Treat rds_superuser_role as a superuser

This role was introduced in RDS for MySQL 8.0.36, and this role cannot be dropped See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.MasterAccounts.html
alphagov · Dec 2, 2024 · 11dc266 · 11dc266
1 parent 4ce1b3f
commit 11dc266
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/sqlengine/mysql_engine.go b/sqlengine/mysql_engine.go
@@ -230,9 +230,14 @@ func (d *MySQLEngine) ResetState() error {
 func (d *MySQLEngine) listNonSuperUsers(logger lager.Logger) ([]string, error) {
 	users := []string{}
 
-	rows, err := d.db.Query(
-		"SELECT User FROM mysql.user WHERE Super_priv != 'Y' AND Host = '%' AND User != SUBSTRING_INDEX(CURRENT_USER(), '@', 1)",
-	)
+	rows, err := d.db.Query(`
+		SELECT User
+		FROM mysql.user
+		WHERE Super_priv != 'Y'
+			AND Host = '%'
+			AND User != SUBSTRING_INDEX(CURRENT_USER(), '@', 1)
+			AND User != 'rds_superuser_role'
+	`)
 	if err != nil {
 		logger.Error("sql-error", err)
 		return nil, err