postgresql_user: add comment parameter (#66711)
* postgresql_user: add comment parameter * add changelog * fix CI
This commit is contained in:
parent
e646bd08e1
commit
72fbed2c61
4 changed files with 107 additions and 0 deletions
|
@ -0,0 +1,2 @@
|
|||
minor_changes:
|
||||
- postgresql_user - add the comment parameter (https://github.com/ansible/ansible/pull/66711).
|
|
@ -152,6 +152,11 @@ options:
|
|||
type: list
|
||||
elements: str
|
||||
version_added: '2.9'
|
||||
comment:
|
||||
description:
|
||||
- Add a comment on the user (equal to the COMMENT ON ROLE statement result).
|
||||
type: str
|
||||
version_added: '2.10'
|
||||
notes:
|
||||
- The module creates a user (role) with login privilege by default.
|
||||
Use NOLOGIN role_attr_flags to change this behaviour.
|
||||
|
@ -178,6 +183,12 @@ EXAMPLES = r'''
|
|||
priv: "CONNECT/products:ALL"
|
||||
expires: "Jan 31 2020"
|
||||
|
||||
- name: Add a comment on django user
|
||||
postgresql_user:
|
||||
db: acme
|
||||
name: django
|
||||
comment: This is a test user
|
||||
|
||||
# Connect to default database, create rails user, set its password (MD5-hashed),
|
||||
# and grant privilege to create other databases and demote rails from super user status if user exists
|
||||
- name: Create rails user, set MD5-hashed password, grant privs
|
||||
|
@ -768,6 +779,26 @@ def get_valid_flags_by_version(cursor):
|
|||
]
|
||||
|
||||
|
||||
def get_comment(cursor, user):
|
||||
"""Get user's comment."""
|
||||
query = ("SELECT pg_catalog.shobj_description(r.oid, 'pg_authid') "
|
||||
"FROM pg_catalog.pg_roles r "
|
||||
"WHERE r.rolname = %(user)s")
|
||||
cursor.execute(query, {'user': user})
|
||||
return cursor.fetchone()[0]
|
||||
|
||||
|
||||
def add_comment(cursor, user, comment):
|
||||
"""Add comment on user."""
|
||||
if comment != get_comment(cursor, user):
|
||||
query = 'COMMENT ON ROLE "%s" IS ' % user
|
||||
cursor.execute(query + '%(comment)s', {'comment': comment})
|
||||
executed_queries.append(cursor.mogrify(query + '%(comment)s', {'comment': comment}))
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
|
||||
# ===========================================
|
||||
# Module execution.
|
||||
#
|
||||
|
@ -788,6 +819,7 @@ def main():
|
|||
conn_limit=dict(type='int', default=None),
|
||||
session_role=dict(type='str'),
|
||||
groups=dict(type='list'),
|
||||
comment=dict(type='str', default=None),
|
||||
)
|
||||
module = AnsibleModule(
|
||||
argument_spec=argument_spec,
|
||||
|
@ -812,6 +844,7 @@ def main():
|
|||
groups = module.params["groups"]
|
||||
if groups:
|
||||
groups = [e.strip() for e in groups]
|
||||
comment = module.params["comment"]
|
||||
|
||||
conn_params = get_conn_params(module, module.params, warn_db_default=False)
|
||||
db_connection = connect_to_db(module, conn_params)
|
||||
|
@ -855,6 +888,13 @@ def main():
|
|||
changed = pg_membership.grant() or changed
|
||||
executed_queries.extend(pg_membership.executed_queries)
|
||||
|
||||
if comment is not None:
|
||||
try:
|
||||
changed = add_comment(cursor, user, comment) or changed
|
||||
except Exception as e:
|
||||
module.fail_json(msg='Unable to add comment on role: %s' % to_native(e),
|
||||
exception=traceback.format_exc())
|
||||
|
||||
else:
|
||||
if user_exists(cursor, user):
|
||||
if module.check_mode:
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
# Initial CI tests of postgresql_user module
|
||||
- import_tasks: postgresql_user_initial.yml
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
||||
# General tests:
|
||||
- import_tasks: postgresql_user_general.yml
|
||||
when: postgres_version_resp.stdout is version('9.4', '>=')
|
||||
|
|
|
@ -8,6 +8,8 @@
|
|||
test_group1: group1
|
||||
test_group2: group2
|
||||
test_table: test
|
||||
test_comment1: 'comment1'
|
||||
test_comment2: 'comment2'
|
||||
task_parameters: &task_parameters
|
||||
become_user: '{{ pg_user }}'
|
||||
become: yes
|
||||
|
@ -63,6 +65,67 @@
|
|||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
- name: Add a comment on the user
|
||||
<<: *task_parameters
|
||||
postgresql_user:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_user }}'
|
||||
comment: '{{ test_comment1 }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["COMMENT ON ROLE \"{{ test_user }}\" IS '{{ test_comment1 }}'"]
|
||||
|
||||
- name: check the comment
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: >
|
||||
SELECT pg_catalog.shobj_description(r.oid, 'pg_authid') AS comment
|
||||
FROM pg_catalog.pg_roles r WHERE r.rolname = '{{ test_user }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
- result.query_result[0].comment == '{{ test_comment1 }}'
|
||||
|
||||
- name: Try to add the same comment on the user
|
||||
<<: *task_parameters
|
||||
postgresql_user:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_user }}'
|
||||
comment: '{{ test_comment1 }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
|
||||
- name: Try to add another comment on the user
|
||||
<<: *task_parameters
|
||||
postgresql_user:
|
||||
<<: *pg_parameters
|
||||
name: '{{ test_user }}'
|
||||
comment: '{{ test_comment2 }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.queries == ["COMMENT ON ROLE \"{{ test_user }}\" IS '{{ test_comment2 }}'"]
|
||||
|
||||
- name: check the comment
|
||||
<<: *task_parameters
|
||||
postgresql_query:
|
||||
<<: *pg_parameters
|
||||
query: >
|
||||
SELECT pg_catalog.shobj_description(r.oid, 'pg_authid') AS comment
|
||||
FROM pg_catalog.pg_roles r WHERE r.rolname = '{{ test_user }}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
- result.query_result[0].comment == '{{ test_comment2 }}'
|
||||
|
||||
- name: Try to create role again in check_mode
|
||||
<<: *task_parameters
|
||||
check_mode: yes
|
||||
|
|
Loading…
Reference in a new issue