Set neon_superuser privilege under lakebase mode (#12775)

## Problem ## Summary of changes
2025-12-22 21:59:59 +00:00 · 2025-07-29 14:30:34 -07:00
parent 07c3cfd2a0
commit ca88521653
2 changed files with 7 additions and 2 deletions
--- a/compute_tools/src/spec_apply.rs
+++ b/compute_tools/src/spec_apply.rs
@@ -679,7 +679,12 @@ async fn get_operations<'a>(
        ApplySpecPhase::CreatePrivilegedRole => Ok(Box::new(once(Operation {
            query: format!(
                include_str!("sql/create_privileged_role.sql"),
-                privileged_role_name = params.privileged_role_name
+                privileged_role_name = params.privileged_role_name,
+                privileges = if params.lakebase_mode {
+                    "CREATEDB CREATEROLE NOLOGIN BYPASSRLS"
+                } else {
+                    "CREATEDB CREATEROLE NOLOGIN REPLICATION BYPASSRLS"
+                }
            ),
            comment: None,
        }))),
--- a/compute_tools/src/sql/create_privileged_role.sql
+++ b/compute_tools/src/sql/create_privileged_role.sql
@@ -2,7 +2,7 @@ DO $$
    BEGIN
        IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '{privileged_role_name}')
        THEN
-            CREATE ROLE {privileged_role_name} CREATEDB CREATEROLE NOLOGIN REPLICATION BYPASSRLS IN ROLE pg_read_all_data, pg_write_all_data;
+            CREATE ROLE {privileged_role_name} {privileges} IN ROLE pg_read_all_data, pg_write_all_data;
        END IF;
    END
 $$;