Feat: add track_functions to supautils allowed calls

ansible/files/postgresql_config/supautils.conf.j2

@@ -10,6 +10,6 @@ supautils.privileged_extensions = 'address_standardizer, address_standardizer_da
 supautils.extension_custom_scripts_path = '/etc/postgresql-custom/extension-custom-scripts'
 supautils.privileged_extensions_superuser = 'supabase_admin'
 supautils.privileged_role = 'postgres'
-supautils.privileged_role_allowed_configs = 'auto_explain.*, log_lock_waits, log_min_duration_statement, log_min_messages, log_parameter_max_length, log_replication_commands, log_statement, log_temp_files, pg_net.batch_size, pg_net.ttl, pg_stat_statements.*, pgaudit.log, pgaudit.log_catalog, pgaudit.log_client, pgaudit.log_level, pgaudit.log_relation, pgaudit.log_rows, pgaudit.log_statement, pgaudit.log_statement_once, pgaudit.role, pgrst.*, plan_filter.*, safeupdate.enabled, session_replication_role, track_io_timing, wal_compression'
+supautils.privileged_role_allowed_configs = 'auto_explain.*, log_lock_waits, log_min_duration_statement, log_min_messages, log_parameter_max_length, log_replication_commands, log_statement, log_temp_files, pg_net.batch_size, pg_net.ttl, pg_stat_statements.*, pgaudit.log, pgaudit.log_catalog, pgaudit.log_client, pgaudit.log_level, pgaudit.log_relation, pgaudit.log_rows, pgaudit.log_statement, pgaudit.log_statement_once, pgaudit.role, pgrst.*, plan_filter.*, safeupdate.enabled, session_replication_role, track_io_timing, wal_compression, track_functions'
 supautils.reserved_memberships = 'pg_read_server_files, pg_write_server_files, pg_execute_server_program, supabase_admin, supabase_auth_admin, supabase_storage_admin, supabase_read_only_user, supabase_realtime_admin, supabase_replication_admin, supabase_etl_admin, dashboard_user, pgbouncer, authenticator'
 supautils.reserved_roles = 'supabase_admin, supabase_auth_admin, supabase_storage_admin, supabase_read_only_user, supabase_realtime_admin, supabase_replication_admin, supabase_etl_admin, dashboard_user, pgbouncer, service_role*, authenticator*, authenticated*, anon*'

nix/tests/expected/enable_tracking.out

@@ -0,0 +1,2 @@
+alter role postgres set track_functions = 'pl';
+alter role postgres set track_io_timing = on;

nix/tests/expected/roles.out

@@ -59,8 +59,8 @@ select
 from pg_roles r
 where rolname not in ('pg_create_subscription', 'pg_maintain', 'pg_use_reserved_connections')
 order by rolname;
-          rolname           |                                    rolconfig                                    
-----------------------------+---------------------------------------------------------------------------------
+          rolname           |                                       rolconfig                                       
+----------------------------+---------------------------------------------------------------------------------------
  anon                       | {statement_timeout=3s}
  authenticated              | {statement_timeout=8s}
  authenticator              | {session_preload_libraries=safeupdate,statement_timeout=8s,lock_timeout=8s}
@@ -82,7 +82,7 @@ order by rolname;
  pgsodium_keyiduser         | 
  pgsodium_keymaker          | 
  pgtle_admin                | 
- postgres                   | {"search_path=\"\\$user\", public, extensions"}
+ postgres                   | {"search_path=\"\\$user\", public, extensions",track_functions=pl,track_io_timing=on}
  service_role               | 
  supabase_admin             | {"search_path=\"$user\", public, auth, extensions",log_statement=none}
  supabase_auth_admin        | {search_path=auth,idle_in_transaction_session_timeout=60000,log_statement=none}

nix/tests/sql/enable_tracking.sql

@@ -0,0 +1,2 @@
+alter role postgres set track_functions = 'pl';
+alter role postgres set track_io_timing = on;