ansible/test/integration/targets/postgresql/tasks/main.yml

926 lines
26 KiB
YAML
Raw Normal View History

2014-12-02 03:57:40 +01:00
#
# Create and destroy db
#
- name: Create DB
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_db:
state: present
name: "{{ db_name }}"
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
register: result
- name: assert that module reports the db was created
assert:
that:
- "result.changed == true"
- "result.db =='{{ db_name }}'"
- name: Check that database created
become_user: "{{ pg_user }}"
become: True
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
2014-12-02 03:57:40 +01:00
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- name: Run create on an already created db
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_db:
state: present
name: "{{ db_name }}"
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
register: result
- name: assert that module reports the db was unchanged
assert:
that:
- "result.changed == false"
- name: Destroy DB
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_db:
state: absent
name: "{{ db_name }}"
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
register: result
- name: assert that module reports the db was changed
assert:
that:
- "result.changed == true"
- name: Check that database was destroyed
become_user: "{{ pg_user }}"
become: True
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
2014-12-02 03:57:40 +01:00
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Destroy DB
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_db:
state: absent
name: "{{ db_name }}"
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
register: result
- name: assert that removing an alreaady removed db makes no change
assert:
that:
- "result.changed == false"
# This corner case works to add but not to drop. This is sufficiently crazy
# that I'm not going to attempt to fix it unless someone lets me know that they
# need the functionality
#
# - postgresql_db:
# state: 'present'
# name: '"silly.""name"'
# - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql
# register: result
#
# - assert:
# that: "result.stdout_lines[-1] == '(1 row)'"
# - postgresql_db:
# state: absent
# name: '"silly.""name"'
# - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql
# register: result
#
# - assert:
# that: "result.stdout_lines[-1] == '(0 rows)'"
#
# Test conn_limit, encoding, collate, ctype, template options
2014-12-02 03:57:40 +01:00
#
- name: Create a DB with conn_limit, encoding, collate, ctype, and template options
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_db:
name: '{{ db_name }}'
state: 'present'
conn_limit: '100'
2014-12-02 03:57:40 +01:00
encoding: 'LATIN1'
lc_collate: 'pt_BR{{ locale_latin_suffix }}'
lc_ctype: 'es_ES{{ locale_latin_suffix }}'
2014-12-02 03:57:40 +01:00
template: 'template0'
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
- name: Check that the DB has all of our options
become_user: "{{ pg_user }}"
become: True
shell: echo "select datname, datconnlimit, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres
2014-12-02 03:57:40 +01:00
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- "'LATIN1' in result.stdout_lines[-2]"
- "'pt_BR' in result.stdout_lines[-2]"
- "'es_ES' in result.stdout_lines[-2]"
2014-12-02 03:57:40 +01:00
- "'UTF8' not in result.stdout_lines[-2]"
- "'en_US' not in result.stdout_lines[-2]"
- "'100' in result.stdout_lines[-2]"
2014-12-02 03:57:40 +01:00
- name: Check that running db cration with options a second time does nothing
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_db:
name: '{{ db_name }}'
state: 'present'
conn_limit: '100'
2014-12-02 03:57:40 +01:00
encoding: 'LATIN1'
lc_collate: 'pt_BR{{ locale_latin_suffix }}'
lc_ctype: 'es_ES{{ locale_latin_suffix }}'
2014-12-02 03:57:40 +01:00
template: 'template0'
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
register: result
- assert:
that:
- 'result.changed == False'
- name: Check that attempting to change encoding returns an error
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_db:
name: '{{ db_name }}'
state: 'present'
encoding: 'UTF8'
lc_collate: 'pt_BR{{ locale_utf8_suffix }}'
lc_ctype: 'es_ES{{ locale_utf8_suffix }}'
2014-12-02 03:57:40 +01:00
template: 'template0'
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
register: result
ignore_errors: True
- assert:
that:
- 'result.failed == True'
- name: Check that changing the conn_limit actually works
become_user: "{{ pg_user }}"
become: True
postgresql_db:
name: '{{ db_name }}'
state: 'present'
conn_limit: '200'
encoding: 'LATIN1'
lc_collate: 'pt_BR{{ locale_latin_suffix }}'
lc_ctype: 'es_ES{{ locale_latin_suffix }}'
template: 'template0'
login_user: "{{ pg_user }}"
