Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

permission denied to create extension "postgis" #2472

Open
thenbe opened this issue Jun 28, 2024 · 11 comments
Open

permission denied to create extension "postgis" #2472

thenbe opened this issue Jun 28, 2024 · 11 comments

Comments

@thenbe
Copy link

thenbe commented Jun 28, 2024
edited
Loading

When I attempt to enable the postgis extension, as per the docs, I get the following error:

CREATE EXTENSION postgis WITH SCHEMA extensions;

-- ERROR:  permission denied to create extension "postgis"
-- HINT:  Must be superuser to create this extension.

What is the proper way to manage extensions using a single source of truth (i.e. not the GUI). Can I not manage extensions using vanilla SQL migrations?

For reference, I'm using kysely's migration cli. Could that be the issue? Do I need to use supabase's own migration tooling? Or does any standard sql tool work?

Minimal reproduction

  1. Create new project on supabase.com

  2. Connect to the db as user postgres and run this seed script:

-- seed script
CREATE EXTENSION IF NOT EXISTS postgis WITH SCHEMA extensions;
CREATE EXTENSION IF NOT EXISTS pgrouting CASCADE;
CREATE SEQUENCE IF NOT EXISTS "place_id_seq" START WITH 1;
create table if not exists "place" ("id" text default nextval('"place_id_seq"'::regclass) primary key, "point" geography (POINT), "long" double precision generated always as ( (ST_X (POINT::geometry))) stored, "lat" double precision generated always as ((ST_Y (POINT::geometry))) stored);
insert into "place" ("point") values (st_point(51, 1));
insert into "place" ("point") values (st_point(51, 1));
insert into "place" ("point") values (st_point(51, 1));
insert into "place" ("point") values (st_point(51, 1));
  1. Attempt to disable postgis extension
DROP EXTENSION IF EXISTS postgis;
  1. Observe that it fails with the following error:
ERROR:  absolute path not allowed
CONTEXT:  PL/pgSQL function inline_code_block line 3 at EXECUTE
SQL statement "do $$
begin
  execute
    replace(
      replace(
        replace(
          replace(
            pg_read_file(
'/etc/postgresql-custom/extension-custom-scripts/before-create.sql'            ),
            '@extname@', '''postgis'''          ),
          '@extschema@', '''extensions'''        ),
        '@extversion@', 'null'      ),     '@extcascade@', 'false'    );
exception
  when undefined_file then
    -- skip
end
$$"
  1. Reset the db by running supabase db reset --linked
  2. Run the sql seed script. Observe that it fails with the following error:
ERROR:  permission denied to create extension "postgis"
HINT:  Must be superuser to create this extension.
@thenbe
Copy link
Author

thenbe commented Jun 28, 2024
edited
Loading

The issue is not immediately reproducible on a brand new supabase.com project. However, I can still reproduce it shortly thereafter. I can't nail down the exact minimal reproduction yet.

One would expect to recover from this errored state by running supabase db reset --linked. Surprisingly however, that will not fix the issue. Once we enter this errored state, there is no way we can recover from it since we do not have access to supabase_admin role.

@thenbe
Copy link
Author

thenbe commented Jun 28, 2024

I added the minimal reproduction steps to the original post.

@thenbe
Copy link
Author

thenbe commented Jun 28, 2024

It turns out this is solved by waiting a bit after running supabase db reset --linked. Perhaps we should log a message to the user when they run that command? Something to indicate that async jobs have been fired off and may take x amount of time to complete.

@sweatybridge
Copy link
Contributor

Thanks for the repro. I believe drop extension should succeed without requiring db reset. This looks like a bug in hosted project or supautils.

@thenbe
Copy link
Author

thenbe commented Jul 5, 2024

Were you able to reproduce the issue?

I initially thought I was doing something wrong, but it seems this is broken for any project on supabase.com (see minimal repro). I'm not sure what I can do un-break my project; I'd like to reset it with supabase db reset --linked, but it always fails with this error (waiting does not help):

$ pnpm supabase db reset --linked

ERROR: must be owner of extension postgis (SQLSTATE 42501)
At statement 0: do $$ declare
  rec record;
begin
  -- extensions
  for rec in
    select *
    from pg_extension p
    where p.extname not in ('pg_graphql', 'pg_net', 'pg_stat_statements', 'pgcrypto', 'pgjwt', 'pgsodium', 'plpgsql', 'supabase_vault', 'uuid-ossp')
  loop
    execute format('drop extension if exists %I cascade', rec.extname);
  end loop;

  -- functions
  for rec in
    select *
    from pg_proc p
    where p.pronamespace::regnamespace::name = 'public'
  loop
    -- supports aggregate, function, and procedure
    execute format('drop routine if exists %I.%I(%s) cascade', rec.pronamespace::regnamespace::name, rec.proname, pg_catalog.pg_get_function_identity_arguments(rec.oid));
  end loop;

  -- tables (cascade to views)
  for rec in
    select *
    from pg_class c
    where
      c.relnamespace::regnamespace::name = 'public'
      and c.relkind not in ('c', 'S', 'v', 'm')
    order by c.relkind desc
  loop
    -- supports all table like relations, except views, complex types, and sequences
    execute format('drop table if exists %I.%I cascade', rec.relnamespace::regnamespace::name, rec.relname);
  end loop;

  -- truncate tables in auth and migrations schema
  for rec in
    select *
    from pg_class c
    where
      (c.relnamespace::regnamespace::name = 'auth' and c.relname != 'schema_migrations'
      or c.relnamespace::regnamespace::name = 'supabase_migrations')
      and c.relkind = 'r'
  loop
    execute format('truncate %I.%I restart identity cascade', rec.relnamespace::regnamespace::name, rec.relname);
  end loop;

  -- sequences
  for rec in
    select *
    from pg_class c
    where
      c.relnamespace::regnamespace::name = 'public'
      and c.relkind = 's'
  loop
    execute format('drop sequence if exists %I.%I cascade', rec.relnamespace::regnamespace::name, rec.relname);
  end loop;

  -- types
  for rec in
    select *
    from pg_type t
    where
      t.typnamespace::regnamespace::name = 'public'
      and typtype != 'b'
  loop
    execute format('drop type if exists %I.%I cascade', rec.typnamespace::regnamespace::name, rec.typname);
  end loop;

  -- policies
  for rec in
    select *
    from pg_policies p
  loop
    execute format('drop policy if exists %I on %I.%I cascade', rec.policyname, rec.schemaname, rec.tablename);
  end loop;
end $$;

And when when attempting to disable postgis through the supabase.com dashboard gui:

# taken from browser devtools on supabase.com
curl 'https://api.supabase.com/platform/pg-meta/abc123/extensions?id=postgis' -X DELETE
# {"message":"failed to delete pg.extensions with the given ID: must be owner of extension postgis"}

Assuming it can be reproduced, would it be possible to get more eyes on this as it seems like a critical bug to me (project is left in an un-recoverable state as result of enabling an extension).

@sweatybridge
Copy link
Contributor

sweatybridge commented Jul 5, 2024
edited
Loading

@soedirgo could you take a look at this one? Specifically at step 3 and 4.

@thenbe I forgot to mention previously. Since it's affecting your hosted project, our support team can unblock you if you create a support ticket.

@thenbe
Copy link
Author

thenbe commented Jul 5, 2024

Since it's affecting your hosted project, our support team can unblock you if you create a support ticket.

It's good to know I can do that, but that would not be necessary at the moment as my hosted project is still fresh where I might as well create a new one. The blocker is that this issue happens on every new project I create, preventing me from properly setting up a production project on supabase.com.

For context: I've spent the last several weeks preping things using the local supabase stack and it's been great. I'm currently trying to set up the hosted project for production but I keep facing this issue.

@sweatybridge sweatybridge added the bug Something isn't working label Jul 6, 2024
@sweatybridge
Copy link
Contributor

@thenbe I just tried reproducing this on a new project but I'm getting a different error at step 3

ERROR:  2BP01: cannot drop extension postgis because other objects depend on it
DETAIL:  extension pgrouting depends on extension postgis
HINT:  Use DROP ... CASCADE to drop the dependent objects too.

Have you tried using psql to execute step 2 instead of kysely?

I'm not sure how kysely manages migration but it might be that it's trying to alter some default permissions or entities managed by Supabase.

