We're currently considering switching the way we connect our services to our Postgres DB managed in Cloud SQL and leverage IAM authentication to use a service account.
The last blocking point is the extensions ! Each time we deploy a new version of our service, they run a SQL script to update their DB schemas. And from time to time, those scripts will contain a line with `CREATE EXTENSION .. IF NOT EXISTS; `
With the 'postgres' role , as it inherits from cloudsqlsuperuser, we have no problem but when we try with a service account, it fails with an error like this:
```
```
permission denied to create extension "pg_trgm"
Indice : Must be superuser to create this extension.
```
The doc says the user must have superuser privileges which I rather understand like must be inherit from the cloudsqlsuperuser but it isn't the case for a service account.
So is there any way to allow members of {cloudsqliamaccount} or {cloudsqliamuser} to create extensions or should we just manage them separately and create them with a {cloudsqlsuperuser} account?
Thanks in advance for your help
-- You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/1900720c-89c6-43cd-8530-593085678977n%40googlegroups.com.
No comments:
Post a Comment