New module postgresql_owner: change ownership and reassign all db objects owned by role to another (#54984)
This commit is contained in:
parent
07b9f52fd5
commit
5cbac14469
3 changed files with 1560 additions and 1 deletions
517
lib/ansible/modules/database/postgresql/postgresql_owner.py
Normal file
517
lib/ansible/modules/database/postgresql/postgresql_owner.py
Normal file
|
@ -0,0 +1,517 @@
|
||||||
|
#!/usr/bin/python
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
|
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
|
||||||
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||||
|
|
||||||
|
from __future__ import (absolute_import, division, print_function)
|
||||||
|
__metaclass__ = type
|
||||||
|
|
||||||
|
ANSIBLE_METADATA = {
|
||||||
|
'metadata_version': '1.1',
|
||||||
|
'supported_by': 'community',
|
||||||
|
'status': ['preview']
|
||||||
|
}
|
||||||
|
|
||||||
|
DOCUMENTATION = r'''
|
||||||
|
---
|
||||||
|
module: postgresql_owner
|
||||||
|
short_description: Change an owner of PostgreSQL database object
|
||||||
|
description:
|
||||||
|
- Change an owner of PostgreSQL database object.
|
||||||
|
- Also allows to reassign the ownership of database objects owned by a database role to another role.
|
||||||
|
- For more information about REASSIGN OWNED BY command
|
||||||
|
see U(https://www.postgresql.org/docs/current/sql-reassign-owned.html).
|
||||||
|
version_added: '2.8'
|
||||||
|
|
||||||
|
options:
|
||||||
|
new_owner:
|
||||||
|
description:
|
||||||
|
- Role (user/group) to set as an I(obj_name) owner.
|
||||||
|
type: str
|
||||||
|
required: yes
|
||||||
|
obj_name:
|
||||||
|
description:
|
||||||
|
- Name of a database object to change ownership.
|
||||||
|
- Mutually exclusive with I(reassign_owned_by).
|
||||||
|
type: str
|
||||||
|
obj_type:
|
||||||
|
description:
|
||||||
|
- Type of a database object.
|
||||||
|
- Mutually exclusive with I(reassign_owned_by).
|
||||||
|
type: str
|
||||||
|
required: yes
|
||||||
|
choices: [ database, function, matview, sequence, schema, table, tablespace, view ]
|
||||||
|
aliases:
|
||||||
|
- type
|
||||||
|
reassign_owned_by:
|
||||||
|
description:
|
||||||
|
- The list of role names. The ownership of all the objects within the current database,
|
||||||
|
and of all shared objects (databases, tablespaces), owned by this role(s) will be reassigned to I(owner).
|
||||||
|
- Pay attention - it reassignes all objects owned by this role(s) in the I(db)!
|
||||||
|
- If role(s) exists, always returns changed True.
|
||||||
|
- Cannot reassign ownership of objects that are required by the database system.
|
||||||
|
- For more information see U(https://www.postgresql.org/docs/current/sql-reassign-owned.html).
|
||||||
|
- Mutually exclusive with C(obj_type).
|
||||||
|
type: list
|
||||||
|
fail_on_role:
|
||||||
|
description:
|
||||||
|
- If C(yes), fail when I(reassign_owned_by) role does not exist.
|
||||||
|
Otherwise just warn and continue.
|
||||||
|
- Mutually exclusive with I(obj_name) and I(obj_type).
|
||||||
|
default: yes
|
||||||
|
type: bool
|
||||||
|
db:
|
||||||
|
description:
|
||||||
|
- Name of database to connect to.
|
||||||
|
type: str
|
||||||
|
aliases:
|
||||||
|
- login_db
|
||||||
|
port:
|
||||||
|
description:
|
||||||
|
- Database port to connect.
|
||||||
|
type: int
|
||||||
|
default: 5432
|
||||||
|
aliases:
|
||||||
|
- login_port
|
||||||
|
login_user:
|
||||||
|
description:
|
||||||
|
- User (role) used to authenticate with PostgreSQL.
