- name: fail if script is not an object
  fail:
    msg: script must be an object
  when: script is not mapping


- name: create temporary file on postgres for holding the script
  tempfile:
    state: file
  register: tf

- name: upload script
  copy:
    content: "{{ script.text }}"
    dest: "{{ tf.path }}"
    force: yes

- name: execute script
  community.postgresql.postgresql_query:
    db: "{{ script.database | mandatory }}"
    path_to_script: "{{ tf.path }}"
    as_single_query: "{{ script.as_single_query | d(false) }}"

- name: remove temp script
  file:
    path: "{{ tf.path }}"
    state: absent


- block:
  - name: grant privileges to all tables
    community.postgresql.postgresql_privs:
      database: "{{ script.database }}"
      privs: ALL
      type: table
      objs: ALL_IN_SCHEMA
      role: "{{ script.user }}"

  - name: grant privileges to all sequences
    community.postgresql.postgresql_privs:
      database: "{{ script.database }}"
      privs: ALL
      type: sequence
      objs: ALL_IN_SCHEMA
      role: "{{ script.user }}"

  when: script.refresh_privs | d(false) == true