Skip to content

Default worker role to postgres instead of azuresu#206

Merged
pinodeca merged 1 commit into
mainfrom
pinodeca/worker-role-default
Jun 6, 2026
Merged

Default worker role to postgres instead of azuresu#206
pinodeca merged 1 commit into
mainfrom
pinodeca/worker-role-default

Conversation

@pinodeca
Copy link
Copy Markdown
Contributor

@pinodeca pinodeca commented Jun 4, 2026
edited
Loading

Summary

The pg_durable.worker_role GUC defaulted to azuresu, the privileged admin role on Azure Database for PostgreSQL — Flexible Server. On any non-Azure PostgreSQL (vanilla, RDS, Cloud SQL, self-hosted) that role does not exist, so out of the box the background worker emitted "role does not exist" warnings and silently failed to process workflows until an operator overrode the GUC.

This changes the default to the vendor-neutral postgres role, which matches the Dockerfile and upgrade-test configuration and works on most setups.

Changes

  • src/lib.rsWORKER_ROLE GUC default and the SQL install-script fallback now use postgres
  • src/types.rsget_worker_role() fallback and its doc comment updated
  • Docs that cite the default value updated: README.md, docs/rls.md, docs/security-review/workbook-data.md, docs/security-review/threat-model.dfd-lite.yaml

All three runtime fallbacks (GUC default, SQL install fallback, get_worker_role()) are kept in sync.

Notes

  • Behavior change only, not a schema change — the worker role is read at runtime, not stored. The Dockerfile and test-upgrade.sh already pin postgres, so they are unaffected.
  • sql/pg_durable--0.1.1.sql is intentionally left unchanged (historical version fixture for upgrade testing).
  • No Azure-specific operator note was added, since only operators set this GUC.

Validation

  • cargo build --features pg17 succeeds
  • cargo fmt -p pg_durable -- --check passes

@pinodeca
Change default worker role from azuresu to postgres
0ec10f1 
The pg_durable.worker_role GUC defaulted to 'azuresu', the admin role on
Azure Database for PostgreSQL. On any non-Azure PostgreSQL that role does
not exist, so the background worker emitted warnings and silently failed
to process workflows until an operator overrode the GUC.

Default to the vendor-neutral 'postgres' role instead, keeping the three
fallbacks (GUC default, SQL install-script fallback, get_worker_role())
in sync, and update docs that cite the default value.
@pinodeca pinodeca force-pushed the pinodeca/worker-role-default branch from c28e2f0 to 0ec10f1 Compare June 5, 2026 23:37
@pinodeca pinodeca requested a review from tjgreen42 June 6, 2026 00:16
tjgreen42
tjgreen42 approved these changes Jun 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@tjgreen42 tjgreen42 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@pinodeca pinodeca merged commit 11ac64e into main Jun 6, 2026
5 checks passed
@pinodeca pinodeca deleted the pinodeca/worker-role-default branch June 6, 2026 00:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tjgreen42 tjgreen42 tjgreen42 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pinodeca @tjgreen42