register: result
- assert:
that:
- 'result.changed == True'
- name: Check that conn_limit has actually been set / updated to 200
become_user: "{{ pg_user }}"
become: True
shell: echo "SELECT datconnlimit AS conn_limit FROM pg_database WHERE datname = '{{ db_name }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- "'200' == '{{ result.stdout_lines[-2] | trim }}'"
2014-12-02 03:57:40 +01:00
- name: Cleanup test DB
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_db:
name: '{{ db_name }}'
state: 'absent'
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
- shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
#
# Create and destroy user, test 'password' and 'encrypted' parameters
2014-12-02 03:57:40 +01:00
#
# unencrypted values are not supported on newer versions
# do not run the encrypted: no tests if on 10+
- name: Get PostgreSQL version
become_user: "{{ pg_user }}"
become: True
shell: "echo 'SHOW SERVER_VERSION' | psql --tuples-only --no-align --dbname postgres"
register: postgres_version_resp
2014-12-02 03:57:40 +01:00
- name: Print PostgreSQL server version
debug:
msg: "{{ postgres_version_resp.stdout }}"
2014-12-02 03:57:40 +01:00
- set_fact:
encryption_values:
- 'yes'
- set_fact:
encryption_values: '{{ encryption_values + ["no"]}}'
when: postgres_version_resp.stdout is version('10', '<=')
- include: test_password.yml
vars:
encrypted: '{{ item }}'
db_password1: 'secretù' # use UTF-8
loop: '{{ encryption_values }}'
# BYPASSRLS role attribute was introduced in PostgreSQL 9.5, so
# we want to test atrribute management differently depending
# on the version.
- set_fact:
bypassrls_supported: "{{ postgres_version_resp.stdout is version('9.5.0', '>=') }}"
2014-12-02 03:57:40 +01:00
# test 'no_password_change' and 'role_attr_flags' parameters
- include: test_no_password_change.yml
vars:
no_password_changes: '{{ item }}'
with_items:
- 'yes'
- 'no'
### TODO: fail_on_user
2014-12-02 03:57:40 +01:00
#
# Test db ownership
#
- name: Create an unprivileged user to own a DB
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
login_user: "{{ pg_user }}"
db: postgres
2014-12-02 03:57:40 +01:00
- name: Create db with user ownership
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_db:
name: "{{ db_name }}"
state: "present"
owner: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
- name: Check that the user owns the newly created DB
become_user: "{{ pg_user }}"
become: True
shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql -d postgres
2014-12-02 03:57:40 +01:00
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- "'{{ db_user1 }}' == '{{ result.stdout_lines[-2] | trim }}'"
- name: Change the owner on an existing db
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_db:
name: "{{ db_name }}"
state: "present"
owner: "{{ pg_user }}"
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
register: result
- name: assert that ansible says it changed the db
assert:
that:
- "result.changed == True"
- name: Check that the user owns the newly created DB
become_user: "{{ pg_user }}"
become: True
shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql -d postgres
2014-12-02 03:57:40 +01:00
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- "'{{ pg_user }}' == '{{ result.stdout_lines[-2] | trim }}'"
2014-12-02 03:57:40 +01:00
- name: Cleanup db
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_db:
name: "{{ db_name }}"
state: "absent"
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
- name: Check that database was destroyed
become_user: "{{ pg_user }}"
become: True
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
2014-12-02 03:57:40 +01:00
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Cleanup test user
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
login_user: "{{ pg_user }}"
db: postgres
2014-12-02 03:57:40 +01:00
- name: Check that they were removed
become_user: "{{ pg_user }}"
become: True
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
2014-12-02 03:57:40 +01:00
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
#
2016-12-11 03:50:09 +01:00
# Test settings privileges
2014-12-02 03:57:40 +01:00
#
- name: Create db
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_db:
name: "{{ db_name }}"
state: "present"
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
- name: Create some tables on the db
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
shell: echo "create table test_table1 (field text);" | psql {{ db_name }}
- become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
shell: echo "create table test_table2 (field text);" | psql {{ db_name }}
- vars:
db_password: 'secretù' # use UTF-8
block:
- name: Create a user with some permissions on the db
