Disable pgaudit when creating users to not expose password (patroni#3175)

pgaudit could be added to shared_preload_libraries, but we don't check for it, because setting a custom GUC works in all cases.

Author: kviset

patroni/postgresql/bootstrap.py

@@ -411,13 +411,15 @@ def create_or_update_role(self, name: str, password: Optional[str], options: Lis
         self._postgresql.query('SET log_min_duration_statement TO -1')
         self._postgresql.query("SET log_min_error_statement TO 'log'")
         self._postgresql.query("SET pg_stat_statements.track_utility to 'off'")
+        self._postgresql.query("SET pgaudit.log TO none")
         try:
             self._postgresql.query(sql)
         finally:
             self._postgresql.query('RESET log_min_error_statement')
             self._postgresql.query('RESET log_min_duration_statement')
             self._postgresql.query('RESET log_statement')
             self._postgresql.query('RESET pg_stat_statements.track_utility')
+            self._postgresql.query('RESET pgaudit.log')
 
     def post_bootstrap(self, config: Dict[str, Any], task: CriticalTask) -> Optional[bool]:
         try: