clickhouse_info: add grants field for roles and users return vals (#76)

ansible-collections · Aug 28, 2024 · ab108f0 · ab108f0
1 parent 07cd26a
commit ab108f0
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 5 deletions.
diff --git a/changelogs/fragments/0-info_add_grants.yml b/changelogs/fragments/0-info_add_grants.yml
@@ -0,0 +1,2 @@
+minor_changes:
+- clickhouse_info - add the ``grants`` return value for users and roles.
diff --git a/plugins/modules/clickhouse_info.py b/plugins/modules/clickhouse_info.py
@@ -270,10 +270,12 @@ def get_roles(module, client):
 
     roles_info = {}
     for row in result:
-        roles_info[row[0]] = {
+        role_name = row[0]
+        roles_info[role_name] = {
             "id": str(row[1]),
             "storage": row[2],
         }
+        roles_info[role_name]["grants"] = get_grants(module, client, role_name)
 
     return roles_info
 
@@ -451,10 +453,21 @@ def get_users(module, client):
         }
 
         user_info[user_name]["roles"] = get_user_roles(module, client, user_name)
+        user_info[user_name]["grants"] = get_grants(module, client, user_name)
 
     return user_info
 
 
+def get_grants(module, client, name):
+    """Get grants.
+
+    Return a list of grants.
+    """
+    query = ("SHOW GRANTS FOR '%s'" % name)
+    result = execute_query(module, client, query)
+    return [row[0] for row in result]
+
+
 def get_user_roles(module, client, user_name):
     """Get user roles.
 

diff --git a/tests/integration/targets/clickhouse_info/tasks/initial.yml b/tests/integration/targets/clickhouse_info/tasks/initial.yml
@@ -16,10 +16,11 @@
 
 - name: Grant role
   community.clickhouse.clickhouse_client:
-    execute: "GRANT {{ item }} TO bob"
-  loop:
-  - accountant
-  - sales
+    execute: "GRANT accountant, sales TO bob"
+
+- name: Grant role
+  community.clickhouse.clickhouse_client:
+    execute: "GRANT sales TO accountant"
 
 - name: Get info
   register: result
@@ -34,7 +35,9 @@
     - result is not changed
     - result["users"]["default"] != {}
     - result["users"]["bob"]["roles"] == ["accountant", "sales"] or result["users"]["bob"]["roles"] == ["sales", "accountant"]
+    - result["users"]["bob"]["grants"] == ["GRANT accountant, sales TO bob"]
     - result["roles"]["accountant"] != {}
+    - result["roles"]["accountant"]["grants"] == ["GRANT sales TO accountant"]
     - result["databases"]["default"]["engine"] == "Atomic"
     - result["version"] != {}
     - result["driver"]["version"] != {}