Support grants and revokes for PUBLIC pseudo role

Author: mtancoigne

manifests/server/grant.pp

@@ -53,12 +53,16 @@
     default: {
       # default is 'present'
       $sql_command = 'GRANT %s ON %s "%s%s" TO "%s"'
+      $sql_command_public = 'GRANT %s ON %s "%s%s" TO PUBLIC'
       $sql_command_unquoted = 'GRANT %s ON %s %s%s TO "%s"'
+      $sql_command_unquoted_public = 'GRANT %s ON %s %s%s TO PUBLIC'
       $unless_is = true
     }
     'absent': {
       $sql_command = 'REVOKE %s ON %s "%s%s" FROM "%s"'
+      $sql_command_public = 'REVOKE %s ON %s "%s%s" FROM PUBLIC'
       $sql_command_unquoted = 'REVOKE %s ON %s %s%s FROM "%s"'
+      $sql_command_unquoted_public = 'REVOKE %s ON %s %s%s FROM PUBLIC'
       $unless_is = false
     }
   }
@@ -452,9 +456,20 @@
     default           => undef,
   }
 
-  $grant_cmd = $_enquote_object ? {
-    false   => sprintf($sql_command_unquoted, $_privilege, $_object_type, $_togrant_object, $arguments, $role),
-    default => sprintf($sql_command, $_privilege, $_object_type, $_togrant_object, $arguments, $role),
+  case $role {
+    default: {
+      $grant_cmd = $_enquote_object ? {
+        false   => sprintf($sql_command_unquoted, $_privilege, $_object_type, $_togrant_object, $arguments, $role),
+        default => sprintf($sql_command, $_privilege, $_object_type, $_togrant_object, $arguments, $role),
+      }
+    }
+    'PUBLIC': {
+      # For internal PUBLIC role, we do not want to quote it
+      $grant_cmd = $_enquote_object ? {
+        false   => sprintf($sql_command_unquoted_public, $_privilege, $_object_type, $_togrant_object, $arguments, $role),
+        default => sprintf($sql_command_public, $_privilege, $_object_type, $_togrant_object, $arguments, $role),
+      }
+    }
   }
 
   postgresql_psql { "grant:${name}":