|
||||||
|
type: str
|
||||||
|
default: postgres
|
||||||
|
session_role:
|
||||||
|
description:
|
||||||
|
- Switch to session_role after connecting.
|
||||||
|
The specified session_role must be a role that the current login_user is a member of.
|
||||||
|
- Permissions checking for SQL commands is carried out as though
|
||||||
|
the session_role were the one that had logged in originally.
|
||||||
|
type: str
|
||||||
|
login_password:
|
||||||
|
description:
|
||||||
|
- Password used to authenticate with PostgreSQL.
|
||||||
|
type: str
|
||||||
|
login_host:
|
||||||
|
description:
|
||||||
|
- Host running PostgreSQL.
|
||||||
|
type: str
|
||||||
|
login_unix_socket:
|
||||||
|
description:
|
||||||
|
- Path to a Unix domain socket for local connections.
|
||||||
|
type: str
|
||||||
|
ssl_mode:
|
||||||
|
description:
|
||||||
|
- Determines whether or with what priority a secure SSL TCP/IP connection
|
||||||
|
will be negotiated with the server.
|
||||||
|
- See U(https://www.postgresql.org/docs/current/static/libpq-ssl.html) for
|
||||||
|
more information on the modes.
|
||||||
|
- Default of C(prefer) matches libpq default.
|
||||||
|
type: str
|
||||||
|
default: prefer
|
||||||
|
choices: [ allow, disable, prefer, require, verify-ca, verify-full ]
|
||||||
|
ssl_rootcert:
|
||||||
|
description:
|
||||||
|
- Specifies the name of a file containing SSL certificate authority (CA)
|
||||||
|
certificate(s).
|
||||||
|
- If the file exists, the server's certificate will be
|
||||||
|
verified to be signed by one of these authorities.
|
||||||
|
type: str
|
||||||
|
ca_cert:
|
||||||
|
description:
|
||||||
|
- Specifies the name of a file containing SSL certificate authority (CA)
|
||||||
|
certificate(s). If the file exists, the server's certificate will be
|
||||||
|
verified to be signed by one of these authorities.
|
||||||
|
aliases: [ ssl_rootcert ]
|
||||||
|
|
||||||
|
notes:
|
||||||
|
- The default authentication assumes that you are either logging in as or
|
||||||
|
sudo'ing to the postgres account on the host.
|
||||||
|
- To avoid "Peer authentication failed for user postgres" error,
|
||||||
|
use postgres user as a I(become_user).
|
||||||
|
- This module uses psycopg2, a Python PostgreSQL database adapter. You must
|
||||||
|
ensure that psycopg2 is installed on the host before using this module.
|
||||||
|
- If the remote host is the PostgreSQL server (which is the default case), then
|
||||||
|
PostgreSQL must also be installed on the remote host.
|
||||||
|
- For Ubuntu-based systems, install the postgresql, libpq-dev, and python-psycopg2 packages
|
||||||
|
on the remote host before using this module.
