diff --git a/test/integration/targets/postgresql_db/aliases b/test/integration/targets/postgresql_db/aliases
new file mode 100644
index 00000000000..3b8d495b2c0
--- /dev/null
+++ b/test/integration/targets/postgresql_db/aliases
@@ -0,0 +1,4 @@
+destructive
+shippable/posix/group4
+postgresql_db
+skip/osx
diff --git a/test/integration/targets/postgresql_db/defaults/main.yml b/test/integration/targets/postgresql_db/defaults/main.yml
new file mode 100644
index 00000000000..0ed08c99e5b
--- /dev/null
+++ b/test/integration/targets/postgresql_db/defaults/main.yml
@@ -0,0 +1,3 @@
+db_name: 'ansible_db'
+db_user1: 'ansible_db_user1'
+tmp_dir: '/tmp'
diff --git a/test/integration/targets/postgresql_db_user_privs/meta/main.yml b/test/integration/targets/postgresql_db/meta/main.yml
similarity index 100%
rename from test/integration/targets/postgresql_db_user_privs/meta/main.yml
rename to test/integration/targets/postgresql_db/meta/main.yml
diff --git a/test/integration/targets/postgresql_db/tasks/main.yml b/test/integration/targets/postgresql_db/tasks/main.yml
new file mode 100644
index 00000000000..d9e6447835e
--- /dev/null
+++ b/test/integration/targets/postgresql_db/tasks/main.yml
@@ -0,0 +1,28 @@
+# Initial tests of postgresql_db module:
+- import_tasks: postgresql_db_initial.yml
+
+# General tests:
+- import_tasks: postgresql_db_general.yml
+
+# Dump/restore tests per format:
+- include_tasks: state_dump_restore.yml
+ vars:
+ test_fixture: user
+ file: '{{ loop_item }}'
+ loop:
+ - dbdata.sql
+ - dbdata.sql.gz
+ - dbdata.sql.bz2
+ - dbdata.sql.xz
+ - dbdata.tar
+ - dbdata.tar.gz
+ - dbdata.tar.bz2
+ - dbdata.tar.xz
+ loop_control:
+ loop_var: loop_item
+
+# Dump/restore tests per other logins:
+- import_tasks: state_dump_restore.yml
+ vars:
+ file: dbdata.tar
+ test_fixture: admin
diff --git a/test/integration/targets/postgresql_db_user_privs/tasks/postgresql_db.yml b/test/integration/targets/postgresql_db/tasks/postgresql_db_general.yml
similarity index 100%
rename from test/integration/targets/postgresql_db_user_privs/tasks/postgresql_db.yml
rename to test/integration/targets/postgresql_db/tasks/postgresql_db_general.yml
diff --git a/test/integration/targets/postgresql_db/tasks/postgresql_db_initial.yml b/test/integration/targets/postgresql_db/tasks/postgresql_db_initial.yml
new file mode 100644
index 00000000000..352e46c813e
--- /dev/null
+++ b/test/integration/targets/postgresql_db/tasks/postgresql_db_initial.yml
@@ -0,0 +1,312 @@
+#
+# Create and destroy db
+#
+- name: Create DB
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_db:
+ state: present
+ name: "{{ db_name }}"
+ login_user: "{{ pg_user }}"
+ register: result
+
+- name: assert that module reports the db was created
+ assert:
+ that:
+ - result is changed
+ - "result.db == db_name"
+
+- name: Check that database created
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
+ register: result
+
+- assert:
+ that:
+ - "result.stdout_lines[-1] == '(1 row)'"
+
+- name: Run create on an already created db
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_db:
+ state: present
+ name: "{{ db_name }}"
+ login_user: "{{ pg_user }}"
+ register: result
+
+- name: assert that module reports the db was unchanged
+ assert:
+ that:
+ - result is not changed
+
+- name: Destroy DB
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_db:
+ state: absent
+ name: "{{ db_name }}"
+ login_user: "{{ pg_user }}"
+ register: result
+
+- name: assert that module reports the db was changed
+ assert:
+ that:
+ - result is changed
+
+- name: Check that database was destroyed
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
+ register: result
+
+- assert:
+ that:
+ - "result.stdout_lines[-1] == '(0 rows)'"
+
+- name: Destroy DB
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_db:
+ state: absent
+ name: "{{ db_name }}"
+ login_user: "{{ pg_user }}"
+ register: result
+
+- name: assert that removing an already removed db makes no change
+ assert:
+ that:
+ - result is not changed
+
+
+# This corner case works to add but not to drop. This is sufficiently crazy
+# that I'm not going to attempt to fix it unless someone lets me know that they
+# need the functionality
+#
+# - postgresql_db:
+# state: 'present'
+# name: '"silly.""name"'
+# - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql
+# register: result
+#
+# - assert:
+# that: "result.stdout_lines[-1] == '(1 row)'"
+# - postgresql_db:
+# state: absent
+# name: '"silly.""name"'
+# - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql
+# register: result
+#
+# - assert:
+# that: "result.stdout_lines[-1] == '(0 rows)'"
+
+#
+# Test conn_limit, encoding, collate, ctype, template options
+#
+- name: Create a DB with conn_limit, encoding, collate, ctype, and template options
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_db:
+ name: '{{ db_name }}'
+ state: 'present'
+ conn_limit: '100'
+ encoding: 'LATIN1'
+ lc_collate: 'pt_BR{{ locale_latin_suffix }}'
+ lc_ctype: 'es_ES{{ locale_latin_suffix }}'
+ template: 'template0'
+ login_user: "{{ pg_user }}"
+
+- name: Check that the DB has all of our options
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select datname, datconnlimit, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres
+ register: result
+
+- assert:
+ that:
+ - "result.stdout_lines[-1] == '(1 row)'"
+ - "'LATIN1' in result.stdout_lines[-2]"
+ - "'pt_BR' in result.stdout_lines[-2]"
+ - "'es_ES' in result.stdout_lines[-2]"
+ - "'UTF8' not in result.stdout_lines[-2]"
+ - "'en_US' not in result.stdout_lines[-2]"
+ - "'100' in result.stdout_lines[-2]"
+
+- name: Check that running db creation with options a second time does nothing
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_db:
+ name: '{{ db_name }}'
+ state: 'present'
+ conn_limit: '100'
+ encoding: 'LATIN1'
+ lc_collate: 'pt_BR{{ locale_latin_suffix }}'
+ lc_ctype: 'es_ES{{ locale_latin_suffix }}'
+ template: 'template0'
+ login_user: "{{ pg_user }}"
+ register: result
+
+- assert:
+ that:
+ - result is not changed
+
+
+- name: Check that attempting to change encoding returns an error
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_db:
+ name: '{{ db_name }}'
+ state: 'present'
+ encoding: 'UTF8'
+ lc_collate: 'pt_BR{{ locale_utf8_suffix }}'
+ lc_ctype: 'es_ES{{ locale_utf8_suffix }}'
+ template: 'template0'
+ login_user: "{{ pg_user }}"
+ register: result
+ ignore_errors: yes
+
+- assert:
+ that:
+ - result is failed
+
+- name: Check that changing the conn_limit actually works
