ansible/test/integration/targets/postgresql/tasks/postgresql_pg_hba.yml
Sebastiaan Mannem d90cb71210 Added a new module that can manage rules in pg_hba files. (#32666)
* Added a new module that can manage rules in pg_hba files.

* Adding a backup_file option
2019-03-27 15:54:20 +01:00

143 lines
4.1 KiB
YAML

- name: Make sure file does not exist
file:
dest: /tmp/pg_hba.conf
state: absent
- name: check_mode run
postgresql_pg_hba:
dest: /tmp/pg_hba.conf
contype: host
source: '0000:ffff::'
netmask: 'ffff:fff0::'
method: md5
backup: true
order: sud
state: "{{item}}"
check_mode: yes
with_items:
- present
- absent
- name: check_mode check
stat:
path: /tmp/pg_hba.conf
register: pg_hba_checkmode_check
- name: Remove several ip addresses for idempotency check
postgresql_pg_hba:
contype: "{{item.contype|default('host')}}"
databases: "{{item.databases|default('all')}}"
dest: /tmp/pg_hba.conf
method: md5
netmask: "{{item.netmask|default('')}}"
order: sud
source: "{{item.source|default('')}}"
state: absent
users: "{{item.users|default('all')}}"
with_items: "{{pg_hba_test_ips}}"
register: pg_hba_idempotency_check1
- name: idempotency not creating file check
stat:
path: /tmp/pg_hba.conf
register: pg_hba_idempotency_file_check
- name: Add several ip addresses
postgresql_pg_hba:
backup: true
contype: "{{item.contype|default('host')}}"
create: true
databases: "{{item.databases|default('all')}}"
dest: /tmp/pg_hba.conf
method: md5
netmask: "{{item.netmask|default('')}}"
order: sud
source: "{{item.source|default('')}}"
state: present
users: "{{item.users|default('all')}}"
register: pg_hba_change
with_items: "{{pg_hba_test_ips}}"
- name: read pg_hba rules
postgresql_pg_hba:
dest: /tmp/pg_hba.conf
register: pg_hba
- name: Add several ip addresses again for idempotency check
postgresql_pg_hba:
contype: "{{item.contype|default('host')}}"
databases: "{{item.databases|default('all')}}"
dest: /tmp/pg_hba.conf
method: md5
netmask: "{{item.netmask|default('')}}"
order: sud
source: "{{item.source|default('')}}"
state: present
users: "{{item.users|default('all')}}"
with_items: "{{pg_hba_test_ips}}"
register: pg_hba_idempotency_check2
- name: pre-backup stat
stat:
path: /tmp/pg_hba.conf
register: prebackupstat
- name: Add new ip address for backup check and netmask_sameas_prefix check
postgresql_pg_hba:
backup: true
contype: host
dest: /tmp/pg_hba.conf
method: md5
netmask: 255.255.255.0
order: sud
source: '172.21.0.0'
state: present
register: pg_hba_backup_check2
- name: Add new ip address for netmask_sameas_prefix check
postgresql_pg_hba:
backup: true
contype: host
dest: /tmp/pg_hba.conf
method: md5
order: sud
source: '172.21.0.0/24'
state: present
register: netmask_sameas_prefix_check
- name: post-backup stat
stat:
path: "{{pg_hba_backup_check2.backup_file}}"
register: postbackupstat
- name: Dont allow netmask for src in [all, samehost, samenet]
postgresql_pg_hba:
contype: host
dest: /tmp/pg_hba.conf
method: md5
netmask: '255.255.255.255'
order: sud
source: all
state: present
register: pg_hba_fail_src_all_with_netmask
ignore_errors: yes
- assert:
that:
- 'pg_hba.pg_hba == [
{ "db": "all", "method": "md5", "type": "local", "usr": "all" },
{ "db": "all", "method": "md5", "type": "local", "usr": "postgres" },
{ "db": "all", "method": "md5", "src": "0:ff00::/120", "type": "host", "usr": "all" },
{ "db": "all", "method": "md5", "src": "192.168.0.0/24", "type": "host", "usr": "all" },
{ "db": "replication", "method": "md5", "src": "192.168.0.0/24", "type": "host", "usr": "all" },
{ "db": "all", "method": "md5", "src": "172.16.0.0/16", "type": "host", "usr": "all" },
{ "db": "all", "method": "md5", "src": "0:fff0::/28", "type": "host", "usr": "all" }
]'
- 'pg_hba_change is changed'
- 'pg_hba_checkmode_check.stat.exists == false'
- 'not pg_hba_idempotency_check1 is changed'
- 'not pg_hba_idempotency_check2 is changed'
- 'pg_hba_idempotency_file_check.stat.exists == false'
- 'prebackupstat.stat.checksum == postbackupstat.stat.checksum'
- 'pg_hba_fail_src_all_with_netmask is failed'
- 'not netmask_sameas_prefix_check is changed'