|
||||||
|
|
||||||
|
requirements:
|
||||||
|
- psycopg2
|
||||||
|
|
||||||
|
author:
|
||||||
|
- Andrew Klychkov (@Andersson007)
|
||||||
|
'''
|
||||||
|
|
||||||
|
EXAMPLES = r'''
|
||||||
|
# Set owner as alice for function myfunc in database bar by ansible ad-hoc command:
|
||||||
|
# ansible -m postgresql_owner -a "db=bar new_owner=alice obj_name=myfunc obj_type=function"
|
||||||
|
|
||||||
|
- name: The same as above by playbook
|
||||||
|
postgresql_owner:
|
||||||
|
db: bar
|
||||||
|
new_owner: alice
|
||||||
|
obj_name: myfunc
|
||||||
|
obj_type: function
|
||||||
|
|
||||||
|
- name: Set owner as bob for table acme in database bar
|
||||||
|
postgresql_owner:
|
||||||
|
db: bar
|
||||||
|
new_owner: bob
|
||||||
|
obj_name: acme
|
||||||
|
obj_type: table
|
||||||
|
|
||||||
|
- name: Set owner as alice for view test_view in database bar
|
||||||
|
postgresql_owner:
|
||||||
|
db: bar
|
||||||
|
new_owner: alice
|
||||||
|
obj_name: test_view
|
||||||
|
obj_type: view
|
||||||
|
|
||||||
|
- name: Set owner as bob for tablespace ssd in database foo
|
||||||
|
postgresql_owner:
|
||||||
|
db: foo
|
||||||
|
new_owner: bob
|
||||||
|
obj_name: ssd
|
||||||
|
obj_type: tablespace
|
||||||
|
|
||||||
|
- name: Reassign all object in database bar owned by bob to alice
|
||||||
|
postgresql_owner:
|
||||||
|
db: bar
|
||||||
|
new_owner: alice
|
||||||
|
reassign_owned_by: bob
|
||||||
|
|
||||||
|
- name: Reassign all object in database bar owned by bob and bill to alice
|
||||||
|
postgresql_owner:
|
||||||
|
db: bar
|
||||||
|
new_owner: alice
|
||||||
|
reassign_owned_by:
|
||||||
|
- bob
|
||||||
|
- bill
|
||||||
|
'''
|
||||||
|
|
||||||
|
RETURN = r'''
|
||||||
|
queries:
|
||||||
|
description: List of executed queries.
|
||||||
|
returned: always
|
||||||
|
type: str
|
||||||
|
sample: [ 'REASSIGN OWNED BY "bob" TO "alice"' ]
|
||||||
|
'''
|
||||||
|
|
||||||
|
try:
|
||||||
|
import psycopg2
|
||||||
|
HAS_PSYCOPG2 = True
|
||||||
|
except ImportError:
|
||||||
|
HAS_PSYCOPG2 = False
|
||||||
|
|
||||||
|
from ansible.module_utils.basic import AnsibleModule, missing_required_lib
|
||||||
|
from ansible.module_utils.database import SQLParseError, pg_quote_identifier
|
||||||
|
from ansible.module_utils.postgres import postgres_common_argument_spec
|
||||||
|
from ansible.module_utils._text import to_native
|
||||||
|
from ansible.module_utils.six import iteritems
|
||||||
|
|
||||||
|
|
||||||
|
def connect_to_db(module, kw, autocommit=False):
|
||||||
|
try:
|
||||||
|
db_connection = psycopg2.connect(**kw)
|
||||||
|
if autocommit:
|
||||||
|
if psycopg2.__version__ >= '2.4.2':
|
||||||
|
db_connection.set_session(autocommit=True)
|
||||||
|
else:
|
||||||
|
db_connection.set_isolation_level(psycopg2.extensions.ISOLATION_LEVEL_AUTOCOMMIT)
|
||||||
|
|
||||||
|
except TypeError as e:
|
||||||
|
if 'sslrootcert' in e.args[0]:
|
||||||
|
module.fail_json(msg='Postgresql server must be at least '
|
||||||
|
'version 8.4 to support sslrootcert')
|
||||||
|
|
||||||
|
module.fail_json(msg="unable to connect to database: %s" % to_native(e))
|
||||||
|
|
||||||
|
except Exception as e:
|
||||||