@sweatybridge sweatybridge removed the bug Something isn't working label Jul 6, 2024
@thenbe
Copy link
Author

thenbe commented Jul 6, 2024

You're right, those minimal repro steps do not lead to that error (absolute path not allowed) when using the sql console on supabase.com.

Afterwards, when I tried to run my migration with kysely-ctl, I eventually ended up in that same position where I can no longer reset database (supabase db reset --linked fails with ERROR: must be owner of extension postgis). So as you said, this may be an issue with kysely-ctl.

The most painful thing about is that creating a minimal reproduction is very time-consuming because, by definition, it involves reaching a state where the hosted database is "bricked" (can longer be reset with supabase db reset --linked). As far as I know there is no way I can obtain the necessary permissions that can allow me to get through the error ERROR: must be owner of extension postgis. This means that any new iteration needs a fresh new hosted project instance on supabase.com, making it a very laborious process. If I've missed a more obvious method I'd love to know about it.

@thenbe thenbe mentioned this issue Jul 6, 2024
Closed
@thenbe
Copy link
Author

thenbe commented Jul 8, 2024
edited
Loading

I managed to reproduce the issue on a VPS and narrow it down to the "mode" supabase db reset is executed in. The reset consistently fails in "remote mode", yet it consistently works in "local mode".

Note that:

  • all three commands are executed on the same VPS where the db is running (db started with supabase start)
  • all three commands point at the same db, albeit through different URLs
  • all three commands use supabase cli v1.183.0
# errors with ERROR: must be owner of extension postgis (SQLSTATE 42501)
supabase db reset --db-url 'postgresql://postgres:[email protected]:54322/postgres'

# errors with ERROR: must be owner of extension postgis (SQLSTATE 42501)
supabase db reset --db-url 'postgresql://postgres:postgres@$EXTERNAL_IP_OF_THIS_VPS:54322/postgres'

# ok, does not error
supabase db reset --local

@thenbe
Copy link
Author

thenbe commented Jul 8, 2024
edited
Loading

Here is the output when running with --debug.

output of good command

$ sudo /nix/store/wlkinnxalw2zpanc6pw5ym05shpmch8i-supabase-cli-1.183.0/bin/supabase db reset --local --debug

