Fix regression tests after the patch with CREATEROLE restrictions

Author: kelvich

src/test/regress/expected/create_role.out

@@ -24,24 +24,31 @@ CREATE ROLE regress_noiseword SYSID 12345;
 NOTICE:  SYSID can no longer be specified
 -- fail, cannot grant membership in superuser role
 CREATE ROLE regress_nosuch_super IN ROLE regress_role_super;
-ERROR:  must be superuser to alter superusers
+ERROR:  permission denied to grant role "regress_role_super"
+DETAIL:  Only roles with the SUPERUSER attribute may grant roles with the SUPERUSER attribute.
 -- fail, database owner cannot have members
 CREATE ROLE regress_nosuch_dbowner IN ROLE pg_database_owner;
 ERROR:  role "pg_database_owner" cannot have explicit members
 -- ok, can grant other users into a role
 CREATE ROLE regress_inroles ROLE
 	regress_role_super, regress_createdb, regress_createrole, regress_login,
 	regress_inherit, regress_connection_limit, regress_encrypted_password, regress_password_null;
+ERROR:  permission denied to grant role "regress_inroles"
+DETAIL:  Only roles with the ADMIN option on role "regress_inroles" may grant this role.
 -- fail, cannot grant a role into itself
 CREATE ROLE regress_nosuch_recursive ROLE regress_nosuch_recursive;
-ERROR:  role "regress_nosuch_recursive" is a member of role "regress_nosuch_recursive"
+ERROR:  permission denied to grant role "regress_nosuch_recursive"
+DETAIL:  Only roles with the ADMIN option on role "regress_nosuch_recursive" may grant this role.
 -- ok, can grant other users into a role with admin option
 CREATE ROLE regress_adminroles ADMIN
 	regress_role_super, regress_createdb, regress_createrole, regress_login,
 	regress_inherit, regress_connection_limit, regress_encrypted_password, regress_password_null;
+ERROR:  permission denied to grant role "regress_adminroles"
+DETAIL:  Only roles with the ADMIN option on role "regress_adminroles" may grant this role.
 -- fail, cannot grant a role into itself with admin option
 CREATE ROLE regress_nosuch_admin_recursive ADMIN regress_nosuch_admin_recursive;
-ERROR:  role "regress_nosuch_admin_recursive" is a member of role "regress_nosuch_admin_recursive"
+ERROR:  permission denied to grant role "regress_nosuch_admin_recursive"
+DETAIL:  Only roles with the ADMIN option on role "regress_nosuch_admin_recursive" may grant this role.
 -- fail, regress_createrole does not have CREATEDB privilege
 SET SESSION AUTHORIZATION regress_createrole;
 CREATE DATABASE regress_nosuch_db;
@@ -75,15 +82,35 @@ REASSIGN OWNED BY regress_tenant TO regress_createrole;
 ERROR:  permission denied to reassign objects
 -- ok, having CREATEROLE is enough to create roles in privileged roles
 CREATE ROLE regress_read_all_data IN ROLE pg_read_all_data;
+ERROR:  permission denied to grant role "pg_read_all_data"
+DETAIL:  Only roles with the ADMIN option on role "pg_read_all_data" may grant this role.
 CREATE ROLE regress_write_all_data IN ROLE pg_write_all_data;
+ERROR:  permission denied to grant role "pg_write_all_data"
+DETAIL:  Only roles with the ADMIN option on role "pg_write_all_data" may grant this role.
 CREATE ROLE regress_monitor IN ROLE pg_monitor;
+ERROR:  permission denied to grant role "pg_monitor"
+DETAIL:  Only roles with the ADMIN option on role "pg_monitor" may grant this role.
 CREATE ROLE regress_read_all_settings IN ROLE pg_read_all_settings;
+ERROR:  permission denied to grant role "pg_read_all_settings"
+DETAIL:  Only roles with the ADMIN option on role "pg_read_all_settings" may grant this role.
 CREATE ROLE regress_read_all_stats IN ROLE pg_read_all_stats;
+ERROR:  permission denied to grant role "pg_read_all_stats"
+DETAIL:  Only roles with the ADMIN option on role "pg_read_all_stats" may grant this role.
 CREATE ROLE regress_stat_scan_tables IN ROLE pg_stat_scan_tables;
+ERROR:  permission denied to grant role "pg_stat_scan_tables"
+DETAIL:  Only roles with the ADMIN option on role "pg_stat_scan_tables" may grant this role.
 CREATE ROLE regress_read_server_files IN ROLE pg_read_server_files;
+ERROR:  permission denied to grant role "pg_read_server_files"
+DETAIL:  Only roles with the ADMIN option on role "pg_read_server_files" may grant this role.
 CREATE ROLE regress_write_server_files IN ROLE pg_write_server_files;
+ERROR:  permission denied to grant role "pg_write_server_files"
+DETAIL:  Only roles with the ADMIN option on role "pg_write_server_files" may grant this role.
 CREATE ROLE regress_execute_server_program IN ROLE pg_execute_server_program;
+ERROR:  permission denied to grant role "pg_execute_server_program"
+DETAIL:  Only roles with the ADMIN option on role "pg_execute_server_program" may grant this role.
 CREATE ROLE regress_signal_backend IN ROLE pg_signal_backend;
+ERROR:  permission denied to grant role "pg_signal_backend"
+DETAIL:  Only roles with the ADMIN option on role "pg_signal_backend" may grant this role.
 -- fail, creation of these roles failed above so they do not now exist
 SET SESSION AUTHORIZATION regress_role_admin;
 DROP ROLE regress_nosuch_superuser;
@@ -113,18 +140,30 @@ DROP ROLE regress_encrypted_password;
 DROP ROLE regress_password_null;
 DROP ROLE regress_noiseword;
 DROP ROLE regress_inroles;
+ERROR:  role "regress_inroles" does not exist
 DROP ROLE regress_adminroles;
+ERROR:  role "regress_adminroles" does not exist
 DROP ROLE regress_rolecreator;
 DROP ROLE regress_read_all_data;
+ERROR:  role "regress_read_all_data" does not exist
 DROP ROLE regress_write_all_data;
+ERROR:  role "regress_write_all_data" does not exist
 DROP ROLE regress_monitor;
+ERROR:  role "regress_monitor" does not exist
 DROP ROLE regress_read_all_settings;
+ERROR:  role "regress_read_all_settings" does not exist
 DROP ROLE regress_read_all_stats;
+ERROR:  role "regress_read_all_stats" does not exist
 DROP ROLE regress_stat_scan_tables;
+ERROR:  role "regress_stat_scan_tables" does not exist
 DROP ROLE regress_read_server_files;
+ERROR:  role "regress_read_server_files" does not exist
 DROP ROLE regress_write_server_files;
+ERROR:  role "regress_write_server_files" does not exist
 DROP ROLE regress_execute_server_program;
+ERROR:  role "regress_execute_server_program" does not exist
 DROP ROLE regress_signal_backend;
+ERROR:  role "regress_signal_backend" does not exist
 -- fail, role still owns database objects
 DROP ROLE regress_tenant;
 ERROR:  role "regress_tenant" cannot be dropped because some objects depend on it

