cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

postgresql_membership: add CI tests for roles with dots (#63896)

Browse source
This commit is contained in:
Andrey Klychkov 2019-10-24 13:09:42 +03:00 committed by John R Barker
parent fb38c9cea9
commit 40437d434e
2 changed files with 112 additions and 88 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
test/integration/targets/postgresql_membership/defaults/main.yml Normal file
View file

@ -0,0 +1,5 @@
test_group1: group1
test_group2: group2
test_group3: group.with.dots
test_user1: user1
test_user2: user.with.dots

195
test/integration/targets/postgresql_membership/tasks/postgresql_membership_initial.yml
View file

@ -14,24 +14,25 @@
name: "{{ item }}"
ignore_errors: yes
with_items:
- group1
- group2
- user1
- user2
- "{{ test_group1 }}"
- "{{ test_group2 }}"
- "{{ test_group3 }}"
- "{{ test_user1 }}"
- "{{ test_user2 }}"
################
# Do main tests:
### Test check_mode
# Grant group1 to user1 in check_mode:
- name: postgresql_membership - grant group1 to user1 in check_mode
# Grant test_group1 to test_user1 in check_mode:
- name: postgresql_membership - grant test_group1 to test_user1 in check_mode
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group: group1
user: user1
group: "{{ test_group1 }}"
user: "{{ test_user1 }}"
state: present
register: result
ignore_errors: yes
@ -40,22 +41,22 @@
- assert:
that:
- result is changed
- result.groups == ["group1"]
- result.queries == ["GRANT \"group1\" TO \"user1\""]
- result.granted.group1 == ["user1"]
- result.groups == ["{{ test_group1 }}"]
- result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\""]
- result.granted.{{ test_group1 }} == ["{{ test_user1 }}"]
- result.state == "present"
- result.target_roles == ["user1"]
- result.target_roles == ["{{ test_user1 }}"]
# Try to revoke group1 from user1 to check that
# Try to revoke test_group1 from test_user1 to check that
# nothing actually changed in check_mode at the previous step:
- name: postgresql_membership - try to revoke group1 from user1 for checking check_mode
- name: postgresql_membership - try to revoke test_group1 from test_user1 for checking check_mode
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group: group1
user: user1
group: "{{ test_group1 }}"
user: "{{ test_user1 }}"
state: absent
register: result
ignore_errors: yes
@ -64,22 +65,22 @@
- assert:
that:
- result is not changed
- result.groups == ["group1"]
- result.groups == ["{{ test_group1 }}"]
- result.queries == []
- result.revoked.group1 == []
- result.revoked.{{ test_group1 }} == []
- result.state == "absent"
- result.target_roles == ["user1"]
- result.target_roles == ["{{ test_user1 }}"]
### End of test check_mode
# Grant group1 to user1:
- name: postgresql_membership - grant group1 to user1
# Grant test_group1 to test_user1:
- name: postgresql_membership - grant test_group1 to test_user1
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group: group1
user: user1
group: "{{ test_group1 }}"
user: "{{ test_user1 }}"
state: present
register: result
ignore_errors: yes
@ -87,21 +88,21 @@
- assert:
that:
- result is changed
- result.groups == ["group1"]
- result.queries == ["GRANT \"group1\" TO \"user1\""]
- result.granted.group1 == ["user1"]
- result.groups == ["{{ test_group1 }}"]
- result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\""]
- result.granted.{{ test_group1 }} == ["{{ test_user1 }}"]
- result.state == "present"
- result.target_roles == ["user1"]
- result.target_roles == ["{{ test_user1 }}"]
# Grant group1 to user1 again to check that nothing changes:
- name: postgresql_membership - grant group1 to user1 again
# Grant test_group1 to test_user1 again to check that nothing changes:
- name: postgresql_membership - grant test_group1 to test_user1 again
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group: group1
user: user1
group: "{{ test_group1 }}"
user: "{{ test_user1 }}"