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_db:
+ name: '{{ db_name }}'
+ state: 'present'
+ conn_limit: '200'
+ encoding: 'LATIN1'
+ lc_collate: 'pt_BR{{ locale_latin_suffix }}'
+ lc_ctype: 'es_ES{{ locale_latin_suffix }}'
+ template: 'template0'
+ login_user: "{{ pg_user }}"
+ register: result
+
+- assert:
+ that:
+ - result is changed
+
+- name: Check that conn_limit has actually been set / updated to 200
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "SELECT datconnlimit AS conn_limit FROM pg_database WHERE datname = '{{ db_name }}';" | psql -d postgres
+ register: result
+
+- assert:
+ that:
+ - "result.stdout_lines[-1] == '(1 row)'"
+ - "'200' == '{{ result.stdout_lines[-2] | trim }}'"
+
+- name: Cleanup test DB
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_db:
+ name: '{{ db_name }}'
+ state: 'absent'
+ login_user: "{{ pg_user }}"
+
+- shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres
+ become_user: "{{ pg_user }}"
+ become: yes
+ register: result
+
+- assert:
+ that:
+ - "result.stdout_lines[-1] == '(0 rows)'"
+
+#
+# Test db ownership
+#
+- name: Create an unprivileged user to own a DB
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_user:
+ name: "{{ db_user1 }}"
+ encrypted: 'yes'
+ password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
+ login_user: "{{ pg_user }}"
+ db: postgres
+
+- name: Create db with user ownership
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_db:
+ name: "{{ db_name }}"
+ state: "present"
+ owner: "{{ db_user1 }}"
+ login_user: "{{ pg_user }}"
+
+- name: Check that the user owns the newly created DB
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql -d postgres
+ register: result
+
+- assert:
+ that:
+ - "result.stdout_lines[-1] == '(1 row)'"
+ - "'{{ db_user1 }}' == '{{ result.stdout_lines[-2] | trim }}'"
+
+- name: Change the owner on an existing db
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_db:
+ name: "{{ db_name }}"
+ state: "present"
+ owner: "{{ pg_user }}"
+ login_user: "{{ pg_user }}"
+ register: result
+
+- name: assert that ansible says it changed the db
+ assert:
+ that:
+ - result is changed
+
+- name: Check that the user owns the newly created DB
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql -d postgres
+ register: result
+
+- assert:
+ that:
+ - "result.stdout_lines[-1] == '(1 row)'"
+ - "'{{ pg_user }}' == '{{ result.stdout_lines[-2] | trim }}'"
+
+- name: Cleanup db
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_db:
+ name: "{{ db_name }}"
+ state: "absent"
+ login_user: "{{ pg_user }}"
+
+- name: Check that database was destroyed
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
+ register: result
+
+- assert:
+ that:
+ - "result.stdout_lines[-1] == '(0 rows)'"
+
+- name: Cleanup test user
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_user:
+ name: "{{ db_user1 }}"
+ state: 'absent'
+ login_user: "{{ pg_user }}"
+ db: postgres
+
+- name: Check that they were removed
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
+ register: result
+
+- assert:
+ that:
+ - "result.stdout_lines[-1] == '(0 rows)'"
diff --git a/test/integration/targets/postgresql_db_user_privs/tasks/state_dump_restore.yml b/test/integration/targets/postgresql_db/tasks/state_dump_restore.yml
similarity index 91%
rename from test/integration/targets/postgresql_db_user_privs/tasks/state_dump_restore.yml
rename to test/integration/targets/postgresql_db/tasks/state_dump_restore.yml
index d4327d362f4..882e5c60486 100644
--- a/test/integration/targets/postgresql_db_user_privs/tasks/state_dump_restore.yml
+++ b/test/integration/targets/postgresql_db/tasks/state_dump_restore.yml
@@ -18,6 +18,19 @@
# along with Ansible. If not, see .
# ============================================================
+
+- name: Create a test user
+ become: yes
+ become_user: "{{ pg_user }}"
+ postgresql_user:
+ name: "{{ db_user1 }}"
+ state: "present"
+ encrypted: 'yes'
+ password: "password"
+ role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
+ login_user: "{{ pg_user }}"
+ db: postgres
+
- set_fact: db_file_name="{{tmp_dir}}/{{file}}"
- set_fact:
@@ -138,3 +151,12 @@
- name: remove file name
file: name={{ db_file_name }} state=absent
+
+- name: Remove the test user
+ become: yes
+ become_user: "{{ pg_user }}"
+ postgresql_user:
+ name: "{{ db_user1 }}"
+ state: "absent"
+ login_user: "{{ pg_user }}"
+ db: postgres
diff --git a/test/integration/targets/postgresql_db_user_privs/defaults/main.yml b/test/integration/targets/postgresql_db_user_privs/defaults/main.yml
deleted file mode 100644
index 3f58d7eecb9..00000000000
--- a/test/integration/targets/postgresql_db_user_privs/defaults/main.yml
+++ /dev/null
@@ -1,34 +0,0 @@
----
-# defaults file for test_postgresql_db
-db_name: 'ansible_db'
-db_user1: 'ansible_db_user1'
-db_user2: 'ansible_db_user2'
-db_user3: 'ansible_db_user3'
-db_default: 'postgres'
-
-tmp_dir: '/tmp'
-db_session_role1: 'session_role1'
-db_session_role2: 'session_role2'
-
-pg_hba_test_ips:
-- contype: local
- users: 'all,postgres,test'
-- source: '0000:ffff::'
- netmask: 'ffff:fff0::'
-- source: '192.168.0.0/24'
- netmask: ''
- databases: 'all,replication'
-- source: '192.168.1.0/24'
- netmask: ''
- databases: 'all'
- method: reject
-- source: '127.0.0.1/32'
- netmask: ''
-- source: '::1/128'
- netmask: ''
-- source: '0000:ff00::'
- netmask: 'ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00'
- method: scram-sha-256
-- source: '172.16.0.0'
- netmask: '255.255.0.0'
- method: trust
diff --git a/test/integration/targets/postgresql_db_user_privs/tasks/main.yml b/test/integration/targets/postgresql_db_user_privs/tasks/main.yml
deleted file mode 100644
index 86c89d31b6a..00000000000
--- a/test/integration/targets/postgresql_db_user_privs/tasks/main.yml
+++ /dev/null
@@ -1,47 +0,0 @@
-# Unsorted tests that were moved from here to unsorted.yml
-- import_tasks: unsorted.yml
-
-- include_tasks: '{{ loop_item }}'
- loop:
- # Test postgresql_user module
- - postgresql_user.yml
-
- # Verify different session_role scenarios
- - session_role.yml
-
- # Test postgresql_db module, specific options
- - postgresql_db.yml
-
- # Test postgresql_privs
- - postgresql_privs.yml
- loop_control:
- loop_var: loop_item
-
-# Test default_privs with target_role
-- import_tasks: test_target_role.yml
- when: postgres_version_resp.stdout is version('9.1', '>=')
-
-# dump/restore tests per format
-# ============================================================
-- include_tasks: state_dump_restore.yml
- vars:
- test_fixture: user
- file: '{{ loop_item }}'
- loop:
- - dbdata.sql
- - dbdata.sql.gz
- - dbdata.sql.bz2
- - dbdata.sql.xz
- - dbdata.tar
- - dbdata.tar.gz
- - dbdata.tar.bz2
- - dbdata.tar.xz
- loop_control:
- loop_var: loop_item
-
-# dump/restore tests per other logins
-# ============================================================
-- import_tasks: state_dump_restore.yml
- vars:
- file: dbdata.tar
- test_fixture: admin
diff --git a/test/integration/targets/postgresql_db_user_privs/tasks/unsorted.yml b/test/integration/targets/postgresql_db_user_privs/tasks/unsorted.yml
deleted file mode 100644
index 963b9db90be..00000000000
--- a/test/integration/targets/postgresql_db_user_privs/tasks/unsorted.yml
+++ /dev/null
@@ -1,789 +0,0 @@
-#
-# Create and destroy db
-#
-- name: Create DB
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_db:
- state: present
- name: "{{ db_name }}"
- login_user: "{{ pg_user }}"
- register: result
-
-- name: assert that module reports the db was created
- assert:
- that:
- - result is changed
- - "result.db == db_name"
-
-- name: Check that database created
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
- register: result
-
-- assert:
- that:
- - "result.stdout_lines[-1] == '(1 row)'"
-
-- name: Run create on an already created db
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_db:
- state: present
- name: "{{ db_name }}"
- login_user: "{{ pg_user }}"
- register: result
-
-- name: assert that module reports the db was unchanged
- assert:
- that:
- - result is not changed
-
-- name: Destroy DB
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_db:
- state: absent
- name: "{{ db_name }}"
- login_user: "{{ pg_user }}"
- register: result
-
-- name: assert that module reports the db was changed
- assert:
- that:
- - result is changed
-
-- name: Check that database was destroyed
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
- register: result
-
-- assert:
- that:
- - "result.stdout_lines[-1] == '(0 rows)'"
-
-- name: Destroy DB
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_db:
- state: absent
- name: "{{ db_name }}"
- login_user: "{{ pg_user }}"
- register: result
-
-- name: assert that removing an already removed db makes no change
- assert:
- that:
- - result is not changed
-
-
-# This corner case works to add but not to drop. This is sufficiently crazy
-# that I'm not going to attempt to fix it unless someone lets me know that they
-# need the functionality
-#
-# - postgresql_db:
-# state: 'present'
-# name: '"silly.""name"'
-# - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql
-# register: result
-#
-# - assert:
-# that: "result.stdout_lines[-1] == '(1 row)'"
-# - postgresql_db:
-# state: absent
-# name: '"silly.""name"'
-# - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql
-# register: result
-#
-# - assert:
-# that: "result.stdout_lines[-1] == '(0 rows)'"
-
-#
-# Test conn_limit, encoding, collate, ctype, template options
-#
-- name: Create a DB with conn_limit, encoding, collate, ctype, and template options
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_db:
- name: '{{ db_name }}'
- state: 'present'
- conn_limit: '100'
- encoding: 'LATIN1'
- lc_collate: 'pt_BR{{ locale_latin_suffix }}'
- lc_ctype: 'es_ES{{ locale_latin_suffix }}'
- template: 'template0'
- login_user: "{{ pg_user }}"
-
-- name: Check that the DB has all of our options
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select datname, datconnlimit, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres
- register: result
-
-- assert:
- that:
- - "result.stdout_lines[-1] == '(1 row)'"
- - "'LATIN1' in result.stdout_lines[-2]"
- - "'pt_BR' in result.stdout_lines[-2]"
- - "'es_ES' in result.stdout_lines[-2]"
- - "'UTF8' not in result.stdout_lines[-2]"
- - "'en_US' not in result.stdout_lines[-2]"
- - "'100' in result.stdout_lines[-2]"
-
-- name: Check that running db creation with options a second time does nothing
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_db:
- name: '{{ db_name }}'
- state: 'present'
- conn_limit: '100'
- encoding: 'LATIN1'
- lc_collate: 'pt_BR{{ locale_latin_suffix }}'
- lc_ctype: 'es_ES{{ locale_latin_suffix }}'
- template: 'template0'
- login_user: "{{ pg_user }}"
- register: result
-
-- assert:
- that:
- - result is not changed
-
-
-- name: Check that attempting to change encoding returns an error
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_db:
- name: '{{ db_name }}'
- state: 'present'
- encoding: 'UTF8'
- lc_collate: 'pt_BR{{ locale_utf8_suffix }}'
- lc_ctype: 'es_ES{{ locale_utf8_suffix }}'
- template: 'template0'
- login_user: "{{ pg_user }}"
- register: result
- ignore_errors: yes
-
-- assert:
- that:
- - result is failed
-
-- name: Check that changing the conn_limit actually works
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_db:
- name: '{{ db_name }}'
- state: 'present'
- conn_limit: '200'
- encoding: 'LATIN1'
- lc_collate: 'pt_BR{{ locale_latin_suffix }}'
- lc_ctype: 'es_ES{{ locale_latin_suffix }}'
- template: 'template0'
- login_user: "{{ pg_user }}"
- register: result
-
-- assert:
- that:
- - result is changed
-
-- name: Check that conn_limit has actually been set / updated to 200
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "SELECT datconnlimit AS conn_limit FROM pg_database WHERE datname = '{{ db_name }}';" | psql -d postgres
- register: result
-
-- assert:
- that:
- - "result.stdout_lines[-1] == '(1 row)'"
- - "'200' == '{{ result.stdout_lines[-2] | trim }}'"
-
-- name: Cleanup test DB
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_db:
- name: '{{ db_name }}'
- state: 'absent'
- login_user: "{{ pg_user }}"
-
-- shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql -d postgres
- become_user: "{{ pg_user }}"
- become: yes
- register: result
-
-- assert:
- that:
- - "result.stdout_lines[-1] == '(0 rows)'"
-
-#
-# Create and destroy user, test 'password' and 'encrypted' parameters
-#
-# unencrypted values are not supported on newer versions
-# do not run the encrypted: no tests if on 10+
-- set_fact:
- encryption_values:
- - 'yes'
-
-- set_fact:
- encryption_values: '{{ encryption_values + ["no"]}}'
- when: postgres_version_resp.stdout is version('10', '<=')
-
-- include_tasks: test_password.yml
- vars:
- encrypted: '{{ loop_item }}'
- db_password1: 'secretù' # use UTF-8
- loop: '{{ encryption_values }}'
- loop_control:
- loop_var: loop_item
-
-# BYPASSRLS role attribute was introduced in PostgreSQL 9.5, so
-# we want to test attribute management differently depending
-# on the version.
