Merge pull request #1315 from vaol/fix_table_grant_with_schema

david22swan · web-flow · commit 2cf1fa9b5ebe · 2022-09-26T14:34:25.000+01:00
Fix table grant with schema
diff --git a/manifests/server/grant.pp b/manifests/server/grant.pp
@@ -425,6 +425,8 @@
       }
       # Never put double quotes into has_*_privilege function
       $_granted_object = join($_object_name, '.')
+      # pg_* views does not contain schema name as part of the object name
+      $_togrant_object_only = $_object_name[1]
     }
     default: {
       $_granted_object = $_object_name
@@ -445,10 +447,10 @@
   }
 
   $_onlyif = $onlyif_function ? {
-    'table_exists'    => "SELECT true FROM pg_tables WHERE tablename = '${_togrant_object}'",
-    'language_exists' => "SELECT true from pg_language WHERE lanname = '${_togrant_object}'",
+    'table_exists'    => "SELECT true FROM pg_tables WHERE tablename = '${_togrant_object_only}'",
+    'language_exists' => "SELECT true from pg_language WHERE lanname = '${_togrant_object_only}}'",
     'role_exists'     => "SELECT 1 FROM pg_roles WHERE rolname = '${role}' or '${role}' = 'PUBLIC'",
-    'function_exists' => "SELECT true FROM pg_proc WHERE (oid::regprocedure)::text = '${_togrant_object}${arguments}'",
+    'function_exists' => "SELECT true FROM pg_proc WHERE (oid::regprocedure)::text = '${_togrant_object_only}}${arguments}'",
     default           => undef,
   }
 
diff --git a/spec/defines/server/grant_spec.rb b/spec/defines/server/grant_spec.rb
@@ -384,4 +384,30 @@ class {'postgresql::server':}
       it { is_expected.to compile.and_raise_error(%r{parameter 'object_name' variant 0 expects size to be 2, got 3}) }
     end
   end
+
+  context 'with specific schema name only if object exists' do
+    let :params do
+      {
+        db: 'test',
+        role: 'test',
+        privilege: 'all',
+        object_name: ['myschema', 'mytable'],
+        object_type: 'table',
+        onlyif_exists: true,
+      }
+    end
+
+    let :pre_condition do
+      "class {'postgresql::server':}"
+    end
+
+    it { is_expected.to compile.with_all_deps }
+    it { is_expected.to contain_postgresql__server__grant('test') }
+    it do
+      is_expected.to contain_postgresql_psql('grant:test')
+        .with_command(%r{GRANT ALL ON TABLE "myschema"."mytable" TO\s* "test"}m)
+        .with_unless(%r{SELECT 1 WHERE has_table_privilege\('test',\s*'myschema.mytable', 'INSERT'\)}m)
+        .with_onlyif(%r{SELECT true FROM pg_tables WHERE tablename = 'mytable'}m)
+    end
+  end
 end

Original file line number	Diff line number	Diff line change
`@@ -425,6 +425,8 @@`
`425`	`425`	`}`
`426`	`426`	`# Never put double quotes into has_*_privilege function`
`427`	`427`	`$_granted_object = join($_object_name, '.')`
	`428`	`+ # pg_* views does not contain schema name as part of the object name`
	`429`	`+ $_togrant_object_only = $_object_name[1]`
`428`	`430`	`}`
`429`	`431`	`default: {`
`430`	`432`	`$_granted_object = $_object_name`
`@@ -445,10 +447,10 @@`
`445`	`447`	`}`
`446`	`448`
`447`	`449`	`$_onlyif = $onlyif_function ? {`
`448`		`- 'table_exists' => "SELECT true FROM pg_tables WHERE tablename = '${_togrant_object}'",`
`449`		`- 'language_exists' => "SELECT true from pg_language WHERE lanname = '${_togrant_object}'",`
	`450`	`+ 'table_exists' => "SELECT true FROM pg_tables WHERE tablename = '${_togrant_object_only}'",`
	`451`	`+ 'language_exists' => "SELECT true from pg_language WHERE lanname = '${_togrant_object_only}}'",`
`450`	`452`	`'role_exists' => "SELECT 1 FROM pg_roles WHERE rolname = '${role}' or '${role}' = 'PUBLIC'",`
`451`		`- 'function_exists' => "SELECT true FROM pg_proc WHERE (oid::regprocedure)::text = '${_togrant_object}${arguments}'",`
	`453`	`+ 'function_exists' => "SELECT true FROM pg_proc WHERE (oid::regprocedure)::text = '${_togrant_object_only}}${arguments}'",`
`452`	`454`	`default => undef,`
`453`	`455`	`}`
`454`	`456`