Supabase CLI 1.183.0
Resetting local database...
2024/07/08 05:36:44 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:44 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:44 Send Done
2024/07/08 05:36:45 Recv First Byte
2024/07/08 05:36:45 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:45 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:45 Send Done
2024/07/08 05:36:45 Recv First Byte
2024/07/08 05:36:45 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:45 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:45 Send Done
2024/07/08 05:36:45 Recv First Byte
Recreating database...
2024/07/08 05:36:45 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:45 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:45 Send Done
2024/07/08 05:36:45 Recv First Byte
2024/07/08 05:36:45 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:45 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:45 Sent Header: Content-Length [294]
2024/07/08 05:36:45 Sent Header: Content-Type [application/json]
2024/07/08 05:36:45 Send Done
2024/07/08 05:36:45 Recv First Byte
2024/07/08 05:36:45 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:45 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:45 Sent Header: Content-Length [109]
2024/07/08 05:36:45 Sent Header: Content-Type [application/json]
2024/07/08 05:36:45 Send Done
2024/07/08 05:36:45 Recv First Byte
2024/07/08 05:36:45 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:45 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:45 Sent Header: Content-Length [113]
2024/07/08 05:36:45 Sent Header: Content-Type [application/json]
2024/07/08 05:36:45 Send Done
2024/07/08 05:36:45 Recv First Byte
2024/07/08 05:36:45 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:45 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:45 Sent Header: Content-Length [12347]
2024/07/08 05:36:45 Sent Header: Content-Type [application/json]
2024/07/08 05:36:45 Send Done
2024/07/08 05:36:45 Recv First Byte
2024/07/08 05:36:45 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:45 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:45 Sent Header: Content-Length [0]
2024/07/08 05:36:45 Send Done
2024/07/08 05:36:46 Recv First Byte
2024/07/08 05:36:46 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:46 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:46 Send Done
2024/07/08 05:36:46 Recv First Byte
2024/07/08 05:36:47 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:47 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:47 Send Done
2024/07/08 05:36:47 Recv First Byte
2024/07/08 05:36:48 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:48 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:48 Send Done
2024/07/08 05:36:48 Recv First Byte
2024/07/08 05:36:49 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:49 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:49 Send Done
2024/07/08 05:36:49 Recv First Byte
2024/07/08 05:36:50 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:50 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:50 Send Done
2024/07/08 05:36:50 Recv First Byte
2024/07/08 05:36:51 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:51 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:51 Send Done
2024/07/08 05:36:51 Recv First Byte
2024/07/08 05:36:52 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:52 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:52 Send Done
2024/07/08 05:36:52 Recv First Byte
2024/07/08 05:36:53 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:53 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:53 Send Done
2024/07/08 05:36:53 Recv First Byte
2024/07/08 05:36:54 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:54 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:54 Send Done
2024/07/08 05:36:54 Recv First Byte
2024/07/08 05:36:55 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:55 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:55 Send Done
2024/07/08 05:36:55 Recv First Byte
2024/07/08 05:36:56 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:56 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:56 Send Done
