cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Remove incidental_postgresql_user tests

Browse source
This commit is contained in:
Matt Martz 2020-08-27 14:01:12 -05:00 committed by Matt Clay
parent b518a5db14
commit 05788c05d3
33 changed files with 0 additions and 1900 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
test/integration/targets/incidental_postgresql_user/aliases
View file

@ -1,4 +0,0 @@
destructive
shippable/posix/incidental
skip/aix
skip/osx

3
test/integration/targets/incidental_postgresql_user/defaults/main.yml
View file

@ -1,3 +0,0 @@
db_name: 'ansible_db'
db_user1: 'ansible_db_user1'
db_user2: 'ansible_db_user2'

2
test/integration/targets/incidental_postgresql_user/meta/main.yml
View file

@ -1,2 +0,0 @@
dependencies:
- incidental_setup_postgresql_db

7
test/integration/targets/incidental_postgresql_user/tasks/main.yml
View file

@ -1,7 +0,0 @@
# Initial CI tests of postgresql_user module
- import_tasks: postgresql_user_initial.yml
when: postgres_version_resp.stdout is version('9.4', '>=')
# General tests:
- import_tasks: postgresql_user_general.yml
when: postgres_version_resp.stdout is version('9.4', '>=')

741
test/integration/targets/incidental_postgresql_user/tasks/postgresql_user_general.yml
View file

@ -1,741 +0,0 @@
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# Integration tests for postgresql_user module.
- vars:
test_user: hello.user.with.dots
test_user2: hello
test_group1: group1
test_group2: group2
test_table: test
test_comment1: 'comment1'
test_comment2: 'comment2'
task_parameters: &task_parameters
become_user: '{{ pg_user }}'
become: yes
register: result
pg_parameters: &pg_parameters
login_user: '{{ pg_user }}'
login_db: postgres
block:
#
# Common tests
#
- name: Create role in check_mode
<<: *task_parameters
check_mode: yes
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
- name: check that the user doesn't exist
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_user }}'"
- assert:
that:
- result.rowcount == 0
- name: Create role in actual mode
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
- name: check that the user exists
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_user }}'"
- assert:
that:
- result.rowcount == 1
- name: Add a comment on the user
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
comment: '{{ test_comment1 }}'
- assert:
that:
- result is changed
- result.queries == ["COMMENT ON ROLE \"{{ test_user }}\" IS '{{ test_comment1 }}'"]
- name: check the comment
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT pg_catalog.shobj_description(r.oid, 'pg_authid') AS comment
FROM pg_catalog.pg_roles r WHERE r.rolname = '{{ test_user }}'
- assert:
that:
- result.rowcount == 1
- result.query_result[0].comment == '{{ test_comment1 }}'
- name: Try to add the same comment on the user
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
comment: '{{ test_comment1 }}'
- assert:
that:
- result is not changed
- name: Try to add another comment on the user
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
comment: '{{ test_comment2 }}'
- assert:
that:
- result is changed
- result.queries == ["COMMENT ON ROLE \"{{ test_user }}\" IS '{{ test_comment2 }}'"]
- name: check the comment
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT pg_catalog.shobj_description(r.oid, 'pg_authid') AS comment
FROM pg_catalog.pg_roles r WHERE r.rolname = '{{ test_user }}'
- assert:
that:
- result.rowcount == 1
- result.query_result[0].comment == '{{ test_comment2 }}'
- name: Try to create role again in check_mode
<<: *task_parameters
check_mode: yes
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
- assert:
that:
- result is not changed
- result.user == '{{ test_user }}'
- name: check that the user exists
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_user }}'"
- assert:
that:
- result.rowcount == 1
- name: Try to create role again
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
- assert:
that:
- result is not changed
- result.user == '{{ test_user }}'
- name: check that the user exists
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_user }}'"
- assert:
that:
- result.rowcount == 1
- name: Drop role in check_mode
<<: *task_parameters
check_mode: yes
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
state: absent
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
- name: check that the user actually exists
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_user }}'"
- assert:
that:
- result.rowcount == 1
- name: Drop role in actual mode
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
state: absent
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
- name: check that the user doesn't exist
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_user }}'"
- assert:
that:
- result.rowcount == 0
- name: Try to drop role in check mode again
<<: *task_parameters
check_mode: yes
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
state: absent
- assert:
that:
- result is not changed
- result.user == '{{ test_user }}'
- name: Try to drop role in actual mode again
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
state: absent
- assert:
that:
- result is not changed
- result.user == '{{ test_user }}'
#
# password, no_password_changes, encrypted, expires parameters
#
- name: Create role with password, passed as hashed md5
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
password: md59543f1d82624df2b31672ec0f7050460
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
- name: Check that the user exist with a proper password
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}' and rolpassword = 'md59543f1d82624df2b31672ec0f7050460'"
- assert:
that:
- result.rowcount == 1
- name: Test no_password_changes
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
password: u123
no_password_changes: yes
- assert:
that:
- result is not changed
- result.user == '{{ test_user }}'
- name: Check that nothing changed
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}' and rolpassword = 'md59543f1d82624df2b31672ec0f7050460'"
- assert:
that:
- result.rowcount == 1
# Storing unencrypted passwords is not available from PostgreSQL 10
- name: Change password, passed as unencrypted
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
password: myunencryptedpass
encrypted: no
when: postgres_version_resp.stdout is version('10', '<')
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
when: postgres_version_resp.stdout is version('10', '<')
- name: Check that the user exist with the unencrypted password
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}' and rolpassword = 'myunencryptedpass'"
when: postgres_version_resp.stdout is version('10', '<')
- assert:
that:
- result.rowcount == 1
when: postgres_version_resp.stdout is version('10', '<')
- name: Change password, explicit encrypted=yes
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
password: myunencryptedpass
encrypted: yes
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
- name: Check that the user exist with encrypted password
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}' and rolpassword != 'myunencryptedpass'"
- assert:
that:
- result.rowcount == 1
- name: Change rolvaliduntil attribute
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
expires: 'Jan 31 2020'
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
- name: Check the prev step
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}'
AND rolvaliduntil::text like '2020-01-31%'
- assert:
that:
- result.rowcount == 1
- name: Try to set the same rolvaliduntil value again
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
expires: 'Jan 31 2020'
- assert:
that:
- result is not changed
- result.user == '{{ test_user }}'
- name: Check that nothing changed
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}'
AND rolvaliduntil::text like '2020-01-31%'
- assert:
that:
- result.rowcount == 1
#
# role_attr_flags
#
- name: Set role attributes
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
role_attr_flags: CREATEROLE,CREATEDB
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
- name: Check the prev step
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}'
AND rolcreaterole = 't' and rolcreatedb = 't'
- assert:
that:
- result.rowcount == 1
- name: Set the same role attributes again
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
role_attr_flags: CREATEROLE,CREATEDB
- assert:
that:
- result is not changed
- result.user == '{{ test_user }}'
- name: Check the prev step
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}'
AND rolcreaterole = 't' and rolcreatedb = 't'
- name: Set role attributes
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
role_attr_flags: NOCREATEROLE,NOCREATEDB
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
- name: Check the prev step
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}'
AND rolcreaterole = 'f' and rolcreatedb = 'f'
- assert:
that:
- result.rowcount == 1
- name: Set role attributes
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
role_attr_flags: NOCREATEROLE,NOCREATEDB
- assert:
that:
- result is not changed
- result.user == '{{ test_user }}'
- name: Check the prev step
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: >
SELECT rolname FROM pg_authid WHERE rolname = '{{ test_user }}'
AND rolcreaterole = 'f' and rolcreatedb = 'f'
#
# priv
#
- name: Create test table
<<: *task_parameters
postgresql_table:
<<: *pg_parameters
name: '{{ test_table }}'
columns:
- id int
- name: Insert data to test table
<<: *task_parameters
postgresql_query:
query: "INSERT INTO {{ test_table }} (id) VALUES ('1')"
<<: *pg_parameters
- name: Check that test_user is not allowed to read the data
<<: *task_parameters
postgresql_query:
db: postgres
login_user: '{{ pg_user }}'
session_role: '{{ test_user }}'
query: 'SELECT * FROM {{ test_table }}'
ignore_errors: yes
- assert:
that:
- result is failed
- "'permission denied' in result.msg"
- name: Grant privileges
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
priv: '{{ test_table }}:SELECT'
- assert:
that:
- result is changed
- name: Check that test_user is allowed to read the data
<<: *task_parameters
postgresql_query:
db: postgres
login_user: '{{ pg_user }}'
session_role: '{{ test_user }}'
query: 'SELECT * FROM {{ test_table }}'
- assert:
that:
- result.rowcount == 1
- name: Grant the same privileges again
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
priv: '{{ test_table }}:SELECT'
- assert:
that:
- result is not changed
- name: Remove test table
<<: *task_parameters
postgresql_table:
<<: *pg_parameters
name: '{{ test_table }}'
state: absent
#
# fail_on_user
#
- name: Create role for test
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user2 }}'
- name: Create test table, set owner as test_user
<<: *task_parameters
postgresql_table:
<<: *pg_parameters
name: '{{ test_table }}'
owner: '{{ test_user2 }}'
- name: Test fail_on_user
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user2 }}'
state: absent
ignore_errors: yes
- assert:
that:
- result is failed
- result.msg == 'Unable to remove user'
- name: Test fail_on_user
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
fail_on_user: no
- assert:
that:
- result is not changed
#
# Test groups parameter
#
- name: Create test group
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_group2 }}'
role_attr_flags: NOLOGIN
- name: Create role test_group1 and grant test_group2 to test_group1 in check_mode
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_group1 }}'
groups: '{{ test_group2 }}'
role_attr_flags: NOLOGIN
check_mode: yes
- assert:
that:
- result is changed
- result.user == '{{ test_group1 }}'
- result.queries == ['CREATE USER "{{ test_group1 }}" NOLOGIN', 'GRANT "{{ test_group2 }}" TO "{{ test_group1 }}"']
- name: check that the user doesn't exist
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_group1 }}'"
- assert:
that:
- result.rowcount == 0
- name: check membership
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT grolist FROM pg_group WHERE groname = '{{ test_group2 }}' AND grolist != '{}'"
- assert:
that:
- result.rowcount == 0
- name: Create role test_group1 and grant test_group2 to test_group1
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_group1 }}'
groups: '{{ test_group2 }}'
role_attr_flags: NOLOGIN
- assert:
that:
- result is changed
- result.user == '{{ test_group1 }}'
- result.queries == ['CREATE USER "{{ test_group1 }}" NOLOGIN', 'GRANT "{{ test_group2 }}" TO "{{ test_group1 }}"']
- name: check that the user exists
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT rolname FROM pg_roles WHERE rolname = '{{ test_group1 }}'"
- assert:
that:
- result.rowcount == 1
- name: check membership
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT grolist FROM pg_group WHERE groname = '{{ test_group2 }}' AND grolist != '{}'"
- assert:
that:
- result.rowcount == 1
- name: Grant test_group2 to test_group1 again
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_group1 }}'
groups: '{{ test_group2 }}'
- assert:
that:
- result is not changed
- result.user == '{{ test_group1 }}'
- name: check membership
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT grolist FROM pg_group WHERE groname = '{{ test_group2 }}' AND grolist != '{}'"
- assert:
that:
- result.rowcount == 1
- name: Grant groups to existent role
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ test_user }}'
groups:
- '{{ test_group1 }}'
- '{{ test_group2 }}'
- assert:
that:
- result is changed
- result.user == '{{ test_user }}'
- result.queries == ['GRANT "{{ test_group1 }}" TO "{{ test_user }}"', 'GRANT "{{ test_group2 }}" TO "{{ test_user }}"']
- name: check membership
<<: *task_parameters
postgresql_query:
<<: *pg_parameters
query: "SELECT * FROM pg_group WHERE groname in ('{{ test_group1 }}', '{{ test_group2 }}') AND grolist != '{}'"
- assert:
that:
- result.rowcount == 2
always:
#
# Clean up
#
- name: Drop test table
<<: *task_parameters
postgresql_table:
<<: *pg_parameters
name: '{{ test_table }}'
state: absent
- name: Drop test user
<<: *task_parameters
postgresql_user:
<<: *pg_parameters
name: '{{ item }}'
state: absent
loop:
- '{{ test_user }}'
- '{{ test_user2 }}'
- '{{ test_group1 }}'
- '{{ test_group2 }}'