-- set_fact:
- bypassrls_supported: "{{ postgres_version_resp.stdout is version('9.5.0', '>=') }}"
-
-# test 'no_password_change' and 'role_attr_flags' parameters
-- include_tasks: test_no_password_change.yml
- vars:
- no_password_changes: '{{ loop_item }}'
- loop:
- - 'yes'
- - 'no'
- loop_control:
- loop_var: loop_item
-
-### TODO: fail_on_user
-
-#
-# Test db ownership
-#
-- name: Create an unprivileged user to own a DB
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_user:
- name: "{{ db_user1 }}"
- encrypted: 'yes'
- password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
- login_user: "{{ pg_user }}"
- db: postgres
-
-- name: Create db with user ownership
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_db:
- name: "{{ db_name }}"
- state: "present"
- owner: "{{ db_user1 }}"
- login_user: "{{ pg_user }}"
-
-- name: Check that the user owns the newly created DB
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql -d postgres
- register: result
-
-- assert:
- that:
- - "result.stdout_lines[-1] == '(1 row)'"
- - "'{{ db_user1 }}' == '{{ result.stdout_lines[-2] | trim }}'"
-
-- name: Change the owner on an existing db
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_db:
- name: "{{ db_name }}"
- state: "present"
- owner: "{{ pg_user }}"
- login_user: "{{ pg_user }}"
- register: result
-
-- name: assert that ansible says it changed the db
- assert:
- that:
- - result is changed
-
-- name: Check that the user owns the newly created DB
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql -d postgres
- register: result
-
-- assert:
- that:
- - "result.stdout_lines[-1] == '(1 row)'"
- - "'{{ pg_user }}' == '{{ result.stdout_lines[-2] | trim }}'"
-
-- name: Cleanup db
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_db:
- name: "{{ db_name }}"
- state: "absent"
- login_user: "{{ pg_user }}"
-
-- name: Check that database was destroyed
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
- register: result
-
-- assert:
- that:
- - "result.stdout_lines[-1] == '(0 rows)'"
-
-- name: Cleanup test user
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_user:
- name: "{{ db_user1 }}"
- state: 'absent'
- login_user: "{{ pg_user }}"
- db: postgres
-
-- name: Check that they were removed
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
- register: result
-
-- assert:
- that:
- - "result.stdout_lines[-1] == '(0 rows)'"
-
-#
-# Test settings privileges
-#
-- name: Create db
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_db:
- name: "{{ db_name }}"
- state: "present"
- login_user: "{{ pg_user }}"
-
-- name: Create some tables on the db
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "create table test_table1 (field text);" | psql {{ db_name }}
-
-- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "create table test_table2 (field text);" | psql {{ db_name }}
-
-- vars:
- db_password: 'secretù' # use UTF-8
- block:
- - name: Create a user with some permissions on the db
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_user:
- name: "{{ db_user1 }}"
- encrypted: 'yes'
- password: "md5{{ (db_password ~ db_user1) | hash('md5')}}"
- db: "{{ db_name }}"
- priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP'
- login_user: "{{ pg_user }}"
-
- - include_tasks: pg_authid_not_readable.yml
-
-- name: Check that the user has the requested permissions (table1)
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
- register: result_table1
-
-- name: Check that the user has the requested permissions (table2)
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
- register: result_table2
-
-- name: Check that the user has the requested permissions (database)
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
- register: result_database
-
-- assert:
- that:
- - "result_table1.stdout_lines[-1] == '(7 rows)'"
- - "'INSERT' in result_table1.stdout"
- - "'SELECT' in result_table1.stdout"
- - "'UPDATE' in result_table1.stdout"
- - "'DELETE' in result_table1.stdout"
- - "'TRUNCATE' in result_table1.stdout"
- - "'REFERENCES' in result_table1.stdout"
- - "'TRIGGER' in result_table1.stdout"
- - "result_table2.stdout_lines[-1] == '(1 row)'"
- - "'INSERT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
- - "result_database.stdout_lines[-1] == '(1 row)'"
- - "'{{ db_user1 }}=CTc/{{ pg_user }}' in result_database.stdout_lines[-2]"
-
-- name: Add another permission for the user
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_user:
- name: "{{ db_user1 }}"
- encrypted: 'yes'
- password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
- db: "{{ db_name }}"
- priv: 'test_table2:select'
- login_user: "{{ pg_user }}"
- register: result
-
-- name: Check that ansible reports it changed the user
- assert:
- that:
- - result is changed
-
-- name: Check that the user has the requested permissions (table2)
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
- register: result_table2
-
-- assert:
- that:
- - "result_table2.stdout_lines[-1] == '(2 rows)'"
- - "'INSERT' in result_table2.stdout"
- - "'SELECT' in result_table2.stdout"
-
-
-#
-# Test priv setting via postgresql_privs module
-# (Depends on state from previous _user privs tests)
-#
-
-- name: Revoke a privilege
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_privs:
- type: "table"
- state: "absent"
- roles: "{{ db_user1 }}"
- privs: "INSERT"
- objs: "test_table2"
- db: "{{ db_name }}"
- login_user: "{{ pg_user }}"
- register: result
-
-- name: Check that ansible reports it changed the user
- assert:
- that:
- - result is changed
-
-- name: Check that the user has the requested permissions (table2)
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
- register: result_table2
-
-- assert:
- that:
- - "result_table2.stdout_lines[-1] == '(1 row)'"
- - "'SELECT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
-
-- name: Revoke many privileges on multiple tables
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_privs:
- state: "absent"
- roles: "{{ db_user1 }}"
- privs: "INSERT,select,UPDATE,TRUNCATE,REFERENCES,TRIGGER,delete"
- objs: "test_table2,test_table1"
- db: "{{ db_name }}"
- login_user: "{{ pg_user }}"
- register: result
-
-- name: Check that ansible reports it changed the user
- assert:
- that:
- - result is changed
-
-- name: Check that permissions were revoked (table1)
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
- register: result_table1
-
-- name: Check that permissions were revoked (table2)
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
- register: result_table2
-
-- assert:
- that:
- - "result_table1.stdout_lines[-1] == '(0 rows)'"
- - "result_table2.stdout_lines[-1] == '(0 rows)'"
-
-- name: Revoke database privileges
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_privs:
- type: "database"
- state: "absent"
- roles: "{{ db_user1 }}"
- privs: "Create,connect,TEMP"
- objs: "{{ db_name }}"
- db: "{{ db_name }}"
- login_user: "{{ pg_user }}"
-
-- name: Check that the user has the requested permissions (database)
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
- register: result_database
-
-- assert:
- that:
- - "result_database.stdout_lines[-1] == '(1 row)'"
- - "'{{ db_user1 }}' not in result_database.stdout"
-
-- name: Grant database privileges
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_privs:
- type: "database"
- state: "present"
- roles: "{{ db_user1 }}"
- privs: "CREATE,connect"
- objs: "{{ db_name }}"
- db: "{{ db_name }}"
- login_user: "{{ pg_user }}"
- register: result
-
-- name: Check that ansible reports it changed the user
- assert:
- that:
- - result is changed
-
-- name: Check that the user has the requested permissions (database)
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
- register: result_database
-
-- assert:
- that:
- - "result_database.stdout_lines[-1] == '(1 row)'"
- - "'{{ db_user1 }}=Cc' in result_database.stdout"
-
-- name: Grant a single privilege on a table
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_privs:
- state: "present"
- roles: "{{ db_user1 }}"
- privs: "INSERT"
