Default worker role to postgres instead of azuresu#206
Open
pinodeca wants to merge 1 commit into
Open
Conversation
The pg_durable.worker_role GUC defaulted to 'azuresu', the admin role on Azure Database for PostgreSQL. On any non-Azure PostgreSQL that role does not exist, so the background worker emitted warnings and silently failed to process workflows until an operator overrode the GUC. Default to the vendor-neutral 'postgres' role instead, keeping the three fallbacks (GUC default, SQL install-script fallback, get_worker_role()) in sync, and update docs that cite the default value.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The
pg_durable.worker_roleGUC defaulted toazuresu, the privileged admin role on Azure Database for PostgreSQL — Flexible Server. On any non-Azure PostgreSQL (vanilla, RDS, Cloud SQL, self-hosted) that role does not exist, so out of the box the background worker emitted "role does not exist" warnings and silently failed to process workflows until an operator overrode the GUC.This changes the default to the vendor-neutral
postgresrole, which matches the Dockerfile and upgrade-test configuration and works on most setups.Changes
src/lib.rs—WORKER_ROLEGUC default and the SQL install-script fallback now usepostgressrc/types.rs—get_worker_role()fallback and its doc comment updatedREADME.md,docs/rls.md,docs/security-review/workbook-data.md,docs/security-review/threat-model.dfd-lite.yamlAll three runtime fallbacks (GUC default, SQL install fallback,
get_worker_role()) are kept in sync.Notes
test-upgrade.shalready pinpostgres, so they are unaffected.sql/pg_durable--0.1.1.sqlis intentionally left unchanged (historical version fixture for upgrade testing).Validation
cargo build --features pg17succeedscargo fmt -p pg_durable -- --checkpasses