db plugin: support multiline revoke stmt in postgres (#18632)

* db plugin: support multiline revoke stmt in postgres

* add changelong

changelog/18632.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+database/postgres: Support multiline strings for revocation statements.
+```

plugins/database/postgresql/postgresql.go

@@ -338,6 +338,17 @@ func (p *PostgreSQL) customDeleteUser(ctx context.Context, username string, revo
 	}()
 
 	for _, stmt := range revocationStmts {
+		if containsMultilineStatement(stmt) {
+			// Execute it as-is.
+			m := map[string]string{
+				"name":     username,
+				"username": username,
+			}
+			if err := dbtxn.ExecuteTxQueryDirect(ctx, tx, m, stmt); err != nil {
+				return err
+			}
+			continue
+		}
 		for _, query := range strutil.ParseArbitraryStringSlice(stmt, ";") {
 			query = strings.TrimSpace(query)
 			if len(query) == 0 {

plugins/database/postgresql/postgresql_test.go

@@ -588,6 +588,19 @@ func TestDeleteUser(t *testing.T) {
 			// Wait for a short time before checking because postgres takes a moment to finish deleting the user
 			credsAssertion: assertCredsExistAfter(100 * time.Millisecond),
 		},
+		"multiline": {
+			revokeStmts: []string{`
+				DO $$ BEGIN
+					REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM "{{username}}";
+					REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public FROM "{{username}}";
+					REVOKE USAGE ON SCHEMA public FROM "{{username}}";
+					DROP ROLE IF EXISTS "{{username}}";
+				END $$;
+				`},
+			expectErr: false,
+			// Wait for a short time before checking because postgres takes a moment to finish deleting the user
+			credsAssertion: waitUntilCredsDoNotExist(2 * time.Second),
+		},
 	}
 
 	// Shared test container for speed - there should not be any overlap between the tests