postgresql_privs: bugfix of 27327 - incorrect views handling (#58272)

(cherry picked from commit 278c59b17e)
This commit is contained in:
Andrey Klychkov 2019-06-24 15:38:12 +03:00 committed by Toshio Kuratomi
parent 7c22c81c5c
commit 7a9fe9ea7b
3 changed files with 127 additions and 1 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- postgresql_privs - Fix incorrect views handling (https://github.com/ansible/ansible/issues/27327).

View file

@ -541,7 +541,7 @@ class Connection(object):
query = """SELECT relacl
FROM pg_catalog.pg_class c
JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace
WHERE nspname = %s AND relkind in ('r','p') AND relname = ANY (%s)
WHERE nspname = %s AND relkind in ('r','p','v','m') AND relname = ANY (%s)
ORDER BY relname"""
self.cursor.execute(query, (schema, tables))
return [t[0] for t in self.cursor.fetchall()]

View file

@ -27,6 +27,130 @@
db: "{{ db_name }}"
login_user: "{{ pg_user }}"
#############################
# Test of solving bug 27327 #
#############################
# Create the test table and view:
- name: Create table
become: yes
become_user: "{{ pg_user }}"
postgresql_table:
login_user: "{{ pg_user }}"
db: postgres
name: test_table1
columns:
- id int
- name: Create view
become: yes
become_user: "{{ pg_user }}"
postgresql_query:
login_user: "{{ pg_user }}"
db: postgres
query: "CREATE VIEW test_view AS SELECT id FROM test_table1"
# Test check_mode:
- name: Grant SELECT on test_view, check_mode
become: yes
become_user: "{{ pg_user }}"
postgresql_privs:
login_user: "{{ pg_user }}"
db: postgres
state: present
privs: SELECT
type: table
objs: test_view
roles: "{{ db_user2 }}"
check_mode: yes
register: result
- assert:
that:
- result.changed == true
# Check:
- name: Check that nothing was changed after the prev step
become: yes
become_user: "{{ pg_user }}"
postgresql_query:
login_user: "{{ pg_user }}"
db: postgres
query: "SELECT grantee FROM information_schema.role_table_grants WHERE table_name='test_view' AND grantee = '{{ db_user2 }}'"
register: result
- assert:
that:
- result.rowcount == 0
# Test true mode:
- name: Grant SELECT on test_view
become: yes
become_user: "{{ pg_user }}"
postgresql_privs:
login_user: "{{ pg_user }}"
db: postgres
state: present
privs: SELECT
type: table
objs: test_view
roles: "{{ db_user2 }}"
register: result
- assert:
that:
- result.changed == true
# Check:
- name: Check that nothing was changed after the prev step
become: yes
become_user: "{{ pg_user }}"
postgresql_query:
login_user: "{{ pg_user }}"
db: postgres
query: "SELECT grantee FROM information_schema.role_table_grants WHERE table_name='test_view' AND grantee = '{{ db_user2 }}'"
register: result
- assert:
that:
- result.rowcount == 1
# Test true mode:
- name: Try to grant SELECT again
become: yes
become_user: "{{ pg_user }}"
postgresql_privs:
login_user: "{{ pg_user }}"
db: postgres
state: present
privs: SELECT
type: table
objs: test_view
roles: "{{ db_user2 }}"
register: result
- assert:
that:
- result.changed == false
# Cleanup:
- name: Drop test view
become: yes
become_user: "{{ pg_user }}"
postgresql_query:
login_user: "{{ pg_user }}"
db: postgres
query: "DROP VIEW test_view"
- name: Drop test table
become: yes
become_user: "{{ pg_user }}"
postgresql_table:
login_user: "{{ pg_user }}"
db: postgres
name: test_table1
state: absent
######################################################
# Test foreign data wrapper and foreign server privs #
######################################################