2024/07/08 05:36:56 Recv First Byte
2024/07/08 05:36:57 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:57 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:57 Send Done
2024/07/08 05:36:57 Recv First Byte
2024/07/08 05:36:57 Connect Start: tcp 127.0.0.1:54322
2024/07/08 05:36:57 Connect Done: tcp 127.0.0.1:54322
2024/07/08 05:36:57 PG Send: {"Type":"StartupMessage","ProtocolVersion":196608,"Parameters":{"database":"postgres","user":"postgres"}}
2024/07/08 05:36:57 PG Recv: {"Type":"AuthenticationSASL","AuthMechanisms":[""]}
2024/07/08 05:36:57 PG Send: {"Type":"SASLInitialResponse","AuthMechanism":"","Data":""}
2024/07/08 05:36:57 PG Recv: {"Type":"AuthenticationSASLContinue","Data":""}
2024/07/08 05:36:57 PG Send: {"Type":"SASLResponse","Data":""}
2024/07/08 05:36:57 PG Recv: {"Type":"AuthenticationSASLFinal","Data":""}
2024/07/08 05:36:57 PG Recv: {"Type":"AuthenticationOK"}
2024/07/08 05:36:57 PG Recv: {"Type":"ParameterStatus","Name":"application_name","Value":""}
2024/07/08 05:36:57 PG Recv: {"Type":"ParameterStatus","Name":"client_encoding","Value":"UTF8"}
2024/07/08 05:36:57 PG Recv: {"Type":"ParameterStatus","Name":"DateStyle","Value":"ISO, MDY"}
2024/07/08 05:36:57 PG Recv: {"Type":"ParameterStatus","Name":"default_transaction_read_only","Value":"off"}
2024/07/08 05:36:57 PG Recv: {"Type":"ParameterStatus","Name":"in_hot_standby","Value":"off"}
2024/07/08 05:36:57 PG Recv: {"Type":"ParameterStatus","Name":"integer_datetimes","Value":"on"}
2024/07/08 05:36:57 PG Recv: {"Type":"ParameterStatus","Name":"IntervalStyle","Value":"postgres"}
2024/07/08 05:36:57 PG Recv: {"Type":"ParameterStatus","Name":"is_superuser","Value":"off"}
2024/07/08 05:36:57 PG Recv: {"Type":"ParameterStatus","Name":"server_encoding","Value":"UTF8"}
2024/07/08 05:36:57 PG Recv: {"Type":"ParameterStatus","Name":"server_version","Value":"15.1 (Ubuntu 15.1-1.pgdg20.04+1)"}
2024/07/08 05:36:57 PG Recv: {"Type":"ParameterStatus","Name":"session_authorization","Value":"postgres"}
2024/07/08 05:36:57 PG Recv: {"Type":"ParameterStatus","Name":"standard_conforming_strings","Value":"on"}
2024/07/08 05:36:57 PG Recv: {"Type":"ParameterStatus","Name":"TimeZone","Value":"UTC"}
2024/07/08 05:36:57 PG Recv: {"Type":"BackendKeyData","ProcessID":181,"SecretKey":}
2024/07/08 05:36:57 PG Recv: {"Type":"ReadyForQuery","TxStatus":"I"}
Setting up initial schema...
2024/07/08 05:36:57 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:57 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:57 Send Done
2024/07/08 05:36:57 Recv First Byte
2024/07/08 05:36:57 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:57 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:57 Sent Header: Content-Length [294]
2024/07/08 05:36:57 Sent Header: Content-Type [application/json]
2024/07/08 05:36:57 Send Done
2024/07/08 05:36:57 Recv First Byte
2024/07/08 05:36:57 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:57 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:57 Sent Header: Content-Length [2361]
2024/07/08 05:36:57 Sent Header: Content-Type [application/json]
2024/07/08 05:36:57 Send Done
2024/07/08 05:36:57 Recv First Byte
2024/07/08 05:36:57 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:57 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:57 Sent Header: Content-Length [0]
2024/07/08 05:36:57 Send Done
2024/07/08 05:36:57 Recv First Byte
2024/07/08 05:36:57 Sent Header: Host [api.moby.localhost]
2024/07/08 05:36:57 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:36:57 Send Done
2024/07/08 05:36:57 Recv First Byte
+ ulimit -n
+ '[' '!' -z 10000 ']'
+ echo 'Setting RLIMIT_NOFILE to 10000'
+ ulimit -Sn 10000
+ export ERL_CRASH_DUMP=/tmp/erl_crash.dump
+ ERL_CRASH_DUMP=/tmp/erl_crash.dump
+ '[' false = true ']'
+ echo 'Running migrations'
+ sudo -E -u nobody /app/bin/migrate
+ '[' true = true ']'
+ echo 'Seeding selfhosted Realtime'
+ sudo -E -u nobody /app/bin/realtime eval 'Realtime.Release.seeds(Realtime.Repo)'
+ echo 'Starting Realtime'
+ ulimit -n
+ exec /app/bin/realtime eval '{:ok, _} = Application.ensure_all_started(:realtime)
{:ok, _} = Realtime.Tenants.health_check("realtime-dev")'
