From 9ca7cf5575c35f3b0ca5e36912d140504c538723 Mon Sep 17 00:00:00 2001 From: Andrew Klychkov Date: Thu, 22 May 2025 09:46:29 +0200 Subject: [PATCH 1/4] AZP: add RHEL 10.0 to devel remote target --- .azure-pipelines/azure-pipelines.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.azure-pipelines/azure-pipelines.yml b/.azure-pipelines/azure-pipelines.yml index ef3de17b..746eecce 100644 --- a/.azure-pipelines/azure-pipelines.yml +++ b/.azure-pipelines/azure-pipelines.yml @@ -191,6 +191,8 @@ stages: parameters: testFormat: devel/{0}/1 targets: + - name: RHEL 10.0 + test: rhel/10.0 - name: RHEL 9.5 test: rhel/9.5 From b73f98bbaae46260c55c19511ef75ce41a9a3b87 Mon Sep 17 00:00:00 2001 From: Andrew Klychkov Date: Thu, 22 May 2025 09:54:48 +0200 Subject: [PATCH 2/4] Update README --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 07d2ceaf..07f2646c 100644 --- a/README.md +++ b/README.md @@ -119,6 +119,7 @@ Our AZP CI includes testing with the following docker images / PostgreSQL versio | Fedora 39 | 2.9.6 | 15 | | Ubuntu 22.04 | 3.1.9 | 16 | | Fedora 40/41 | 2.9.9 | 16 | +| RHEL 10 | 2.9.9 | 16 | | Ubuntu 24.04 | 3.2.2 | 17 | ## Included content From 8085c5a1b73cb7c825c4f48914297ad7e86a1a4c Mon Sep 17 00:00:00 2001 From: Andrew Klychkov Date: Sat, 24 May 2025 10:31:04 +0200 Subject: [PATCH 3/4] fix tests --- .../tasks/pg_authid_not_readable.yml | 2 - .../tasks/postgresql_privs_initial.yml | 40 ++++++++++++++----- 2 files changed, 31 insertions(+), 11 deletions(-) diff --git a/tests/integration/targets/postgresql_privs/tasks/pg_authid_not_readable.yml b/tests/integration/targets/postgresql_privs/tasks/pg_authid_not_readable.yml index 3f810d47..bbbe6f8b 100644 --- a/tests/integration/targets/postgresql_privs/tasks/pg_authid_not_readable.yml +++ b/tests/integration/targets/postgresql_privs/tasks/pg_authid_not_readable.yml @@ -6,7 +6,6 @@ encrypted: 'true' password: "md5{{ (db_password ~ db_user1) | hash('md5')}}" db: "{{ db_name }}" - priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP' login_user: "{{ pg_user }}" register: redo_as_admin @@ -37,7 +36,6 @@ encrypted: 'true' password: "md5{{ (db_password ~ db_user1) | hash('md5')}}" db: "{{ db_name }}" - priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP' login_user: "{{ db_user1 }}" login_password: "{{ db_password }}" register: redo_as_normal_user diff --git a/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml b/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml index 89a9347e..8bbd790e 100644 --- a/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml +++ b/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml @@ -25,7 +25,7 @@ - vars: db_password: 'secretù' # use UTF-8 block: - - name: Create a user with some permissions on the db + - name: Create a user become_user: "{{ pg_user }}" become: true postgresql_user: @@ -33,9 +33,30 @@ encrypted: 'true' password: "md5{{ (db_password ~ db_user1) | hash('md5')}}" db: "{{ db_name }}" - priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP' login_user: "{{ pg_user }}" + - name: Grant privs on test_table1 + become_user: "{{ pg_user }}" + become: true + postgresql_privs: + db: "{{ db_name }}" + login_user: "{{ pg_user }}" + roles: "{{ db_user1 }}" + privs: 'INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER' + type: table + objs: test_table1 + + - name: Grant privs on test_table2 + become_user: "{{ pg_user }}" + become: true + postgresql_privs: + db: "{{ db_name }}" + login_user: "{{ pg_user }}" + roles: "{{ db_user1 }}" + privs: 'INSERT' + type: table + objs: test_table2 + - include_tasks: pg_authid_not_readable.yml - name: Check that the user has the requested permissions (table1) @@ -68,18 +89,19 @@ - result_table2.rowcount == 1 - result_table2.query_result[0]['privilege_type'] == 'INSERT' - result_database.rowcount == 1 - - "'{{ db_user1 }}=CTc/{{ pg_user }}' in result_database.query_result[0]['datacl']" + - result_database.query_result[0]['datacl'] == None - name: Add another permission for the user become_user: "{{ pg_user }}" become: true - postgresql_user: - name: "{{ db_user1 }}" - encrypted: 'true' - password: "md55c8ccfd9d6711fc69a7eae647fc54f51" + postgresql_privs: + roles: "{{ db_user1 }}" db: "{{ db_name }}" - priv: 'test_table2:select' + privs: 'SELECT' + type: table + objs: test_table2 login_user: "{{ pg_user }}" + register: result - name: Check that ansible reports it changed the user @@ -199,7 +221,7 @@ - assert: that: - result_database.rowcount == 1 - - "'{{ db_user1 }}' not in result_database.query_result[0]['datacl']" + - result_database.query_result[0]['datacl'] is not search("{{ db_user1 }}=Cc") - name: Grant database privileges become_user: "{{ pg_user }}" From 6240b319405e0fd35b104fafceee54ea55c493e1 Mon Sep 17 00:00:00 2001 From: Andrew Klychkov Date: Sat, 24 May 2025 12:43:55 +0200 Subject: [PATCH 4/4] fix copy-paste thing --- .../targets/postgresql_privs/tasks/postgresql_privs_initial.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml b/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml index 8bbd790e..9e13339b 100644 --- a/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml +++ b/tests/integration/targets/postgresql_privs/tasks/postgresql_privs_initial.yml @@ -221,7 +221,7 @@ - assert: that: - result_database.rowcount == 1 - - result_database.query_result[0]['datacl'] is not search("{{ db_user1 }}=Cc") + - result_database.query_result[0]['datacl'] is not search("{{ db_user1 }}") - name: Grant database privileges become_user: "{{ pg_user }}"