postgresql modules: use query parameters with cursor objects (#65862)

* postgresql modules: use query parameters with cursor objects * add changelog fragment * fix typo in changelog fragment
2020-01-04 13:18:45 +03:00 · 2020-01-04 13:18:45 +03:00 · b48366c2fe
commit b48366c2fe
parent aa53eb0e71
4 changed files with 14 additions and 10 deletions
--- a/changelogs/fragments/65862-postgresql_modules_use_query_params_with_cursor.yml
+++ b/changelogs/fragments/65862-postgresql_modules_use_query_params_with_cursor.yml
@ -0,0 +1,4 @@
+bugfixes:
+- postgresql_table - use query parameters with cursor object (https://github.com/ansible/ansible/pull/65862).
+- postgresql_tablespace - use query parameters with cursor object (https://github.com/ansible/ansible/pull/65862).
+- postgresql_user - use query parameters with cursor object (https://github.com/ansible/ansible/pull/65862).
--- a/lib/ansible/modules/database/postgresql/postgresql_table.py
+++ b/lib/ansible/modules/database/postgresql/postgresql_table.py
@ -288,9 +288,10 @@ class Table(object):
                 "FROM pg_tables AS t "
                 "INNER JOIN pg_class AS c ON  c.relname = t.tablename "
                 "INNER JOIN pg_namespace AS n ON c.relnamespace = n.oid "
-                 "WHERE t.tablename = '%s' "
-                 "AND n.nspname = '%s'" % (tblname, schema))
-        res = exec_sql(self, query, add_to_executed=False)
+                 "WHERE t.tablename = %(tblname)s "
+                 "AND n.nspname = %(schema)s")
+        res = exec_sql(self, query, query_params={'tblname': tblname, 'schema': schema},
+                       add_to_executed=False)
        if res:
            self.exists = True
            self.info = dict(
--- a/lib/ansible/modules/database/postgresql/postgresql_tablespace.py
+++ b/lib/ansible/modules/database/postgresql/postgresql_tablespace.py
@ -248,16 +248,15 @@ class PgTablespace(object):
            query = ("SELECT r.rolname, (SELECT Null), %s "
                     "FROM pg_catalog.pg_tablespace AS t "
                     "JOIN pg_catalog.pg_roles AS r "
-                     "ON t.spcowner = r.oid "
-                     "WHERE t.spcname = '%s'" % (location, self.name))
+                     "ON t.spcowner = r.oid " % location)
        else:
            query = ("SELECT r.rolname, t.spcoptions, %s "
                     "FROM pg_catalog.pg_tablespace AS t "
                     "JOIN pg_catalog.pg_roles AS r "
-                     "ON t.spcowner = r.oid "
-                     "WHERE t.spcname = '%s'" % (location, self.name))
+                     "ON t.spcowner = r.oid " % location)

-        res = exec_sql(self, query, add_to_executed=False)
+        res = exec_sql(self, query + "WHERE t.spcname = %(name)s",
+                       query_params={'name': self.name}, add_to_executed=False)

        if not res:
            self.exists = False
--- a/lib/ansible/modules/database/postgresql/postgresql_user.py
+++ b/lib/ansible/modules/database/postgresql/postgresql_user.py
@ -541,8 +541,8 @@ def get_table_privileges(cursor, user, table):
    else:
        schema = 'public'
    query = ("SELECT privilege_type FROM information_schema.role_table_grants "
-             "WHERE grantee='%s' AND table_name='%s' AND table_schema='%s'" % (user, table, schema))
-    cursor.execute(query)
+             "WHERE grantee=%(user)s AND table_name=%(table)s AND table_schema=%(schema)s")
+    cursor.execute(query, {'user': user, 'table': table, 'schema': schema})
    return frozenset([x[0] for x in cursor.fetchall()])