check if newOwner != azpg.user before granting the role

movetokube · Aug 29, 2024 · 2fcbed8 · 2fcbed8
1 parent 035c13a
commit 2fcbed8
Showing 1 changed file with 10 additions and 7 deletions.
diff --git a/pkg/postgres/azure.go b/pkg/postgres/azure.go
@@ -72,14 +72,17 @@ func (azpg *azurepg) DropRole(role, newOwner, database string, logger logr.Logge
 			}
 			return err
 		}
-		err = azpg.pg.GrantRole(newOwner, azpg.user)
-		if err != nil && err.(*pq.Error).Code != "0LP01" {
-			if err.(*pq.Error).Code == "42704" {
-				// The group role does not exist, no point of granting roles
-				logger.Info(fmt.Sprintf("not granting %s to %s as %s does not exist", role, newOwner, newOwner))
-				return nil
+
+		if newOwner != azpg.user {
+			err = azpg.pg.GrantRole(newOwner, azpg.user)
+			if err != nil && err.(*pq.Error).Code != "0LP01" {
+				if err.(*pq.Error).Code == "42704" {
+					// The group role does not exist, no point of granting roles
+					logger.Info(fmt.Sprintf("not granting %s to %s as %s does not exist", role, newOwner, newOwner))
+					return nil
+				}
+				return err
 			}
-			return err
 		}
 		defer azpg.pg.RevokeRole(newOwner, azpg.pg.user)