New integration tests for postgresql

2014-12-01 18:57:40 -08:00 · 2014-12-01 18:57:40 -08:00 · 7329bcde99
commit 7329bcde99
parent 6570a6c6de
10 changed files with 1009 additions and 0 deletions
--- a/test/integration/destructive.yml
+++ b/test/integration/destructive.yml
@ -9,6 +9,7 @@
    - { role: test_yum, tags: test_yum }
    - { role: test_apt, tags: test_apt }
    - { role: test_apt_repository, tags: test_apt_repository }
+    - { role: test_postgresql, tags: test_postgresql}
    - { role: test_mysql_db, tags: test_mysql_db}
    - { role: test_mysql_user, tags: test_mysql_user}
    - { role: test_mysql_variables, tags: test_mysql_variables}
--- a/test/integration/roles/setup_postgresql_db/defaults/main.yml
+++ b/test/integration/roles/setup_postgresql_db/defaults/main.yml
@ -0,0 +1,5 @@
+postgresql_service: postgresql
+
+postgresql_packages:
+    - postgresql-server
+    - python-psycopg2
--- a/test/integration/roles/setup_postgresql_db/files/pg_hba.conf
+++ b/test/integration/roles/setup_postgresql_db/files/pg_hba.conf
@ -0,0 +1,10 @@
+# !!! This file managed by Ansible. Any local changes may be overwritten. !!!
+
+# Database administrative login by UNIX sockets
+# note: you may wish to restrict this further later
+local   all         postgres                          trust
+
+# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
+local   all         all                               md5
+host    all         all         127.0.0.1/32          md5
+host    all         all         ::1/128               md5
--- a/test/integration/roles/setup_postgresql_db/tasks/main.yml
+++ b/test/integration/roles/setup_postgresql_db/tasks/main.yml
@ -0,0 +1,71 @@
+- include_vars: '{{ item }}'
+  with_first_found:
+    - files:
+        - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml'
+        - '{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml'
+        - '{{ ansible_os_family }}.yml'
+        - 'default.yml'
+      paths: '../vars'
+
+# Make sure we start fresh
+- name: remove rpm dependencies for postgresql test
+  yum: name={{ item }} state=absent
+  with_items: postgresql_packages
+  when: ansible_pkg_mgr  ==  'yum'
+
+- name: remove dpkg dependencies for postgresql test
+  apt: name={{ item }} state=absent
+  with_items:  postgresql_packages
+  when: ansible_pkg_mgr  ==  'apt'
+
+- name: remove old db (red hat)
+  command: rm -rf "{{ pg_dir }}"
+  ignore_errors: True
+  when: ansible_os_family == "RedHat"
+
+# Theoretically, pg_dropcluster should work but it doesn't so rm files
+- name: remove old db config (debian)
+  command: rm -rf /etc/postgresql
+  ignore_errors: True
+  when: ansible_os_family == "Debian"
+
+- name: remove old db files (debian)
+  command: rm -rf /var/lib/postgresql
+  ignore_errors: True
+  when: ansible_os_family == "Debian"
+
+- name: install rpm dependencies for postgresql test
+  yum: name={{ item }} state=latest
+  with_items: postgresql_packages
+  when: ansible_pkg_mgr  ==  'yum'
+
+- name: install dpkg dependencies for postgresql test
+  apt: name={{ item }} state=latest
+  with_items:  postgresql_packages
+  when: ansible_pkg_mgr  ==  'apt'
+
+- name: Initialize postgres (systemd)
+  command: postgresql-setup initdb
+  when: ansible_distribution == "Fedora" or (ansible_os_family  == "RedHat" and ansible_distribution_major_version|int >= 7)
+
+- name: Initialize postgres (sysv)
+  command: /sbin/service postgresql initdb
+  when: ansible_os_family == "RedHat" and ansible_distribution_major_version|int <= 6
+
+- name: Iniitalize postgres (upstart)
+  command: /usr/bin/pg_createcluster {{ pg_ver }} main
+  when: ansible_os_family == 'Debian'
+
+- name: Copy pg_hba into place
+  copy: src=pg_hba.conf dest="{{ pg_hba_location }}" owner="postgres" group="root" mode="0644"
+
+- name: Generate locale on Debian systems
+  command: locale-gen pt_BR
+  when: ansible_os_family == 'Debian'
+
+- name: Generate locale on Debian systems
+  command: locale-gen es_MX
+  when: ansible_os_family == 'Debian'
+
+- name: restart postgresql service
+  service: name={{ postgresql_service }} state=restarted
--- a/test/integration/roles/setup_postgresql_db/vars/Ubuntu-12.yml
+++ b/test/integration/roles/setup_postgresql_db/vars/Ubuntu-12.yml
@ -0,0 +1,11 @@
+postgresql_service: "postgresql"
