ansible/test/integration/targets/postgresql/tasks/test_target_role.yml
tcraxs bb61d7527f #50877: add support to postgresql_privs to use "FOR { ROLE | USER } target_role" in "ALTER DEFAULT PRIVILEGES" (#51073)
* #50877:
* add support to postgresql_privs to use "FOR { ROLE | USER } target_role"
   in "ALTER DEFAULT PRIVILEGES"

* fix sanity errors

* #50877: fix documentation and add a check for correct usage
of target_roles

*  #50877: fix missing absent option for default privs with target_role

* #50877: add clear description, when target_roles can be used

* #50877: fix conflicts, formatting, and add a changelog fragment

* #50877: fix sanity error E335

* #50877: swap conditions and fix error to warning msg

*  #50877: add tests for default privileges

* #50877: fix tests for default privileges

* #50877: fix tests for default privileges on centos 6
2019-03-21 13:26:44 +00:00

94 lines
2.1 KiB
YAML

---
# Setup
- name: Create DB
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: present
name: "{{ db_name }}"
owner: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
- name: Create a user to be given permissions and other tests
postgresql_user:
name: "{{ db_user2 }}"
state: present
encrypted: yes
password: password
role_attr_flags: LOGIN
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
#######################################
# Test default_privs with target_role #
#######################################
# Test
- name: Grant default privileges for new table objects
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
db: "{{ db_name }}"
objs: TABLES
privs: SELECT
type: default_privs
role: "{{ db_user2 }}"
target_roles: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
register: result
# Checks
- assert:
that: result.changed == true
- name: Check that default privileges are set
become: yes
become_user: "{{ pg_user }}"
shell: psql {{ db_name }} -c "SELECT defaclrole, defaclobjtype, defaclacl FROM pg_default_acl a JOIN pg_roles b ON a.defaclrole=b.oid;" -t
register: result
- assert:
that: "'{{ db_user2 }}=r/{{ db_user1 }}' in '{{ result.stdout_lines[0] }}'"
# Test
- name: Revoke default privileges for new table objects
become_user: "{{ pg_user }}"
become: yes
postgresql_privs:
db: "{{ db_name }}"
state: absent
objs: TABLES
privs: SELECT
type: default_privs
role: "{{ db_user2 }}"
target_roles: "{{ db_user1 }}"
login_user: "{{ pg_user }}"
register: result
# Checks
- assert:
that: result.changed == true
# Cleanup
- name: Remove user given permissions
postgresql_user:
name: "{{ db_user2 }}"
state: absent
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
- name: Remove user owner of objects
postgresql_user:
name: "{{ db_user3 }}"
state: absent
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
- name: Destroy DB
become_user: "{{ pg_user }}"
become: yes
postgresql_db:
state: absent
name: "{{ db_name }}"
login_user: "{{ pg_user }}"