add roles argument

plugins/modules/clickhouse_user.py

@@ -82,9 +82,18 @@
     type: list
     elements: str
     version_added: '0.5.0'
+  roles:
+    description:
+      - Grants specified roles for the user.
+    type: list
+    elements: str
+    version_added: '0.6.0'
   default_roles:
     description:
-      - Grants and sets the role(s) as default for the user.
+      - Sets specified roles as default for the user.
+      - The roles must be explicitly granted to the user whether manually
+        before using this argument or by using the I(roles)
+        argument in the same task.
     type: list
     elements: str
     version_added: '0.6.0'
@@ -100,9 +109,11 @@
     name: test_user
     password: qwerty
     type_password: sha256_password
-    default_roles:
+    roles:
     - accountant
     - manager
+    default_roles:
+    - accountant
 
 - name: If user exists, update password
   community.clickhouse.clickhouse_user:
@@ -173,7 +184,10 @@ def __init__(self, module, client, name, password, type_password, cluster):
         self.cluster = cluster
         # Set default values, then update
         self.user_exists = False
-        self.default_roles_list = []
+        self.current_default_roles = []
+        self.current_roles = []
+        # Fetch actual values from DB and
+        # update the attributes with them
         self.__populate_info()
 
     def __populate_info(self):
@@ -191,7 +205,16 @@ def __populate_info(self):
 
         if result != []:
             self.user_exists = True
-            self.default_roles_list = result[0][3]
+            self.current_default_roles = result[0][3]
+
+        if self.user_exists:
+            self.current_roles = self.__fetch_user_groups()
+
+    def __fetch_user_groups(self):
+        query = ("SELECT granted_role_name FROM system.role_grants "
+                 "WHERE user_name = '%s'" % self.name)
+        result = execute_query(self.module, self.client, query)
+        return [row[0] for row in result]
 
     def create(self):
         list_settings = self.module.params['settings']
@@ -216,23 +239,35 @@ def create(self):
         if not self.module.check_mode:
             execute_query(self.module, self.client, query)
 
+        if self.module.params['roles']:
+            self.__grant_role(self.module.params['roles'])
+
         if self.module.params['default_roles']:
-            self.__grant_role(self.module.params['default_roles'])
             self.__set_default_roles(self.module.params['default_roles'])
 
         return True
 
     def update(self, update_password):
+        if self.module.params['roles']:
+            desired_roles = self.module.params['roles']
+
+            roles_to_set = []
+            for role in desired_roles:
+                if role not in self.current_roles:
+                    roles_to_set.append(role)
+
+            if roles_to_set:
+                self.__grant_roles(roles_to_set)
+
         if self.module.params['default_roles']:
             default_roles = self.module.params['default_roles']
 
             roles_to_set = []
             for role in default_roles:
-                if role not in self.default_roles_list:
+                if role not in self.current_default_roles:
                     roles_to_set.append(role)
 
             if roles_to_set:
-                self.__grant_roles(roles_to_set)
                 self.__set_default_roles(roles_to_set)
 
         if update_password == 'on_create':
@@ -296,6 +331,7 @@ def main():
             default='on_create', no_log=False
         ),
         settings=dict(type='list', elements='str'),
+        roles=dict(type='list', elements='str', default=None),
         default_roles=dict(type='list', elements='str', default=None),
     )
 

tests/integration/targets/clickhouse_user/tasks/initial.yml

@@ -145,6 +145,9 @@
   community.clickhouse.clickhouse_user:
     state: present
     name: test_user
+    roles:
+    - accountant
+    - manager
     default_roles:
     - accountant
     - manager
@@ -171,6 +174,9 @@
   community.clickhouse.clickhouse_user:
     state: present
     name: test_user
+    roles:
+    - accountant
+    - manager
     default_roles:
     - accountant
     - manager
@@ -198,6 +204,8 @@
   community.clickhouse.clickhouse_user:
     state: present
     name: test_user
+    roles:
+    - sales
     default_roles:
     - sales
 
@@ -223,6 +231,7 @@
   community.clickhouse.clickhouse_user:
     state: present
     name: test_user
+    roles: sales
     default_roles: sales
 
 - name: Check ret values 
@@ -247,6 +256,8 @@
   community.clickhouse.clickhouse_user:
     state: present
     name: test_user
+    roles:
+    - sales
     default_roles:
     - sales
 
@@ -262,6 +273,8 @@
   community.clickhouse.clickhouse_user:
     state: present
     name: test_user
+    roles:
+    - sales
     default_roles:
     - sales
 
@@ -276,14 +289,16 @@
   community.clickhouse.clickhouse_user:
     state: present
     name: test_user
+    roles:
+    - accountant
     default_roles:
     - accountant
 
 - name: Check ret values 
   ansible.builtin.assert:
     that:
     - result is changed
-    - result.executed_statements == ["GRANT accountant TO test_user", "ALTER USER test_user DEFAULT ROLE accountant"]
+    - result.executed_statements == ["ALTER USER test_user DEFAULT ROLE accountant"]
 
 - name: Check the actual state
   register: result