153
test/integration/targets/incidental_postgresql_user/tasks/postgresql_user_initial.yml
View file

@ -1,153 +0,0 @@
#
# Create and destroy user, test 'password' and 'encrypted' parameters
#
# unencrypted values are not supported on newer versions
# do not run the encrypted: no tests if on 10+
- set_fact:
encryption_values:
- 'yes'
- set_fact:
encryption_values: '{{ encryption_values + ["no"]}}'
when: postgres_version_resp.stdout is version('10', '<=')
- include_tasks: test_password.yml
vars:
encrypted: '{{ loop_item }}'
db_password1: 'secretù' # use UTF-8
loop: '{{ encryption_values }}'
loop_control:
loop_var: loop_item
# BYPASSRLS role attribute was introduced in PostgreSQL 9.5, so
# we want to test attribute management differently depending
# on the version.
- set_fact:
bypassrls_supported: "{{ postgres_version_resp.stdout is version('9.5.0', '>=') }}"
# test 'no_password_change' and 'role_attr_flags' parameters
- include_tasks: test_no_password_change.yml
vars:
no_password_changes: '{{ loop_item }}'
loop:
- 'yes'
- 'no'
loop_control:
loop_var: loop_item
### TODO: fail_on_user
#
# Test login_user functionality
#
- name: Create a user to test login module parameters
become: yes
become_user: "{{ pg_user }}"
postgresql_user:
name: "{{ db_user1 }}"
state: "present"
encrypted: 'yes'
password: "password"
role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
login_user: "{{ pg_user }}"
db: postgres
- name: Create db
postgresql_db:
name: "{{ db_name }}"
state: "present"
login_user: "{{ db_user1 }}"
login_password: "password"
login_host: "localhost"
- name: Check that database created
become: yes
become_user: "{{ pg_user }}"
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- name: Create a user
postgresql_user:
name: "{{ db_user2 }}"
state: "present"
encrypted: 'yes'
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
db: "{{ db_name }}"
login_user: "{{ db_user1 }}"
login_password: "password"
login_host: "localhost"
- name: Check that it was created
become: yes
become_user: "{{ pg_user }}"
shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- name: Grant database privileges
postgresql_privs:
type: "database"
state: "present"
roles: "{{ db_user2 }}"
privs: "CREATE,connect"
objs: "{{ db_name }}"
db: "{{ db_name }}"
login: "{{ db_user1 }}"
password: "password"
host: "localhost"
- name: Check that the user has the requested permissions (database)
become: yes
become_user: "{{ pg_user }}"
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
register: result_database
- assert:
that:
- "result_database.stdout_lines[-1] == '(1 row)'"
- "db_user2 ~ '=Cc' in result_database.stdout"
- name: Remove user
postgresql_user:
name: "{{ db_user2 }}"
state: 'absent'
priv: "ALL"
db: "{{ db_name }}"
login_user: "{{ db_user1 }}"
login_password: "password"
login_host: "localhost"
- name: Check that they were removed
become: yes
become_user: "{{ pg_user }}"
shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Destroy DB
postgresql_db:
state: absent
name: "{{ db_name }}"
login_user: "{{ db_user1 }}"
login_password: "password"
login_host: "localhost"
- name: Check that database was destroyed
become: yes
become_user: "{{ pg_user }}"
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
register: result
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"

167
test/integration/targets/incidental_postgresql_user/tasks/test_no_password_change.yml
View file

