diff options
Diffstat (limited to 'test/integration/targets/postgresql_user/tasks/test_password.yml')
-rw-r--r-- | test/integration/targets/postgresql_user/tasks/test_password.yml | 336 |
1 files changed, 0 insertions, 336 deletions
diff --git a/test/integration/targets/postgresql_user/tasks/test_password.yml b/test/integration/targets/postgresql_user/tasks/test_password.yml deleted file mode 100644 index be033a5569..0000000000 --- a/test/integration/targets/postgresql_user/tasks/test_password.yml +++ /dev/null @@ -1,336 +0,0 @@ -- vars: - task_parameters: &task_parameters - become_user: "{{ pg_user }}" - become: yes - register: result - postgresql_parameters: ¶meters - db: postgres - name: "{{ db_user1 }}" - login_user: "{{ pg_user }}" - - block: - - name: 'Check that PGOPTIONS environment variable is effective (1/2)' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '{{ db_password1 }}' - ignore_errors: true - environment: - PGCLIENTENCODING: 'UTF8' - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - name: 'Check that PGOPTIONS environment variable is effective (2/2)' - assert: - that: - - "{{ result is failed }}" - - - name: 'Create a user (password encrypted: {{ encrypted }})' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '{{ db_password1 }}' - encrypted: '{{ encrypted }}' - environment: - PGCLIENTENCODING: 'UTF8' - - - block: &changed # block is only used here in order to be able to define YAML anchor - - name: Check that ansible reports it was created - assert: - that: - - "{{ result is changed }}" - - - name: Check that it was created - <<: *task_parameters - shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres - - - assert: - that: - - "result.stdout_lines[-1] == '(1 row)'" - - - name: Check that creating user a second time does nothing - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '{{ db_password1 }}' - encrypted: '{{ encrypted }}' - environment: - PGCLIENTENCODING: 'UTF8' - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - block: ¬_changed # block is only used here in order to be able to define YAML anchor - - name: Check that ansible reports no change - assert: - that: - - "{{ result is not changed }}" - - - name: 'Define an expiration time' - <<: *task_parameters - postgresql_user: - <<: *parameters - expires: '2025-01-01' - environment: - PGCLIENTENCODING: 'UTF8' - - - <<: *changed - - - name: 'Redefine the same expiration time' - <<: *task_parameters - postgresql_user: - expires: '2025-01-01' - <<: *parameters - environment: - PGCLIENTENCODING: 'UTF8' - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - block: - - - name: 'Using MD5-hashed password: check that password not changed when using cleartext password' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '{{ db_password1 }}' - encrypted: 'yes' - environment: - PGCLIENTENCODING: 'UTF8' - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - name: "Using MD5-hashed password: check that password not changed when using md5 hash with 'ENCRYPTED'" - <<: *task_parameters - postgresql_user: - <<: *parameters - password: "md5{{ (db_password1 ~ db_user1) | hash('md5')}}" - encrypted: 'yes' - environment: - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - name: "Using MD5-hashed password: check that password not changed when using md5 hash with 'UNENCRYPTED'" - <<: *task_parameters - postgresql_user: - <<: *parameters - password: "md5{{ (db_password1 ~ db_user1) | hash('md5')}}" - encrypted: 'no' - environment: - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - name: 'Redefine the same expiration time and password (encrypted)' - <<: *task_parameters - postgresql_user: - <<: *parameters - encrypted: 'yes' - password: "md5{{ (db_password1 ~ db_user1) | hash('md5')}}" - expires: '2025-01-01' - environment: - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - name: 'Using MD5-hashed password: check that password changed when using another cleartext password' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: 'prefix{{ db_password1 }}' - encrypted: 'yes' - environment: - PGCLIENTENCODING: 'UTF8' - - - <<: *changed - - - name: "Using MD5-hashed password: check that password changed when using another md5 hash with 'ENCRYPTED'" - <<: *task_parameters - postgresql_user: - <<: *parameters - password: "md5{{ ('prefix1' ~ db_password1 ~ db_user1) | hash('md5')}}" - encrypted: 'yes' - - - <<: *changed - - - name: "Using MD5-hashed password: check that password changed when using md5 hash with 'UNENCRYPTED'" - <<: *task_parameters - postgresql_user: - <<: *parameters - password: "md5{{ ('prefix2' ~ db_password1 ~ db_user1) | hash('md5')}}" - encrypted: 'no' - register: change_pass_unencrypted - failed_when: - - change_pass_unencrypted is failed - # newer version of psycopg2 no longer supported unencrypted password, we ignore the error - - '"UNENCRYPTED PASSWORD is no longer supported" not in change_pass_unencrypted.msg' - - - <<: *changed - - - name: 'Using MD5-hashed password: check that password changed when clearing the password' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '' - encrypted: 'yes' - environment: - PGCLIENTENCODING: 'UTF8' - - - <<: *changed - - - name: 'Using MD5-hashed password: check that password not changed when clearing the password again' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '' - encrypted: 'yes' - environment: - PGCLIENTENCODING: 'UTF8' - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - name: 'Using cleartext password: check that password not changed when clearing the password again' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '' - encrypted: 'no' - environment: - PGCLIENTENCODING: 'UTF8' - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - name: 'Using MD5-hashed password: check that password changed when using a cleartext password' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '{{ db_password1 }}' - encrypted: 'yes' - environment: - PGCLIENTENCODING: 'UTF8' - - - <<: *changed - - when: encrypted == 'yes' - - - block: - - - name: 'Using cleartext password: check that password not changed when using cleartext password' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: "{{ db_password1 }}" - encrypted: 'no' - environment: - PGCLIENTENCODING: 'UTF8' - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - name: 'Redefine the same expiration time and password (not encrypted)' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: "{{ db_password1 }}" - encrypted: 'no' - expires: '2025-01-01' - environment: - PGCLIENTENCODING: 'UTF8' - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - name: 'Using cleartext password: check that password changed when using another cleartext password' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: "changed{{ db_password1 }}" - encrypted: 'no' - environment: - PGCLIENTENCODING: 'UTF8' - - - <<: *changed - - - name: 'Using cleartext password: check that password changed when clearing the password' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '' - encrypted: 'no' - environment: - PGCLIENTENCODING: 'UTF8' - - - <<: *changed - - - name: 'Using cleartext password: check that password not changed when clearing the password again' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '' - encrypted: 'no' - environment: - PGCLIENTENCODING: 'UTF8' - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - name: 'Using MD5-hashed password: check that password not changed when clearing the password again' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: '' - encrypted: 'yes' - environment: - PGCLIENTENCODING: 'UTF8' - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - - name: 'Using cleartext password: check that password changed when using cleartext password' - <<: *task_parameters - postgresql_user: - <<: *parameters - password: "{{ db_password1 }}" - encrypted: 'no' - environment: - PGCLIENTENCODING: 'UTF8' - - - <<: *changed - - when: encrypted == 'no' - - - name: Remove user - <<: *task_parameters - postgresql_user: - state: 'absent' - <<: *parameters - - - <<: *changed - - - name: Check that they were removed - <<: *task_parameters - shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql -d postgres - environment: - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - assert: - that: - - "result.stdout_lines[-1] == '(0 rows)'" - - - name: Check that removing user a second time does nothing - <<: *task_parameters - postgresql_user: - state: 'absent' - <<: *parameters - environment: - PGOPTIONS: '-c default_transaction_read_only=on' # ensure 'alter user' query isn't executed - - - <<: *not_changed - - always: - - name: Remove user - <<: *task_parameters - postgresql_user: - state: 'absent' - <<: *parameters |