- objs: "test_table1"
- db: "{{ db_name }}"
- login_user: "{{ pg_user }}"
-
-- name: Check that permissions were added (table1)
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
- register: result_table1
-
-- assert:
- that:
- - "result_table1.stdout_lines[-1] == '(1 row)'"
- - "'{{ result_table1.stdout_lines[-2] | trim }}' == 'INSERT'"
-
-- name: Grant many privileges on multiple tables
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_privs:
- state: "present"
- roles: "{{ db_user1 }}"
- privs: 'INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,trigger'
- objs: "test_table2,test_table1"
- db: "{{ db_name }}"
- login_user: "{{ pg_user }}"
-
-- name: Check that permissions were added (table1)
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
- register: result_table1
-
-- name: Check that permissions were added (table2)
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
- register: result_table2
-
-- assert:
- that:
- - "result_table1.stdout_lines[-1] == '(7 rows)'"
- - "'INSERT' in result_table1.stdout"
- - "'SELECT' in result_table1.stdout"
- - "'UPDATE' in result_table1.stdout"
- - "'DELETE' in result_table1.stdout"
- - "'TRUNCATE' in result_table1.stdout"
- - "'REFERENCES' in result_table1.stdout"
- - "'TRIGGER' in result_table1.stdout"
- - "result_table2.stdout_lines[-1] == '(7 rows)'"
- - "'INSERT' in result_table2.stdout"
- - "'SELECT' in result_table2.stdout"
- - "'UPDATE' in result_table2.stdout"
- - "'DELETE' in result_table2.stdout"
- - "'TRUNCATE' in result_table2.stdout"
- - "'REFERENCES' in result_table2.stdout"
- - "'TRIGGER' in result_table2.stdout"
-
-#
-# Cleanup
-#
-- name: Cleanup db
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_db:
- name: "{{ db_name }}"
- state: "absent"
- login_user: "{{ pg_user }}"
-
-- name: Check that database was destroyed
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
- register: result
-
-- assert:
- that:
- - "result.stdout_lines[-1] == '(0 rows)'"
-
-- name: Cleanup test user
- become_user: "{{ pg_user }}"
- become: yes
- postgresql_user:
- name: "{{ db_user1 }}"
- state: 'absent'
- login_user: "{{ pg_user }}"
- db: postgres
-
-- name: Check that they were removed
- become_user: "{{ pg_user }}"
- become: yes
- shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
- register: result
-
-- assert:
- that:
- - "result.stdout_lines[-1] == '(0 rows)'"
-
-#
-# Test login_user functionality
-#
-- name: Create a user to test login module parameters
- become: yes
- become_user: "{{ pg_user }}"
- postgresql_user:
- name: "{{ db_user1 }}"
- state: "present"
- encrypted: 'yes'
- password: "password"
- role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
- login_user: "{{ pg_user }}"
- db: postgres
-
-- name: Create db
- postgresql_db:
- name: "{{ db_name }}"
- state: "present"
- login_user: "{{ db_user1 }}"
- login_password: "password"
- login_host: "localhost"
-
-- name: Check that database created
- become: yes
- become_user: "{{ pg_user }}"
- shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
- register: result
-
-- assert:
- that:
- - "result.stdout_lines[-1] == '(1 row)'"
-
-- name: Create a user
- postgresql_user:
- name: "{{ db_user2 }}"
- state: "present"
- encrypted: 'yes'
- password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
- db: "{{ db_name }}"
- login_user: "{{ db_user1 }}"
- login_password: "password"
- login_host: "localhost"
-
-- name: Check that it was created
- become: yes
- become_user: "{{ pg_user }}"
- shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres
- register: result
-
-- assert:
- that:
- - "result.stdout_lines[-1] == '(1 row)'"
-
-- name: Grant database privileges
- postgresql_privs:
- type: "database"
- state: "present"
- roles: "{{ db_user2 }}"
- privs: "CREATE,connect"
- objs: "{{ db_name }}"
- db: "{{ db_name }}"
- login: "{{ db_user1 }}"
- password: "password"
- host: "localhost"
-
-- name: Check that the user has the requested permissions (database)
- become: yes
- become_user: "{{ pg_user }}"
- shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
- register: result_database
-
-- assert:
- that:
- - "result_database.stdout_lines[-1] == '(1 row)'"
- - "db_user2 ~ '=Cc' in result_database.stdout"
-
-- name: Remove user
- postgresql_user:
- name: "{{ db_user2 }}"
- state: 'absent'
- priv: "ALL"
- db: "{{ db_name }}"
- login_user: "{{ db_user1 }}"
- login_password: "password"
- login_host: "localhost"
-
-- name: Check that they were removed
- become: yes
- become_user: "{{ pg_user }}"
- shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres
- register: result
-
-- assert:
- that:
- - "result.stdout_lines[-1] == '(0 rows)'"
-
-- name: Destroy DB
- postgresql_db:
- state: absent
- name: "{{ db_name }}"
- login_user: "{{ db_user1 }}"
- login_password: "password"
- login_host: "localhost"
-
-- name: Check that database was destroyed
- become: yes
- become_user: "{{ pg_user }}"
- shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
- register: result
-
-- assert:
- that:
- - "result.stdout_lines[-1] == '(0 rows)'"
diff --git a/test/integration/targets/postgresql_db_user_privs/aliases b/test/integration/targets/postgresql_privs/aliases
similarity index 65%
rename from test/integration/targets/postgresql_db_user_privs/aliases
rename to test/integration/targets/postgresql_privs/aliases
index 638474beaa7..585cf35af97 100644
--- a/test/integration/targets/postgresql_db_user_privs/aliases
+++ b/test/integration/targets/postgresql_privs/aliases
@@ -1,6 +1,4 @@
destructive
shippable/posix/group4
-postgresql_db
-postgresql_privs
postgresql_user
skip/osx
diff --git a/test/integration/targets/postgresql_privs/defaults/main.yml b/test/integration/targets/postgresql_privs/defaults/main.yml
new file mode 100644
index 00000000000..28a83c59ffc
--- /dev/null
+++ b/test/integration/targets/postgresql_privs/defaults/main.yml
@@ -0,0 +1,4 @@
+db_name: ansible_db
+db_user1: ansible_db_user1
+db_user2: ansible_db_user2
+db_user3: ansible_db_user3
diff --git a/test/integration/targets/postgresql_privs/meta/main.yml b/test/integration/targets/postgresql_privs/meta/main.yml
new file mode 100644
index 00000000000..f3345cb6151
--- /dev/null
+++ b/test/integration/targets/postgresql_privs/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+- setup_postgresql_db
diff --git a/test/integration/targets/postgresql_privs/tasks/main.yml b/test/integration/targets/postgresql_privs/tasks/main.yml
new file mode 100644
index 00000000000..95bc198d90f
--- /dev/null
+++ b/test/integration/targets/postgresql_privs/tasks/main.yml
@@ -0,0 +1,9 @@
+# Initial CI tests of postgresql_privs module:
+- import_tasks: postgresql_privs_initial.yml
+
+# General tests:
+- import_tasks: postgresql_privs_general.yml
+
+# Tests default_privs with target_role:
+- import_tasks: test_target_role.yml
+ when: postgres_version_resp.stdout is version('9.1', '>=')
diff --git a/test/integration/targets/postgresql_db_user_privs/tasks/pg_authid_not_readable.yml b/test/integration/targets/postgresql_privs/tasks/pg_authid_not_readable.yml
similarity index 100%
rename from test/integration/targets/postgresql_db_user_privs/tasks/pg_authid_not_readable.yml
rename to test/integration/targets/postgresql_privs/tasks/pg_authid_not_readable.yml
diff --git a/test/integration/targets/postgresql_db_user_privs/tasks/postgresql_privs.yml b/test/integration/targets/postgresql_privs/tasks/postgresql_privs_general.yml
similarity index 100%
rename from test/integration/targets/postgresql_db_user_privs/tasks/postgresql_privs.yml
rename to test/integration/targets/postgresql_privs/tasks/postgresql_privs_general.yml
diff --git a/test/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml b/test/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml
new file mode 100644
index 00000000000..760d30e912d
--- /dev/null
+++ b/test/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml
@@ -0,0 +1,325 @@
+# The tests below were added initially and moved here
+# from the shared target called ``postgresql`` by @Andersson007 .
+# You can see modern examples of CI tests in postgresql_publication directory, for example.
+
+#
+# Test settings privileges
+#
+- name: Create db
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_db:
+ name: "{{ db_name }}"
+ state: "present"
+ login_user: "{{ pg_user }}"
+
+- name: Create some tables on the db
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "create table test_table1 (field text);" | psql {{ db_name }}
+
+- become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "create table test_table2 (field text);" | psql {{ db_name }}
+
+- vars:
+ db_password: 'secretù' # use UTF-8
+ block:
+ - name: Create a user with some permissions on the db
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_user:
+ name: "{{ db_user1 }}"
+ encrypted: 'yes'
+ password: "md5{{ (db_password ~ db_user1) | hash('md5')}}"
+ db: "{{ db_name }}"
+ priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP'
+ login_user: "{{ pg_user }}"
+
+ - include_tasks: pg_authid_not_readable.yml
+
+- name: Check that the user has the requested permissions (table1)
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
+ register: result_table1
+
+- name: Check that the user has the requested permissions (table2)
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
+ register: result_table2
+
+- name: Check that the user has the requested permissions (database)
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
+ register: result_database
+
+- assert:
+ that:
+ - "result_table1.stdout_lines[-1] == '(7 rows)'"
+ - "'INSERT' in result_table1.stdout"
+ - "'SELECT' in result_table1.stdout"
+ - "'UPDATE' in result_table1.stdout"
+ - "'DELETE' in result_table1.stdout"
+ - "'TRUNCATE' in result_table1.stdout"
+ - "'REFERENCES' in result_table1.stdout"
+ - "'TRIGGER' in result_table1.stdout"
+ - "result_table2.stdout_lines[-1] == '(1 row)'"
+ - "'INSERT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
+ - "result_database.stdout_lines[-1] == '(1 row)'"
+ - "'{{ db_user1 }}=CTc/{{ pg_user }}' in result_database.stdout_lines[-2]"
+
+- name: Add another permission for the user
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_user:
+ name: "{{ db_user1 }}"
+ encrypted: 'yes'
+ password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
+ db: "{{ db_name }}"
+ priv: 'test_table2:select'
+ login_user: "{{ pg_user }}"
+ register: result
+
+- name: Check that ansible reports it changed the user
+ assert:
+ that:
+ - result is changed
+
+- name: Check that the user has the requested permissions (table2)
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
+ register: result_table2
+
+- assert:
+ that:
+ - "result_table2.stdout_lines[-1] == '(2 rows)'"
+ - "'INSERT' in result_table2.stdout"
+ - "'SELECT' in result_table2.stdout"
+
+#
+# Test priv setting via postgresql_privs module
+# (Depends on state from previous _user privs tests)
+#
+
+- name: Revoke a privilege
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_privs:
+ type: "table"
+ state: "absent"
+ roles: "{{ db_user1 }}"
+ privs: "INSERT"
+ objs: "test_table2"
+ db: "{{ db_name }}"
+ login_user: "{{ pg_user }}"
+ register: result
+
+- name: Check that ansible reports it changed the user
+ assert:
+ that:
+ - result is changed
+
+- name: Check that the user has the requested permissions (table2)
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
+ register: result_table2
+
+- assert:
+ that:
+ - "result_table2.stdout_lines[-1] == '(1 row)'"
+ - "'SELECT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
+
+- name: Revoke many privileges on multiple tables
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_privs:
+ state: "absent"
+ roles: "{{ db_user1 }}"
+ privs: "INSERT,select,UPDATE,TRUNCATE,REFERENCES,TRIGGER,delete"
+ objs: "test_table2,test_table1"
+ db: "{{ db_name }}"
+ login_user: "{{ pg_user }}"
+ register: result
+
+- name: Check that ansible reports it changed the user
+ assert:
+ that:
+ - result is changed
+
+- name: Check that permissions were revoked (table1)
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
+ register: result_table1
+
+- name: Check that permissions were revoked (table2)
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
+ register: result_table2
+
+- assert:
+ that:
+ - "result_table1.stdout_lines[-1] == '(0 rows)'"
+ - "result_table2.stdout_lines[-1] == '(0 rows)'"
+
+- name: Revoke database privileges
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_privs:
+ type: "database"
+ state: "absent"
+ roles: "{{ db_user1 }}"
+ privs: "Create,connect,TEMP"
+ objs: "{{ db_name }}"
+ db: "{{ db_name }}"
+ login_user: "{{ pg_user }}"
+
+- name: Check that the user has the requested permissions (database)
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
+ register: result_database
+
+- assert:
+ that:
+ - "result_database.stdout_lines[-1] == '(1 row)'"
+ - "'{{ db_user1 }}' not in result_database.stdout"
+
+- name: Grant database privileges
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_privs:
+ type: "database"
+ state: "present"
+ roles: "{{ db_user1 }}"
+ privs: "CREATE,connect"
+ objs: "{{ db_name }}"
+ db: "{{ db_name }}"
+ login_user: "{{ pg_user }}"
+ register: result
+
+- name: Check that ansible reports it changed the user
+ assert:
+ that:
+ - result is changed
+
+- name: Check that the user has the requested permissions (database)
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
+ register: result_database
+
+- assert:
+ that:
+ - "result_database.stdout_lines[-1] == '(1 row)'"
+ - "'{{ db_user1 }}=Cc' in result_database.stdout"
+
+- name: Grant a single privilege on a table
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_privs:
+ state: "present"
+ roles: "{{ db_user1 }}"