|
module.fail_json(msg="unable to connect to database: %s" % to_native(e))
|
||||||
|
|
||||||
|
return db_connection
|
||||||
|
|
||||||
|
|
||||||
|
class PgOwnership(object):
|
||||||
|
def __init__(self, module, cursor, role):
|
||||||
|
self.module = module
|
||||||
|
self.cursor = cursor
|
||||||
|
self.check_role_exists(role)
|
||||||
|
self.role = role
|
||||||
|
self.changed = False
|
||||||
|
self.executed_queries = []
|
||||||
|
self.obj_name = ''
|
||||||
|
self.obj_type = ''
|
||||||
|
|
||||||
|
def check_role_exists(self, role, fail_on_role=True):
|
||||||
|
if not self.__role_exists(role):
|
||||||
|
if fail_on_role:
|
||||||
|
self.module.fail_json(msg="Role '%s' does not exist" % role)
|
||||||
|
else:
|
||||||
|
self.module.warn("Role '%s' does not exist, pass" % role)
|
||||||
|
|
||||||
|
return False
|
||||||
|
|
||||||
|
else:
|
||||||
|
return True
|
||||||
|
|
||||||
|
def reassign(self, old_owners, fail_on_role):
|
||||||
|
roles = []
|
||||||
|
for r in old_owners:
|
||||||
|
if self.check_role_exists(r, fail_on_role):
|
||||||
|
roles.append(pg_quote_identifier(r, 'role'))
|
||||||
|
|
||||||
|
# Roles do not exist, nothing to do, exit:
|
||||||
|
if not roles:
|
||||||
|
return False
|
||||||
|
|
||||||
|
old_owners = ','.join(roles)
|
||||||
|
|
||||||
|
query = ['REASSIGN OWNED BY']
|
||||||
|
query.append(old_owners)
|
||||||
|
query.append('TO %s' % pg_quote_identifier(self.role, 'role'))
|
||||||
|
query = ' '.join(query)
|
||||||
|
|
||||||
|
self.changed = self.__exec_sql(query, ddl=True)
|
||||||
|
|
||||||
|
def set_owner(self, obj_type, obj_name):
|
||||||
|
self.obj_name = obj_name
|
||||||
|
self.obj_type = obj_type
|
||||||
|
|
||||||
|
# if a new_owner is the object owner now,
|
||||||
|
# nothing to do:
|
||||||
|
if self.__is_owner():
|
||||||
|
return False
|
||||||
|
|
||||||
|
if obj_type == 'database':
|
||||||
|
self.__set_db_owner()
|
||||||
|
|
||||||
|
elif obj_type == 'function':
|
||||||
|
self.__set_func_owner()
|
||||||
|
|
||||||
|
elif obj_type == 'sequence':
|
||||||
|
self.__set_seq_owner()
|
||||||
|
|
||||||
|
elif obj_type == 'schema':
|
||||||
|
self.__set_schema_owner()
|
||||||
|
|
||||||
|
elif obj_type == 'table':
|
||||||
|
self.__set_table_owner()
|
||||||
|
|
||||||
|
elif obj_type == 'tablespace':
|
||||||
|
self.__set_tablespace_owner()
|
||||||
|
|
||||||
|
elif obj_type == 'view':
|
||||||
|
self.__set_view_owner()
|
||||||
|
|
||||||
|
elif obj_type == 'matview':
|
||||||
|
self.__set_mat_view_owner()
|
||||||
|
|
||||||
|
def __is_owner(self):
|
||||||
|
if self.obj_type == 'table':
|
||||||
|
query = ("SELECT 1 FROM pg_tables WHERE tablename = '%s' "
|
||||||
|
"AND tableowner = '%s'" % (self.obj_name, self.role))
|
||||||
|
|
||||||
|
elif self.obj_type == 'database':
|
||||||
|
query = ("SELECT 1 FROM pg_database AS d "
|
||||||
|
"JOIN pg_roles AS r ON d.datdba = r.oid "
|
||||||
|
"WHERE d.datname = '%s' "
|
||||||
|
"AND r.rolname = '%s'" % (self.obj_name, self.role))
|
||||||
|
|
||||||
|
elif self.obj_type == 'function':
|
||||||
|
query = ("SELECT 1 FROM pg_proc AS f "
|
||||||
|
"JOIN pg_roles AS r ON f.proowner = r.oid "
