UnboundLocalError: local variable 'objs' referenced before assignment

[hexwit]

SUMMARY

When executing task that should define default privileges I get an exception.

ISSUE TYPE

• Bug Report

COMPONENT NAME

• community.postgresql.postgresql_privs module
• type: default_privs

ANSIBLE VERSION

ansible 2.10.4
  config file = ansible.cfg
  configured module search path = ['~/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/2.10.5/libexec/lib/python3.9/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.9.1 (default, Jan  8 2021, 17:17:17) [Clang 12.0.0 (clang-1200.0.32.28)]

COLLECTION VERSION

community.postgresql 2.3.1

CONFIGURATION

DEFAULT_SCP_IF_SSH(ansible.cfg) = True

OS / ENVIRONMENT

• playbook execution: MacOS Catalina
• target host: Debian 11 (with postgresql-15 and python3-psycopg2)

STEPS TO REPRODUCE

Preconditions:

• database exists
• roles exists

Execute following task:

-   name: "Define default CRUD privileges"
    community.postgresql.postgresql_privs:
        database: "some_db"
        type: default_privs
        objs: ALL_IN_SCHEMA
        privs: SELECT,INSERT,UPDATE,DELETE,EXECUTE
        schema: public
        role: "target_role"
        login_host: "localhost"
        login_user: "some_login_user"
        login_password: "some_login_password"

EXPECTED RESULTS

Default privileges for specified role refined.

ACTUAL RESULTS

Exception is thrown.

{"changed": false, "module_stderr": "/tmp/ansible_community.postgresql.postgresql_privs_payload_ljebxmcs/ansible_community.postgresql.postgresql_privs_payload.zip/ansible_collections/community/postgresql/plugins/modules/postgresql_privs.py\", line 1225, in main\r\nUnboundLocalError: local variable 'objs' referenced before assignment\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

[Andersson007]

@hexwit hi, thanks for reporting the issue!
Has this started happening after update or it's unrelated?

[Andersson007]

@hexwit @hunleyd i investigated the code and the doc a bit (@hunleyd i don't think it's related to that recent fix).
I think the issue is with the combination of type: default_privs and objs: ALL_IN_SCHEMA.
In the doc it's written:

  55   objs:
  56     description:
  57     - Comma separated list of database objects to set privileges on.
  58     - If I(type) is C(table), C(partition table), C(sequence), C(function) or C(procedure),
  59       the special value C(ALL_IN_SCHEMA) can be provided instead to specify all
  60       database objects of I(type) in the schema specified via I(schema).
  61       (This also works with PostgreSQL < 9.0.) (C(ALL_IN_SCHEMA) is available
  62        for C(function) and C(partition table) since Ansible 2.8).

So, from this piece, we can see that ALL_IN_SCHEMA can be used only with types: table, partition table, sequence, function and procedure and that's it.

In the code, we can see:

1156         if p.objs == 'ALL_IN_SCHEMA':
1157             if p.type == 'table':
1158                 objs = conn.get_all_tables_in_schema(p.schema)
1159             elif p.type == 'sequence':
1160                 objs = conn.get_all_sequences_in_schema(p.schema)
1161             elif p.type == 'function':
1162                 objs = conn.get_all_functions_in_schema(p.schema)
1163             elif p.type == 'procedure':
1164                 objs = conn.get_all_procedures_in_schema(p.schema)
1165 
1166             if conn.pg_version >= 90000:
1167                 if p.type == 'table':
1168                     orig_objs = 'ALL TABLES IN SCHEMA'
1169                 elif p.type == 'sequence':
1170                     orig_objs = 'ALL SEQUENCES IN SCHEMA'
1171                 elif p.type == 'function':
1172                     orig_objs = 'ALL FUNCTIONS IN SCHEMA'
1173                 elif p.type == 'procedure':
1174                     orig_objs = 'ALL PROCEDURES IN SCHEMA'
1175 
1176         elif p.type == 'default_privs':
1177             if p.objs == 'ALL_DEFAULT':
1178                 VALID_DEFAULT_OBJS.pop('SCHEMAS')
1179                 objs = frozenset(VALID_DEFAULT_OBJS.keys())
1180             else:
1181                 objs = frozenset(obj.upper() for obj in p.objs.split(','))

Looks like ALL_IN_SCHEMA and default_privs are kind of mutually exclusive as if the first is specified, the latter will not be executed. It's old code.
Could you folks as users help figure out if it makes sense or not? In particular, if we must use the module as described in the doc I quoted above?

Waiting for your feedback

[Andersson007]

If it makes sense, i created a PR #380 along the way when troubleshooting. Please take a look. If it does not make sense, we'll close the PR.

[hunleyd]

from the pg docs:

Currently, only the privileges for schemas, tables (including views and foreign tables), sequences, functions, and types (including domains) can be altered.
so it sounds like you're reading is correct.

[Andersson007]

@hunleyd yep, saw the same, it gave me a bit of confidence to submit the PR:)

[Andersson007]

@hexwit thanks for reporting the issue! It'll raise much clearer error, so less pain for users!
@hunleyd thanks for reviewing and approving the PR!