From 499d3a1b531548f00f820552c685912b2465d2b2 Mon Sep 17 00:00:00 2001
From: Adrian Likins <alikins@redhat.com>
Date: Wed, 15 Feb 2017 15:28:29 -0500
Subject: add a intg test for issue #19835 (#21487)

(postgresql_user changing role_attr_flags with no_password_checks
fails)
---
 .../targets/postgresql/defaults/main.yml           |   1 +
 test/integration/targets/postgresql/tasks/main.yml | 106 +++++++++++++++++++++
 2 files changed, 107 insertions(+)

diff --git a/test/integration/targets/postgresql/defaults/main.yml b/test/integration/targets/postgresql/defaults/main.yml
index a78f817a63..0dee1f0fc3 100644
--- a/test/integration/targets/postgresql/defaults/main.yml
+++ b/test/integration/targets/postgresql/defaults/main.yml
@@ -3,5 +3,6 @@
 db_name: 'ansible_db'
 db_user1: 'ansible_db_user1'
 db_user2: 'ansible_db_user2'
+db_user3: 'ansible_db_user3'
 
 tmp_dir: '/tmp'
diff --git a/test/integration/targets/postgresql/tasks/main.yml b/test/integration/targets/postgresql/tasks/main.yml
index dd9de5e5cd..b6cad4106d 100644
--- a/test/integration/targets/postgresql/tasks/main.yml
+++ b/test/integration/targets/postgresql/tasks/main.yml
@@ -374,6 +374,112 @@
     that:
       - "result.stdout_lines[-1] == '(0 rows)'"
 
+# Test cases to replicate issue 19835
+- name: Create a user "{{ db_user3 }}"  to test issue 19835
+  become_user: "{{ pg_user }}"
+  become: True
+  postgresql_user:
+    name: "{{ db_user3 }}"
+    encrypted: 'yes'
+    password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
+    login_user: "{{ pg_user }}"
+    #role_attr_flags: "NOSUPERUSER,NOCREATEROLE,NOCREATEDB,noinherit,NOLOGIN"
+    db: postgres
+  register: result
+
+- name: Check that ansible reports that "{{ db_user3 }}" was created for testing issue 19835
+  assert:
+    that:
+      - "result.changed == True"
+
+- name: debug result
+  debug:
+    var: result
+
+- name: Check that "{{ db_user3 }}" was created for testing issue 19835
+  become_user: "{{ pg_user }}"
+  become: True
+  shell: echo "select * from pg_user where usename='{{ db_user3 }}';" | psql -d postgres
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(1 row)'"
+
+- name: Modify user "{{ db_user3 }}" to have only login role attributes for testing issue 19835
+  become_user: "{{ pg_user }}"
+  become: True
+  postgresql_user:
+    name: "{{ db_user3 }}"
+    state: "present"
+    role_attr_flags: "NOSUPERUSER,NOCREATEROLE,NOCREATEDB,noinherit"
+    login_user: "{{ pg_user }}"
+    db: postgres
+  register: result
+
+- name: Check that ansible reports it modified the roles for testing issue 19835
+  assert:
+    that:
+      - "result.changed == True"
+
+- name: Check that the user "{{ db_user3 }}" has the requested role attributes for testing issue 19835
+  become_user: "{{ pg_user }}"
+  become: True
+  shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user3 }}';" | psql -d postgres
+  register: result
+
+- name: Modify a single role attribute on the user "{{ db_user3 }}"  with no_password_changes set to yes. issue 19835
+  become_user: "{{ pg_user }}"
+  become: True
+  postgresql_user:
+    name: "{{ db_user3 }}"
+    state: "present"
+    role_attr_flags: "CREATEDB"
+    no_password_changes: yes
+    login_user: "{{ pg_user }}"
+    db: postgres
+  register: result
+
+- name: Check that ansible reports it modified the role with no_password_changes set to yes. issue 19835
+  assert:
+    that:
+      - "result.changed == True"
+
+- name: Check that the user "{{ db_user3 }}" has the requested role attributes with no_password_changes set to yes. issue 19835
+  become_user: "{{ pg_user }}"
+  become: True
+  shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin  from pg_roles where rolname='{{ db_user3 }}';" | psql -d postgres
+  register: result
+
+- name: Assert that the request role attributes check for user "{{ db_user3 }}" was correct with no_password_changes set to yes. issue 19835
+  assert:
+    that:
+      - "result.stdout_lines[-1] == '(1 row)'"
+      - "'super:f' in result.stdout_lines[-2]"
+      - "'createrole:f' in result.stdout_lines[-2]"
+      - "'create:t' in result.stdout_lines[-2]"
+      - "'inherit:f' in result.stdout_lines[-2]"
+      - "'login:t' in result.stdout_lines[-2]"
+
+- name: Cleanup the "{{ db_user3 }}" user
+  become_user: "{{ pg_user }}"
+  become: True
+  postgresql_user:
+    name: "{{ db_user3 }}"
+    state: 'absent'
+    login_user: "{{ pg_user }}"
+    db: postgres
+
+- name: Check that "{{ db_user3 }}"  was removed
+  become_user: "{{ pg_user }}"
+  become: True
+  shell: echo "select * from pg_user where usename='{{ db_user3 }}';" | psql -d postgres
+  register: result
+
+- assert:
+    that:
+      - "result.stdout_lines[-1] == '(0 rows)'"
+
 ### TODO: test expires, fail_on_user
 
 #
-- 
cgit v1.2.1