+
+postgresql_packages:
+  - "postgresql"
+  - "postgresql-common"
+  - "python-psycopg2"
+
+pg_hba_location: "/etc/postgresql/9.1/main/pg_hba.conf"
+pg_dir: "/var/lib/postgresql/9.1/main"
+pg_ver: 9.1
+
--- a/test/integration/roles/setup_postgresql_db/vars/Ubuntu-14.yml
+++ b/test/integration/roles/setup_postgresql_db/vars/Ubuntu-14.yml
@ -0,0 +1,10 @@
+postgresql_service: "postgresql"
+
+postgresql_packages:
+  - "postgresql"
+  - "postgresql-common"
+  - "python-psycopg2"
+
+pg_hba_location: "/etc/postgresql/9.3/main/pg_hba.conf"
+pg_dir: "/var/lib/postgresql/9.3/main"
+pg_ver: 9.3
--- a/test/integration/roles/setup_postgresql_db/vars/default.yml
+++ b/test/integration/roles/setup_postgresql_db/vars/default.yml
@ -0,0 +1,8 @@
+postgresql_service: "postgresql"
+
+postgresql_packages:
+  - "postgresql-server"
+  - "python-psycopg2"
+
+pg_hba_location: "/var/lib/pgsql/data/pg_hba.conf"
+pg_dir: "/var/lib/pgsql/data"
--- a/test/integration/roles/test_postgresql/defaults/main.yml
+++ b/test/integration/roles/test_postgresql/defaults/main.yml
@ -0,0 +1,8 @@
+---
+# defaults file for test_postgresql_db
+db_name: 'ansible_db'
+db_user1: 'ansible_db_user1'
+db_user2: 'ansible_db_user2'
+
+tmp_dir: '/tmp'
+
--- a/test/integration/roles/test_postgresql/meta/main.yml
+++ b/test/integration/roles/test_postgresql/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - setup_postgresql_db
--- a/test/integration/roles/test_postgresql/tasks/main.yml
+++ b/test/integration/roles/test_postgresql/tasks/main.yml
@ -0,0 +1,882 @@
+#
+# Create and destroy db
+#
+- name: Create DB
+  sudo_user: postgres
+  sudo: True
+  postgresql_db:
+    state: present
+    name: "{{ db_name }}"
+  register: result
+
+- name: assert that module reports the db was created
+  assert:
+    that:
+       - "result.changed == true"
+       - "result.db =='{{ db_name }}'"
+
+- name: Check that database created
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(1 row)'"
+
+- name: Run create on an already created db
+  sudo_user: postgres
+  sudo: True
+  postgresql_db:
+    state: present
+    name: "{{ db_name }}"
+  register: result
+
+- name: assert that module reports the db was unchanged
+  assert:
+    that:
+       - "result.changed == false"
+
+- name: Destroy DB
+  sudo_user: postgres
+  sudo: True
+  postgresql_db:
+    state: absent
+    name: "{{ db_name }}"
+  register: result
+
+- name: assert that module reports the db was changed
+  assert:
+    that:
+       - "result.changed == true"
+
+- name: Check that database was destroyed
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(0 rows)'"
+
+- name: Destroy DB
+  sudo_user: postgres
+  sudo: True
+  postgresql_db:
+    state: absent
+    name: "{{ db_name }}"
+  register: result
+
+- name: assert that removing an alreaady removed db makes no change
+  assert:
+    that:
+       - "result.changed == false"
+
+
+# This corner case works to add but not to drop.  This is sufficiently crazy
+# that I'm not going to attempt to fix it unless someone lets me know that they
+# need the functionality
+#
+#    - postgresql_db:
+#        state: 'present'
+#        name: '"silly.""name"'
+#    - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql
+#      register: result
+#
+#    - assert:
+#        that: "result.stdout_lines[-1] == '(1 row)'"
+#    - postgresql_db:
+#        state: absent
+#        name: '"silly.""name"'
+#    - shell: echo "select datname from pg_database where datname = 'silly.""name';" | psql
+#      register: result
+#
+#    - assert:
+#        that: "result.stdout_lines[-1] == '(0 rows)'"
+
+#
+# Test encoding, collate, ctype, template options
+#
+- name: Create a DB with encoding, collate, ctype, and template options
+  sudo_user: postgres
+  sudo: True
+  postgresql_db:
+    name: '{{ db_name }}'
+    state: 'present'
+    encoding: 'LATIN1'
+    lc_collate: 'pt_BR'
+    lc_ctype: 'es_MX'
+    template: 'template0'
+
+- name: Check that the DB has all of our options
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(1 row)'"
+      - "'LATIN1' in result.stdout_lines[-2]"
+      - "'pt_BR' in result.stdout_lines[-2]"
+      - "'es_MX' in result.stdout_lines[-2]"
+      - "'UTF8' not in result.stdout_lines[-2]"
+      - "'en_US' not in result.stdout_lines[-2]"
