diff --git a/changelog/18632.txt b/changelog/18632.txt new file mode 100644 index 000000000..535961367 --- /dev/null +++ b/changelog/18632.txt @@ -0,0 +1,3 @@ +```release-note:improvement +database/postgres: Support multiline strings for revocation statements. +``` diff --git a/plugins/database/postgresql/postgresql.go b/plugins/database/postgresql/postgresql.go index c76558350..6a350212c 100644 --- a/plugins/database/postgresql/postgresql.go +++ b/plugins/database/postgresql/postgresql.go @@ -338,6 +338,17 @@ func (p *PostgreSQL) customDeleteUser(ctx context.Context, username string, revo }() for _, stmt := range revocationStmts { + if containsMultilineStatement(stmt) { + // Execute it as-is. + m := map[string]string{ + "name": username, + "username": username, + } + if err := dbtxn.ExecuteTxQueryDirect(ctx, tx, m, stmt); err != nil { + return err + } + continue + } for _, query := range strutil.ParseArbitraryStringSlice(stmt, ";") { query = strings.TrimSpace(query) if len(query) == 0 { diff --git a/plugins/database/postgresql/postgresql_test.go b/plugins/database/postgresql/postgresql_test.go index 86e938228..8a9cbeb39 100644 --- a/plugins/database/postgresql/postgresql_test.go +++ b/plugins/database/postgresql/postgresql_test.go @@ -588,6 +588,19 @@ func TestDeleteUser(t *testing.T) { // Wait for a short time before checking because postgres takes a moment to finish deleting the user credsAssertion: assertCredsExistAfter(100 * time.Millisecond), }, + "multiline": { + revokeStmts: []string{` + DO $$ BEGIN + REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM "{{username}}"; + REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public FROM "{{username}}"; + REVOKE USAGE ON SCHEMA public FROM "{{username}}"; + DROP ROLE IF EXISTS "{{username}}"; + END $$; + `}, + expectErr: false, + // Wait for a short time before checking because postgres takes a moment to finish deleting the user + credsAssertion: waitUntilCredsDoNotExist(2 * time.Second), + }, } // Shared test container for speed - there should not be any overlap between the tests