@ -1,167 +0,0 @@
- vars:
task_parameters: &task_parameters
become_user: "{{ pg_user }}"
become: yes
register: result
postgresql_parameters: &parameters
db: postgres
name: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
block:
- name: Create a user with all role attributes
<<: *task_parameters
postgresql_user:
<<: *parameters
state: "present"
role_attr_flags: "SUPERUSER,CREATEROLE,CREATEDB,INHERIT,LOGIN{{ bypassrls_supported | ternary(',BYPASSRLS', '') }}"
no_password_changes: '{{ no_password_changes }}' # no_password_changes is ignored when user doesn't already exist
- name: Check that the user has the requested role attributes
<<: *task_parameters
shell: "echo \"select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin {{ bypassrls_supported | ternary(\", 'bypassrls:'||rolbypassrls\", '') }} from pg_roles where rolname='{{ db_user1 }}';\" | psql -d postgres"
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- "'super:t' in result.stdout_lines[-2]"
- "'createrole:t' in result.stdout_lines[-2]"
- "'create:t' in result.stdout_lines[-2]"
- "'inherit:t' in result.stdout_lines[-2]"
- "'login:t' in result.stdout_lines[-2]"
- block:
- name: Check that the user has the requested role attribute BYPASSRLS
<<: *task_parameters
shell: "echo \"select 'bypassrls:'||rolbypassrls from pg_roles where rolname='{{ db_user1 }}';\" | psql -d postgres"
- assert:
that:
- "not bypassrls_supported or 'bypassrls:t' in result.stdout_lines[-2]"
when: bypassrls_supported
- name: Modify a user to have no role attributes
<<: *task_parameters
postgresql_user:
<<: *parameters
state: "present"
role_attr_flags: "NOSUPERUSER,NOCREATEROLE,NOCREATEDB,noinherit,NOLOGIN{{ bypassrls_supported | ternary(',NOBYPASSRLS', '') }}"
no_password_changes: '{{ no_password_changes }}'
- name: Check that ansible reports it modified the role
assert:
that:
- result is changed
- name: "Check that the user doesn't have any attribute"
<<: *task_parameters
shell: "echo \"select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';\" | psql -d postgres"
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- "'super:f' in result.stdout_lines[-2]"
- "'createrole:f' in result.stdout_lines[-2]"
- "'create:f' in result.stdout_lines[-2]"
- "'inherit:f' in result.stdout_lines[-2]"
- "'login:f' in result.stdout_lines[-2]"
- block:
- name: Check that the user has the requested role attribute BYPASSRLS
<<: *task_parameters
shell: "echo \"select 'bypassrls:'||rolbypassrls from pg_roles where rolname='{{ db_user1 }}';\" | psql -d postgres"
- assert:
that:
- "not bypassrls_supported or 'bypassrls:f' in result.stdout_lines[-2]"
when: bypassrls_supported
- name: Try to add an invalid attribute
<<: *task_parameters
postgresql_user:
<<: *parameters
state: "present"
role_attr_flags: "NOSUPERUSER,NOCREATEROLE,NOCREATEDB,noinherit,NOLOGIN{{ bypassrls_supported | ternary(',NOBYPASSRLS', '') }},INVALID"
no_password_changes: '{{ no_password_changes }}'
ignore_errors: yes
- name: Check that ansible reports failure
assert:
that:
- result is not changed
- result is failed
- "result.msg == 'Invalid role_attr_flags specified: INVALID'"
- name: Modify a single role attribute on a user
<<: *task_parameters
postgresql_user:
<<: *parameters
state: "present"
role_attr_flags: "LOGIN"
no_password_changes: '{{ no_password_changes }}'
- name: Check that ansible reports it modified the role
assert:
that:
- result is changed
- name: Check the role attributes
<<: *task_parameters
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql -d postgres
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- "'super:f' in result.stdout_lines[-2]"
- "'createrole:f' in result.stdout_lines[-2]"
- "'create:f' in result.stdout_lines[-2]"
- "'inherit:f' in result.stdout_lines[-2]"
- "'login:t' in result.stdout_lines[-2]"
- block:
- name: Check the role attribute BYPASSRLS
<<: *task_parameters
shell: echo "select 'bypassrls:'||rolbypassrls from pg_roles where rolname='{{ db_user1 }}';" | psql -d postgres
- assert:
that:
- "( postgres_version_resp.stdout is version('9.5.0', '<')) or 'bypassrls:f' in result.stdout_lines[-2]"
when: bypassrls_supported
- name: Check that using same attribute a second time does nothing
<<: *task_parameters
postgresql_user:
<<: *parameters
state: "present"
role_attr_flags: "LOGIN"
no_password_changes: '{{ no_password_changes }}'
environment:
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- name: Check there isn't any update reported
assert:
that:
- result is not changed
- name: Cleanup the user
<<: *task_parameters
postgresql_user:
<<: *parameters
state: 'absent'
no_password_changes: '{{ no_password_changes }}' # user deletion: no_password_changes is ignored
- name: Check that user was removed
<<: *task_parameters
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
always:
- name: Cleanup the user
<<: *task_parameters
postgresql_user:
<<: *parameters
state: 'absent'

336
test/integration/targets/incidental_postgresql_user/tasks/test_password.yml
View file