src/test/regress/expected/privileges.out

@@ -1679,7 +1679,8 @@ REFRESH MATERIALIZED VIEW sro_mv;
 ERROR:  cannot fire deferred trigger within security-restricted operation
 CONTEXT:  SQL function "mv_action" statement 1
 BEGIN; SET CONSTRAINTS ALL IMMEDIATE; REFRESH MATERIALIZED VIEW sro_mv; COMMIT;
-ERROR:  must have admin option on role "regress_priv_group2"
+ERROR:  permission denied to grant role "regress_priv_group2"
+DETAIL:  Only roles with the ADMIN option on role "regress_priv_group2" may grant this role.
 CONTEXT:  SQL function "unwanted_grant" statement 1
 SQL statement "SELECT unwanted_grant()"
 PL/pgSQL function sro_trojan() line 1 at PERFORM
@@ -1709,10 +1710,12 @@ CREATE FUNCTION dogrant_ok() RETURNS void LANGUAGE sql SECURITY DEFINER AS
 GRANT regress_priv_group2 TO regress_priv_user5; -- ok: had ADMIN OPTION
 SET ROLE regress_priv_group2;
 GRANT regress_priv_group2 TO regress_priv_user5; -- fails: SET ROLE suspended privilege
-ERROR:  must have admin option on role "regress_priv_group2"
+ERROR:  permission denied to grant role "regress_priv_group2"
+DETAIL:  Only roles with the ADMIN option on role "regress_priv_group2" may grant this role.
 SET SESSION AUTHORIZATION regress_priv_user1;
 GRANT regress_priv_group2 TO regress_priv_user5; -- fails: no ADMIN OPTION
-ERROR:  must have admin option on role "regress_priv_group2"
+ERROR:  permission denied to grant role "regress_priv_group2"
+DETAIL:  Only roles with the ADMIN option on role "regress_priv_group2" may grant this role.
 SELECT dogrant_ok();			-- ok: SECURITY DEFINER conveys ADMIN
 NOTICE:  role "regress_priv_user5" is already a member of role "regress_priv_group2"
  dogrant_ok 
@@ -1722,10 +1725,12 @@ NOTICE:  role "regress_priv_user5" is already a member of role "regress_priv_gro
 
 SET ROLE regress_priv_group2;
 GRANT regress_priv_group2 TO regress_priv_user5; -- fails: SET ROLE did not help
-ERROR:  must have admin option on role "regress_priv_group2"
+ERROR:  permission denied to grant role "regress_priv_group2"
+DETAIL:  Only roles with the ADMIN option on role "regress_priv_group2" may grant this role.
 SET SESSION AUTHORIZATION regress_priv_group2;
 GRANT regress_priv_group2 TO regress_priv_user5; -- fails: no self-admin
-ERROR:  must have admin option on role "regress_priv_group2"
+ERROR:  permission denied to grant role "regress_priv_group2"
+DETAIL:  Only roles with the ADMIN option on role "regress_priv_group2" may grant this role.
 SET SESSION AUTHORIZATION regress_priv_user4;
 DROP FUNCTION dogrant_ok();
 REVOKE regress_priv_group2 FROM regress_priv_user5;