+ privs: "INSERT"
+ objs: "test_table1"
+ db: "{{ db_name }}"
+ login_user: "{{ pg_user }}"
+
+- name: Check that permissions were added (table1)
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
+ register: result_table1
+
+- assert:
+ that:
+ - "result_table1.stdout_lines[-1] == '(1 row)'"
+ - "'{{ result_table1.stdout_lines[-2] | trim }}' == 'INSERT'"
+
+- name: Grant many privileges on multiple tables
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_privs:
+ state: "present"
+ roles: "{{ db_user1 }}"
+ privs: 'INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,trigger'
+ objs: "test_table2,test_table1"
+ db: "{{ db_name }}"
+ login_user: "{{ pg_user }}"
+
+- name: Check that permissions were added (table1)
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
+ register: result_table1
+
+- name: Check that permissions were added (table2)
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
+ register: result_table2
+
+- assert:
+ that:
+ - "result_table1.stdout_lines[-1] == '(7 rows)'"
+ - "'INSERT' in result_table1.stdout"
+ - "'SELECT' in result_table1.stdout"
+ - "'UPDATE' in result_table1.stdout"
+ - "'DELETE' in result_table1.stdout"
+ - "'TRUNCATE' in result_table1.stdout"
+ - "'REFERENCES' in result_table1.stdout"
+ - "'TRIGGER' in result_table1.stdout"
+ - "result_table2.stdout_lines[-1] == '(7 rows)'"
+ - "'INSERT' in result_table2.stdout"
+ - "'SELECT' in result_table2.stdout"
+ - "'UPDATE' in result_table2.stdout"
+ - "'DELETE' in result_table2.stdout"
+ - "'TRUNCATE' in result_table2.stdout"
+ - "'REFERENCES' in result_table2.stdout"
+ - "'TRIGGER' in result_table2.stdout"
+
+#
+# Cleanup
+#
+- name: Cleanup db
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_db:
+ name: "{{ db_name }}"
+ state: "absent"
+ login_user: "{{ pg_user }}"
+
+- name: Check that database was destroyed
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
+ register: result
+
+- assert:
+ that:
+ - "result.stdout_lines[-1] == '(0 rows)'"
+
+- name: Cleanup test user
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_user:
+ name: "{{ db_user1 }}"
+ state: 'absent'
+ login_user: "{{ pg_user }}"
+ db: postgres
+
+- name: Check that they were removed
+ become_user: "{{ pg_user }}"
+ become: yes
+ shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres
+ register: result
+
+- assert:
+ that:
+ - "result.stdout_lines[-1] == '(0 rows)'"
diff --git a/test/integration/targets/postgresql_db_user_privs/tasks/test_target_role.yml b/test/integration/targets/postgresql_privs/tasks/test_target_role.yml
similarity index 83%
rename from test/integration/targets/postgresql_db_user_privs/tasks/test_target_role.yml
rename to test/integration/targets/postgresql_privs/tasks/test_target_role.yml
index 75b58ddfd81..1a12236d7c1 100644
--- a/test/integration/targets/postgresql_db_user_privs/tasks/test_target_role.yml
+++ b/test/integration/targets/postgresql_privs/tasks/test_target_role.yml
@@ -1,6 +1,12 @@
----
-
# Setup
+- name: Create a test user
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_user:
+ name: "{{ db_user1 }}"
+ login_user: "{{ pg_user }}"
+ db: postgres
+
- name: Create DB
become_user: "{{ pg_user }}"
become: yes
@@ -72,6 +78,8 @@
# Cleanup
- name: Remove user given permissions
+ become_user: "{{ pg_user }}"
+ become: yes
postgresql_user:
name: "{{ db_user2 }}"
state: absent
@@ -79,6 +87,8 @@
login_user: "{{ pg_user }}"
- name: Remove user owner of objects
+ become_user: "{{ pg_user }}"
+ become: yes
postgresql_user:
name: "{{ db_user3 }}"
state: absent
@@ -92,3 +102,12 @@
state: absent
name: "{{ db_name }}"
login_user: "{{ pg_user }}"
+
+- name: Remove test user
+ become_user: "{{ pg_user }}"
+ become: yes
+ postgresql_user:
+ name: "{{ db_user1 }}"
+ state: absent
+ db: postgres
+ login_user: "{{ pg_user }}"
diff --git a/test/integration/targets/postgresql_shared/aliases b/test/integration/targets/postgresql_shared/aliases
new file mode 100644
index 00000000000..5bb5b301ed2
--- /dev/null
+++ b/test/integration/targets/postgresql_shared/aliases
@@ -0,0 +1,24 @@
+destructive
+shippable/posix/group4
+postgresql_db
+postgresql_copy
+postgresql_ext
+postgresql_idx
+postgresql_info
+postgresql_lang
+postgresql_membership
+postgresql_owner
+postgresql_pg_hba
+postgresql_ping
+postgresql_privs
+postgresql_publication
+postgresql_query
+postgresql_schema
+postgresql_sequence
+postgresql_set
+postgresql_shared
+postgresql_slot
+postgresql_table
+postgresql_tablespace
+postgresql_user
+skip/osx
diff --git a/test/integration/targets/postgresql_shared/defaults/main.yml b/test/integration/targets/postgresql_shared/defaults/main.yml
new file mode 100644
index 00000000000..4ef0d541e71
--- /dev/null
+++ b/test/integration/targets/postgresql_shared/defaults/main.yml
@@ -0,0 +1,6 @@
+db_name: 'ansible_db'
+db_user1: 'ansible_db_user1'
+tmp_dir: '/tmp'
+
+db_session_role1: 'session_role1'
+db_session_role2: 'session_role2'
diff --git a/test/integration/targets/postgresql_shared/meta/main.yml b/test/integration/targets/postgresql_shared/meta/main.yml
new file mode 100644
index 00000000000..85b1dc7e4cf
--- /dev/null
+++ b/test/integration/targets/postgresql_shared/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+ - setup_postgresql_db
diff --git a/test/integration/targets/postgresql_shared/tasks/main.yml b/test/integration/targets/postgresql_shared/tasks/main.yml
new file mode 100644
index 00000000000..ab0288b7a13
--- /dev/null
+++ b/test/integration/targets/postgresql_shared/tasks/main.yml
@@ -0,0 +1,6 @@
+# This test role is for testing general (non-specific) functionality
+# that's presented in all modules (or in a part of them).
+# If you want to add tests make a new test file and include here.
