Use postgres-user to reassign ownership

Co-authored-by: Trong Nguyen <[email protected]>

Author: mortenlj

cmd/promote/main.go

@@ -99,15 +99,15 @@ func main() {
 		os.Exit(12)
 	}
 
-	certPaths, err := instance.CreateSslCert(ctx, cfg, mgr, target.Name, &target.SslCert)
+	certPaths, err := database.PrepareTargetDatabase(ctx, cfg, target, gcpProject, mgr)
 	if err != nil {
-		mgr.Logger.Error("failed to create ssl certificate", "error", err)
+		mgr.Logger.Error("failed to prepare target database", "error", err)
 		os.Exit(13)
 	}
 
-	err = database.ChangeOwnership(ctx, mgr, target, "postgres", certPaths)
+	err = database.ChangeOwnership(ctx, mgr, target, config.PostgresDatabaseName, certPaths)
 	if err != nil {
-		mgr.Logger.Error("failed to change ownership for database", "databaseName", "postgres", "error", err)
+		mgr.Logger.Error("failed to change ownership for database", "databaseName", config.PostgresDatabaseName, "error", err)
 		os.Exit(14)
 	}
 

cmd/setup/main.go

@@ -115,7 +115,7 @@ func main() {
 		os.Exit(15)
 	}
 
-	err = database.PrepareTargetDatabase(ctx, cfg, target, gcpProject, mgr)
+	_, err = database.PrepareTargetDatabase(ctx, cfg, target, gcpProject, mgr)
 	if err != nil {
 		mgr.Logger.Error("failed to prepare target database", "error", err)
 		os.Exit(16)

internal/pkg/database/database.go

@@ -96,17 +96,20 @@ func DeleteTargetDatabaseResource(ctx context.Context, cfg *config.Config, mgr *
 	return nil
 }
 
-func PrepareTargetDatabase(ctx context.Context, cfg *config.Config, target *resolved.Instance, gcpProject *resolved.GcpProject, mgr *common_main.Manager) error {
+func PrepareTargetDatabase(ctx context.Context, cfg *config.Config, target *resolved.Instance, gcpProject *resolved.GcpProject, mgr *common_main.Manager) (*instance.CertPaths, error) {
 	databasePassword := makePassword(cfg, mgr.Logger)
 	err := SetDatabasePassword(ctx, cfg.TargetInstance.Name, config.PostgresDatabaseUser, databasePassword, gcpProject, mgr)
 	if err != nil {
-		return err
+		return nil, err
 	}
 	target.PostgresPassword = databasePassword
 
-	_, err = instance.CreateSslCert(ctx, cfg, mgr, cfg.TargetInstance.Name, &target.SslCert)
+	certPaths, err := instance.CreateSslCert(ctx, cfg, mgr, cfg.TargetInstance.Name, &target.SslCert)
+	if err != nil {
+		return nil, err
+	}
 
-	return nil
+	return certPaths, nil
 }
 
 func makePassword(cfg *config.Config, logger *slog.Logger) string {
@@ -250,8 +253,8 @@ func ChangeOwnership(ctx context.Context, mgr *common_main.Manager, target *reso
 
 	dbConn, err := createConnection(
 		target.PrimaryIp,
-		target.AppUsername,
-		target.AppPassword,
+		config.PostgresDatabaseUser,
+		target.PostgresPassword,
 		databaseName,
 		certPaths.RootCertPath,
 		certPaths.KeyPath,
@@ -263,7 +266,7 @@ func ChangeOwnership(ctx context.Context, mgr *common_main.Manager, target *reso
 	}
 	defer dbConn.Close()
 
-	logger.Info("reassigning ownership from cloudsqlexternalsync to app user", "database", databaseName, "user", target.AppUsername)
+	logger.Info("reassigning ownership from cloudsqlexternalsync to cloudsqlsuperuser", "database", databaseName, "user", target.AppUsername)
 
 	_, err = dbConn.ExecContext(ctx, "REASSIGN OWNED BY cloudsqlexternalsync to cloudsqlsuperuser;")
 	if err != nil {