[os_mon] cpu supervisor port (cpu_sup): Erlang has closed
[os_mon] memory supervisor port (memsup): Erlang has closed
2024/07/08 05:37:11 Sent Header: Host [api.moby.localhost]
2024/07/08 05:37:11 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:37:11 Send Done
2024/07/08 05:37:11 Recv First Byte
2024/07/08 05:37:11 Sent Header: Host [api.moby.localhost]
2024/07/08 05:37:11 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:37:11 Send Done
2024/07/08 05:37:11 Recv First Byte
2024/07/08 05:37:11 Sent Header: Host [api.moby.localhost]
2024/07/08 05:37:11 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:37:11 Sent Header: Content-Length [294]
2024/07/08 05:37:11 Sent Header: Content-Type [application/json]
2024/07/08 05:37:11 Send Done
2024/07/08 05:37:11 Recv First Byte
2024/07/08 05:37:11 Sent Header: Host [api.moby.localhost]
2024/07/08 05:37:11 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:37:11 Sent Header: Content-Length [2322]
2024/07/08 05:37:11 Sent Header: Content-Type [application/json]
2024/07/08 05:37:11 Send Done
2024/07/08 05:37:12 Recv First Byte
2024/07/08 05:37:12 Sent Header: Host [api.moby.localhost]
2024/07/08 05:37:12 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:37:12 Sent Header: Content-Length [0]
2024/07/08 05:37:12 Send Done
2024/07/08 05:37:12 Recv First Byte
2024/07/08 05:37:12 Sent Header: Host [api.moby.localhost]
2024/07/08 05:37:12 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:37:12 Send Done
2024/07/08 05:37:12 Recv First Byte
2024/07/08 05:37:13 Sent Header: Host [api.moby.localhost]
2024/07/08 05:37:13 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:37:13 Send Done
2024/07/08 05:37:13 Recv First Byte
2024/07/08 05:37:13 Sent Header: Host [api.moby.localhost]
2024/07/08 05:37:13 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:37:13 Send Done
2024/07/08 05:37:13 Recv First Byte
2024/07/08 05:37:13 Sent Header: Host [api.moby.localhost]
2024/07/08 05:37:13 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:37:13 Sent Header: Content-Length [294]
2024/07/08 05:37:13 Sent Header: Content-Type [application/json]
2024/07/08 05:37:13 Send Done
2024/07/08 05:37:13 Recv First Byte
2024/07/08 05:37:13 Sent Header: Host [api.moby.localhost]
2024/07/08 05:37:13 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:37:13 Sent Header: Content-Length [1983]
2024/07/08 05:37:13 Sent Header: Content-Type [application/json]
2024/07/08 05:37:13 Send Done
2024/07/08 05:37:14 Recv First Byte
2024/07/08 05:37:14 Sent Header: Host [api.moby.localhost]
2024/07/08 05:37:14 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:37:14 Sent Header: Content-Length [0]
2024/07/08 05:37:14 Send Done
2024/07/08 05:37:14 Recv First Byte
2024/07/08 05:37:14 Sent Header: Host [api.moby.localhost]
2024/07/08 05:37:14 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:37:14 Send Done
2024/07/08 05:37:14 Recv First Byte
2024/07/08 05:37:15 Sent Header: Host [api.moby.localhost]
2024/07/08 05:37:15 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:37:15 Send Done
2024/07/08 05:37:15 Recv First Byte
Restarting containers...
2024/07/08 05:37:15 Sent Header: Host [api.moby.localhost]
2024/07/08 05:37:15 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:37:15 Connect Start: unix /var/run/docker.sock
2024/07/08 05:37:15 Connect Done: unix /var/run/docker.sock
2024/07/08 05:37:15 Connect Start: unix /var/run/docker.sock
2024/07/08 05:37:15 Connect Done: unix /var/run/docker.sock
2024/07/08 05:37:15 Sent Header: Host [api.moby.localhost]
2024/07/08 05:37:15 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:37:15 Sent Header: Content-Length [0]
2024/07/08 05:37:15 Send Done
2024/07/08 05:37:15 Sent Header: Host [api.moby.localhost]
2024/07/08 05:37:15 Sent Header: User-Agent [Docker-Client/unknown-version (linux)]
2024/07/08 05:37:15 Sent Header: Content-Length [0]
2024/07/08 05:37:15 Send Done
2024/07/08 05:37:15 Sent Header: Content-Length [0]
2024/07/08 05:37:15 Send Done
2024/07/08 05:37:15 Recv First Byte
2024/07/08 05:37:16 Recv First Byte
2024/07/08 05:37:17 Recv First Byte
Finished supabase db reset on branch main.