+
+- name: Check that running db cration with options a second time does nothing
+  sudo_user: postgres
+  sudo: True
+  postgresql_db:
+    name: '{{ db_name }}'
+    state: 'present'
+    encoding: 'LATIN1'
+    lc_collate: 'pt_BR'
+    lc_ctype: 'es_MX'
+    template: 'template0'
+  register: result
+
+- assert:
+    that:
+      - 'result.changed == False'
+
+
+- name: Check that attempting to change encoding returns an error
+  sudo_user: postgres
+  sudo: True
+  postgresql_db:
+    name: '{{ db_name }}'
+    state: 'present'
+    encoding: 'UTF8'
+    lc_collate: 'pt_BR'
+    lc_ctype: 'es_MX'
+    template: 'template0'
+  register: result
+  ignore_errors: True
+
+- assert:
+    that:
+      - 'result.failed == True'
+
+- name: Cleanup test DB
+  sudo_user: postgres
+  sudo: True
+  postgresql_db:
+    name: '{{ db_name }}'
+    state: 'absent'
+
+- shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql
+  sudo_user: postgres
+  sudo: True
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(0 rows)'"
+
+#
+# Create and destroy user
+#
+- name: Create a user
+  sudo_user: postgres
+  sudo: True
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    encrypted: 'yes'
+    password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
+  register: result
+
+- name: Check that ansible reports they were created
+  assert:
+    that:
+      - "result.changed == True"
+
+- name: Check that they were created
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(1 row)'"
+
+- name: Check that creating user a second time does nothing
+  sudo_user: postgres
+  sudo: True
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    encrypted: 'yes'
+    password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
+  register: result
+
+- name: Check that ansible reports no change
+  assert:
+    that:
+      - "result.changed == False"
+
+- name: Remove user
+  sudo_user: postgres
+  sudo: True
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    state: 'absent'
+  register: result
+
+- name: Check that ansible reports they were removed
+  assert:
+    that:
+      - "result.changed == True"
+
+- name: Check that they were removed
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(0 rows)'"
+
+- name: Check that removing user a second time does nothing
+  sudo_user: postgres
+  sudo: True
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    state: 'absent'
+  register: result
+
+- name: Check that ansible reports no change
+  assert:
+    that:
+      - "result.changed == False"
+
+- name: Create a user with all role attributes
+  sudo_user: postgres
+  sudo: True
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    state: "present"
+    role_attr_flags: "SUPERUSER,CREATEROLE,CREATEDB,INHERIT,login"
+
+- name: Check that the user has the requested role attributes
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(1 row)'"
+      - "'super:t' in result.stdout_lines[-2]"
+      - "'createrole:t' in result.stdout_lines[-2]"
+      - "'create:t' in result.stdout_lines[-2]"
+      - "'inherit:t' in result.stdout_lines[-2]"
+      - "'login:t' in result.stdout_lines[-2]"
+
+- name: Modify a user to have no role attributes
+  sudo_user: postgres
+  sudo: True
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    state: "present"
+    role_attr_flags: "NOSUPERUSER,NOCREATEROLE,NOCREATEDB,noinherit,NOLOGIN"
+  register: result
+
+- name: Check that ansible reports it modified the role
+  assert:
+    that:
+      - "result.changed == True"
+
+- name: Check that the user has the requested role attributes
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(1 row)'"
+      - "'super:f' in result.stdout_lines[-2]"
+      - "'createrole:f' in result.stdout_lines[-2]"
+      - "'create:f' in result.stdout_lines[-2]"
+      - "'inherit:f' in result.stdout_lines[-2]"
+      - "'login:f' in result.stdout_lines[-2]"
+
+- name: Modify a single role attribute on a user
+  sudo_user: postgres
+  sudo: True
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    state: "present"
+    role_attr_flags: "LOGIN"
+  register: result
+
+- name: Check that ansible reports it modified the role
+  assert:
+    that:
+      - "result.changed == True"
+
+- name: Check that the user has the requested role attributes
