'Redefine the same expiration time and password (encrypted)'
|
||
<<: *task_parameters
|
||
postgresql_user:
|
||
<<: *parameters
|
||
encrypted: 'yes'
|
||
password: "md5{{ (db_password1 ~ db_user1) | hash('md5')}}"
|
||
expires: '2025-01-01'
|
||
environment:
|
||
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
|
||
|
||
- <<: *not_changed
|
||
|
||
- name: 'Using MD5-hashed password: check that password changed when using another cleartext password'
|
||
<<: *task_parameters
|
||
postgresql_user:
|
||
<<: *parameters
|
||
password: 'prefix{{ db_password1 }}'
|
||
encrypted: 'yes'
|
||
environment:
|
||
PGCLIENTENCODING: 'UTF8'
|
||
|
||
- <<: *changed
|
||
|
||
- name: "Using MD5-hashed password: check that password changed when using another md5 hash with 'ENCRYPTED'"
|
||
<<: *task_parameters
|
||
postgresql_user:
|
||
<<: *parameters
|
||
password: "md5{{ ('prefix1' ~ db_password1 ~ db_user1) | hash('md5')}}"
|
||
encrypted: 'yes'
|
||
|
||
- <<: *changed
|
||
|
||
- name: "Using MD5-hashed password: check that password changed when using md5 hash with 'UNENCRYPTED'"
|
||
<<: *task_parameters
|
||
postgresql_user:
|
||
<<: *parameters
|
||
password: "md5{{ ('prefix2' ~ db_password1 ~ db_user1) | hash('md5')}}"
|
||
encrypted: 'no'
|
||
|
||
- <<: *changed
|
||
|
||
when: encrypted == 'yes'
|
||
|
||
- block:
|
||
|
||
- name: 'Using cleartext password: check that password not changed when using cleartext password'
|
||
<<: *task_parameters
|
||
postgresql_user:
|
||
<<: *parameters
|
||
password: "{{ db_password1 }}"
|
||
encrypted: 'no'
|
||
environment:
|
||
PGCLIENTENCODING: 'UTF8'
|
||
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
|
||
|
||
- <<: *not_changed
|
||
|
||
- name: 'Redefine the same expiration time and password (not encrypted)'
|
||
<<: *task_parameters
|
||
postgresql_user:
|
||
<<: *parameters
|
||
password: "{{ db_password1 }}"
|
||
encrypted: 'no'
|
||
expires: '2025-01-01'
|
||
environment:
|
||
PGCLIENTENCODING: 'UTF8'
|
||
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
|
||
|
||
- <<: *not_changed
|
||
|
||
- name: 'Using cleartext password: check that password changed when using another cleartext password'
|
||
<<: *task_parameters
|
||
postgresql_user:
|
||
<<: *parameters
|
||
password: "changed{{ db_password1 }}"
|
||
encrypted: 'no'
|
||
environment:
|
||
PGCLIENTENCODING: 'UTF8'
|
||
|
||
- <<: *changed
|
||
|
||
when: encrypted == 'no'
|
||
|
||
- name: Remove user
|
||
<<: *task_parameters
|
||
postgresql_user:
|
||
state: 'absent'
|
||
<<: *parameters
|
||
|
||
- <<: *changed
|
||
|
||
- name: Check that they were removed
|
||
<<: *task_parameters
|
||
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
|
||
environment:
|
||
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
|
||
|
||
- assert:
|
||
that:
|
||
- "result.stdout_lines[-1] == '(0 rows)'"
|
||
|
||
- name: Check that removing user a second time does nothing
|
||
<<: *task_parameters
|
||
postgresql_user:
|
||
state: 'absent'
|
||
<<: *parameters
|
||
environment:
|
||
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
|
||
|
||
- <<: *not_changed
|
||
|
||
always:
|
||
- name: Remove user
|
||
<<: *task_parameters
|
||
postgresql_user:
|
||
state: 'absent'
|
||
<<: *parameters
|