Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow db extensions to be configured declaratively #490

Closed
redbaron opened this issue Feb 15, 2019 · 5 comments
Closed

Allow db extensions to be configured declaratively #490

redbaron opened this issue Feb 15, 2019 · 5 comments
Labels
discussion enhancement

Comments

@redbaron
Copy link
Contributor

Extensions are to be enabled per database and application normally cannot do it as it doesn't use superuser. What do you think about changing pg.spec.databases to following (can be done in a backward compatible way were old shape of this key is transformed into new one with empty extensions key):

databases:
  dbname:
     owner: "user"
     extensions: ["pgcrypto"]

then operator checks for enabled extension in a reconciliation loop and enables missing ones.

With this change it would be fairly straightforward to start using new extension without manual intervention.

Alternative approach is to have a dedicated migration step in CI/CD pipeline which uses superuser to make all necessary adjustments, but this might be a bigger change for some setups (like ours) where application is responsible for it's own migrations at start time.
@henricook
Copy link

This would be super useful

@Jan-M
Copy link
Member

Jan-M commented Feb 15, 2019 via email
edited

@redbaron
Copy link
Contributor Author

Hm, is something missing?

dbname=> select current_user, rolsuper from pg_roles where rolname = current_user;
 current_user | rolsuper 
--------------+----------
 app          | f

dbname=> \l dbname
                             List of databases
  Name  | Owner | Encoding |   Collate   |    Ctype    | Access privileges 
--------+-------+----------+-------------+-------------+-------------------
 dbname | app   | UTF8     | en_US.UTF-8 | en_US.UTF-8 | 


dbname=> show extwlist.extensions;
                                               extwlist.extensions                                               
-----------------------------------------------------------------------------------------------------------------
 btree_gin,btree_gist,citext,hstore,intarray,ltree,pgcrypto,pgq,pg_trgm,postgres_fdw,uuid-ossp,hypopg,pg_partman
(1 row)

dbname=> create extension pgcrypto;
ERROR:  permission denied to create extension "pgcrypto"
HINT:  Must be superuser to create this extension.

@erthalion
Copy link
Contributor

@redbaron Can you check that you have pgextwlist in your shared_preload_libraries? There is no magic here, so probably pgextlist just misconfigured.

@FxKu FxKu mentioned this issue Feb 24, 2020
Merged
@FxKu
Copy link
Member

FxKu commented May 4, 2020

With #843 merged this is now possible. See this section for more detail.

@FxKu FxKu closed this as completed May 4, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@redbaron @henricook @erthalion @Jan-M @FxKu