From 8507b3f98d0cd5042f368d29dace16aa20c2e3f4 Mon Sep 17 00:00:00 2001
From: JM Faircloth <jmfaircloth@hashicorp.com>
Date: Mon, 9 Jan 2023 09:56:46 -0600
Subject: [PATCH 1/2] db plugin: support multiline revoke stmt in postgres

---
 plugins/database/postgresql/postgresql.go      | 11 +++++++++++
 plugins/database/postgresql/postgresql_test.go | 13 +++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/plugins/database/postgresql/postgresql.go b/plugins/database/postgresql/postgresql.go
index c76558350586..6a350212c5f5 100644
--- a/plugins/database/postgresql/postgresql.go
+++ b/plugins/database/postgresql/postgresql.go
@@ -338,6 +338,17 @@ func (p *PostgreSQL) customDeleteUser(ctx context.Context, username string, revo
 	}()
 
 	for _, stmt := range revocationStmts {
+		if containsMultilineStatement(stmt) {
+			// Execute it as-is.
+			m := map[string]string{
+				"name":     username,
+				"username": username,
+			}
+			if err := dbtxn.ExecuteTxQueryDirect(ctx, tx, m, stmt); err != nil {
+				return err
+			}
+			continue
+		}
 		for _, query := range strutil.ParseArbitraryStringSlice(stmt, ";") {
 			query = strings.TrimSpace(query)
 			if len(query) == 0 {
diff --git a/plugins/database/postgresql/postgresql_test.go b/plugins/database/postgresql/postgresql_test.go
index 86e93822889b..8a9cbeb39ba9 100644
--- a/plugins/database/postgresql/postgresql_test.go
+++ b/plugins/database/postgresql/postgresql_test.go
@@ -588,6 +588,19 @@ func TestDeleteUser(t *testing.T) {
 			// Wait for a short time before checking because postgres takes a moment to finish deleting the user
 			credsAssertion: assertCredsExistAfter(100 * time.Millisecond),
 		},
+		"multiline": {
+			revokeStmts: []string{`
+				DO $$ BEGIN
+					REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM "{{username}}";
+					REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public FROM "{{username}}";
+					REVOKE USAGE ON SCHEMA public FROM "{{username}}";
+					DROP ROLE IF EXISTS "{{username}}";
+				END $$;
+				`},
+			expectErr: false,
+			// Wait for a short time before checking because postgres takes a moment to finish deleting the user
+			credsAssertion: waitUntilCredsDoNotExist(2 * time.Second),
+		},
 	}
 
 	// Shared test container for speed - there should not be any overlap between the tests

From 37f3f537a6b24eb509dd081e12e275e04185d5a0 Mon Sep 17 00:00:00 2001
From: JM Faircloth <jmfaircloth@hashicorp.com>
Date: Mon, 9 Jan 2023 10:00:17 -0600
Subject: [PATCH 2/2] add changelong

---
 changelog/18632.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 changelog/18632.txt

diff --git a/changelog/18632.txt b/changelog/18632.txt
new file mode 100644
index 000000000000..535961367a3a
--- /dev/null
+++ b/changelog/18632.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+database/postgres: Support multiline strings for revocation statements.
+```