Page Menu
Home
Software Heritage
Search
Configure Global Search
Log In
Files
F9697401
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
4 KB
Subscribers
None
View Options
diff --git a/spec/acceptance/server/grant_role_spec.rb b/spec/acceptance/server/grant_role_spec.rb
index 616d86c..334cc6b 100644
--- a/spec/acceptance/server/grant_role_spec.rb
+++ b/spec/acceptance/server/grant_role_spec.rb
@@ -1,62 +1,131 @@
require 'spec_helper_acceptance'
describe 'postgresql::server::grant_role:', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+
+ db = 'grant_role_test'
+ user = 'psql_grant_role_tester'
+ group = 'test_group'
+ password = 'psql_grant_role_pw'
+
it 'should grant a role to a user' do
begin
pp = <<-EOS.unindent
- $db = 'grant_role_test'
- $user = 'psql_grant_role_tester'
- $group = 'test_group'
- $password = 'psql_grant_role_pw'
+ $db = #{db}
+ $user = #{user}
+ $group = #{group}
+ $password = #{password}
class { 'postgresql::server': }
# Since we are not testing pg_hba or any of that, make a local user for ident auth
user { $user:
ensure => present,
}
postgresql::server::role { $user:
password_hash => postgresql_password($user, $password),
}
postgresql::server::database { $db:
owner => $user,
require => Postgresql::Server::Role[$user],
}
# Create a rule for the user
postgresql::server::pg_hba_rule { "allow ${user}":
type => 'local',
database => $db,
user => $user,
auth_method => 'ident',
order => 1,
}
# Create a role to grant to the user
postgresql::server::role { $group:
db => $db,
login => false,
require => Postgresql::Server::Database[$db],
}
# Grant the role to the user
postgresql::server::grant_role { "grant_role ${group} to ${user}":
role => $user,
group => $group,
}
EOS
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
## Check that the role was granted to the user
psql('--command="SELECT 1 WHERE pg_has_role(\'psql_grant_role_tester\', \'test_group\', \'MEMBER\') = true" grant_role_test', 'psql_grant_role_tester') do |r|
expect(r.stdout).to match(/\(1 row\)/)
expect(r.stderr).to eq('')
end
end
end
+ it 'should revoke a role from a user' do
+ begin
+ pp = <<-EOS
+
+ $db = "#{db}"
+ $user = "#{user}"
+ $group = "#{group}"
+ $password = #{password}
+
+ class { 'postgresql::server': }
+
+ # Since we are not testing pg_hba or any of that, make a local user for ident auth
+ user { $user:
+ ensure => present,
+ }
+
+ postgresql::server::role { $user:
+ password_hash => postgresql_password($user, $password),
+ }
+
+ postgresql::server::database { $db:
+ owner => $user,
+ require => Postgresql::Server::Role[$user],
+ }
+
+ # Create a rule for the user
+ postgresql::server::pg_hba_rule { "allow ${user}":
+ type => 'local',
+ database => $db,
+ user => $user,
+ auth_method => 'ident',
+ order => 1,
+ }
+
+ # Create a role to grant to the user
+ postgresql::server::role { $group:
+ db => $db,
+ login => false,
+ require => Postgresql::Server::Database[$db],
+ }
+
+ # Grant the role to the user
+ postgresql::server::grant_role { "grant_role ${group} to ${user}":
+ role => $user,
+ group => $group,
+ }
+
+ postgresql::server::grant_role {"revoke ${group} from ${user}":
+ ensure => absent,
+ role => $user,
+ group => $group,
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :expect_changes => true)
+
+ psql('--command="SELECT 1 WHERE pg_has_role(\'psql_grant_role_tester\', \'test_group\', \'MEMBER\') = true" grant_role_test', 'psql_grant_role_tester') do |r|
+ expect(r.stdout).to match(/\(0 rows\)/)
+ expect(r.stderr).to eq('')
+ end
+ end
+ end
+
end
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Mon, Aug 18, 11:37 PM (1 w, 6 h ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3284993
Attached To
rSPPG PostgreSQL puppet module
Event Timeline
Log In to Comment