state: present
register: result
ignore_errors: yes
@ -109,21 +110,21 @@
- assert:
that:
- result is not changed
- result.groups == ["group1"]
- result.groups == ["{{ test_group1 }}"]
- result.queries == []
- result.granted.group1 == []
- result.granted.{{ test_group1 }} == []
- result.state == "present"
- result.target_roles == ["user1"]
- result.target_roles == ["{{ test_user1 }}"]
# Revoke group1 from user1:
- name: postgresql_membership - revoke group1 from user1
# Revoke test_group1 from test_user1:
- name: postgresql_membership - revoke test_group1 from test_user1
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group: group1
user: user1
group: "{{ test_group1 }}"
user: "{{ test_user1 }}"
state: absent
register: result
ignore_errors: yes
@ -131,21 +132,21 @@
- assert:
that:
- result is changed
- result.groups == ["group1"]
- result.queries == ["REVOKE \"group1\" FROM \"user1\""]
- result.revoked.group1 == ["user1"]
- result.groups == ["{{ test_group1 }}"]
- result.queries == ["REVOKE \"{{ test_group1 }}\" FROM \"{{ test_user1 }}\""]
- result.revoked.{{ test_group1 }} == ["{{ test_user1 }}"]
- result.state == "absent"
- result.target_roles == ["user1"]
- result.target_roles == ["{{ test_user1 }}"]
# Revoke group1 from user1 again to check that nothing changes:
- name: postgresql_membership - revoke group1 from user1 again
# Revoke test_group1 from test_user1 again to check that nothing changes:
- name: postgresql_membership - revoke test_group1 from test_user1 again
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group: group1
user: user1
group: "{{ test_group1 }}"
user: "{{ test_user1 }}"
state: absent
register: result
ignore_errors: yes
@ -153,13 +154,13 @@
- assert:
that:
- result is not changed
- result.groups == ["group1"]
- result.groups == ["{{ test_group1 }}"]
- result.queries == []
- result.revoked.group1 == []
- result.revoked.{{ test_group1 }} == []
- result.state == "absent"
- result.target_roles == ["user1"]
- result.target_roles == ["{{ test_user1 }}"]
# Grant group1 and group2 to user1 and user2:
# Grant test_group1 and test_group2 to test_user1 and test_user2:
- name: postgresql_membership - grant two groups to two users
become_user: "{{ pg_user }}"
become: yes
@ -167,11 +168,11 @@
login_user: "{{ pg_user }}"
db: postgres
group:
- group1
- group2
- "{{ test_group1 }}"
- "{{ test_group2 }}"
user:
- user1
- user2
- "{{ test_user1 }}"
- "{{ test_user2 }}"
state: present
register: result
ignore_errors: yes
@ -179,14 +180,14 @@
- assert:
that:
- result is changed
- result.groups == ["group1", "group2"]
- result.queries == ["GRANT \"group1\" TO \"user1\"", "GRANT \"group1\" TO \"user2\"", "GRANT \"group2\" TO \"user1\"", "GRANT \"group2\" TO \"user2\""]
- result.granted.group1 == ["user1", "user2"]
- result.granted.group2 == ["user1", "user2"]
- result.groups == ["{{ test_group1 }}", "{{ test_group2 }}"]
- result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\"", "GRANT \"{{ test_group1 }}\" TO \"{{ test_user2 }}\"", "GRANT \"{{ test_group2 }}\" TO \"{{ test_user1 }}\"", "GRANT \"{{ test_group2 }}\" TO \"{{ test_user2 }}\""]
- result.granted.{{ test_group1 }} == ["{{ test_user1 }}", "{{ test_user2 }}"]
- result.granted.{{ test_group2 }} == ["{{ test_user1 }}", "{{ test_user2 }}"]
- result.state == "present"
- result.target_roles == ["user1", "user2"]
- result.target_roles == ["{{ test_user1 }}", "{{ test_user2 }}"]
# Grant group1 and group2 to user1 and user2 again to check that nothing changes:
# Grant test_group1 and test_group2 to test_user1 and test_user2 again to check that nothing changes:
- name: postgresql_membership - grant two groups to two users again
become_user: "{{ pg_user }}"
become: yes
@ -194,11 +195,11 @@
login_user: "{{ pg_user }}"
db: postgres
group:
- group1
- group2
- "{{ test_group1 }}"
- "{{ test_group2 }}"
user:
- user1
- user2
- "{{ test_user1 }}"
- "{{ test_user2 }}"
state: present
register: result
