From 5febbca503686f4d157869ed53aabcaf5e745d6b Mon Sep 17 00:00:00 2001 From: Andrew Klychkov Date: Tue, 28 Apr 2020 10:42:08 +0300 Subject: [PATCH] postgresql_owner: add trust_input parameter (#198) * postgresql_owner: add trust_input parameter, allow to pass values containing dots to some parameters * add changelog fragment * fix CI * fix CI --- ...gresql_owner_add_trust_input_parameter.yml | 2 + .../database/postgresql/postgresql_owner.py | 49 +++--- .../postgresql_owner/defaults/main.yml | 2 + .../tasks/postgresql_owner_initial.yml | 160 ++++++++++++++++++ 4 files changed, 194 insertions(+), 19 deletions(-) create mode 100644 changelogs/fragments/198-postgresql_owner_add_trust_input_parameter.yml diff --git a/changelogs/fragments/198-postgresql_owner_add_trust_input_parameter.yml b/changelogs/fragments/198-postgresql_owner_add_trust_input_parameter.yml new file mode 100644 index 00000000000..8b7b385b306 --- /dev/null +++ b/changelogs/fragments/198-postgresql_owner_add_trust_input_parameter.yml @@ -0,0 +1,2 @@ +minor_changes: +- postgresql_owner - add the ``trust_input`` parameter (https://github.com/ansible-collections/community.general/pull/198). diff --git a/plugins/modules/database/postgresql/postgresql_owner.py b/plugins/modules/database/postgresql/postgresql_owner.py index 3c7274ca1fc..ce868b3f3bd 100644 --- a/plugins/modules/database/postgresql/postgresql_owner.py +++ b/plugins/modules/database/postgresql/postgresql_owner.py @@ -70,6 +70,11 @@ - Permissions checking for SQL commands is carried out as though the session_role were the one that had logged in originally. type: str + trust_input: + description: + - If C(no), check whether values of some parameters are potentially dangerous. + type: bool + default: yes seealso: - module: postgresql_user - module: postgresql_privs @@ -147,7 +152,10 @@ pass from ansible.module_utils.basic import AnsibleModule -from ansible_collections.community.general.plugins.module_utils.database import pg_quote_identifier +from ansible_collections.community.general.plugins.module_utils.database import ( + check_input, + pg_quote_identifier, +) from ansible_collections.community.general.plugins.module_utils.postgres import ( connect_to_db, exec_sql, @@ -218,7 +226,7 @@ def reassign(self, old_owners, fail_on_role): roles = [] for r in old_owners: if self.check_role_exists(r, fail_on_role): - roles.append(pg_quote_identifier(r, 'role')) + roles.append('"%s"' % r) # Roles do not exist, nothing to do, exit: if not roles: @@ -228,7 +236,7 @@ def reassign(self, old_owners, fail_on_role): query = ['REASSIGN OWNED BY'] query.append(old_owners) - query.append('TO %s' % pg_quote_identifier(self.role, 'role')) + query.append('TO "%s"' % self.role) query = ' '.join(query) self.changed = exec_sql(self, query, return_bool=True) @@ -323,50 +331,47 @@ def __is_owner(self): def __set_db_owner(self): """Set the database owner.""" - query = "ALTER DATABASE %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'database'), - pg_quote_identifier(self.role, 'role')) + query = 'ALTER DATABASE "%s" OWNER TO "%s"' % (self.obj_name, self.role) self.changed = exec_sql(self, query, return_bool=True) def __set_func_owner(self): """Set the function owner.""" - query = "ALTER FUNCTION %s OWNER TO %s" % (self.obj_name, - pg_quote_identifier(self.role, 'role')) + query = 'ALTER FUNCTION %s OWNER TO "%s"' % (self.obj_name, self.role) self.changed = exec_sql(self, query, return_bool=True) def __set_seq_owner(self): """Set the sequence owner.""" - query = "ALTER SEQUENCE %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'table'), - pg_quote_identifier(self.role, 'role')) + query = 'ALTER SEQUENCE %s OWNER TO "%s"' % (pg_quote_identifier(self.obj_name, 'table'), + self.role) self.changed = exec_sql(self, query, return_bool=True) def __set_schema_owner(self): """Set the schema