become_user: "{{ pg_user }}"
become: True
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
password: "md5{{ (db_password ~ db_user1) | hash('md5')}}"
db: "{{ db_name }}"
priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP'
login_user: "{{ pg_user }}"
- include: pg_authid_not_readable.yml
2014-12-02 03:57:40 +01:00
- name: Check that the user has the requested permissions (table1)
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
register: result_table1
- name: Check that the user has the requested permissions (table2)
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- name: Check that the user has the requested permissions (database)
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
register: result_database
- assert:
that:
- "result_table1.stdout_lines[-1] == '(7 rows)'"
- "'INSERT' in result_table1.stdout"
- "'SELECT' in result_table1.stdout"
- "'UPDATE' in result_table1.stdout"
- "'DELETE' in result_table1.stdout"
- "'TRUNCATE' in result_table1.stdout"
- "'REFERENCES' in result_table1.stdout"
- "'TRIGGER' in result_table1.stdout"
- "result_table2.stdout_lines[-1] == '(1 row)'"
- "'INSERT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
- "result_database.stdout_lines[-1] == '(1 row)'"
- "'{{ db_user1 }}=CTc/{{ pg_user }}' in result_database.stdout_lines[-2]"
2014-12-02 03:57:40 +01:00
- name: Add another permission for the user
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
db: "{{ db_name }}"
priv: 'test_table2:select'
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
register: results
- name: Check that ansible reports it changed the user
assert:
that:
- "results.changed == True"
- name: Check that the user has the requested permissions (table2)
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- assert:
that:
- "result_table2.stdout_lines[-1] == '(2 rows)'"
- "'INSERT' in result_table2.stdout"
- "'SELECT' in result_table2.stdout"
#
# Test priv setting via postgresql_privs module
# (Depends on state from previous _user privs tests)
#
- name: Revoke a privilege
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_privs:
type: "table"
state: "absent"
roles: "{{ db_user1 }}"
privs: "INSERT"
objs: "test_table2"
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
register: results
- name: Check that ansible reports it changed the user
assert:
that:
- "results.changed == True"
- name: Check that the user has the requested permissions (table2)
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- assert:
that:
- "result_table2.stdout_lines[-1] == '(1 row)'"
- "'SELECT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
- name: Revoke many privileges on multiple tables
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_privs:
state: "absent"
roles: "{{ db_user1 }}"
privs: "INSERT,select,UPDATE,TRUNCATE,REFERENCES,TRIGGER,delete"
objs: "test_table2,test_table1"
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
register: results
- name: Check that ansible reports it changed the user
assert:
that:
- "results.changed == True"
- name: Check that permissions were revoked (table1)
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
register: result_table1
- name: Check that permissions were revoked (table2)
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- assert:
that:
- "result_table1.stdout_lines[-1] == '(0 rows)'"
- "result_table2.stdout_lines[-1] == '(0 rows)'"
- name: Revoke database privileges
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_privs:
type: "database"
state: "absent"
roles: "{{ db_user1 }}"
privs: "Create,connect,TEMP"
objs: "{{ db_name }}"
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
- name: Check that the user has the requested permissions (database)
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
register: result_database
- assert:
that:
- "result_database.stdout_lines[-1] == '(1 row)'"
- "'{{ db_user1 }}' not in result_database.stdout"
- name: Grant database privileges
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_privs:
type: "database"
state: "present"
roles: "{{ db_user1 }}"
privs: "CREATE,connect"
objs: "{{ db_name }}"
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
register: results
- name: Check that ansible reports it changed the user
assert:
that:
- "results.changed == True"
- name: Check that the user has the requested permissions (database)
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
register: result_database
- assert:
that:
- "result_database.stdout_lines[-1] == '(1 row)'"
- "'{{ db_user1 }}=Cc' in result_database.stdout"
- name: Grant a single privilege on a table
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_privs:
state: "present"
roles: "{{ db_user1 }}"
privs: "INSERT"
objs: "test_table1"