ignore_errors: yes
@ -206,22 +207,22 @@
- assert:
that:
- result is not changed
- result.groups == ["group1", "group2"]
- result.groups == ["{{ test_group1 }}", "{{ test_group2 }}"]
- result.queries == []
- result.granted.group1 == []
- result.granted.group2 == []
- result.granted.{{ test_group1 }} == []
- result.granted.{{ test_group2 }} == []
- result.state == "present"
- result.target_roles == ["user1", "user2"]
- result.target_roles == ["{{ test_user1 }}", "{{ test_user2 }}"]
# Revoke only group1 from user1:
# Revoke only test_group1 from test_user1:
- name: postgresql_membership - revoke one group from one user
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group: group1
user: user1
group: "{{ test_group1 }}"
user: "{{ test_user1 }}"
state: absent
register: result
ignore_errors: yes
@ -229,13 +230,14 @@
- assert:
that:
- result is changed
- result.groups == ["group1"]
- result.queries == ["REVOKE \"group1\" FROM \"user1\""]
- result.revoked.group1 == ["user1"]
- result.groups == ["{{ test_group1 }}"]
- result.queries == ["REVOKE \"{{ test_group1 }}\" FROM \"{{ test_user1 }}\""]
- result.revoked.{{ test_group1 }} == ["{{ test_user1 }}"]
- result.state == "absent"
- result.target_roles == ["user1"]
- result.target_roles == ["{{ test_user1 }}"]
# Try to grant group1 and group2 to user1 and user2 again to check that nothing changes with user2:
# Try to grant test_group1 and test_group2 to test_user1 and test_user2 again
# to check that nothing changes with test_user2:
- name: postgresql_membership - grant two groups to two users again
become_user: "{{ pg_user }}"
become: yes
@ -243,11 +245,11 @@
login_user: "{{ pg_user }}"
db: postgres
group:
- group1
- group2
- "{{ test_group1 }}"
- "{{ test_group2 }}"
user:
- user1
- user2
- "{{ test_user1 }}"
- "{{ test_user2 }}"
state: present
register: result
ignore_errors: yes
@ -255,18 +257,18 @@
- assert:
that:
- result is changed
- result.groups == ["group1", "group2"]
- result.queries == ["GRANT \"group1\" TO \"user1\""]
- result.granted.group1 == ["user1"]
- result.granted.group2 == []
- result.groups == ["{{ test_group1 }}", "{{ test_group2 }}"]
- result.queries == ["GRANT \"{{ test_group1 }}\" TO \"{{ test_user1 }}\""]
- result.granted.{{ test_group1 }} == ["{{ test_user1 }}"]
- result.granted.{{ test_group2 }} == []
- result.state == "present"
- result.target_roles == ["user1", "user2"]
- result.target_roles == ["{{ test_user1 }}", "{{ test_user2 }}"]
#####################
# Check fail_on_role:
# Try to grant non existent group to non existent role with fail_on_role=yes:
- name: postgresql_membership - grant group1 to user1
- name: postgresql_membership - revoke non existen group from non existen role
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
@ -284,7 +286,7 @@
- result is not changed
# Try to grant non existent group to non existent role with fail_on_role=no:
- name: postgresql_membership - grant group1 to user1
- name: postgresql_membership - revoke non existen group from non existen role
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
@ -306,7 +308,7 @@
- result.state == 'present'
# Try to revoke non existent group from non existent role with fail_on_role=no:
- name: postgresql_membership - grant group1 to user1
- name: postgresql_membership - revoke non existen group from non existen role
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
@ -326,3 +328,20 @@
- result.groups == []
- result.target_roles == []
- result.state == 'absent'
# Grant test_group3 with a name containing dots to test_user1.
- name: postgresql_membership - grant test_group3 with dots to test_user1
become_user: "{{ pg_user }}"
become: yes
postgresql_membership:
login_user: "{{ pg_user }}"
db: postgres
group: "{{ test_group3 }}"
user: "{{ test_user1 }}"
state: present
register: result
- assert:
that:
- result is changed
- result.queries == ["GRANT \"{{ test_group3 }}\" TO \"{{ test_user1 }}\""]