fix(engine): by default, dump only databases to which user have access

Author: agneum

Diff for: engine/.golangci.yml

@@ -82,7 +82,7 @@ linters:
     - megacheck
     - misspell
     - prealloc
-#    - revive # temporarily disabled: https://gitlab.com/postgres-ai/database-lab/-/merge_requests/498
+    - revive
     - structcheck
     - stylecheck
     - unconvert

Diff for: engine/internal/retrieval/engine/postgres/logical/dump.go

@@ -117,7 +117,7 @@ type dumper interface {
 	SetConnectionOptions(context.Context, *Connection) error
 
 	// GetDatabaseListQuery provides the query to get the list of databases for dumping.
-	GetDatabaseListQuery() string
+	GetDatabaseListQuery(username string) string
 }
 
 // Connection provides connection options.
@@ -379,7 +379,7 @@ func (d *DumpJob) getDBList(ctx context.Context) (map[string]DumpDefinition, err
 		return nil, fmt.Errorf("failed to connect to DB: %w", err)
 	}
 
-	rows, err := querier.Query(ctx, d.dumper.GetDatabaseListQuery())
+	rows, err := querier.Query(ctx, d.dumper.GetDatabaseListQuery(d.config.db.Username))
 	if err != nil {
 		return nil, fmt.Errorf("failed to perform query listing databases: %w", err)
 	}

Diff for: engine/internal/retrieval/engine/postgres/logical/dump_default.go

@@ -6,6 +6,7 @@ package logical
 
 import (
 	"context"
+	"fmt"
 )
 
 type defaultDumper struct {
@@ -25,6 +26,7 @@ func (d *defaultDumper) SetConnectionOptions(_ context.Context, c *Connection) e
 	return nil
 }
 
-func (d *defaultDumper) GetDatabaseListQuery() string {
-	return "select datname from pg_catalog.pg_database where not datistemplate"
+func (d *defaultDumper) GetDatabaseListQuery(username string) string {
+	return fmt.Sprintf(`select datname from pg_catalog.pg_database 
+	where not datistemplate and has_database_privilege('%s', datname, 'CONNECT')`, username)
 }

Diff for: engine/internal/retrieval/engine/postgres/logical/dump_rds.go

@@ -108,6 +108,7 @@ func (r *rdsDumper) SetConnectionOptions(ctx context.Context, c *Connection) err
 	return nil
 }
 
-func (r *rdsDumper) GetDatabaseListQuery() string {
-	return "select datname from pg_catalog.pg_database where not datistemplate"
+func (r *rdsDumper) GetDatabaseListQuery(username string) string {
+	return fmt.Sprintf(`select datname from pg_catalog.pg_database 
+	where not datistemplate and has_database_privilege('%s', datname, 'CONNECT')`, username)
 }