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
- name: Check that permissions were added (table1)
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
register: result_table1
- assert:
that:
- "result_table1.stdout_lines[-1] == '(1 row)'"
- "'{{ result_table1.stdout_lines[-2] | trim }}' == 'INSERT'"
- name: Grant many privileges on multiple tables
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_privs:
state: "present"
roles: "{{ db_user1 }}"
privs: 'INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,trigger'
objs: "test_table2,test_table1"
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
- name: Check that permissions were added (table1)
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
register: result_table1
- name: Check that permissions were added (table2)
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- assert:
that:
- "result_table1.stdout_lines[-1] == '(7 rows)'"
- "'INSERT' in result_table1.stdout"
- "'SELECT' in result_table1.stdout"
- "'UPDATE' in result_table1.stdout"
- "'DELETE' in result_table1.stdout"
- "'TRUNCATE' in result_table1.stdout"
- "'REFERENCES' in result_table1.stdout"
- "'TRIGGER' in result_table1.stdout"
- "result_table2.stdout_lines[-1] == '(7 rows)'"
- "'INSERT' in result_table2.stdout"
- "'SELECT' in result_table2.stdout"
- "'UPDATE' in result_table2.stdout"
- "'DELETE' in result_table2.stdout"
- "'TRUNCATE' in result_table2.stdout"
- "'REFERENCES' in result_table2.stdout"
- "'TRIGGER' in result_table2.stdout"
#
# Cleanup
#
- name: Cleanup db
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_db:
name: "{{ db_name }}"
state: "absent"
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
- name: Check that database was destroyed
become_user: "{{ pg_user }}"
become: True
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
2014-12-02 03:57:40 +01:00
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Cleanup test user
become_user: "{{ pg_user }}"
become: True
2014-12-02 03:57:40 +01:00
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
login_user: "{{ pg_user }}"
db: postgres
2014-12-02 03:57:40 +01:00
- name: Check that they were removed
become_user: "{{ pg_user }}"
become: True
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
2014-12-02 03:57:40 +01:00
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
#
# Test login_user functionality
#
- name: Create a user to test login module parameters
become: True
become_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
postgresql_user:
name: "{{ db_user1 }}"
state: "present"
encrypted: 'yes'
2014-12-02 03:57:40 +01:00
password: "password"
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
login_user: "{{ pg_user }}"
db: postgres
2014-12-02 03:57:40 +01:00
- name: Create db
postgresql_db:
name: "{{ db_name }}"
state: "present"
login_user: "{{ db_user1 }}"
login_password: "password"
login_host: "localhost"
- name: Check that database created
become: True
become_user: "{{ pg_user }}"
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
2014-12-02 03:57:40 +01:00
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- name: Create a user
postgresql_user:
name: "{{ db_user2 }}"
state: "present"
encrypted: 'yes'
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
db: "{{ db_name }}"
login_user: "{{ db_user1 }}"
login_password: "password"
login_host: "localhost"
- name: Check that it was created
become: True
become_user: "{{ pg_user }}"
shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres
2014-12-02 03:57:40 +01:00
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- name: Grant database privileges
postgresql_privs:
type: "database"
state: "present"
roles: "{{ db_user2 }}"
privs: "CREATE,connect"
objs: "{{ db_name }}"
db: "{{ db_name }}"
login: "{{ db_user1 }}"
password: "password"
host: "localhost"
- name: Check that the user has the requested permissions (database)
become: True
become_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
register: result_database
- assert:
that:
- "result_database.stdout_lines[-1] == '(1 row)'"
- "'{{ db_user2 }}=Cc' in result_database.stdout"
- name: Remove user
postgresql_user:
name: "{{ db_user2 }}"
state: 'absent'
priv: "ALL"
db: "{{ db_name }}"
login_user: "{{ db_user1 }}"
login_password: "password"
login_host: "localhost"
- name: Check that they were removed
become: True
become_user: "{{ pg_user }}"
shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres
2014-12-02 03:57:40 +01:00
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Destroy DB
postgresql_db:
state: absent
name: "{{ db_name }}"
login_user: "{{ db_user1 }}"
login_password: "password"
login_host: "localhost"
- name: Check that database was destroyed
become: True
become_user: "{{ pg_user }}"