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin  from pg_roles where rolname='{{ db_user1 }}';" | psql
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(1 row)'"
+      - "'super:f' in result.stdout_lines[-2]"
+      - "'createrole:f' in result.stdout_lines[-2]"
+      - "'create:f' in result.stdout_lines[-2]"
+      - "'inherit:f' in result.stdout_lines[-2]"
+      - "'login:t' in result.stdout_lines[-2]"
+
+- name: Cleanup the user
+  sudo_user: postgres
+  sudo: True
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    state: 'absent'
+
+- name: Check that they were removed
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(0 rows)'"
+
+### TODO: test expires, fail_on_user
+
+#
+# Test db ownership
+#
+- name: Create an unprivileged user to own a DB
+  sudo_user: postgres
+  sudo: True
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    encrypted: 'yes'
+    password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
+
+- name: Create db with user ownership
+  sudo_user: postgres
+  sudo: True
+  postgresql_db:
+    name: "{{ db_name }}"
+    state: "present"
+    owner: "{{ db_user1 }}"
+
+- name: Check that the user owns the newly created DB
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(1 row)'"
+      - "'{{ db_user1 }}' == '{{ result.stdout_lines[-2] | trim }}'"
+
+- name: Change the owner on an existing db
+  sudo_user: postgres
+  sudo: True
+  postgresql_db:
+    name: "{{ db_name }}"
+    state: "present"
+    owner: "postgres"
+  register: result
+
+- name: assert that ansible says it changed the db
+  assert:
+    that:
+      - "result.changed == True"
+
+- name: Check that the user owns the newly created DB
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(1 row)'"
+      - "'postgres' == '{{ result.stdout_lines[-2] | trim }}'"
+
+- name: Cleanup db
+  sudo_user: postgres
+  sudo: True
+  postgresql_db:
+    name: "{{ db_name }}"
+    state: "absent"
+
+- name: Check that database was destroyed
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(0 rows)'"
+
+- name: Cleanup test user
+  sudo_user: postgres
+  sudo: True
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    state: 'absent'
+
+- name: Check that they were removed
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(0 rows)'"
+
+#
+# Test settings privleges
+#
+- name: Create db
+  sudo_user: postgres
+  sudo: True
+  postgresql_db:
+    name: "{{ db_name }}"
+    state: "present"
+
+- name: Create some tables on the db
+  sudo_user: postgres
+  sudo: True
+  shell: echo "create table test_table1 (field text);" | psql {{ db_name }}
+
+- sudo_user: postgres
+  sudo: True
+  shell: echo "create table test_table2 (field text);" | psql {{ db_name }}
+
+- name: Create a user with some permissions on the db
+  sudo_user: postgres
+  sudo: True
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    encrypted: 'yes'
+    password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
+    db: "{{ db_name }}"
+    priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP'
+
+- name: Check that the user has the requested permissions (table1)
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
+  register: result_table1
+
+- name: Check that the user has the requested permissions (table2)
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
+  register: result_table2
+
+- name: Check that the user has the requested permissions (database)
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
+  register: result_database
+
+- assert:
+    that:
+      - "result_table1.stdout_lines[-1] == '(7 rows)'"
+      - "'INSERT' in result_table1.stdout"
+      - "'SELECT' in result_table1.stdout"
+      - "'UPDATE' in result_table1.stdout"
+      - "'DELETE' in result_table1.stdout"
+      - "'TRUNCATE' in result_table1.stdout"
+      - "'REFERENCES' in result_table1.stdout"
+      - "'TRIGGER' in result_table1.stdout"
+      - "result_table2.stdout_lines[-1] == '(1 row)'"
+      - "'INSERT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
+      - "result_database.stdout_lines[-1] == '(1 row)'"
+      - "'{{ db_user1 }}=CTc/postgres' in result_database.stdout_lines[-2]"
+
+- name: Add another permission for the user
+  sudo_user: postgres
+  sudo: True