+
+# Verify different session_role scenarios:
+- import_tasks: session_role.yml
diff --git a/test/integration/targets/postgresql_db_user_privs/tasks/session_role.yml b/test/integration/targets/postgresql_shared/tasks/session_role.yml
similarity index 99%
rename from test/integration/targets/postgresql_db_user_privs/tasks/session_role.yml
rename to test/integration/targets/postgresql_shared/tasks/session_role.yml
index 6b17f522e84..c51ca18e06e 100644
--- a/test/integration/targets/postgresql_db_user_privs/tasks/session_role.yml
+++ b/test/integration/targets/postgresql_shared/tasks/session_role.yml
@@ -3,7 +3,7 @@
become: yes
postgresql_db:
state: present
- name: "{{ db_name }}"
+ name: must_fail
login_user: "{{ pg_user }}"
session_role: "{{ db_session_role1 }}"
register: result
diff --git a/test/integration/targets/postgresql_user/aliases b/test/integration/targets/postgresql_user/aliases
new file mode 100644
index 00000000000..fe75653cadc
--- /dev/null
+++ b/test/integration/targets/postgresql_user/aliases
@@ -0,0 +1,3 @@
+destructive
+shippable/posix/group4
+skip/osx
diff --git a/test/integration/targets/postgresql_user/defaults/main.yml b/test/integration/targets/postgresql_user/defaults/main.yml
new file mode 100644
index 00000000000..bc9ef19b93a
--- /dev/null
+++ b/test/integration/targets/postgresql_user/defaults/main.yml
@@ -0,0 +1,3 @@
+db_name: 'ansible_db'
+db_user1: 'ansible_db_user1'
+db_user2: 'ansible_db_user2'
diff --git a/test/integration/targets/postgresql_user/meta/main.yml b/test/integration/targets/postgresql_user/meta/main.yml
new file mode 100644
index 00000000000..f3345cb6151
--- /dev/null
+++ b/test/integration/targets/postgresql_user/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+- setup_postgresql_db
diff --git a/test/integration/targets/postgresql_user/tasks/main.yml b/test/integration/targets/postgresql_user/tasks/main.yml
new file mode 100644
index 00000000000..04fbeff86b6
--- /dev/null
+++ b/test/integration/targets/postgresql_user/tasks/main.yml
@@ -0,0 +1,5 @@
+# Initial CI tests of postgresql_user module
+- import_tasks: postgresql_user_initial.yml
+
+# General tests:
+- import_tasks: postgresql_user_general.yml
diff --git a/test/integration/targets/postgresql_db_user_privs/tasks/postgresql_user.yml b/test/integration/targets/postgresql_user/tasks/postgresql_user_general.yml
similarity index 100%
rename from test/integration/targets/postgresql_db_user_privs/tasks/postgresql_user.yml
rename to test/integration/targets/postgresql_user/tasks/postgresql_user_general.yml
diff --git a/test/integration/targets/postgresql_user/tasks/postgresql_user_initial.yml b/test/integration/targets/postgresql_user/tasks/postgresql_user_initial.yml
new file mode 100644
index 00000000000..ccd42847c67
--- /dev/null
+++ b/test/integration/targets/postgresql_user/tasks/postgresql_user_initial.yml
@@ -0,0 +1,153 @@
+#
+# Create and destroy user, test 'password' and 'encrypted' parameters
+#
+# unencrypted values are not supported on newer versions
+# do not run the encrypted: no tests if on 10+
+- set_fact:
+ encryption_values:
+ - 'yes'
+
+- set_fact:
+ encryption_values: '{{ encryption_values + ["no"]}}'
+ when: postgres_version_resp.stdout is version('10', '<=')
+
+- include_tasks: test_password.yml
+ vars:
+ encrypted: '{{ loop_item }}'
+ db_password1: 'secretù' # use UTF-8
+ loop: '{{ encryption_values }}'
+ loop_control:
+ loop_var: loop_item
+
+# BYPASSRLS role attribute was introduced in PostgreSQL 9.5, so
+# we want to test attribute management differently depending
+# on the version.
+- set_fact:
+ bypassrls_supported: "{{ postgres_version_resp.stdout is version('9.5.0', '>=') }}"
+
+# test 'no_password_change' and 'role_attr_flags' parameters
+- include_tasks: test_no_password_change.yml
+ vars:
+ no_password_changes: '{{ loop_item }}'
+ loop:
+ - 'yes'
+ - 'no'
+ loop_control:
+ loop_var: loop_item
+
+### TODO: fail_on_user
+
+#
+# Test login_user functionality
+#
+- name: Create a user to test login module parameters
+ become: yes
+ become_user: "{{ pg_user }}"
+ postgresql_user:
+ name: "{{ db_user1 }}"
+ state: "present"
+ encrypted: 'yes'
+ password: "password"
+ role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
+ login_user: "{{ pg_user }}"
+ db: postgres
+
+- name: Create db
+ postgresql_db:
+ name: "{{ db_name }}"
+ state: "present"
+ login_user: "{{ db_user1 }}"
+ login_password: "password"
+ login_host: "localhost"
+
+- name: Check that database created
+ become: yes
+ become_user: "{{ pg_user }}"
+ shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
+ register: result
+
+- assert:
+ that:
+ - "result.stdout_lines[-1] == '(1 row)'"
+
+- name: Create a user
+ postgresql_user:
+ name: "{{ db_user2 }}"
+ state: "present"
+ encrypted: 'yes'
+ password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
+ db: "{{ db_name }}"
+ login_user: "{{ db_user1 }}"
+ login_password: "password"
+ login_host: "localhost"
+
+- name: Check that it was created
+ become: yes
+ become_user: "{{ pg_user }}"
+ shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres
+ register: result
+
+- assert:
+ that:
+ - "result.stdout_lines[-1] == '(1 row)'"
+
+- name: Grant database privileges
+ postgresql_privs:
+ type: "database"
+ state: "present"
+ roles: "{{ db_user2 }}"
+ privs: "CREATE,connect"
+ objs: "{{ db_name }}"
+ db: "{{ db_name }}"
+ login: "{{ db_user1 }}"
+ password: "password"
+ host: "localhost"
+
+- name: Check that the user has the requested permissions (database)
+ become: yes
+ become_user: "{{ pg_user }}"
+ shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
+ register: result_database
+
+- assert:
+ that:
+ - "result_database.stdout_lines[-1] == '(1 row)'"
+ - "db_user2 ~ '=Cc' in result_database.stdout"
+
+- name: Remove user
+ postgresql_user:
+ name: "{{ db_user2 }}"
+ state: 'absent'
+ priv: "ALL"
+ db: "{{ db_name }}"
+ login_user: "{{ db_user1 }}"
+ login_password: "password"
+ login_host: "localhost"
+
+- name: Check that they were removed
+ become: yes
+ become_user: "{{ pg_user }}"
+ shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql -d postgres
+ register: result
+
+- assert:
+ that:
+ - "result.stdout_lines[-1] == '(0 rows)'"
+
+- name: Destroy DB
+ postgresql_db:
+ state: absent
+ name: "{{ db_name }}"
+ login_user: "{{ db_user1 }}"
+ login_password: "password"
+ login_host: "localhost"
+
+- name: Check that database was destroyed
+ become: yes
+ become_user: "{{ pg_user }}"
+ shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql -d postgres
+ register: result
+
+- assert:
+ that:
+ - "result.stdout_lines[-1] == '(0 rows)'"
diff --git a/test/integration/targets/postgresql_db_user_privs/tasks/test_no_password_change.yml b/test/integration/targets/postgresql_user/tasks/test_no_password_change.yml
similarity index 100%
rename from test/integration/targets/postgresql_db_user_privs/tasks/test_no_password_change.yml
rename to test/integration/targets/postgresql_user/tasks/test_no_password_change.yml
diff --git a/test/integration/targets/postgresql_db_user_privs/tasks/test_password.yml b/test/integration/targets/postgresql_user/tasks/test_password.yml
similarity index 100%
rename from test/integration/targets/postgresql_db_user_privs/tasks/test_password.yml
rename to test/integration/targets/postgresql_user/tasks/test_password.yml