github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 19:08:59 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[PR #16606] [MERGED] fix: resolve Azure PostgreSQL pgvector extension permission issue #63038

New Issue
Closed
opened 2026-05-06 07:34:18 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-05-06 07:34:18 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/16606
Author: @Rain6435
Created: 8/14/2025
Status: Merged
Merged: 8/14/2025
Merged by: @tjbck

Base: devHead: fix/azure-postgresql-pgvector-permissions

📝 Commits (2)

  • 1a42e96 fix: resolve Azure PostgreSQL pgvector extension permission issue
  • a1e62ab fix: Formatting

📊 Changes

1 file changed (+26 additions, -2 deletions)

View changed files

📝 backend/open_webui/retrieval/vector/dbs/pgvector.py (+26 -2)

📄 Description

Pull Request Checklist

Note to first-time contributors: Please open a discussion post in

Discussions and describe your changes before submitting a pull
request.

Before submitting, make sure you've checked the following:

  • Target branch: Please verify that the pull request targets the dev branch.

  • Description: Provide a concise description of the changes made in this pull request.

  • Changelog: Ensure a changelog entry following the format of Keep a Changelog is
    added at the bottom of the PR description.

  • Documentation: Have you updated relevant documentation Open WebUI Docs, or
    other documentation sources?

  • Dependencies: Are there any new dependencies? Have you updated the dependency versions in the documentation?

  • Testing: Have you written and run sufficient tests to validate the changes?

  • Code review: Have you performed a self-review of your code, addressing any coding standard issues and ensuring
    adherence to the project's coding standards?

  • Prefix: To clearly categorize this pull request, prefix the pull request title using one of the following:

    • fix: Resolves a bug or issue in the codebase

Changelog Entry

Description

This PR resolves Azure PostgreSQL Flexible Server permission issues when creating pgvector extensions. The fix addresses the
error "Only members of 'azure_pg_admin' are allowed to use CREATE EXTENSION" by implementing conditional extension creation
that checks for extension existence before attempting to create it.

Fixed

  • Azure PostgreSQL Compatibility:
    • Replaced direct CREATE EXTENSION IF NOT EXISTS vector; with conditional PostgreSQL block that checks
      pg_extension table first
    • Applied same fix to pgcrypto extension for consistency
    • Enables following least privilege principle for database users on Azure PostgreSQL Flexible Server
    • Prevents permission errors when database user is not a member of azure_pg_admin role

Additional Information

Fixes #12453

Technical Details

Before:

CREATE EXTENSION IF NOT EXISTS vector;
CREATE EXTENSION IF NOT EXISTS pgcrypto;

After:

DO $$
BEGIN
   IF NOT EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'vector') THEN
      CREATE EXTENSION IF NOT EXISTS vector;
   END IF;
END $$;

Test Plan

  • Verify pgvector initialization works on Azure PostgreSQL Flexible Server with non-admin database users
  • Test that existing installations continue to work without issues
  • Confirm that both vector and pgcrypto extensions are properly handled
  • Validate that the conditional check doesn't break functionality on other PostgreSQL installations

Benefits

For Azure Users:

  • Enables deployment on Azure PostgreSQL Flexible Server with restricted database permissions
  • Follows security best practices by not requiring admin privileges for extension creation
  • Reduces deployment complexity and permission management overhead

For All Users:

  • More robust extension creation process that gracefully handles existing extensions
  • Improved error handling and permission compatibility across different PostgreSQL environments

Contributor License Agreement

By submitting this pull request, I confirm that I have read and fully agree to
the /CONTRIBUTOR_LICENSE_AGREEMENT, and
I am providing my contributions under its terms.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/16606 **Author:** [@Rain6435](https://github.com/Rain6435) **Created:** 8/14/2025 **Status:** ✅ Merged **Merged:** 8/14/2025 **Merged by:** [@tjbck](https://github.com/tjbck) **Base:** `dev` ← **Head:** `fix/azure-postgresql-pgvector-permissions` --- ### 📝 Commits (2) - [`1a42e96`](https://github.com/open-webui/open-webui/commit/1a42e96a3b04a780c0b68e4314a7ef9cbb261965) fix: resolve Azure PostgreSQL pgvector extension permission issue - [`a1e62ab`](https://github.com/open-webui/open-webui/commit/a1e62ab422904660d6892df56d0924a97d5b4f1f) fix: Formatting ### 📊 Changes **1 file changed** (+26 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/retrieval/vector/dbs/pgvector.py` (+26 -2) </details> ### 📄 Description # Pull Request Checklist ### Note to first-time contributors: Please open a discussion post in [Discussions](https://github.com/open-webui/open-webui/discussions) and describe your changes before submitting a pull request. **Before submitting, make sure you've checked the following:** * [x] **Target branch:** Please verify that the pull request targets the `dev` branch. * [x] **Description:** Provide a concise description of the changes made in this pull request. * [x] **Changelog:** Ensure a changelog entry following the format of [Keep a Changelog](https://keepachangelog.com/) is added at the bottom of the PR description. * [x] **Documentation:** Have you updated relevant documentation [Open WebUI Docs](https://github.com/open-webui/docs), or other documentation sources? * [x] **Dependencies:** Are there any new dependencies? Have you updated the dependency versions in the documentation? * [x] **Testing:** Have you written and run sufficient tests to validate the changes? * [x] **Code review:** Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards? * [x] **Prefix:** To clearly categorize this pull request, prefix the pull request title using one of the following: * **fix**: Resolves a bug or issue in the codebase # Changelog Entry ### Description This PR resolves Azure PostgreSQL Flexible Server permission issues when creating pgvector extensions. The fix addresses the error "Only members of 'azure_pg_admin' are allowed to use CREATE EXTENSION" by implementing conditional extension creation that checks for extension existence before attempting to create it. ### Fixed * **Azure PostgreSQL Compatibility**: * Replaced direct `CREATE EXTENSION IF NOT EXISTS vector;` with conditional PostgreSQL block that checks `pg_extension` table first * Applied same fix to `pgcrypto` extension for consistency * Enables following least privilege principle for database users on Azure PostgreSQL Flexible Server * Prevents permission errors when database user is not a member of `azure_pg_admin` role ### Additional Information Fixes [#12453](https://github.com/open-webui/open-webui/discussions/12453) ### Technical Details **Before:** ```sql CREATE EXTENSION IF NOT EXISTS vector; CREATE EXTENSION IF NOT EXISTS pgcrypto; ``` **After:** ```sql DO $$ BEGIN IF NOT EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'vector') THEN CREATE EXTENSION IF NOT EXISTS vector; END IF; END $$; ``` Test Plan - Verify pgvector initialization works on Azure PostgreSQL Flexible Server with non-admin database users - Test that existing installations continue to work without issues - Confirm that both vector and pgcrypto extensions are properly handled - Validate that the conditional check doesn't break functionality on other PostgreSQL installations Benefits For Azure Users: - Enables deployment on Azure PostgreSQL Flexible Server with restricted database permissions - Follows security best practices by not requiring admin privileges for extension creation - Reduces deployment complexity and permission management overhead For All Users: - More robust extension creation process that gracefully handles existing extensions - Improved error handling and permission compatibility across different PostgreSQL environments Contributor License Agreement By submitting this pull request, I confirm that I have read and fully agree to the /CONTRIBUTOR_LICENSE_AGREEMENT, and I am providing my contributions under its terms. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-06 07:34:18 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#63038
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?