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    encrypted: 'yes'
+    password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
+    db: "{{ db_name }}"
+    priv: 'test_table2:select'
+  register: results
+
+- name: Check that ansible reports it changed the user
+  assert:
+    that:
+      - "results.changed == True"
+
+- name: Check that the user has the requested permissions (table2)
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
+  register: result_table2
+
+- assert:
+    that:
+      - "result_table2.stdout_lines[-1] == '(2 rows)'"
+      - "'INSERT' in result_table2.stdout"
+      - "'SELECT' in result_table2.stdout"
+
+
+#
+# Test priv setting via postgresql_privs module
+# (Depends on state from previous _user privs tests)
+#
+
+- name: Revoke a privilege
+  sudo_user: postgres
+  sudo: True
+  postgresql_privs:
+    type: "table"
+    state: "absent"
+    roles: "{{ db_user1 }}"
+    privs: "INSERT"
+    objs: "test_table2"
+    db: "{{ db_name }}"
+  register: results
+
+- name: Check that ansible reports it changed the user
+  assert:
+    that:
+      - "results.changed == True"
+
+- name: Check that the user has the requested permissions (table2)
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
+  register: result_table2
+
+- assert:
+    that:
+      - "result_table2.stdout_lines[-1] == '(1 row)'"
+      - "'SELECT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
+
+- name: Revoke many privileges on multiple tables
+  sudo_user: postgres
+  sudo: True
+  postgresql_privs:
+    state: "absent"
+    roles: "{{ db_user1 }}"
+    privs: "INSERT,select,UPDATE,TRUNCATE,REFERENCES,TRIGGER,delete"
+    objs: "test_table2,test_table1"
+    db: "{{ db_name }}"
+  register: results
+
+- name: Check that ansible reports it changed the user
+  assert:
+    that:
+      - "results.changed == True"
+
+- name: Check that permissions were revoked (table1)
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
+  register: result_table1
+
+- name: Check that permissions were revoked (table2)
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
+  register: result_table2
+
+- assert:
+    that:
+      - "result_table1.stdout_lines[-1] == '(0 rows)'"
+      - "result_table2.stdout_lines[-1] == '(0 rows)'"
+
+- name: Revoke database privileges
+  sudo_user: postgres
+  sudo: True
+  postgresql_privs:
+    type: "database"
+    state: "absent"
+    roles: "{{ db_user1 }}"
+    privs: "Create,connect,TEMP"
+    objs: "{{ db_name }}"
+    db: "{{ db_name }}"
+
+- name: Check that the user has the requested permissions (database)
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
+  register: result_database
+
+- assert:
+    that:
+      - "result_database.stdout_lines[-1] == '(1 row)'"
+      - "'{{ db_user1 }}' not in result_database.stdout"
+
+- name: Grant database privileges
+  sudo_user: postgres
+  sudo: True
+  postgresql_privs:
+    type: "database"
+    state: "present"
+    roles: "{{ db_user1 }}"
+    privs: "CREATE,connect"
+    objs: "{{ db_name }}"
+    db: "{{ db_name }}"
+  register: results
+
+- name: Check that ansible reports it changed the user
+  assert:
+    that:
+      - "results.changed == True"
+
+- name: Check that the user has the requested permissions (database)
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
+  register: result_database
+
+- assert:
+    that:
+      - "result_database.stdout_lines[-1] == '(1 row)'"
+      - "'{{ db_user1 }}=Cc' in result_database.stdout"
+
+- name: Grant a single privilege on a table
+  sudo_user: postgres
+  sudo: True
+  postgresql_privs:
+    state: "present"
+    roles: "{{ db_user1 }}"
+    privs: "INSERT"
+    objs: "test_table1"
+    db: "{{ db_name }}"
+
+- name: Check that permissions were added (table1)
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
+  register: result_table1
+
+- assert:
+    that:
+      - "result_table1.stdout_lines[-1] == '(1 row)'"
+      - "'{{ result_table1.stdout_lines[-2] | trim }}' == 'INSERT'"
+
+- name: Grant many privileges on multiple tables
+  sudo_user: postgres
+  sudo: True
+  postgresql_privs:
+    state: "present"
+    roles: "{{ db_user1 }}"
+    privs: 'INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,trigger'
+    objs: "test_table2,test_table1"
+    db: "{{ db_name }}"
+
