Port molecule.yml and playbook.yml configuration

molecule/default/molecule.yml

@@ -6,12 +6,53 @@ driver:
 lint:
   name: yamllint
 platforms:
-  - name: instance
-    image: centos:7
+  - name: postgresql-94-all
+    image: centos/systemd
+    image_version: latest
+    command: /sbin/init
+    privileged: true
+    groups:
+      - server
+  - name: postgresql-95-localhost
+    image: centos/systemd
+    image_version: latest
+    command: /sbin/init
+    privileged: true
+    groups:
+      - server
+  - name: postgresql-96-localhost
+    image: centos/systemd
+    image_version: latest
+    command: /sbin/init
+    privileged: true
+    groups:
+      - server
+  - name: postgresql-noserver
+    image: centos
+    image_version: 7
 provisioner:
   name: ansible
   lint:
     name: ansible-lint
+  inventory:
+    host_vars:
+      postgresql-94-all:
+        postgresql_server_listen: "'*'"
+        postgresql_server_auth:
+          - database: publicdb
+            user: alice
+            address: 192.168.1.0/24
+      postgresql-95-localhost:
+        postgresql_version: "9.5"
+      postgresql-96-localhost:
+        postgresql_version: "9.6"
+        postgresql_install_extensions: true
+        postgresql_server_conf:
+          shared_preload_libraries: "'pg_stat_statements'"
+          log_filename: "'postgresql-%F.log'"
+      postgresql-noserver:
+        postgresql_version: "9.6"
+        postgresql_install_server: false
 scenario:
   name: default
 verifier:

molecule/default/playbook.yml

@@ -3,3 +3,54 @@
   hosts: all
   roles:
     - role: ansible-role-postgresql
+      postgresql_databases:
+        - name: publicdb
+        - name: secretdb
+          owner: alice
+          restrict: true
+      postgresql_users:
+        - user: alice
+          password: alice123
+          # alice is the owner of secretdb so already has access
+          databases: [publicdb]
+        - user: bob
+          password: bob123
+          databases: [publicdb, secretdb]
+          roles: "CREATEDB,NOSUPERUSER"
+        - user: charles
+          password: charles123
+          databases: []
+
+- hosts: server
+  tasks:
+    - name: create test tables publicdb
+      command: env PGPASSWORD=alice123 psql -h localhost -U alice publicdb -c "{{ item }}"
+      register: result
+      changed_when: "not ('skipping' in result.stderr or '0 0' in result.stdout)"
+      with_items:
+        - "create table if not exists regular (text text primary key);"
+        - "insert into regular select ('clear text') where not exists (select text from regular);"
+
+    - name: create test tables secretdb
+      command: env PGPASSWORD=alice123 psql -h localhost -U alice secretdb -c "{{ item }}"
+      register: result
+      changed_when: "not ('skipping' in result.stderr or '0 0' in result.stdout)"
+      with_items:
+        - "create table if not exists regular (text text primary key);"
+        - "insert into regular select ('clear text') where not exists (select text from regular);"
+        - "create table if not exists password (text text primary key);"
+        - "insert into password select ('PRIVATE!') where not exists (select text from password);"
+
+    - name: set privileges on secretdb tables
+      become: true
+      become_user: postgres
+      postgresql_privs:
+        database: "{{ item }}"
+        obj: regular
+        privs: SELECT
+        roles: bob
+        state: present
+        type: table
+      with_items:
+        - publicdb
+        - secretdb