@ -1,336 +0,0 @@
- vars:
task_parameters: &task_parameters
become_user: "{{ pg_user }}"
become: yes
register: result
postgresql_parameters: &parameters
db: postgres
name: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
block:
- name: 'Check that PGOPTIONS environment variable is effective (1/2)'
<<: *task_parameters
postgresql_user:
<<: *parameters
password: '{{ db_password1 }}'
ignore_errors: true
environment:
PGCLIENTENCODING: 'UTF8'
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- name: 'Check that PGOPTIONS environment variable is effective (2/2)'
assert:
that:
- "{{ result is failed }}"
- name: 'Create a user (password encrypted: {{ encrypted }})'
<<: *task_parameters
postgresql_user:
<<: *parameters
password: '{{ db_password1 }}'
encrypted: '{{ encrypted }}'
environment:
PGCLIENTENCODING: 'UTF8'
- block: &changed # block is only used here in order to be able to define YAML anchor
- name: Check that ansible reports it was created
assert:
that:
- "{{ result is changed }}"
- name: Check that it was created
<<: *task_parameters
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
- assert:
that:
- "result.stdout_lines[-1] == '(1 row)'"
- name: Check that creating user a second time does nothing
<<: *task_parameters
postgresql_user:
<<: *parameters
password: '{{ db_password1 }}'
encrypted: '{{ encrypted }}'
environment:
PGCLIENTENCODING: 'UTF8'
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- block: &not_changed # block is only used here in order to be able to define YAML anchor
- name: Check that ansible reports no change
assert:
that:
- "{{ result is not changed }}"
- name: 'Define an expiration time'
<<: *task_parameters
postgresql_user:
<<: *parameters
expires: '2025-01-01'
environment:
PGCLIENTENCODING: 'UTF8'
- <<: *changed
- name: 'Redefine the same expiration time'
<<: *task_parameters
postgresql_user:
expires: '2025-01-01'
<<: *parameters
environment:
PGCLIENTENCODING: 'UTF8'
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- <<: *not_changed
- block:
- name: 'Using MD5-hashed password: check that password not changed when using cleartext password'
<<: *task_parameters
postgresql_user:
<<: *parameters
password: '{{ db_password1 }}'
encrypted: 'yes'
environment:
PGCLIENTENCODING: 'UTF8'
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- <<: *not_changed
- name: "Using MD5-hashed password: check that password not changed when using md5 hash with 'ENCRYPTED'"
<<: *task_parameters
postgresql_user:
<<: *parameters
password: "md5{{ (db_password1 ~ db_user1) | hash('md5')}}"
encrypted: 'yes'
environment:
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- <<: *not_changed
- name: "Using MD5-hashed password: check that password not changed when using md5 hash with 'UNENCRYPTED'"
<<: *task_parameters
postgresql_user:
<<: *parameters
password: "md5{{ (db_password1 ~ db_user1) | hash('md5')}}"
encrypted: 'no'
environment:
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- <<: *not_changed
- name: 'Redefine the same expiration time and password (encrypted)'
<<: *task_parameters
postgresql_user:
<<: *parameters
encrypted: 'yes'
password: "md5{{ (db_password1 ~ db_user1) | hash('md5')}}"
expires: '2025-01-01'
environment:
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- <<: *not_changed
- name: 'Using MD5-hashed password: check that password changed when using another cleartext password'
<<: *task_parameters
postgresql_user:
<<: *parameters
password: 'prefix{{ db_password1 }}'
encrypted: 'yes'
environment:
PGCLIENTENCODING: 'UTF8'
- <<: *changed
- name: "Using MD5-hashed password: check that password changed when using another md5 hash with 'ENCRYPTED'"
<<: *task_parameters
postgresql_user:
<<: *parameters
password: "md5{{ ('prefix1' ~ db_password1 ~ db_user1) | hash('md5')}}"
encrypted: 'yes'
- <<: *changed
- name: "Using MD5-hashed password: check that password changed when using md5 hash with 'UNENCRYPTED'"
<<: *task_parameters
postgresql_user:
<<: *parameters
password: "md5{{ ('prefix2' ~ db_password1 ~ db_user1) | hash('md5')}}"
encrypted: 'no'
register: change_pass_unencrypted
failed_when:
- change_pass_unencrypted is failed
# newer version of psycopg2 no longer supported unencrypted password, we ignore the error
- '"UNENCRYPTED PASSWORD is no longer supported" not in change_pass_unencrypted.msg'
- <<: *changed
- name: 'Using MD5-hashed password: check that password changed when clearing the password'
<<: *task_parameters
postgresql_user:
<<: *parameters
password: ''
encrypted: 'yes'
environment:
PGCLIENTENCODING: 'UTF8'
- <<: *changed
- name: 'Using MD5-hashed password: check that password not changed when clearing the password again'
<<: *task_parameters
postgresql_user:
<<: *parameters
password: ''
encrypted: 'yes'
environment:
PGCLIENTENCODING: 'UTF8'
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- <<: *not_changed
- name: 'Using cleartext password: check that password not changed when clearing the password again'
<<: *task_parameters
postgresql_user:
<<: *parameters
password: ''
encrypted: 'no'
environment:
PGCLIENTENCODING: 'UTF8'
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- <<: *not_changed
- name: 'Using MD5-hashed password: check that password changed when using a cleartext password'
<<: *task_parameters
postgresql_user:
<<: *parameters
password: '{{ db_password1 }}'
encrypted: 'yes'
environment:
PGCLIENTENCODING: 'UTF8'
- <<: *changed
when: encrypted == 'yes'
- block:
- name: 'Using cleartext password: check that password not changed when using cleartext password'
<<: *task_parameters
postgresql_user:
<<: *parameters
password: "{{ db_password1 }}"
encrypted: 'no'
environment:
PGCLIENTENCODING: 'UTF8'
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- <<: *not_changed
- name: 'Redefine the same expiration time and password (not encrypted)'
<<: *task_parameters
postgresql_user:
<<: *parameters
password: "{{ db_password1 }}"
encrypted: 'no'
expires: '2025-01-01'
environment:
PGCLIENTENCODING: 'UTF8'
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- <<: *not_changed
- name: 'Using cleartext password: check that password changed when using another cleartext password'
<<: *task_parameters
postgresql_user:
<<: *parameters
password: "changed{{ db_password1 }}"
encrypted: 'no'
environment:
PGCLIENTENCODING: 'UTF8'
- <<: *changed
- name: 'Using cleartext password: check that password changed when clearing the password'
<<: *task_parameters
postgresql_user:
<<: *parameters
password: ''
encrypted: 'no'
environment:
PGCLIENTENCODING: 'UTF8'
- <<: *changed
- name: 'Using cleartext password: check that password not changed when clearing the password again'
<<: *task_parameters
postgresql_user:
<<: *parameters
password: ''
encrypted: 'no'
environment:
PGCLIENTENCODING: 'UTF8'
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- <<: *not_changed
- name: 'Using MD5-hashed password: check that password not changed when clearing the password again'
<<: *task_parameters
postgresql_user:
<<: *parameters
password: ''
encrypted: 'yes'
environment:
PGCLIENTENCODING: 'UTF8'
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- <<: *not_changed
- name: 'Using cleartext password: check that password changed when using cleartext password'
<<: *task_parameters
postgresql_user:
<<: *parameters
password: "{{ db_password1 }}"
encrypted: 'no'
environment:
PGCLIENTENCODING: 'UTF8'
- <<: *changed
when: encrypted == 'no'
- name: Remove user
<<: *task_parameters
postgresql_user:
state: 'absent'
<<: *parameters
- <<: *changed
- name: Check that they were removed
<<: *task_parameters
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
environment:
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- assert:
that:
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Check that removing user a second time does nothing
<<: *task_parameters
postgresql_user:
state: 'absent'
<<: *parameters
environment:
PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed
- <<: *not_changed
always:
- name: Remove user
<<: *task_parameters
postgresql_user:
state: 'absent'
<<: *parameters

1
test/integration/targets/incidental_setup_postgresql_db/aliases
View file

@ -1 +0,0 @@
hidden

17
test/integration/targets/incidental_setup_postgresql_db/defaults/main.yml
View file

