Added grants for clickhouse_info (ansible-collections#78)

* Added grants for clickhouse_info * Changed the name of the keys in the dict grants
Andersson007 · Sep 10, 2024 · e1f1517 · e1f1517
1 parent 768ac08
commit e1f1517
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 1 deletion.
diff --git a/changelogs/fragments/1-info_add_all_grants.yml b/changelogs/fragments/1-info_add_all_grants.yml
@@ -0,0 +1,2 @@
+minor_changes:
+- clickhouse_info - add the ``grants`` returns all grants for users and roles.
diff --git a/plugins/modules/clickhouse_info.py b/plugins/modules/clickhouse_info.py
@@ -161,6 +161,13 @@
   type: dict
   sample: { "storage_policies": "..." }
   version_added: '0.4.0'
+grants:
+  description:
+    - The content of the system.grants table for users and roles as keys.
+  returned: success
+  type: dict
+  sample: { "roles": {"..."}, "users": {"..."} }
+  version_added: '0.7.0'
 '''
 
 from ansible.module_utils.basic import AnsibleModule
@@ -532,6 +539,48 @@ def get_quotas(module, client):
     return quota_info
 
 
+def get_all_grants(module, client):
+    """Get grants.
+
+    Returns a dictionary with users and roles names as keys.
+    """
+    query = ("SELECT user_name, role_name, access_type, database, "
+             "table, column, is_partial_revoke, grant_option FROM system.grants")
+
+    result = execute_query(module, client, query)
+
+    if result == PRIV_ERR_CODE:
+        return {PRIV_ERR_CODE: "Not enough privileges"}
+
+    grants_info = {
+        'users': {},
+        'roles': {},
+    }
+
+    for row in result:
+        if row[0] is not None:
+            dict_name = 'users'
+            name = row[0]
+            if row[0] not in grants_info[dict_name]:
+                grants_info[dict_name][name] = []
+        else:
+            dict_name = 'roles'
+            name = row[1]
+            if row[1] not in grants_info[dict_name]:
+                grants_info[dict_name][name] = []
+
+        grants_info[dict_name][name].append({
+            "access_type": row[2],
+            "database": row[3],
+            "table": row[4],
+            "column": row[5],
+            "is_partial_revoke": row[6],
+            "grant_option": row[7],
+        })
+
+    return grants_info
+
+
 def get_functions(module, client):
     """Get functions.
 
@@ -661,6 +710,7 @@ def main():
         'settings_profiles': get_settings_profiles,
         'functions': get_functions,
         'storage_policies': get_storage_policies,
+        'grants': get_all_grants,
     }
     # Check if the limit is provided, it contains correct values
     limit = module.params['limit']

diff --git a/tests/integration/targets/clickhouse_info/tasks/initial.yml b/tests/integration/targets/clickhouse_info/tasks/initial.yml
@@ -10,10 +10,18 @@
   - accountant
   - sales
 
-- name: Create user
+- name: Create user bob
   community.clickhouse.clickhouse_user:
     name: bob
 
+- name: Create user eva
+  community.clickhouse.clickhouse_user:
+    name: eva
+
+- name: Grant to INSERT for user eva
+  community.clickhouse.clickhouse_client:
+    execute: "GRANT INSERT ON system.users TO eva"
+
 - name: Grant role
   community.clickhouse.clickhouse_client:
     execute: "GRANT accountant, sales TO bob"
@@ -49,6 +57,7 @@
     - result["quotas"]["default"] != {}
     - result["settings_profiles"]["default"] != {}
     - result["storage_policies"] != {}
+    - result["grants"]["users"]["eva"][0]["access_type"] == "INSERT"
 
 - name: Debug
   ansible.builtin.debug: