grant on databases with only identity sequences never runs

[mphilipps]

hi,
I'm not a postgres expert, but I think I found an issue with the unless check for grants with ALL SEQUENCES IN SCHEMA.

Describe the Bug

I wanted to have otherwise unprivileged user that can dump a database:

    postgresql::server::database_grant { "GRANT ${u} - CONNECT - ${d}":
      privilege => 'CONNECT',
      db        => $d,
      role      => $u
    }
    postgresql::server::grant{ "GRANT ${u} - SELECT - all tables ${d}":
      object_type => 'ALL TABLES IN SCHEMA',
      object_name => 'public',
      privilege   => 'SELECT',
      db          => $d,
      role        => $u
    }
    postgresql::server::grant{ "GRANT ${u} - SELECT - all sequences ${d}":
      object_type => 'ALL SEQUENCES IN SCHEMA',
      object_name => 'public',
      privilege   => 'SELECT',
      db          => $d,
      role        => $u
    }

This worked on one server, but would fail on others with a permission denied on a sequence.

While debugging the puppet run, I found the unless clause and discovered that it is using information_schema.sequences. This is a view that excludes pg_depend.deptype = 'i'::"char". This leads to the grant query never running if the database is only using identity sequences.

Expected Behavior

I would expect the postgresql::server::grant runs and grants the select permission on the sequence.

Steps to Reproduce

Puppet code from above with a database that has a table with something like id INT GENERATED ALWAYS AS IDENTITY.

Environment

• postgres 15
• puppetlabs-postgresql 9.1.1
• openvox 8.14.0
• Debian 11