|
||||||
|
"WHERE f.proname = '%s' "
|
||||||
|
"AND r.rolname = '%s'" % (self.obj_name, self.role))
|
||||||
|
|
||||||
|
elif self.obj_type == 'sequence':
|
||||||
|
query = ("SELECT 1 FROM pg_class AS c "
|
||||||
|
"JOIN pg_roles AS r ON c.relowner = r.oid "
|
||||||
|
"WHERE c.relkind = 'S' AND c.relname = '%s' "
|
||||||
|
"AND r.rolname = '%s'" % (self.obj_name, self.role))
|
||||||
|
|
||||||
|
elif self.obj_type == 'schema':
|
||||||
|
query = ("SELECT 1 FROM information_schema.schemata "
|
||||||
|
"WHERE schema_name = '%s' "
|
||||||
|
"AND schema_owner = '%s'" % (self.obj_name, self.role))
|
||||||
|
|
||||||
|
elif self.obj_type == 'tablespace':
|
||||||
|
query = ("SELECT 1 FROM pg_tablespace AS t "
|
||||||
|
"JOIN pg_roles AS r ON t.spcowner = r.oid "
|
||||||
|
"WHERE t.spcname = '%s' "
|
||||||
|
"AND r.rolname = '%s'" % (self.obj_name, self.role))
|
||||||
|
|
||||||
|
elif self.obj_type == 'view':
|
||||||
|
query = ("SELECT 1 FROM pg_views "
|
||||||
|
"WHERE viewname = '%s' "
|
||||||
|
"AND viewowner = '%s'" % (self.obj_name, self.role))
|
||||||
|
|
||||||
|
elif self.obj_type == 'matview':
|
||||||
|
query = ("SELECT 1 FROM pg_matviews "
|
||||||
|
"WHERE matviewname = '%s' "
|
||||||
|
"AND matviewowner = '%s'" % (self.obj_name, self.role))
|
||||||
|
|
||||||
|
return self.__exec_sql(query, add_to_executed=False)
|
||||||
|
|
||||||
|
def __set_db_owner(self):
|
||||||
|
query = "ALTER DATABASE %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'database'),
|
||||||
|
pg_quote_identifier(self.role, 'role'))
|
||||||
|
self.changed = self.__exec_sql(query, ddl=True)
|
||||||
|
|
||||||
|
def __set_func_owner(self):
|
||||||
|
query = "ALTER FUNCTION %s OWNER TO %s" % (self.obj_name,
|
||||||
|
pg_quote_identifier(self.role, 'role'))
|
||||||
|
self.changed = self.__exec_sql(query, ddl=True)
|
||||||
|
|
||||||
|
def __set_seq_owner(self):
|
||||||
|
query = "ALTER SEQUENCE %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'table'),
|
||||||
|
pg_quote_identifier(self.role, 'role'))
|
||||||
|
self.changed = self.__exec_sql(query, ddl=True)
|
||||||
|
|
||||||
|
def __set_schema_owner(self):
|
||||||
|
query = "ALTER SCHEMA %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'schema'),
|
||||||
|
pg_quote_identifier(self.role, 'role'))
|
||||||
|
self.changed = self.__exec_sql(query, ddl=True)
|
||||||
|
|
||||||
|
def __set_table_owner(self):
|
||||||
|
query = "ALTER TABLE %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'table'),
|
||||||
|
pg_quote_identifier(self.role, 'role'))
|
||||||
|
self.changed = self.__exec_sql(query, ddl=True)
|
||||||
|
|
||||||
|
def __set_tablespace_owner(self):
|
||||||
|
query = "ALTER TABLESPACE %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'database'),
|
||||||
|
pg_quote_identifier(self.role, 'role'))
|
||||||
|
self.changed = self.__exec_sql(query, ddl=True)
|
||||||
|
|
||||||
|
def __set_view_owner(self):
|
||||||
|
query = "ALTER VIEW %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'table'),
|
||||||
|
pg_quote_identifier(self.role, 'role'))
|
||||||
|
self.changed = self.__exec_sql(query, ddl=True)
|
||||||
|
|