owner.""" - query = "ALTER SCHEMA %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'schema'), - pg_quote_identifier(self.role, 'role')) + query = 'ALTER SCHEMA %s OWNER TO "%s"' % (pg_quote_identifier(self.obj_name, 'schema'), + self.role) self.changed = exec_sql(self, query, return_bool=True) def __set_table_owner(self): """Set the table owner.""" - query = "ALTER TABLE %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'table'), - pg_quote_identifier(self.role, 'role')) + query = 'ALTER TABLE %s OWNER TO "%s"' % (pg_quote_identifier(self.obj_name, 'table'), + self.role) self.changed = exec_sql(self, query, return_bool=True) def __set_tablespace_owner(self): """Set the tablespace owner.""" - query = "ALTER TABLESPACE %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'database'), - pg_quote_identifier(self.role, 'role')) + query = 'ALTER TABLESPACE "%s" OWNER TO "%s"' % (self.obj_name, self.role) self.changed = exec_sql(self, query, return_bool=True) def __set_view_owner(self): """Set the view owner.""" - query = "ALTER VIEW %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'table'), - pg_quote_identifier(self.role, 'role')) + query = 'ALTER VIEW %s OWNER TO "%s"' % (pg_quote_identifier(self.obj_name, 'table'), + self.role) self.changed = exec_sql(self, query, return_bool=True) def __set_mat_view_owner(self): """Set the materialized view owner.""" - query = "ALTER MATERIALIZED VIEW %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'table'), - pg_quote_identifier(self.role, 'role')) + query = 'ALTER MATERIALIZED VIEW %s OWNER TO "%s"' % (pg_quote_identifier(self.obj_name, 'table'), + self.role) self.changed = exec_sql(self, query, return_bool=True) def __role_exists(self, role): @@ -392,6 +397,7 @@ def main(): fail_on_role=dict(type='bool', default=True), db=dict(type='str', aliases=['login_db']), session_role=dict(type='str'), + trust_input=dict(type='bool', default=True), ) module = AnsibleModule( argument_spec=argument_spec, @@ -409,6 +415,11 @@ def main(): obj_type = module.params['obj_type'] reassign_owned_by = module.params['reassign_owned_by'] fail_on_role = module.params['fail_on_role'] + session_role = module.params['session_role'] + trust_input = module.params['trust_input'] + if not trust_input: + # Check input for potentially dangerous elements: + check_input(module, new_owner, obj_name, reassign_owned_by, session_role) conn_params = get_conn_params(module, module.params) db_connection = connect_to_db(module, conn_params, autocommit=False) diff --git a/tests/integration/targets/postgresql_owner/defaults/main.yml b/tests/integration/targets/postgresql_owner/defaults/main.yml index 1a5d6f307f8..e43723c47fd 100644 --- a/tests/integration/targets/postgresql_owner/defaults/main.yml +++ b/tests/integration/targets/postgresql_owner/defaults/main.yml @@ -1 +1,3 @@ test_tablespace_path: "/ssd" + +dangerous_name: 'curious.anonymous"; SELECT * FROM information_schema.tables; --' diff --git a/tests/integration/targets/postgresql_owner/tasks/postgresql_owner_initial.yml b/tests/integration/targets/postgresql_owner/tasks/postgresql_owner_initial.yml index cfc4db448da..5bcd63c28c9 100644 --- a/tests/integration/targets/postgresql_owner/tasks/postgresql_owner_initial.yml +++ b/tests/integration/targets/postgresql_owner/tasks/postgresql_owner_initial.yml @@ -9,12 +9,14 @@ with_items: - alice - bob + - name: postgresql_owner - create test database become_user: '{{ pg_user }}' become: true postgresql_db: login_user: '{{ pg_user }}' db: acme + - name: postgresql_owner - create test table become_user: '{{ pg_user }}' become: true @@ -22,6 +24,7 @@ login_user: '{{ pg_user }}' db: acme query: CREATE TABLE my_table (id int) + - name: postgresql_owner - set owner become_user: '{{ pg_user }}' become: true @@ -31,6 +34,7 @@ new_owner: bob obj_name: my_table obj_type: table + - name: postgresql_owner - create test sequence become_user: '{{ pg_user }}' become: true @@ -38,6 +42,7 @@ login_user: '{{ pg_user }}' db: acme query: CREATE SEQUENCE test_seq + - name: postgresql_owner - create test function become_user: '{{ pg_user }}' become: true @@ -45,6 +50,7 @@ login_user: '{{ pg_user }}' db: acme query: CREATE FUNCTION increment(integer) RETURNS integer AS 'select $1 + 1;' LANGUAGE SQL IMMUTABLE RETURNS NULL ON NULL INPUT; + - name: postgresql_owner - create test schema become_user: '{{ pg_user }}' become: true @@ -52,6 +58,7 @@ login_user: '{{ pg_user }}' db: acme query: CREATE SCHEMA test_schema + - name: postgresql_owner - create test view become_user: '{{ pg_user }}' become: true @@ -59,6 +66,7 @@ login_user: '{{ pg_user }}' db: acme query: CREATE VIEW test_view AS SELECT * FROM my_table + - name: postgresql_owner - create test materialized view become_user: '{{ pg_user }}' become: true @@ -67,16 +75,19 @@ db: acme query: CREATE MATERIALIZED VIEW test_mat_view AS SELECT * FROM my_table when: postgres_version_resp.stdout is version('9.4', '>=') + - name: postgresql_owner - drop dir for test tablespace become: true file: path: '{{ test_tablespace_path }}' state: absent ignore_errors: true + - name: postgresql_owner - disable selinux become: true shell: setenforce 0 ignore_errors: true + - name: postgresql_owner - create dir for test tablespace become: true file: @@ -86,6 +97,7 @@ group: '{{ pg_user }}' mode: '0700' ignore_errors: true + - name: postgresql_owner - create a new tablespace called acme and set bob as an its owner become_user: '{{ pg_user }}' become: true @@ -95,6 +107,7 @@ name: acme owner: alice location: '{{ test_tablespace_path }}' + - name: postgresql_owner - reassign_owned_by to non existent user become_user: '{{ pg_user }}' become: true @@ -105,9 +118,11 @@ reassign_owned_by: bob register: result ignore_errors: true + - assert: that: - result.failed == true + - name: postgresql_owner - reassign_owned_by, check fail_on_role become_user: '{{ pg_user }}' become: true @@ -118,9 +133,11 @@ reassign_owned_by: non_existent fail_on_role: false register: result + - assert: that: - result.failed == false + - name: postgresql_owner - reassign_owned_by in check_mode become_user: '{{ pg_user }}' become: true @@ -131,10 +148,12 @@ reassign_owned_by: bob check_mode: true register: result + - assert: that: - result is changed - result.queries == ['REASSIGN OWNED BY "bob" TO "alice"'] + - name: postgresql_owner - check that nothing changed after the previous step become_user: '{{ pg_user }}' become: true @@ -144,9 +163,11 @@ query: SELECT 1 FROM pg_tables WHERE tablename = 'my_table' AND tableowner = 'alice' ignore_errors: true register: result + - assert: that: - result.rowcount == 0 + - name: postgresql_owner - reassign_owned_by become_user: '{{ pg_user }}' become: true @@ -155,11 +176,14 @@ db: acme new_owner: alice reassign_owned_by: bob + trust_input: yes register: result + - assert: that: - result is changed - result.queries == ['REASSIGN OWNED BY "bob" TO "alice"'] + - name: postgresql_owner - check that ownership has been changed after the previous step become_user: '{{ pg_user }}' become: true @@ -169,9 +193,48 @@ query: SELECT 1 FROM pg_tables WHERE tablename = 'my_table' AND tableowner = 'alice' ignore_errors: true register: result + - assert: that: - result.rowcount == 1 + +########################### +# Test trust_inpt parameter + +- name: postgresql_owner - reassign_owned_by, trust_input no + become_user: '{{ pg_user }}' + become: true + postgresql_owner: + login_user: '{{ pg_user }}' + db: acme + new_owner: '{{ dangerous_name }}' + reassign_owned_by: alice + trust_input: no + register: result + ignore_errors: yes + +- assert: + that: + - result is failed + - result.msg == 'Passed input \'{{ dangerous_name }}\' is potentially dangerous' + +- name: postgresql_owner - reassign_owned_by, trust_input yes by default + become_user: '{{ pg_user }}' + become: true + postgresql_owner: + login_user: '{{ pg_user }}' + db: acme + new_owner: '{{ dangerous_name }}' + reassign_owned_by: alice + register: result + ignore_errors: yes + +- assert: + that: + - result is not changed + - result.msg is search('does not exist') +# End of testing trust_input + - name: postgresql_owner - set db owner in check_mode become_user: '{{ pg_user }}' become: true @@ -183,10 +246,12 @@ obj_type: database check_mode: true register: result + - assert: that: - result is changed - result.queries == ['ALTER DATABASE "acme" OWNER TO "bob"'] + - name: postgresql_owner - check that nothing changed after the previous step become_user: '{{ pg_user }}' become: true @@ -196,9 +261,11 @@ query: SELECT 1 FROM pg_database AS d JOIN pg_roles AS r ON d.datdba = r.oid WHERE d.datname = 'acme' AND r.rolname = 'bob' ignore_errors: true register: result + - assert: that: - result.rowcount == 0 + - name: postgresql_owner - set db owner become_user: '{{ pg_user }}' become: true @@ -209,10 +276,12 @@ obj_name: acme obj_type: database register: result + - assert: that: - result is changed - result.queries == ['ALTER DATABASE "acme" OWNER TO "bob"'] + - name: postgresql_owner - check that db owner has been changed after the previous step become_user: '{{ pg_user }}' become: true @@ -222,9 +291,11 @@ query: SELECT 1 FROM pg_database AS d JOIN pg_roles AS r ON d.datdba = r.oid WHERE d.datname = 'acme' AND r.rolname = 'bob' ignore_errors: true register: result + - assert: that: - result.rowcount == 1 + - name: postgresql_owner - set db owner again become_user: '{{ pg_user }}' become: true @@ -235,10 +306,12 @@ obj_name: acme obj_type: database register: result + - assert: that: - result is not changed - result.queries == [] + - name: postgresql_owner - check that db owner is bob become_user: '{{ pg_user }}' become: true @@ -248,9 +321,11 @@ query: SELECT 1 FROM pg_database AS d JOIN pg_roles AS r ON d.datdba = r.oid WHERE d.datname = 'acme' AND r.rolname = 'bob' ignore_errors: true register: result + - assert: that: - result.rowcount == 1 + - name: postgresql_owner - set table owner in check_mode become_user: '{{ pg_user }}' become: true @@ -262,10 +337,12 @@ obj_type: table check_mode: true register: result + - assert: that: - result is changed - result.queries == ['ALTER TABLE "my_table" OWNER TO "bob"'] + - name: postgresql_owner - check that nothing changed after the previous step become_user: '{{ pg_user }}' become: true @@ -275,9 +352,11 @@ query: SELECT 1 FROM pg_tables WHERE tablename = 'my_table' AND tableowner = 'bob' ignore_errors: true register: result + - assert: that: - result.rowcount == 0 + - name: postgresql_owner - set db owner become_user: '{{ pg_user }}' become: true @@ -288,10 +367,12 @@ obj_name: my_table obj_type: table register: result + - assert: that: - result is changed - result.queries == ['ALTER TABLE "my_table" OWNER TO "bob"'] + - name: postgresql_owner - check that table owner has been changed after the previous step become_user: '{{ pg_user }}' become: true @@ -301,9 +382,11 @@ query: SELECT 1 FROM pg_tables WHERE tablename = 'my_table' AND tableowner = 'bob' ignore_errors: true register: result + - assert: that: - result.rowcount == 1 + - name: postgresql_owner - set db owner again become_user: '{{ pg_user }}' become: true @@ -314,10 +397,12 @@ obj_name: my_table obj_type: table register: result + - assert: that: - result is not changed - result.queries == [] + - name: postgresql_owner - check that table owner is bob become_user: '{{ pg_user }}' become: true @@ -327,9 +412,11 @@ query: SELECT 1 FROM pg_tables WHERE tablename = 'my_table' AND tableowner = 'bob' ignore_errors: true register: result + - assert: that: - result.rowcount == 1 + - name: postgresql_owner - set sequence owner in check_mode become_user: '{{ pg_user }}' become: true @@ -341,10 +428,12 @@ obj_type: sequence check_mode: true register: result + - assert: that: - result is changed - result.queries == ['ALTER SEQUENCE "test_seq" OWNER TO "bob"'] + - name: postgresql_owner - check that nothing changed after the previous step become_user: '{{ pg_user }}' become: true @@ -354,9 +443,11 @@ query: SELECT 1 FROM pg_class AS c JOIN pg_roles AS r ON c.relowner = r.oid WHERE c.relkind = 'S' AND c.relname = 'test_seq' AND r.rolname = 'bob' ignore_errors: true register: result + - assert: that: - result.rowcount == 0 + - name: postgresql_owner - set db owner become_user: '{{ pg_user }}' become: true @@ -367,10 +458,12 @@ obj_name: test_seq obj_type: sequence register: result + - assert: that: - result is changed - result.queries == ['ALTER SEQUENCE "test_seq" OWNER TO "bob"'] + - name: postgresql_owner - check that table owner has been changed after the previous step become_user: '{{ pg_user }}' become: true @@ -380,9 +473,11 @@ query: SELECT 1 FROM pg_class AS c JOIN pg_roles AS r ON c.relowner = r.oid WHERE c.relkind = 'S' AND c.relname = 'test_seq' AND r.rolname = 'bob' ignore_errors: true register: result + - assert: that: - result.rowcount == 1 + - name: postgresql_owner - set db owner again become_user: '{{ pg_user }}' become: true @@ -393,10 +488,12 @@ obj_name: test_seq obj_type: sequence register: result + - assert: that: - result is not changed - result.queries == [] + - name: postgresql_owner - check that sequence owner is bob become_user: '{{ pg_user }}' become: true @@ -406,9 +503,11 @@ query: SELECT 1 FROM pg_class AS c JOIN pg_roles AS r ON c.relowner = r.oid WHERE c.relkind = 'S' AND c.relname = 'test_seq' AND r.rolname = 'bob' ignore_errors: true register: result + - assert: that: - result.rowcount == 1 + - name: postgresql_owner - set function owner in check_mode become_user: '{{ pg_user }}' become: true @@ -421,11 +520,13 @@ check_mode: true register: result when: postgres_version_resp.stdout is version('10', '>=') + - assert: that: - result is changed - result.queries == ['ALTER FUNCTION increment OWNER TO "bob"'] when: postgres_version_resp.stdout is version('10', '>=') + - name: postgresql_owner - check that nothing changed after the previous step become_user: '{{ pg_user }}' become: true @@ -436,10 +537,12 @@ ignore_errors: true register: result when: postgres_version_resp.stdout is version('10', '>=') + - assert: that: - result.rowcount == 0 when: postgres_version_resp.stdout is version('10', '>=') + - name: postgresql_owner - set func owner become_user: '{{ pg_user }}' become: true @@ -451,11 +554,13 @@ obj_type: function register: result when: postgres_version_resp.stdout is version('10', '>=') + - assert: that: - result is changed - result.queries == ['ALTER FUNCTION increment OWNER TO "bob"'] when: postgres_version_resp.stdout is version('10', '>=') + - name: postgresql_owner - check that func owner has been changed after the previous step become_user: '{{ pg_user }}' become: true @@ -466,10 +571,12 @@ ignore_errors: true register: result when: postgres_version_resp.stdout is version('10', '>=') + - assert: that: - result.rowcount == 1 when: postgres_version_resp.stdout is version('10', '>=') + - name: postgresql_owner - set func owner again become_user: '{{ pg_user }}' become: true @@ -481,11 +588,13 @@ obj_type: function register: result when: postgres_version_resp.stdout is version('10', '>=') + - assert: that: - result is not changed - result.queries == [] when: postgres_version_resp.stdout is version('10', '>=') + - name: postgresql_owner - check that function owner is bob become_user: '{{ pg_user }}' become: true @@ -496,10 +605,12 @@ ignore_errors: true register: result when: postgres_version_resp.stdout is version('10', '>=') + - assert: that: - result.rowcount == 1 when: postgres_version_resp.stdout is version('10', '>=') + - name: postgresql_owner - set schema owner in check_mode become_user: '{{ pg_user }}' become: true @@ -511,10 +622,12 @@ obj_type: schema check_mode: true register: result + - assert: that: - result is changed - result.queries == ['ALTER SCHEMA "test_schema" OWNER TO "bob"'] + - name: postgresql_owner - check that nothing changed after the previous step become_user: '{{ pg_user }}' become: true @@ -524,9 +637,11 @@ query: SELECT 1 FROM information_schema.schemata WHERE schema_name = 'test_schema' AND schema_owner = 'bob' ignore_errors: true register: result + - assert: that: - result.rowcount == 0 + - name: postgresql_owner - set schema owner become_user: '{{ pg_user }}' become: true @@ -537,10 +652,12 @@ obj_name: test_schema obj_type: schema register: result + - assert: that: - result is changed - result.queries == ['ALTER SCHEMA "test_schema" OWNER TO "bob"'] + - name: postgresql_owner - check that schema owner has been changed after the previous step become_user: '{{ pg_user }}' become: true @@ -550,9 +667,11 @@ query: SELECT 1 FROM information_schema.schemata WHERE schema_name = 'test_schema' AND schema_owner = 'bob' ignore_errors: true register: result + - assert: that: - result.rowcount == 1 + - name: postgresql_owner - set schema owner again become_user: '{{ pg_user }}' become: true @@ -563,10 +682,12 @@ obj_name: test_seq obj_type: sequence register: result + - assert: that: - result is not changed - result.queries == [] + - name: postgresql_owner - check that schema owner is bob become_user: '{{ pg_user }}' become: true @@ -576,9 +697,11 @@ query: SELECT 1 FROM information_schema.schemata WHERE schema_name = 'test_schema' AND schema_owner = 'bob' ignore_errors: true register: result + - assert: that: - result.rowcount == 1 + - name: postgresql_owner - set view owner in check_mode become_user: '{{ pg_user }}' become: true @@ -590,10 +713,12 @@ obj_type: view check_mode: true register: result + - assert: that: - result is changed - result.queries == ['ALTER VIEW "test_view" OWNER TO "bob"'] + - name: postgresql_owner - check that nothing changed after the previous step become_user: '{{ pg_user }}' become: true @@ -603,9 +728,11 @@ query: SELECT 1 FROM pg_views WHERE viewname = 'test_view' AND viewowner = 'bob' ignore_errors: true register: result + - assert: that: - result.rowcount == 0 + - name: postgresql_owner - set view owner become_user: '{{ pg_user }}' become: true @@ -616,10 +743,12 @@ obj_name: test_view obj_type: view register: result + - assert: that: - result is changed - result.queries == ['ALTER VIEW "test_view" OWNER TO "bob"'] + - name: postgresql_owner - check that view owner has been changed after the previous step become_user: '{{ pg_user }}' become: true @@ -629,9 +758,11 @@ query: SELECT 1 FROM pg_views WHERE viewname = 'test_view' AND viewowner = 'bob' ignore_errors: true register: result + - assert: that: - result.rowcount == 1 + - name: postgresql_owner - set view owner again become_user: '{{ pg_user }}' become: true @@ -642,10 +773,12 @@ obj_name: test_view obj_type: view register: result + - assert: that: - result is not changed - result.queries == [] + - name: postgresql_owner - check that view owner is bob become_user: '{{ pg_user }}' become: true @@ -655,9 +788,11 @@ query: SELECT 1 FROM pg_views WHERE viewname = 'test_view' AND viewowner = 'bob' ignore_errors: true register: result + - assert: that: - result.rowcount == 1 + - name: postgresql_owner - set matview owner in check_mode become_user: '{{ pg_user }}' become: true @@ -670,11 +805,13 @@ check_mode: true register: result when: postgres_version_resp.stdout is version('9.4', '>=') + - assert: that: - result is changed - result.queries == ['ALTER MATERIALIZED VIEW "test_mat_view" OWNER TO "bob"'] when: postgres_version_resp.stdout