[DPE-7500] Create catalog/database level roles

[marceloneppel]

Issue

Catalog/database level roles ({database-name}_admin and {database-name}_owner) are missing to complete what was specified at DA169 - Predefined roles in Postgres.

Solution

Create catalog/database level roles described at DA169 - Predefined roles in Postgres.

Create the charmed_databases_owner role, which allows the relation users requesting it to be able to create new databases.

Enable the login hook (to auto escalate relation users to the {database-name}_owner user when they log in).

TODO: lib/charms/postgresql_k8s/v0/postgresql.py will be moved to lib/charms/postgresql_k8s/v1/postgresql.py in a next PR.

Checklist

• I have added or updated any relevant documentation.
• I have cleaned any remaining cloud resources from my accounts.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 70.23%. Comparing base (59e6ff2) to head (32663cb).
Report is 1 commits behind head on 16/edge.

Additional details and impacted files

@@           Coverage Diff            @@
##           16/edge     #921   +/-   ##
========================================
  Coverage    70.23%   70.23%           
========================================
  Files           16       16           
  Lines         3723     3723           
  Branches       541      541           
========================================
  Hits          2615     2615           
  Misses         974      974           
  Partials       134      134           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[marceloneppel]

This is needed because the relation user is now auto escalated to the {database-name}_owner user, which is not part of the charmed_read role (only the relation user is).

[marceloneppel]

The big logic from this function is mostly to allow retesting in the same model (by resetting to the roles from the beginning of the first test).

[marceloneppel]

Way to check if the relation still exists (and avoid situations where we removed it and it's still alive when trying to re-relate).

[marceloneppel]

Just renaming to be clear on which types of predefined roles we are creating at this moment (i.e. the ones introduced by #881).

[marceloneppel]

This is needed because the relation user is now auto escalated to the {database-name}_owner user, which is not part of the charmed_dba role (only the relation user is).

[marceloneppel]

The order of the calls was changed here because the catalog/database level roles are created along with the database, and we need to pass the {database-name}_admin to the user creation method.

[marceloneppel]

Now, the {database-name}_owner owns all the objects in the database.

[marceloneppel]

Moved to the set_up_predefined_catalog_roles database function, so the right permissions are set to the charmed_dba role in every database.

[marceloneppel]

This part of the code is used to give the {database-name}_admin role to the relation user, so they can escalate to the {database-name}_owner user in a database that was created by themselves (through the charmed_databases_owner extra user role).

[taurus-forever]

The code is LGTM, but the PostgreSQL roles itself requires extensive testing... I am not filling 100% confident in complex deployments (async, pgbouncer, etc).

Open for testing in 16/edge, LGTM for merging. Thank you for this incredible work done!!!