+- name: Check that permissions were added (table1)
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
+  register: result_table1
+
+- name: Check that permissions were added (table2)
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
+  register: result_table2
+
+- assert:
+    that:
+      - "result_table1.stdout_lines[-1] == '(7 rows)'"
+      - "'INSERT' in result_table1.stdout"
+      - "'SELECT' in result_table1.stdout"
+      - "'UPDATE' in result_table1.stdout"
+      - "'DELETE' in result_table1.stdout"
+      - "'TRUNCATE' in result_table1.stdout"
+      - "'REFERENCES' in result_table1.stdout"
+      - "'TRIGGER' in result_table1.stdout"
+      - "result_table2.stdout_lines[-1] == '(7 rows)'"
+      - "'INSERT' in result_table2.stdout"
+      - "'SELECT' in result_table2.stdout"
+      - "'UPDATE' in result_table2.stdout"
+      - "'DELETE' in result_table2.stdout"
+      - "'TRUNCATE' in result_table2.stdout"
+      - "'REFERENCES' in result_table2.stdout"
+      - "'TRIGGER' in result_table2.stdout"
+
+#
+# Cleanup
+#
+- name: Cleanup db
+  sudo_user: postgres
+  sudo: True
+  postgresql_db:
+    name: "{{ db_name }}"
+    state: "absent"
+
+- name: Check that database was destroyed
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(0 rows)'"
+
+- name: Cleanup test user
+  sudo_user: postgres
+  sudo: True
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    state: 'absent'
+
+- name: Check that they were removed
+  sudo_user: postgres
+  sudo: True
+  shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(0 rows)'"
+
+#
+# Test login_user functionality
+#
+- name: Create a user to test login module parameters
+  sudo: True
+  sudo_user: postgres
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    state: "present"
+    encrypted: 'no'
+    password: "password"
+    role_attr_flags: "CREATEDB,LOGIN,CREATEROLE"
+
+- name: Create db
+  postgresql_db:
+    name: "{{ db_name }}"
+    state: "present"
+    login_user: "{{ db_user1 }}"
+    login_password: "password"
+    login_host: "localhost"
+
+- name: Check that database created
+  sudo: True
+  sudo_user: postgres
+  shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(1 row)'"
+
+- name: Create a user
+  postgresql_user:
+    name: "{{ db_user2 }}"
+    state: "present"
+    encrypted: 'yes'
+    password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
+    db: "{{ db_name }}"
+    login_user: "{{ db_user1 }}"
+    login_password: "password"
+    login_host: "localhost"
+
+- name: Check that they were created
+  sudo: True
+  sudo_user: postgres
+  shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(1 row)'"
+
+- name: Grant database privileges
+  postgresql_privs:
+    type: "database"
+    state: "present"
+    roles: "{{ db_user2 }}"
+    privs: "CREATE,connect"
+    objs: "{{ db_name }}"
+    db: "{{ db_name }}"
+    login: "{{ db_user1 }}"
+    password: "password"
+    host: "localhost"
+
+- name: Check that the user has the requested permissions (database)
+  sudo: True
+  sudo_user: postgres
+  shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
+  register: result_database
+
+- assert:
+    that:
+      - "result_database.stdout_lines[-1] == '(1 row)'"
+      - "'{{ db_user2 }}=Cc' in result_database.stdout"
+
+- name: Remove user
+  postgresql_user:
+    name: "{{ db_user2 }}"
+    state: 'absent'
+    priv: "ALL"
+    db: "{{ db_name }}"
+    login_user: "{{ db_user1 }}"
+    login_password: "password"
+    login_host: "localhost"
+
+- name: Check that they were removed
+  sudo: True
+  sudo_user: postgres
+  shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(0 rows)'"
+
+- name: Destroy DB
+  postgresql_db:
+    state: absent
+    name: "{{ db_name }}"
+    login_user: "{{ db_user1 }}"
+    login_password: "password"
+    login_host: "localhost"
+
+- name: Check that database was destroyed
+  sudo: True
+  sudo_user: postgres
+  shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(0 rows)'"
+
+#
+# Cleanup
+#
+- name: Cleanup test user
+  sudo: True
+  sudo_user: postgres
+  postgresql_user:
+    name: "{{ db_user1 }}"
+    state: 'absent'
+
+- name: Check that they were removed
+  sudo: True
+  sudo_user: postgres
+  shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(0 rows)'"
+