is version('9.4', '>=') + - name: postgresql_owner - check that nothing changed after the previous step become_user: '{{ pg_user }}' become: true @@ -685,10 +822,12 @@ ignore_errors: true register: result when: postgres_version_resp.stdout is version('9.4', '>=') + - assert: that: - result.rowcount == 0 when: postgres_version_resp.stdout is version('9.4', '>=') + - name: postgresql_owner - set matview owner become_user: '{{ pg_user }}' become: true @@ -700,11 +839,13 @@ obj_type: matview register: result when: postgres_version_resp.stdout is version('9.4', '>=') + - assert: that: - result is changed - result.queries == ['ALTER MATERIALIZED VIEW "test_mat_view" OWNER TO "bob"'] when: postgres_version_resp.stdout is version('9.4', '>=') + - name: postgresql_owner - check that matview owner has been changed after the previous step become_user: '{{ pg_user }}' become: true @@ -715,10 +856,12 @@ ignore_errors: true register: result when: postgres_version_resp.stdout is version('9.4', '>=') + - assert: that: - result.rowcount == 1 when: postgres_version_resp.stdout is version('9.4', '>=') + - name: postgresql_owner - set matview owner again become_user: '{{ pg_user }}' become: true @@ -730,11 +873,13 @@ obj_type: matview register: result when: postgres_version_resp.stdout is version('9.4', '>=') + - assert: that: - result is not changed - result.queries == [] when: postgres_version_resp.stdout is version('9.4', '>=') + - name: postgresql_owner - check that matview owner is bob become_user: '{{ pg_user }}' become: true @@ -745,10 +890,12 @@ ignore_errors: true register: result when: postgres_version_resp.stdout is version('9.4', '>=') + - assert: that: - result.rowcount == 1 when: postgres_version_resp.stdout is version('9.4', '>=') + - name: postgresql_owner - set tablespace owner in check_mode become_user: '{{ pg_user }}' become: true @@ -760,10 +907,12 @@ obj_type: tablespace check_mode: true register: result + - assert: that: - result is changed - result.queries == ['ALTER TABLESPACE "acme" OWNER TO "bob"'] + - name: postgresql_owner - check that nothing changed after the previous step become_user: '{{ pg_user }}' become: true @@ -773,9 +922,11 @@ query: SELECT 1 FROM pg_tablespace AS t JOIN pg_roles AS r ON t.spcowner = r.oid WHERE t.spcname = 'acme' AND r.rolname = 'bob' ignore_errors: true register: result + - assert: that: - result.rowcount == 0 + - name: postgresql_owner - set tablespace owner become_user: '{{ pg_user }}' become: true @@ -786,10 +937,12 @@ obj_name: acme obj_type: tablespace register: result + - assert: that: - result is changed - result.queries == ['ALTER TABLESPACE "acme" OWNER TO "bob"'] + - name: postgresql_owner - check that tablespace owner has been changed after the previous step become_user: '{{ pg_user }}' become: true @@ -799,9 +952,11 @@ query: SELECT 1 FROM pg_tablespace AS t JOIN pg_roles AS r ON t.spcowner = r.oid WHERE t.spcname = 'acme' AND r.rolname = 'bob' ignore_errors: true register: result + - assert: that: - result.rowcount == 1 + - name: postgresql_owner - set tablespace owner again become_user: '{{ pg_user }}' become: true @@ -812,10 +967,12 @@ obj_name: acme obj_type: tablespace register: result + - assert: that: - result is not changed - result.queries == [] + - name: postgresql_owner - check that tablespace owner is bob become_user: '{{ pg_user }}' become: true @@ -825,9 +982,11 @@ query: SELECT 1 FROM pg_tablespace AS t JOIN pg_roles AS r ON t.spcowner = r.oid WHERE t.spcname = 'acme' AND r.rolname = 'bob' ignore_errors: true register: result + - assert: that: - result.rowcount == 1 + - name: postgresql_owner - create test database become_user: '{{ pg_user }}' become: true @@ -835,6 +994,7 @@ login_user: '{{ pg_user }}' db: acme state: absent + - name: postgresql_owner - drop test tablespace become_user: '{{ pg_user }}' become: true