@ -1,17 +0,0 @@
postgresql_service: postgresql
postgresql_packages:
- postgresql-server
- python-psycopg2
pg_user: postgres
pg_group: root
locale_latin_suffix:
locale_utf8_suffix:
# defaults for test SSL
ssl_db: 'ssl_db'
ssl_user: 'ssl_user'
ssl_pass: 'ssl_pass'
ssl_rootcert: '~{{ pg_user }}/root.crt'

2
test/integration/targets/incidental_setup_postgresql_db/files/dummy--1.0.sql
View file

@ -1,2 +0,0 @@
CREATE OR REPLACE FUNCTION dummy_display_ext_version()
RETURNS text LANGUAGE SQL AS 'SELECT (''1.0'')::text';

2
test/integration/targets/incidental_setup_postgresql_db/files/dummy--2.0.sql
View file

@ -1,2 +0,0 @@
CREATE OR REPLACE FUNCTION dummy_display_ext_version()
RETURNS text LANGUAGE SQL AS 'SELECT (''2.0'')::text';

2
test/integration/targets/incidental_setup_postgresql_db/files/dummy--3.0.sql
View file

@ -1,2 +0,0 @@
CREATE OR REPLACE FUNCTION dummy_display_ext_version()
RETURNS text LANGUAGE SQL AS 'SELECT (''3.0'')::text';

3
test/integration/targets/incidental_setup_postgresql_db/files/dummy.control
View file

@ -1,3 +0,0 @@
comment = 'dummy extension used to test postgresql_ext Ansible module'
default_version = '3.0'
relocatable = true

10
test/integration/targets/incidental_setup_postgresql_db/files/pg_hba.conf
View file

@ -1,10 +0,0 @@
# !!! This file managed by Ansible. Any local changes may be overwritten. !!!
# Database administrative login by UNIX sockets
# note: you may wish to restrict this further later
local all {{ pg_user }} trust
# TYPE DATABASE USER CIDR-ADDRESS METHOD
local all all md5
host all all 127.0.0.1/32 md5
host all all ::1/128 md5

222
test/integration/targets/incidental_setup_postgresql_db/tasks/main.yml
View file

@ -1,222 +0,0 @@
- name: python 2
set_fact:
python_suffix: ""
when: ansible_python_version is version('3', '<')
- name: python 3
set_fact:
python_suffix: "-py3"
when: ansible_python_version is version('3', '>=')
- name: Include distribution and Python version specific variables
include_vars: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}{{ python_suffix }}.yml'
- '{{ ansible_distribution }}-{{ ansible_distribution_version }}{{ python_suffix }}.yml'
- '{{ ansible_os_family }}{{ python_suffix }}.yml'
- 'default{{ python_suffix }}.yml'
paths:
- "{{ role_path }}/vars"
- name: make sure the dbus service is started under systemd
systemd:
name: dbus
state: started
when: ansible_service_mgr == 'systemd' and ansible_distribution == 'Fedora'
# Make sure we start fresh
- name: stop postgresql service
service: name={{ postgresql_service }} state=stopped
ignore_errors: True
- name: remove old db (RedHat or Suse)
file:
path: "{{ pg_dir }}"
state: absent
ignore_errors: True
when: ansible_os_family == "RedHat" or ansible_os_family == "Suse"
- name: remove old db (FreeBSD)
file:
path: "{{ pg_dir }}"
state: absent
ignore_errors: True
when: ansible_os_family == "FreeBSD"
# Theoretically, pg_dropcluster should work but it doesn't so remove files
- name: remove old db config and files (debian)
file:
path: '{{ loop_item }}'
state: absent
ignore_errors: True
when: ansible_os_family == "Debian"
loop:
- /etc/postgresql
- /var/lib/postgresql
loop_control:
loop_var: loop_item
- name: install dependencies for postgresql test
package:
name: "{{ postgresql_package_item }}"
state: present
with_items: "{{ postgresql_packages }}"
loop_control:
loop_var: postgresql_package_item
- name: initialize postgres (FreeBSD)
command: /usr/local/etc/rc.d/postgresql oneinitdb
when: ansible_os_family == "FreeBSD"
- name: Initialize postgres (RedHat systemd)
command: postgresql-setup initdb
when: ansible_os_family == "RedHat" and ansible_service_mgr == "systemd"
- name: Initialize postgres (RedHat sysv)
command: /sbin/service postgresql initdb
when: ansible_os_family == "RedHat" and ansible_service_mgr != "systemd"
- name: Initialize postgres (Debian)
shell: '. /usr/share/postgresql-common/maintscripts-functions && set_system_locale && /usr/bin/pg_createcluster -u postgres {{ pg_ver }} main'
args:
creates: "/etc/postgresql/{{ pg_ver }}/"
when: ansible_os_family == 'Debian'
- name: Initialize postgres (Suse)
service: name=postgresql state=restarted
when: ansible_os_family == 'Suse'
- name: Copy pg_hba into place
template:
src: files/pg_hba.conf
dest: "{{ pg_hba_location }}"
owner: "{{ pg_user }}"
group: "{{ pg_group }}"
mode: "0644"
- name: Generate locales (Debian)
locale_gen:
name: '{{ item }}'
state: present
with_items:
- pt_BR
- es_ES
when: ansible_os_family == 'Debian'
# Suse: locales are installed by default (glibc-locale package).
# Fedora 23: locales are installed by default (glibc-common package)
# CentOS: all locales are installed by default (glibc-common package) but some
# RPM macros could prevent their installation (for example when using anaconda
# instLangs parameter).
- block:
- name: Install langpacks (RHEL8)
yum:
name:
- glibc-langpack-es
- glibc-langpack-pt
- glibc-all-langpacks
state: present
when: ansible_distribution_major_version is version('8', '>=')
- name: Check if locales need to be generated (RedHat)
shell: "localedef --list-archive | grep -a -q '^{{ locale }}$'"
register: locale_present
ignore_errors: True
with_items:
- es_ES
- pt_BR
loop_control:
loop_var: locale
- name: Reinstall internationalization files
shell: 'yum -y reinstall glibc-common || yum -y install glibc-common'
args:
warn: no
when: locale_present is failed
- name: Generate locale (RedHat)
command: 'localedef -f ISO-8859-1 -i {{ item.locale }} {{ item.locale }}'
when: item is failed
with_items: '{{ locale_present.results }}'
when: ansible_os_family == 'RedHat' and ansible_distribution != 'Fedora'
- name: Install glibc langpacks (Fedora >= 24)
package:
name: '{{ item }}'
state: 'latest'
with_items:
- glibc-langpack-es
- glibc-langpack-pt
when: ansible_distribution == 'Fedora' and ansible_distribution_major_version is version('24', '>=')
- name: enable postgresql service (FreeBSD)
lineinfile:
path: /etc/rc.conf
line: 'postgresql_enable="YES"'
when: ansible_os_family == "FreeBSD"
- name: stop postgresql service
service:
name: "{{ postgresql_service }}"
state: stopped
- name: pause between stop and start of postgresql service
pause:
seconds: 3
- name: start postgresql service
service:
name: "{{ postgresql_service }}"
state: started
########################
# Setup dummy extension:
- name: copy control file for dummy ext
copy:
src: dummy.control
dest: "/usr/share/postgresql/{{ pg_ver }}/extension/dummy.control"
mode: 0444
when: ansible_os_family == 'Debian'
- name: copy version files for dummy ext
copy:
src: "{{ item }}"
dest: "/usr/share/postgresql/{{ pg_ver }}/extension/{{ item }}"
mode: 0444
with_items:
- dummy--1.0.sql
- dummy--2.0.sql
- dummy--3.0.sql
when: ansible_os_family == 'Debian'
- name: add update paths
file:
path: "/usr/share/postgresql/{{ pg_ver }}/extension/{{ item }}"
mode: 0444
state: touch
with_items:
- dummy--1.0--2.0.sql
- dummy--2.0--3.0.sql
when: ansible_os_family == 'Debian'
- name: Get PostgreSQL version
become_user: "{{ pg_user }}"
become: yes
shell: "echo 'SHOW SERVER_VERSION' | psql --tuples-only --no-align --dbname postgres"
register: postgres_version_resp
- name: Print PostgreSQL server version
debug:
msg: "{{ postgres_version_resp.stdout }}"
# SSL configuration.
# Restricted using Debian family because of there are errors on other distributions
# that not related with PostgreSQL or psycopg2 SSL support.
# The tests key point is to be sure that ssl options work in general
- import_tasks: ssl.yml
when:
- ansible_os_family == 'Debian'
- postgres_version_resp.stdout is version('9.4', '>=')