||||||
|
def __set_mat_view_owner(self):
|
||||||
|
query = "ALTER MATERIALIZED VIEW %s OWNER TO %s" % (pg_quote_identifier(self.obj_name, 'table'),
|
||||||
|
pg_quote_identifier(self.role, 'role'))
|
||||||
|
self.changed = self.__exec_sql(query, ddl=True)
|
||||||
|
|
||||||
|
def __role_exists(self, role):
|
||||||
|
return self.__exec_sql("SELECT 1 FROM pg_roles WHERE rolname = '%s'" % role, add_to_executed=False)
|
||||||
|
|
||||||
|
def __exec_sql(self, query, ddl=False, add_to_executed=True):
|
||||||
|
try:
|
||||||
|
self.cursor.execute(query)
|
||||||
|
|
||||||
|
if add_to_executed:
|
||||||
|
self.executed_queries.append(query)
|
||||||
|
|
||||||
|
if not ddl:
|
||||||
|
res = self.cursor.fetchall()
|
||||||
|
return res
|
||||||
|
return True
|
||||||
|
except SQLParseError as e:
|
||||||
|
self.module.fail_json(msg=to_native(e))
|
||||||
|
except psycopg2.ProgrammingError as e:
|
||||||
|
self.module.fail_json(msg="Cannot execute SQL '%s': %s" % (query, to_native(e)))
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
# ===========================================
|
||||||
|
# Module execution.
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
argument_spec = postgres_common_argument_spec()
|
||||||
|
argument_spec.update(
|
||||||
|
new_owner=dict(type='str', required=True),
|
||||||
|
obj_name=dict(type='str'),
|
||||||
|
obj_type=dict(type='str', aliases=['type'], choices=[
|
||||||
|
'database', 'function', 'matview', 'sequence', 'schema', 'table', 'tablespace', 'view']),
|
||||||
|
reassign_owned_by=dict(type='list'),
|
||||||
|
fail_on_role=dict(type='bool', default=True),
|
||||||
|
db=dict(type='str', aliases=['login_db']),
|
||||||
|
session_role=dict(type='str'),
|
||||||
|
)
|
||||||
|
module = AnsibleModule(
|
||||||
|
argument_spec=argument_spec,
|
||||||
|
mutually_exclusive=[
|
||||||
|
['obj_name', 'reassign_owned_by'],
|
||||||
|
['obj_type', 'reassign_owned_by'],
|
||||||
|
['obj_name', 'fail_on_role'],
|
||||||
|
['obj_type', 'fail_on_role'],
|
||||||
|
],
|
||||||
|
supports_check_mode=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
if not HAS_PSYCOPG2:
|
||||||
|
module.fail_json(msg=missing_required_lib('psycopg2'))
|
||||||
|
|
||||||
|
new_owner = module.params['new_owner']
|
||||||
|
obj_name = module.params['obj_name']
|
||||||
|
obj_type = module.params['obj_type']
|
||||||
|
reassign_owned_by = module.params['reassign_owned_by']
|
||||||
|
fail_on_role = module.params['fail_on_role']
|
||||||
|
sslrootcert = module.params['ca_cert']
|
||||||
|
session_role = module.params['session_role']
|
||||||
|
|
||||||
|
# To use defaults values, keyword arguments must be absent, so
|
||||||
|
# check which values are empty and don't include in the **kw
|
||||||
|
# dictionary
|
||||||
|
params_map = {
|
||||||
|
"login_host": "host",
|
||||||
|
"login_user": "user",
|
||||||
|
"login_password": "password",
|
||||||
|
"port": "port",
|
||||||
|
"db": "database",
|
||||||
|
"ssl_mode": "sslmode",
|
||||||
|
"ca_cert": "sslrootcert"
|
||||||
|
}
|
||||||
|
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
|
||||||
|
if k in params_map and v != '' and v is not None)