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
2014-12-02 03:57:40 +01:00
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
# Test ssl.
# Restricted using Debian family because of there are errors on other distributions
# that not related with PostgreSQL or psycopg2 SSL support.
# The tests' key point is to be sure that ssl options work in general
- include: ssl.yml
when: ansible_os_family == 'Debian' and postgres_version_resp.stdout is version('9.4', '>=')
# Test postgresql_user module
- import_tasks: postgresql_user.yml
# Test postgresql_set
- include: postgresql_set.yml
when: postgres_version_resp.stdout is version('9.4', '>=')
# Verify different session_role scenarios
- include: session_role.yml
# Test postgresql_idx module
- include: postgresql_idx.yml
# Test postgresql_query module
- include: postgresql_query.yml
# Verify postgresql_ping module
- include: postgresql_ping.yml db_name_nonexist=fake_db
# Test postgresql_tablespace module
- include: postgresql_tablespace.yml
# Test postgresql_db module, specific options:
- include: postgresql_db.yml
# Test postgresql_privs
- include: postgresql_privs.yml
# Test postgresql_info module
- include: postgresql_info.yml
New module postgresql_facts: Gathers facts about PostgreSQL servers. (#51164) * New module postgresql_facts: Gathers facts about remote PostgreSQL instances * New module postgresql_facts: fix default values of function * New module postgresql_facts: add extension support * New module postgresql_facts: fixed typo * New module postgresql_facts: added integration test * New module postgresql_facts: fix test error * New module postgresql_facts: add info about min server version * New module postgresql_facts: fix * New module postgresql_facts: fix * New module postgresql_facts: added repl stat tables checks * New module postgresql_facts: fix * New module postgresql_facts: fix * New module postgresql_facts: fix * New module postgresql_facts: fix * New module postgresql_facts: fix * New module postgresql_facts: fix * New module postgresql_facts: fix * New module postgresql_facts: ansible_facts -> postgresql_facts * New module postgresql_facts: fix ci New module postgresql_facts: revision for review New module postgresql_facts: revision for review, fix * fix doc * New module postgresql_facts: add data types to param dict * New module postgresql_facts: code refactoring * # This is a combination of 3 commits. # The first commit's message is: New module postgresql_facts: incl_subset => filter # This is the 2nd commit message: New module postgresql_facts: fix a typo # This is the 3rd commit message: New module postgresql_facts: fixes * New module postgresql_facts: incl_subset => filter New module postgresql_facts: fix a typo New module postgresql_facts: fixes Various cosmetic and doc changes * New module postgresql_facts: fix filter type * New module postgresql_facts: fix sanity * New module postgresql_facts: change ansible_facts to postgresql_facts * New module postgresql_facts: fix tests * New module postgresql_facts: fixes * New module postgresql_facts: fixes * New module postgresql_facts: fixes * New module postgresql_facts: doc fixes * New module postgresql_facts: added pretty_val * New module postgresql_facts: added pending restart * New module postgresql_facts: fix documentation * New module postgresql_facts: fix documentation * New module postgresql_facts: fixes by KN * New module postgresql_facts: fixed sanity * New module postgresql_facts: fixed tests
2019-03-18 12:31:32 +01:00
# Test default_privs with target_role
- include: test_target_role.yml
when: postgres_version_resp.stdout is version('9.1', '>=')
# Test postgresql_copy module
- include: postgresql_copy.yml
when: postgres_version_resp.stdout is version('9.4', '>=')
# Test postgresql_sequence module
- include: postgresql_sequence.yml
when: postgres_version_resp.stdout is version('9.0', '>=')
# Test postgresql_ext.
# pg_extension system view is available from PG 9.1.
# The tests are restricted by Fedora because there will be errors related with
# attempts to change the environment during postgis installation or
# missing postgis package in repositories.
# Anyway, these tests completely depend on Postgres version,
# not specific distributions.
- include: postgresql_ext.yml
when: postgres_version_resp.stdout is version('9.1', '>=') and ansible_distribution == 'Fedora'
- include: postgresql_ext_version_opt.yml
when: ansible_distribution == 'Ubuntu'
# Test postgresql_slot module.
# Physical replication slots are available from PostgreSQL 9.4
- include: postgresql_slot.yml
when: postgres_version_resp.stdout is version('9.4', '>=')