81
test/integration/targets/incidental_setup_postgresql_db/tasks/ssl.yml
View file

@ -1,81 +0,0 @@
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# The aim of this test is to be sure that SSL options work in general
# and preparing the environment for testing these options in
# the following PostgreSQL modules (ssl_db, ssl_user, certs).
# Configured by https://www.postgresql.org/docs/current/ssl-tcp.html
####################
# Prepare for tests:
- name: postgresql SSL - create database
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
name: "{{ ssl_db }}"
- name: postgresql SSL - create role
become_user: "{{ pg_user }}"
become: yes
postgresql_user:
name: "{{ ssl_user }}"
role_attr_flags: SUPERUSER
password: "{{ ssl_pass }}"
- name: postgresql SSL - install openssl
become: yes
package: name=openssl state=present
- name: postgresql SSL - create certs 1
become_user: root
become: yes
shell: 'openssl req -new -nodes -text -out ~{{ pg_user }}/root.csr \
-keyout ~{{ pg_user }}/root.key -subj "/CN=localhost.local"'
- name: postgresql SSL - create certs 2
become_user: root
become: yes
shell: 'openssl x509 -req -in ~{{ pg_user }}/root.csr -text -days 3650 \
-extensions v3_ca -signkey ~{{ pg_user }}/root.key -out ~{{ pg_user }}/root.crt'
- name: postgresql SSL - create certs 3
become_user: root
become: yes
shell: 'openssl req -new -nodes -text -out ~{{ pg_user }}/server.csr \
-keyout ~{{ pg_user }}/server.key -subj "/CN=localhost.local"'
- name: postgresql SSL - create certs 4
become_user: root
become: yes
shell: 'openssl x509 -req -in ~{{ pg_user }}/server.csr -text -days 365 \
-CA ~{{ pg_user }}/root.crt -CAkey ~{{ pg_user }}/root.key -CAcreateserial -out server.crt'
- name: postgresql SSL - set right permissions to files
become_user: root
become: yes
file:
path: '{{ item }}'
mode: 0600
owner: '{{ pg_user }}'
group: '{{ pg_user }}'
with_items:
- '~{{ pg_user }}/root.key'
- '~{{ pg_user }}/server.key'
- '~{{ pg_user }}/root.crt'
- '~{{ pg_user }}/server.csr'
- name: postgresql SSL - enable SSL
become_user: "{{ pg_user }}"
become: yes
postgresql_set:
login_user: "{{ pg_user }}"
db: postgres
name: ssl
value: on
- name: postgresql SSL - reload PostgreSQL to enable ssl on
become: yes
service:
name: "{{ postgresql_service }}"
state: reloaded

8
test/integration/targets/incidental_setup_postgresql_db/vars/Debian-8.yml
View file

@ -1,8 +0,0 @@
postgresql_packages:
- "postgresql"
- "postgresql-common"
- "python-psycopg2"
pg_hba_location: "/etc/postgresql/9.4/main/pg_hba.conf"
pg_dir: "/var/lib/postgresql/9.4/main"
pg_ver: 9.4

12
test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-11-py3.yml
View file

@ -1,12 +0,0 @@
postgresql_packages:
- postgresql95-server
- py36-psycopg2
pg_dir: /usr/local/pgsql/data
pg_hba_location: "{{ pg_dir }}/pg_hba.conf"
pg_ver: 9.5
pg_user: pgsql
pg_group: pgsql
locale_latin_suffix: .ISO8859-1
locale_utf8_suffix: .UTF-8

12
test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-11.yml
View file

@ -1,12 +0,0 @@
postgresql_packages:
- postgresql95-server
- py27-psycopg2
pg_dir: /usr/local/pgsql/data
pg_hba_location: "{{ pg_dir }}/pg_hba.conf"
pg_ver: 9.5
pg_user: pgsql
pg_group: pgsql
locale_latin_suffix: .ISO8859-1
locale_utf8_suffix: .UTF-8

12
test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-12.0-py3.yml
View file

@ -1,12 +0,0 @@
postgresql_packages:
- postgresql95-server
- py36-psycopg2
pg_dir: /usr/local/pgsql/data
pg_hba_location: "{{ pg_dir }}/pg_hba.conf"
pg_ver: 9.5
pg_user: pgsql
pg_group: pgsql
locale_latin_suffix: .ISO8859-1
locale_utf8_suffix: .UTF-8

12
test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-12.0.yml
View file

@ -1,12 +0,0 @@
postgresql_packages:
- postgresql96-server
- py27-psycopg2
pg_dir: /usr/local/pgsql/data
pg_hba_location: "{{ pg_dir }}/pg_hba.conf"
pg_ver: 9.6
pg_user: pgsql
pg_group: pgsql
locale_latin_suffix: .ISO8859-1
locale_utf8_suffix: .UTF-8

12
test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-12.1-py3.yml
View file

@ -1,12 +0,0 @@
postgresql_packages:
- postgresql11-server
- py36-psycopg2
pg_dir: /var/db/postgres/data11
pg_hba_location: "{{ pg_dir }}/pg_hba.conf"
pg_ver: 11
pg_user: postgres
pg_group: postgres
locale_latin_suffix: .ISO8859-1
locale_utf8_suffix: .UTF-8

12
test/integration/targets/incidental_setup_postgresql_db/vars/FreeBSD-12.1.yml
View file

@ -1,12 +0,0 @@
postgresql_packages:
- postgresql11-server
- py27-psycopg2
pg_dir: /var/db/postgres/data11
pg_hba_location: "{{ pg_dir }}/pg_hba.conf"
pg_ver: 11
pg_user: postgres
pg_group: postgres
locale_latin_suffix: .ISO8859-1
locale_utf8_suffix: .UTF-8

8
test/integration/targets/incidental_setup_postgresql_db/vars/RedHat-py3.yml
View file

@ -1,8 +0,0 @@
postgresql_packages:
- "postgresql-server"
- "python3-psycopg2"
- "bzip2"
- "xz"
pg_hba_location: "/var/lib/pgsql/data/pg_hba.conf"
pg_dir: "/var/lib/pgsql/data"

7
test/integration/targets/incidental_setup_postgresql_db/vars/RedHat.yml
View file

@ -1,7 +0,0 @@
postgresql_packages:
- "postgresql-server"
- "python-psycopg2"
- "bzip2"
pg_hba_location: "/var/lib/pgsql/data/pg_hba.conf"
pg_dir: "/var/lib/pgsql/data"

8
test/integration/targets/incidental_setup_postgresql_db/vars/Ubuntu-12.yml
View file

@ -1,8 +0,0 @@
postgresql_packages:
- "postgresql"
- "postgresql-common"
- "python-psycopg2"
pg_hba_location: "/etc/postgresql/9.1/main/pg_hba.conf"
pg_dir: "/var/lib/postgresql/9.1/main"
pg_ver: 9.1

8
test/integration/targets/incidental_setup_postgresql_db/vars/Ubuntu-14.yml
View file

@ -1,8 +0,0 @@
postgresql_packages:
- "postgresql"
- "postgresql-common"
- "python-psycopg2"
pg_hba_location: "/etc/postgresql/9.3/main/pg_hba.conf"
pg_dir: "/var/lib/postgresql/9.3/main"
pg_ver: 9.3

8
test/integration/targets/incidental_setup_postgresql_db/vars/Ubuntu-16-py3.yml
View file

@ -1,8 +0,0 @@
postgresql_packages:
- "postgresql"
- "postgresql-common"
- "python3-psycopg2"
pg_hba_location: "/etc/postgresql/9.5/main/pg_hba.conf"
pg_dir: "/var/lib/postgresql/9.5/main"
pg_ver: 9.5

8
test/integration/targets/incidental_setup_postgresql_db/vars/Ubuntu-16.yml
View file

@ -1,8 +0,0 @@
postgresql_packages:
- "postgresql"
- "postgresql-common"
- "python-psycopg2"
pg_hba_location: "/etc/postgresql/9.5/main/pg_hba.conf"
pg_dir: "/var/lib/postgresql/9.5/main"
pg_ver: 9.5

8
test/integration/targets/incidental_setup_postgresql_db/vars/Ubuntu-18-py3.yml
View file

@ -1,8 +0,0 @@
postgresql_packages:
- "postgresql"
- "postgresql-common"
- "python3-psycopg2"
pg_hba_location: "/etc/postgresql/10/main/pg_hba.conf"
pg_dir: "/var/lib/postgresql/10/main"
pg_ver: 10

6
test/integration/targets/incidental_setup_postgresql_db/vars/default-py3.yml
View file

@ -1,6 +0,0 @@
postgresql_packages:
- "postgresql-server"
- "python3-psycopg2"
pg_hba_location: "/var/lib/pgsql/data/pg_hba.conf"
pg_dir: "/var/lib/pgsql/data"

6
test/integration/targets/incidental_setup_postgresql_db/vars/default.yml
View file

@ -1,6 +0,0 @@
postgresql_packages:
- "postgresql-server"
- "python-psycopg2"
pg_hba_location: "/var/lib/pgsql/data/pg_hba.conf"
pg_dir: "/var/lib/pgsql/data"