postgresql_privs: bugfix of 27327 - incorrect views handling (#58272)

changelogs/fragments/58272_postgresql_privs-fix-views-handling.yml

@@ -0,0 +1,2 @@
+bugfixes:
+- postgresql_privs - Fix incorrect views handling (https://github.com/ansible/ansible/issues/27327).

lib/ansible/modules/database/postgresql/postgresql_privs.py

@@ -541,7 +541,7 @@ class Connection(object):
         query = """SELECT relacl
                    FROM pg_catalog.pg_class c
                    JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace
-                   WHERE nspname = %s AND relkind in ('r','p') AND relname = ANY (%s)
+                   WHERE nspname = %s AND relkind in ('r','p','v','m') AND relname = ANY (%s)
                    ORDER BY relname"""
         self.cursor.execute(query, (schema, tables))
         return [t[0] for t in self.cursor.fetchall()]

test/integration/targets/postgresql/tasks/postgresql_privs.yml

@@ -27,6 +27,130 @@
     db: "{{ db_name }}"
     login_user: "{{ pg_user }}"
 
+#############################
+# Test of solving bug 27327 #
+#############################
+
+# Create the test table and view:
+- name: Create table
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_table:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    name: test_table1
+    columns:
+    - id int
+
+- name: Create view
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_query:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    query: "CREATE VIEW test_view AS SELECT id FROM test_table1"
+
+# Test check_mode:
+- name: Grant SELECT on test_view, check_mode
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_privs:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    state: present
+    privs: SELECT
+    type: table
+    objs: test_view
+    roles: "{{ db_user2 }}"
+  check_mode: yes
+  register: result
+
+- assert:
+    that:
+    - result.changed == true
+
+# Check:
+- name: Check that nothing was changed after the prev step
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_query:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    query: "SELECT grantee FROM information_schema.role_table_grants WHERE table_name='test_view' AND grantee = '{{ db_user2 }}'"
+  register: result
+
+- assert:
+    that:
+    - result.rowcount == 0
+
+# Test true mode:
+- name: Grant SELECT on test_view
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_privs:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    state: present
+    privs: SELECT
+    type: table
+    objs: test_view
+    roles: "{{ db_user2 }}"
+  register: result
+
+- assert:
+    that:
+    - result.changed == true
+
+# Check:
+- name: Check that nothing was changed after the prev step
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_query:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    query: "SELECT grantee FROM information_schema.role_table_grants WHERE table_name='test_view' AND grantee = '{{ db_user2 }}'"
+  register: result
+
+- assert:
+    that:
+    - result.rowcount == 1
+
+# Test true mode:
+- name: Try to grant SELECT again
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_privs:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    state: present
+    privs: SELECT
+    type: table
+    objs: test_view
+    roles: "{{ db_user2 }}"
+  register: result
+
+- assert:
+    that:
+    - result.changed == false
+
+# Cleanup:
+- name: Drop test view
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_query:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    query: "DROP VIEW test_view"
+
+- name: Drop test table
+  become: yes
+  become_user: "{{ pg_user }}"
+  postgresql_table:
+    login_user: "{{ pg_user }}"
+    db: postgres
+    name: test_table1
+    state: absent
+
 ######################################################
 # Test foreign data wrapper and foreign server privs #
 ######################################################