postgresql_lang: add trust_input parameter

changelogs/fragments/272-postgresql_lang_add_trust_input_parameter.yml

@@ -0,0 +1,2 @@
+minor_changes:
+- postgresql_lang - add the ``trust_input`` parameter (https://github.com/ansible-collections/community.general/pull/272).

plugins/modules/database/postgresql/postgresql_lang.py

@@ -104,6 +104,11 @@
       - Set an owner for the language.
       - Ignored when I(state=absent).
     type: str
+  trust_input:
+    description:
+    - If C(no), check whether values of some parameters are potentially dangerous.
+    type: bool
+    default: yes
 seealso:
 - name: PostgreSQL languages
   description: General information about PostgreSQL languages.
@@ -176,6 +181,7 @@
 '''
 
 from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.community.general.plugins.module_utils.database import check_input
 from ansible_collections.community.general.plugins.module_utils.postgres import (
     connect_to_db,
     get_conn_params,
@@ -258,7 +264,7 @@ def set_lang_owner(cursor, lang, owner):
         lang (str): language name.
         owner (str): name of new owner.
     """
-    query = "ALTER LANGUAGE \"%s\" OWNER TO %s" % (lang, owner)
+    query = "ALTER LANGUAGE \"%s\" OWNER TO \"%s\"" % (lang, owner)
     executed_queries.append(query)
     cursor.execute(query)
     return True
@@ -276,6 +282,7 @@ def main():
         fail_on_drop=dict(type="bool", default="yes"),
         session_role=dict(type="str"),
         owner=dict(type="str"),
+        trust_input=dict(type="bool", default="yes")
     )
 
     module = AnsibleModule(
@@ -291,6 +298,12 @@ def main():
     cascade = module.params["cascade"]
     fail_on_drop = module.params["fail_on_drop"]
     owner = module.params["owner"]
+    session_role = module.params["session_role"]
+    trust_input = module.params["trust_input"]
+
+    if not trust_input:
+        # Check input for potentially dangerous elements:
+        check_input(module, lang, session_role, owner)
 
     conn_params = get_conn_params(module, module.params)
     db_connection = connect_to_db(module, conn_params, autocommit=False)

tests/integration/targets/postgresql_lang/tasks/postgresql_lang_add_owner_param.yml

@@ -30,6 +30,7 @@
       <<: *pg_parameters
       name: '{{ test_lang }}'
       owner: '{{ test_user1 }}'
+      trust_input: no
     check_mode: yes
 
   - assert:
@@ -57,11 +58,12 @@
       <<: *pg_parameters
       name: '{{ test_lang }}'
       owner: '{{ test_user1 }}'
+      trust_input: no
 
   - assert:
       that:
       - result is changed
-      - result.queries == ['CREATE LANGUAGE "{{ test_lang }}"', 'ALTER LANGUAGE "{{ test_lang }}" OWNER TO {{ test_user1 }}']
+      - result.queries == ['CREATE LANGUAGE "{{ test_lang }}"', 'ALTER LANGUAGE "{{ test_lang }}" OWNER TO "{{ test_user1 }}"']
 
   - name: Check
     <<: *task_parameters
@@ -83,12 +85,13 @@
       <<: *pg_parameters
       name: '{{ test_lang }}'
       owner: '{{ test_user2 }}'
+      trust_input: yes
     check_mode: yes
 
   - assert:
       that:
       - result is changed
-      - result.queries == ['ALTER LANGUAGE "{{ test_lang }}" OWNER TO {{ test_user2 }}']
+      - result.queries == ['ALTER LANGUAGE "{{ test_lang }}" OWNER TO "{{ test_user2 }}"']
 
   - name: Check that nothing was actually changed
     <<: *task_parameters
@@ -116,7 +119,7 @@
       - result is changed
       # TODO: the first elem of the returned list below
       # looks like a bug, not related with the option owner, needs to be checked
-      - result.queries == ["UPDATE pg_language SET lanpltrusted = false WHERE lanname = '{{ test_lang }}'", 'ALTER LANGUAGE "{{ test_lang }}" OWNER TO {{ test_user2 }}']
+      - result.queries == ["UPDATE pg_language SET lanpltrusted = false WHERE lanname = '{{ test_lang }}'", 'ALTER LANGUAGE "{{ test_lang }}" OWNER TO "{{ test_user2 }}"']
 
   - name: Check
     <<: *task_parameters