From 1cd23f1fdee389d8b72a69452703b1bd53b3b5a3 Mon Sep 17 00:00:00 2001
From: Josh Souza <josh.souza@greenhouse.io>
Date: Tue, 20 Jun 2023 12:46:52 -0700
Subject: [PATCH] Bypass role grant logic for `pg_database_owner` role

See issue #301. This appears to solve the issue, but may have unanticipated side-effects.
---
 postgresql/helpers.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/postgresql/helpers.go b/postgresql/helpers.go
index a11103d2..da167284 100644
--- a/postgresql/helpers.go
+++ b/postgresql/helpers.go
@@ -149,6 +149,11 @@ func withRolesGranted(txn *sql.Tx, roles []string, fn func() error) error {
 	var revokedRoles []string
 
 	for _, role := range roles {
+		// The `pg_database_owner` role (https://www.postgresql.org/docs/current/predefined-roles.html)
+		// Is a built-in role in PG 14 and later that cannot be manipulated with the below logic
+		if role == "pg_database_owner" {
+			continue
+		}
 		// We need to check if the role we want to grant is a superuser
 		// in this case Postgres disallows to grant it to a current user which is not superuser.
 		superuser, err := isSuperuser(txn, role)