|
||||||
|
|
||||||
|
# If a login_unix_socket is specified, incorporate it here.
|
||||||
|
is_localhost = "host" not in kw or kw["host"] is None or kw["host"] == "localhost"
|
||||||
|
if is_localhost and module.params["login_unix_socket"] != "":
|
||||||
|
kw["host"] = module.params["login_unix_socket"]
|
||||||
|
|
||||||
|
if psycopg2.__version__ < '2.4.3' and sslrootcert:
|
||||||
|
module.fail_json(msg='psycopg2 must be at least 2.4.3 '
|
||||||
|
'in order to user the ssl_rootcert parameter')
|
||||||
|
|
||||||
|
db_connection = connect_to_db(module, kw, autocommit=False)
|
||||||
|
cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor)
|
||||||
|
|
||||||
|
# Switch role, if specified:
|
||||||
|
if session_role:
|
||||||
|
try:
|
||||||
|
cursor.execute('SET ROLE %s' % session_role)
|
||||||
|
except Exception as e:
|
||||||
|
module.fail_json(msg="Could not switch role: %s" % to_native(e))
|
||||||
|
|
||||||
|
##############
|
||||||
|
# Create the object and do main job:
|
||||||
|
pg_ownership = PgOwnership(module, cursor, new_owner)
|
||||||
|
|
||||||
|
# if we want to change ownership:
|
||||||
|
if obj_name:
|
||||||
|
pg_ownership.set_owner(obj_type, obj_name)
|
||||||
|
|
||||||
|
# if we want to reassign objects owned by roles:
|
||||||
|
elif reassign_owned_by:
|
||||||
|
pg_ownership.reassign(reassign_owned_by, fail_on_role)
|
||||||
|
|
||||||
|
# Rollback if it's possible and check_mode:
|
||||||
|
if module.check_mode:
|
||||||
|
db_connection.rollback()
|
||||||
|
else:
|
||||||
|
db_connection.commit()
|
||||||
|
|
||||||
|
cursor.close()
|
||||||
|
db_connection.close()
|
||||||
|
|
||||||
|
module.exit_json(
|
||||||
|
changed=pg_ownership.changed,
|
||||||
|
queries=pg_ownership.executed_queries,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
main()
|
|
@ -833,7 +833,7 @@
|
||||||
- include: postgresql_ext.yml
|
- include: postgresql_ext.yml
|
||||||
when: postgres_version_resp.stdout is version('9.1', '>=') and ansible_distribution == 'Fedora'
|
when: postgres_version_resp.stdout is version('9.1', '>=') and ansible_distribution == 'Fedora'
|
||||||
|
|
||||||
# Test postgresql_schema module:
|
# Test postgresql_schema module
|
||||||
- include: postgresql_schema.yml
|
- include: postgresql_schema.yml
|
||||||
|
|
||||||
# Test postgresql_membership module
|
# Test postgresql_membership module
|
||||||
|
@ -851,6 +851,9 @@
|
||||||
- include: postgresql_lang.yml
|
- include: postgresql_lang.yml
|
||||||
when: ansible_distribution == 'CentOS'
|
when: ansible_distribution == 'CentOS'
|
||||||
|
|
||||||
|
# Test postgresql_owner module
|
||||||
|
- include: postgresql_owner.yml
|
||||||
|
|
||||||
# dump/restore tests per format
|
# dump/restore tests per format
|
||||||
# ============================================================
|
# ============================================================
|
||||||
- include: state_dump_restore.yml test_fixture=user file=dbdata.sql
|
- include: state_dump_restore.yml test_fixture=user file=dbdata.sql
|
||||||
|
|
1039
test/integration/targets/postgresql/tasks/postgresql_owner.yml
Normal file
1039
test/integration/targets/postgresql/tasks/postgresql_owner.yml
Normal file
File diff suppressed because it is too large
Load diff
Loading…
Reference in a new issue