Postgres grant fails using postgres_privileges.present state module after revoking the existing privileges

[varun-uc]

Description of Issue/Question

The postgres_privileges module throws error when checking privileges: https://github.com/saltstack/salt/blob/develop/salt/modules/postgres.py#L2698

Set permission for user fails after revoking all the privileges from the user. Set permission works fine when run for the first time and if tried to set permission after revoking privileges, it fails to set permissions.

Setup

Ubuntu 18.04.1 LTS server running salt-minion 2018.3.3 (Oxygen)

sls file to create user:

create_pg_user_accounts:
  postgres_user.present:
    - name: accounts
    - password: ******
    - encrypted: True
    - user: postgres
    - createdb: True
    - login: True

set_table_permission_accounts_accounts_db:

  postgres_privileges.present:
    - name: {{ salt[‘pillar.get’](‘db:name’, ’ accounts) }}
    - object_name: {{ salt[‘pillar.get’](‘db:table’, ’ sample1’) }}
    - object_type: table
    - privileges:
      - SELECT
      - INSERT
      - UPDATE
      - DELETE
    - prepend: public
    - maintenance_db: accounts_db

After setting table permissions for the user tried to revoke permissions which worked fine and again tried to set table permission which when got the following error. Query that ran to revoke permission and drop user:

Revoke permission query: Comment: Running Postgres query:

psql -d accounts_db -c "REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM accounts;"

psql -d accounts_db -c "ALTER DEFAULT PRIVILEGES FOR ROLE accounts IN SCHEMA public REVOKE ALL PRIVILEGES ON TABLES FROM accounts;"

psql -d accounts_db -c "REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public FROM accounts;"

psql -d accounts_db -c "ALTER DEFAULT PRIVILEGES FOR ROLE accounts IN SCHEMA public REVOKE ALL PRIVILEGES ON SEQUENCES FROM accounts;"

Drop User Query:

     ID: drop_user_accounts
Function: cmd.run
    Name: psql -c "DROP USER IF EXISTS accounts;"
  Result: True
 Comment: Command "psql -c "DROP USER IF EXISTS accounts;"" run

Steps to Reproduce Issue

1) Create a database and create sample tables in it. 2) Run sls file to set table permissions for a user (works fine for the first time). Once done revoking all privileges from the user.

After Revoking Permissions:

accounts_db=# \dp

                                         Access privileges
 Schema |      Name      |   Type   |       Access privileges        | Column privileges | Policies 
--------+----------------+----------+--------------------------------+-------------------+----------
 public | sample1        | table    |                               +|                   | 
        |                |          |                                |                   | 
 public | sample1_id_seq | sequence |                               +|                   | 
        |                |          |                                |                   |

accounts_db=# \ddp

          Default access privileges
 Owner | Schema | Type | Access privileges 
-------+--------+------+-------------------
(0 rows)

3) Again run the sls file to set table permission for the user. (Tested on both PostgreSQL 10 and PostgreSQL 11 however got same error)

The below example output was obtained when executed the 3rd step

----------
          ID: set_permission_accounts_accounts_db_sample1
    Function: postgres_privileges.present
        Name: accounts
      Result: False
     Comment: An exception occurred in this state: Traceback (most recent call last):
                File "/usr/lib/python3/dist-packages/salt/state.py", line 1913, in call
                  **cdata['kwargs'])
                File "/usr/lib/python3/dist-packages/salt/loader.py", line 1898, in wrapper
                  return f(*args, **kwargs)
                File "/usr/lib/python3/dist-packages/salt/states/postgres_privileges.py", line 182, in present
                  name, object_name, object_type, **kwargs):
                File "/usr/lib/python3/dist-packages/salt/modules/postgres.py", line 2842, in has_privileges
                  password=password, runas=runas)
                File "/usr/lib/python3/dist-packages/salt/modules/postgres.py", line 2728, in privileges_list
                  perms_part, _ = part.split('/')
              ValueError: not enough values to unpack (expected 2, got 1)
     Started: 12:48:39.189418
    Duration: 217.772 ms
     Changes:   
----------

Versions Report

Salt master is running 2018.3.3 with Python 3 on Ubuntu 18.04.1 LTS salt-call --versions-report

Salt Version:
           Salt: 2018.3.3

Dependency Versions:
           cffi: Not Installed
       cherrypy: 8.9.1
       dateutil: 2.7.5
      docker-py: Not Installed
          gitdb: 2.0.3
      gitpython: 2.1.8
          ioflo: Not Installed
         Jinja2: 2.10
        libgit2: Not Installed
        libnacl: Not Installed
       M2Crypto: Not Installed
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.5.6
   mysql-python: 1.3.12
      pycparser: Not Installed
       pycrypto: 2.6.1
   pycryptodome: Not Installed
         pygit2: Not Installed
         Python: 3.6.7 (default, Oct 22 2018, 11:32:17)
   python-gnupg: 0.4.1
         PyYAML: 3.12
          PyZMQ: 16.0.4
           RAET: Not Installed
          smmap: 2.0.3
        timelib: Not Installed
        Tornado: 4.5.3
            ZMQ: 4.1.6

System Versions:
           dist: Ubuntu 18.04 bionic
         locale: UTF-8
        machine: x86_64
        release: 4.15.0-1031-aws
         system: Linux
        version: Ubuntu 18.04 bionic

salt-master --versions-report

Salt Version:
           Salt: 2018.3.3

Dependency Versions:
           cffi: Not Installed
       cherrypy: 8.9.1
       dateutil: 2.7.5
      docker-py: Not Installed
          gitdb: 2.0.3
      gitpython: 2.1.8
          ioflo: Not Installed
         Jinja2: 2.10
        libgit2: Not Installed
        libnacl: Not Installed
       M2Crypto: Not Installed
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.5.6
   mysql-python: 1.3.12
      pycparser: Not Installed
       pycrypto: 2.6.1
   pycryptodome: Not Installed
         pygit2: Not Installed
         Python: 3.6.7 (default, Oct 22 2018, 11:32:17)
   python-gnupg: 0.4.1
         PyYAML: 3.12
          PyZMQ: 16.0.4
           RAET: Not Installed
          smmap: 2.0.3
        timelib: Not Installed
        Tornado: 4.5.3
            ZMQ: 4.1.6

System Versions:
           dist: Ubuntu 18.04 bionic
         locale: UTF-8
        machine: x86_64
        release: 4.15.0-1031-aws
         system: Linux
        version: Ubuntu 18.04 bionic

salt-minion --versions-report

Salt Version:
           Salt: 2018.3.3

Dependency Versions:
           cffi: Not Installed
       cherrypy: 8.9.1
       dateutil: 2.7.5
      docker-py: Not Installed
          gitdb: 2.0.3
      gitpython: 2.1.8
          ioflo: Not Installed
         Jinja2: 2.10
        libgit2: Not Installed
        libnacl: Not Installed
       M2Crypto: Not Installed
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.5.6
   mysql-python: 1.3.12
      pycparser: Not Installed
       pycrypto: 2.6.1
   pycryptodome: Not Installed
         pygit2: Not Installed
         Python: 3.6.7 (default, Oct 22 2018, 11:32:17)
   python-gnupg: 0.4.1
         PyYAML: 3.12
          PyZMQ: 16.0.4
           RAET: Not Installed
          smmap: 2.0.3
        timelib: Not Installed
        Tornado: 4.5.3
            ZMQ: 4.1.6

System Versions:
           dist: Ubuntu 18.04 bionic
         locale: UTF-8
        machine: x86_64
        release: 4.15.0-1031-aws
         system: Linux
        version: Ubuntu 18.04 bionic

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

[stale[bot]]

Thank you for updating this issue. It is no longer marked as stale.