# Test postgresql_schema module
- include: postgresql_schema.yml
# Test postgresql_membership module
- include: postgresql_membership.yml
# Test postgresql_table module
- include: postgresql_table.yml
# Test postgresql_lang module.
# To implement tests, it needs to install some additional packages
# that may cause problems on different distributions,
# so I restricted the tests using CentOS because the results
# depend only on Postgres version
# (CentOS 6 repo contains the oldest PG version in these tests - 9.0):
- include: postgresql_lang.yml
when: ansible_distribution == 'CentOS'
# Test postgresql_owner module
- include: postgresql_owner.yml
postgres_db: add dump and restore support (#20627) * Feature #2731: added postgres import and dump * Feature #2731: be more permissive of arguments ``` hacking/test-module -m ./ppostgresql_db.py -a "db=example state=dump target=/tmp/out"` ``` failed previously since host, user, and port were required as keywords in the pg_dump / pg_import methods. * Feature #2731: fixed doc string for validate-modules ``` $ ansible-validate-modules database/postgresql/ ``` now passes. * Feature #2731: disable 'password' for dump/restore * Feature #2731: bump added version to 2.3 * Feature #2731: replace db_import with db_restore * Feature #2731: add missing version description * Feature #2731: fix 'state' description * Feature #2731: fix pep8 issues * Feature #2731: put state documentation in a single string * Bump added version from 2.3 to 2.4 * Fix pep8 and pylint errors * Attempt yaml formatting of documentation string * Add integration tests for postgres_db:dump/restore * Update dump/restore logic to support new kw-args Also attempt to support password; integration tests are still failing. * Revert to postgres user for dump/restore Passing PGPASSWORD is not working for subprocesses. For the moment, reverting to the strategy of failing if login_password is set and using `postgres` for all testing of dump/restore. * Various cleanups to have tests passing * Working tests for {sql,tar} x {,bz2,gz,xz} * Use pg_user to support FreeBSD * Revert login_ prefixes and re-enable password support All `login_` keywords are mapped to their non-prefix versions so the previous changes were effectively using `postgres` for all actions. With the proper keywords, PGPASSWORD-passing to the subprocess is now working. * Optionally add password environ_update doesn't handle None values in the dictionary to be added to the environment. Adding check. * Quick fixes * Refactor login arguments after fixes from pchauncey The fixes introduced by pchaunchy pointed to further issues (like no --dbname on PG<=9.2) with the login parameters. This refactors them and adds further tests. Note: this will still not pass integration tests due to a further issue with pg_dump as a non-admin user: pg_restore: [archiver (db)] Error while PROCESSING TOC: pg_restore: [archiver (db)] Error from TOC entry 1925; 0 0 COMMENT EXTENSION plpgsql pg_restore: [archiver (db)] could not execute query: ERROR: must be owner of extension plpgsql * Introduce target_opts for passing limiting dumped/restored schemas The current integration tests (PG version and template DBs) don't permit a regular user (`{{ db_user1 }}`) access to plpgsql causing restores to fail. By adding an option for passing arbitrary args to pg_dump and pg_restore, testing is made easier. This also paves the way for `-j` usage, once the PG version is bumped.
2017-07-10 09:05:42 +02:00
# dump/restore tests per format
# ============================================================
- include: state_dump_restore.yml test_fixture=user file=dbdata.sql
- include: state_dump_restore.yml test_fixture=user file=dbdata.sql.gz
- include: state_dump_restore.yml test_fixture=user file=dbdata.sql.bz2
- include: state_dump_restore.yml test_fixture=user file=dbdata.sql.xz
- include: state_dump_restore.yml test_fixture=user file=dbdata.tar
- include: state_dump_restore.yml test_fixture=user file=dbdata.tar.gz
- include: state_dump_restore.yml test_fixture=user file=dbdata.tar.bz2
- include: state_dump_restore.yml test_fixture=user file=dbdata.tar.xz
# dump/restore tests per other logins
# ============================================================
- include: state_dump_restore.yml file=dbdata.tar test_fixture=admin
# postgres_pg_hba module checks
# ============================================================
- include: postgresql_pg_hba.yml
2014-12-02 03:57:40 +01:00
#
# Cleanup
#
- name: Cleanup test user
become: True
become_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
db: postgres
login_user: "{{ pg_user }}"
2014-12-02 03:57:40 +01:00
- name: Check that they were removed
become: True
become_user: "{{ pg_user }}"
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
2014-12-02 03:57:40 +01:00
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"