clickhouse_info: add roles info per user

Andersson007 · Aug 16, 2024 · 3290ca5 · 3290ca5
1 parent 78abf5d
commit 3290ca5
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 3 deletions.
diff --git a/changelogs/fragments/.keep b/changelogs/fragments/.keep
diff --git a/changelogs/fragments/0-clickhouse_info.yml b/changelogs/fragments/0-clickhouse_info.yml
@@ -0,0 +1,2 @@
+minor_changes:
+- clickhouse_info - add the ``roles`` field to user information.
diff --git a/plugins/modules/clickhouse_info.py b/plugins/modules/clickhouse_info.py
@@ -435,7 +435,8 @@ def get_users(module, client):
 
     user_info = {}
     for row in result:
-        user_info[row[0]] = {
+        user_name = row[0]
+        user_info[user_name] = {
             "id": str(row[1]),
             "storage": row[2],
             "auth_type": row[3],
@@ -449,9 +450,22 @@ def get_users(module, client):
             "default_roles_except": row[11],
         }
 
+        user_info[user_name]["roles"] = get_user_roles(module, client, user_name)
+
     return user_info
 
 
+def get_user_roles(module, client, user_name):
+    """Get user roles.
+
+    Returns a list of roles.
+    """
+    query = ("SELECT granted_role_name FROM system.role_grants "
+             "WHERE user_name = '%s'" % user_name)
+    result = execute_query(module, client, query)
+    return [row[0] for row in result]
+
+
 def get_settings_profiles(module, client):
     """Get settings profiles.
 

diff --git a/tests/integration/targets/clickhouse_info/tasks/initial.yml b/tests/integration/targets/clickhouse_info/tasks/initial.yml
@@ -3,9 +3,23 @@
 # and should not be used as examples of how to write Ansible roles #
 ####################################################################
 
-- name: Create role
+- name: Create roles
   community.clickhouse.clickhouse_client:
-    execute: "CREATE ROLE IF NOT EXISTS accountant"
+    execute: "CREATE ROLE IF NOT EXISTS {{ item }}"
+  loop:
+  - accountant
+  - sales
+
+- name: Create user
+  community.clickhouse.clickhouse_user:
+    name: bob
+
+- name: Grant role
+  community.clickhouse.clickhouse_client:
+    execute: "GRANT {{ item }} TO bob"
+  loop:
+  - accountant
+  - sales
 
 - name: Get info
   register: result
@@ -19,6 +33,7 @@
     that:
     - result is not changed
     - result["users"]["default"] != {}
+    - result["users"]["bob"]["roles"] == ["accountant", "sales"] or result["users"]["bob"]["roles"] == ["sales", "accountant"]
     - result["roles"]["accountant"] != {}
     - result["databases"]["default"]["engine"] == "Atomic"
     - result["version"] != {}