postgresql_privs: bugfix of 27327 - incorrect views handling (#58272)
(cherry picked from commit 278c59b17e
)
This commit is contained in:
parent
7c22c81c5c
commit
7a9fe9ea7b
3 changed files with 127 additions and 1 deletions
|
@ -0,0 +1,2 @@
|
|||
bugfixes:
|
||||
- postgresql_privs - Fix incorrect views handling (https://github.com/ansible/ansible/issues/27327).
|
|
@ -541,7 +541,7 @@ class Connection(object):
|
|||
query = """SELECT relacl
|
||||
FROM pg_catalog.pg_class c
|
||||
JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace
|
||||
WHERE nspname = %s AND relkind in ('r','p') AND relname = ANY (%s)
|
||||
WHERE nspname = %s AND relkind in ('r','p','v','m') AND relname = ANY (%s)
|
||||
ORDER BY relname"""
|
||||
self.cursor.execute(query, (schema, tables))
|
||||
return [t[0] for t in self.cursor.fetchall()]
|
||||
|
|
|
@ -27,6 +27,130 @@
|
|||
db: "{{ db_name }}"
|
||||
login_user: "{{ pg_user }}"
|
||||
|
||||
#############################
|
||||
# Test of solving bug 27327 #
|
||||
#############################
|
||||
|
||||
# Create the test table and view:
|
||||
- name: Create table
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_table:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: test_table1
|
||||
columns:
|
||||
- id int
|
||||
|
||||
- name: Create view
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_query:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
query: "CREATE VIEW test_view AS SELECT id FROM test_table1"
|
||||
|
||||
# Test check_mode:
|
||||
- name: Grant SELECT on test_view, check_mode
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_privs:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
state: present
|
||||
privs: SELECT
|
||||
type: table
|
||||
objs: test_view
|
||||
roles: "{{ db_user2 }}"
|
||||
check_mode: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.changed == true
|
||||
|
||||
# Check:
|
||||
- name: Check that nothing was changed after the prev step
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_query:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
query: "SELECT grantee FROM information_schema.role_table_grants WHERE table_name='test_view' AND grantee = '{{ db_user2 }}'"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 0
|
||||
|
||||
# Test true mode:
|
||||
- name: Grant SELECT on test_view
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_privs:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
state: present
|
||||
privs: SELECT
|
||||
type: table
|
||||
objs: test_view
|
||||
roles: "{{ db_user2 }}"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.changed == true
|
||||
|
||||
# Check:
|
||||
- name: Check that nothing was changed after the prev step
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_query:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
query: "SELECT grantee FROM information_schema.role_table_grants WHERE table_name='test_view' AND grantee = '{{ db_user2 }}'"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount == 1
|
||||
|
||||
# Test true mode:
|
||||
- name: Try to grant SELECT again
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_privs:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
state: present
|
||||
privs: SELECT
|
||||
type: table
|
||||
objs: test_view
|
||||
roles: "{{ db_user2 }}"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.changed == false
|
||||
|
||||
# Cleanup:
|
||||
- name: Drop test view
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_query:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
query: "DROP VIEW test_view"
|
||||
|
||||
- name: Drop test table
|
||||
become: yes
|
||||
become_user: "{{ pg_user }}"
|
||||
postgresql_table:
|
||||
login_user: "{{ pg_user }}"
|
||||
db: postgres
|
||||
name: test_table1
|
||||
state: absent
|
||||
|
||||
######################################################
|
||||
# Test foreign data wrapper and foreign server privs #
|
||||
######################################################
|
||||
|
|
Loading…
Reference in a new issue