feat(postgresql/role): set ADMIN option when creating a role

Author: cryptobioz

internal/controller/postgresrole_controller_test.go

@@ -198,7 +198,7 @@ var _ = Describe("PostgresRole Controller", func() {
 									"rolbypassrls",
 								}).
 									AddRow(
-										"myrole",
+										"operator",
 										true,
 										true,
 										true,
@@ -209,7 +209,7 @@ var _ = Describe("PostgresRole Controller", func() {
 									),
 							)
 
-						pgpoolsMock["default"].ExpectExec(fmt.Sprintf("^%s '.*'$", regexp.QuoteMeta(`CREATE ROLE "myrole" WITH CREATEROLE CREATEDB PASSWORD`))).
+						pgpoolsMock["default"].ExpectExec(fmt.Sprintf("^%s '.*' ADMIN \"operator\"$", regexp.QuoteMeta(`CREATE ROLE "myrole" WITH CREATEROLE CREATEDB PASSWORD`))).
 							WillReturnResult(pgxmock.NewResult("CREATE ROLE", 1))
 						pgpoolsMock["default"].ExpectQuery(fmt.Sprintf("^%s$", regexp.QuoteMeta(postgresql.GetRoleMembershipStatement))).
 							WithArgs("myrole").
@@ -373,7 +373,7 @@ var _ = Describe("PostgresRole Controller", func() {
 									"rolbypassrls",
 								}).
 									AddRow(
-										"myrole",
+										"operator",
 										true,
 										true,
 										true,
@@ -384,7 +384,7 @@ var _ = Describe("PostgresRole Controller", func() {
 									),
 							)
 
-						pgpoolsMock["default"].ExpectExec(fmt.Sprintf("^%s$", regexp.QuoteMeta(`CREATE ROLE "myrole" WITH CREATEROLE CREATEDB PASSWORD 'mypassword'`))).
+						pgpoolsMock["default"].ExpectExec(fmt.Sprintf("^%s$", regexp.QuoteMeta(`CREATE ROLE "myrole" WITH CREATEROLE CREATEDB PASSWORD 'mypassword' ADMIN "operator"`))).
 							WillReturnResult(pgxmock.NewResult("CREATE ROLE", 1))
 						pgpoolsMock["default"].ExpectQuery(fmt.Sprintf("^%s$", regexp.QuoteMeta(postgresql.GetRoleMembershipStatement))).
 							WithArgs("myrole").

internal/postgresql/role.go

@@ -58,6 +58,8 @@ func CreateRole(pgpool PGPoolInterface, operatorRole, role *Role) (err error) {
 		return err
 	}
 
+	options += fmt.Sprintf("ADMIN %s", pgx.Identifier{operatorRole.Name}.Sanitize())
+
 	_, err = pgpool.Exec(context.Background(), fmt.Sprintf("CREATE ROLE %s %s", sanitizedName, options))
 	if err != nil {
 		err = fmt.Errorf("pg exec failed: %s", err)

internal/postgresql/role_test.go

@@ -206,7 +206,7 @@ var _ = Describe("PostgreSQL Role", func() {
 
 	Context("Calling CreateRole", func() {
 		It("should create a role with the defined options and return no error", func() {
-			pgpoolMock.ExpectExec(fmt.Sprintf("^%s$", regexp.QuoteMeta(`CREATE ROLE "foo" WITH SUPERUSER CREATEROLE BYPASSRLS PASSWORD 'password'`))).
+			pgpoolMock.ExpectExec(fmt.Sprintf("^%s$", regexp.QuoteMeta(`CREATE ROLE "foo" WITH SUPERUSER CREATEROLE BYPASSRLS PASSWORD 'password' ADMIN "operator"`))).
 				WillReturnResult(pgxmock.NewResult("foo", 1))
 
 			role := Role{
@@ -219,7 +219,7 @@ var _ = Describe("PostgreSQL Role", func() {
 			}
 
 			operatorRole := Role{
-				Name:        "postgres",
+				Name:        "operator",
 				SuperUser:   true,
 				Inherit:     true,
 				CreateRole:  true,
@@ -238,7 +238,7 @@ var _ = Describe("PostgreSQL Role", func() {
 		})
 
 		It("should return an error if the PostgreSQL request failed", func() {
-			pgpoolMock.ExpectExec(fmt.Sprintf("^%s$", regexp.QuoteMeta(`CREATE ROLE "foo" WITH INHERIT CREATEDB LOGIN REPLICATION`))).
+			pgpoolMock.ExpectExec(fmt.Sprintf("^%s$", regexp.QuoteMeta(`CREATE ROLE "foo" WITH INHERIT CREATEDB LOGIN REPLICATION ADMIN "operator"`))).
 				WillReturnError(fmt.Errorf("fake error from PostgreSQL"))
 
 			role := Role{
@@ -250,7 +250,7 @@ var _ = Describe("PostgreSQL Role", func() {
 			}
 
 			operatorRole := Role{
-				Name:        "postgres",
+				Name:        "operator",
 				SuperUser:   true,
 				Inherit:     true,
 				CreateRole:  true,