[mirror/dsa-puppet.git] / 3rdparty / modules / postgresql / spec / unit / defines / server / grant_role_spec.rb

require 'spec_helper'

describe 'postgresql::server::grant_role', :type => :define do
  let :pre_condition do
    "class { 'postgresql::server': }"
  end

  let :facts do
    {:osfamily => 'Debian',
     :operatingsystem => 'Debian',
     :operatingsystemrelease => '6.0',
     :kernel => 'Linux', :concat_basedir => tmpfilename('postgis'),
     :id => 'root',
     :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
    }
  end

  let (:title) { 'test' }

  let (:params) { {
    :group => 'my_group',
    :role  => 'my_role',
  } }

  context "with mandatory arguments only" do
    it {
      is_expected.to contain_postgresql_psql("grant_role:#{title}").with({
        :command => "GRANT \"#{params[:group]}\" TO \"#{params[:role]}\"",
        :unless  => "SELECT 1 WHERE EXISTS (SELECT 1 FROM pg_roles AS r_role JOIN pg_auth_members AS am ON r_role.oid = am.member JOIN pg_roles AS r_group ON r_group.oid = am.roleid WHERE r_group.rolname = '#{params[:group]}' AND r_role.rolname = '#{params[:role]}') = true",
      }).that_requires('Class[postgresql::server]')
    }
  end

  context "with db arguments" do
    let (:params) { super().merge({
      :psql_db   => 'postgres',
      :psql_user => 'postgres',
      :port      => '5432',
    }) }

    it {
      is_expected.to contain_postgresql_psql("grant_role:#{title}").with({
        :command => "GRANT \"#{params[:group]}\" TO \"#{params[:role]}\"",
        :unless  => "SELECT 1 WHERE EXISTS (SELECT 1 FROM pg_roles AS r_role JOIN pg_auth_members AS am ON r_role.oid = am.member JOIN pg_roles AS r_group ON r_group.oid = am.roleid WHERE r_group.rolname = '#{params[:group]}' AND r_role.rolname = '#{params[:role]}') = true",
        :db        => params[:psql_db],
        :psql_user => params[:psql_user],
        :port      => params[:port],
      }).that_requires('Class[postgresql::server]')
    }
  end

  context "with ensure => absent" do
    let (:params) { super().merge({
      :ensure   => 'absent',
    }) }

    it {
      is_expected.to contain_postgresql_psql("grant_role:#{title}").with({
        :command => "REVOKE \"#{params[:group]}\" FROM \"#{params[:role]}\"",
        :unless  => "SELECT 1 WHERE EXISTS (SELECT 1 FROM pg_roles AS r_role JOIN pg_auth_members AS am ON r_role.oid = am.member JOIN pg_roles AS r_group ON r_group.oid = am.roleid WHERE r_group.rolname = '#{params[:group]}' AND r_role.rolname = '#{params[:role]}') != true",
      }).that_requires('Class[postgresql::server]')
    }
  end

  context "with user defined" do
    let :pre_condition do
      "class { 'postgresql::server': }
postgresql::server::role { '#{params[:role]}': }"
    end

    it {
      is_expected.to contain_postgresql_psql("grant_role:#{title}").that_requires("Postgresql::Server::Role[#{params[:role]}]")
    }
    it {
      is_expected.not_to contain_postgresql_psql("grant_role:#{title}").that_requires("Postgresql::Server::Role[#{params[:group]}]")
    }
  end

  context "with group defined" do
    let :pre_condition do
      "class { 'postgresql::server': }
postgresql::server::role { '#{params[:group]}': }"
    end

    it {
      is_expected.to contain_postgresql_psql("grant_role:#{title}").that_requires("Postgresql::Server::Role[#{params[:group]}]")
    }
    it {
      is_expected.not_to contain_postgresql_psql("grant_role:#{title}").that_requires("Postgresql::Server::Role[#{params[:role]}]")
    }
  end

  context "with connect_settings" do
    let (:params) { super().merge({
      :connect_settings => { 'PGHOST' => 'postgres-db-server' },
    }) }

    it {
      is_expected.to contain_postgresql_psql("grant_role:#{title}").with_connect_settings( { 'PGHOST' => 'postgres-db-server' } )
    }
    it {
      is_expected.not_to contain_postgresql_psql("grant_role:#{title}").that_requires('Class[postgresql::server]')
    }
  end
end