output of bad command

$ sudo /nix/store/wlkinnxalw2zpanc6pw5ym05shpmch8i-supabase-cli-1.183.0/bin/supabase db reset --db-url 'postgresql://postgres:[email protected]:54322/postgres' --debug

Supabase CLI 1.183.0
Do you want to reset the remote database? [y/N] y
Resetting remote database...
2024/07/08 05:36:18 Connect Start: tcp 127.0.0.1:54322
2024/07/08 05:36:18 Connect Done: tcp 127.0.0.1:54322
2024/07/08 05:36:18 PG Send: {"Type":"StartupMessage","ProtocolVersion":,"Parameters":{"database":"postgres","user":"postgres"}}
2024/07/08 05:36:18 PG Recv: {"Type":"AuthenticationSASL","AuthMechanisms":["SCRAM-SHA-256"]}
2024/07/08 05:36:18 PG Send: {"Type":"SASLInitialResponse","AuthMechanism":"SCRAM-SHA-256","Data":""}
2024/07/08 05:36:18 PG Recv: {"Type":"AuthenticationSASLContinue","Data":""}
2024/07/08 05:36:18 PG Send: {"Type":"SASLResponse","Data":""}
2024/07/08 05:36:18 PG Recv: {"Type":"AuthenticationSASLFinal","Data":""}
2024/07/08 05:36:18 PG Recv: {"Type":"AuthenticationOK"}
2024/07/08 05:36:18 PG Recv: {"Type":"ParameterStatus","Name":"application_name","Value":""}
2024/07/08 05:36:18 PG Recv: {"Type":"ParameterStatus","Name":"client_encoding","Value":"UTF8"}
2024/07/08 05:36:18 PG Recv: {"Type":"ParameterStatus","Name":"DateStyle","Value":"ISO, MDY"}
2024/07/08 05:36:18 PG Recv: {"Type":"ParameterStatus","Name":"default_transaction_read_only","Value":"off"}
2024/07/08 05:36:18 PG Recv: {"Type":"ParameterStatus","Name":"in_hot_standby","Value":"off"}
2024/07/08 05:36:18 PG Recv: {"Type":"ParameterStatus","Name":"integer_datetimes","Value":"on"}
2024/07/08 05:36:18 PG Recv: {"Type":"ParameterStatus","Name":"IntervalStyle","Value":"postgres"}
2024/07/08 05:36:18 PG Recv: {"Type":"ParameterStatus","Name":"is_superuser","Value":"off"}
2024/07/08 05:36:18 PG Recv: {"Type":"ParameterStatus","Name":"server_encoding","Value":"UTF8"}
2024/07/08 05:36:18 PG Recv: {"Type":"ParameterStatus","Name":"server_version","Value":"15.1 (Ubuntu 15.1-1.pgdg20.04+1)"}
2024/07/08 05:36:18 PG Recv: {"Type":"ParameterStatus","Name":"session_authorization","Value":"postgres"}
2024/07/08 05:36:18 PG Recv: {"Type":"ParameterStatus","Name":"standard_conforming_strings","Value":"on"}
2024/07/08 05:36:18 PG Recv: {"Type":"ParameterStatus","Name":"TimeZone","Value":"UTC"}
2024/07/08 05:36:18 PG Recv: {"Type":"BackendKeyData","ProcessID":1816,"SecretKey":...}
2024/07/08 05:36:18 PG Recv: {"Type":"ReadyForQuery","TxStatus":"I"}
2024/07/08 05:36:18 PG Send: {"Type":"Parse","Name":"lrupsc_1_0","Query":"-- List user defined schemas, excluding\n--  Extension created schemas\n--  Supabase managed schemas\nselect pn.nspname\nfrom pg_namespace pn\nleft join pg_depend pd\n  on pd.objid = pn.oid\njoin pg_roles r \n  on pn.nspowner = r.oid\nwhere pd.deptype is null\n  and not pn.nspname like any($1)\n  and r.rolname != 'supabase_admin'\norder by pn.nspname\n","ParameterOIDs":null}
2024/07/08 05:36:18 PG Send: {"Type":"Describe","ObjectType":"S","Name":"lrupsc_1_0"}
2024/07/08 05:36:18 PG Send: {"Type":"Sync"}
2024/07/08 05:36:18 PG Recv: {"Type":"ParseComplete"}
2024/07/08 05:36:18 PG Recv: {"Type":"ParameterDescription","ParameterOIDs":[1009]}
2024/07/08 05:36:18 PG Recv: {"Type":"RowDescription","Fields":[{"Name":"nspname","TableOID":2615,"TableAttributeNumber":2,"DataTypeOID":19,"DataTypeSize":64,"TypeModifier":-1,"Format":0}]}
2024/07/08 05:36:18 PG Recv: {"Type":"ReadyForQuery","TxStatus":"I"}
2024/07/08 05:36:18 PG Send: {"Type":"Bind","DestinationPortal":"","PreparedStatement":"lrupsc_1_0","ParameterFormatCodes":[1],"Parameters":[{"binary":"..."}],"ResultFormatCodes":[1]}
2024/07/08 05:36:18 PG Send: {"Type":"Describe","ObjectType":"P","Name":""}
2024/07/08 05:36:18 PG Send: {"Type":"Execute","Portal":"","MaxRows":0}
2024/07/08 05:36:18 PG Send: {"Type":"Sync"}
2024/07/08 05:36:18 PG Recv: {"Type":"BindComplete"}
2024/07/08 05:36:18 PG Recv: {"Type":"RowDescription","Fields":[{"Name":"nspname","TableOID":2615,"TableAttributeNumber":2,"DataTypeOID":19,"DataTypeSize":64,"TypeModifier":-1,"Format":1}]}
2024/07/08 05:36:18 PG Recv: {"Type":"CommandComplete","CommandTag":"SELECT 0"}
2024/07/08 05:36:18 PG Recv: {"Type":"ReadyForQuery","TxStatus":"I"}
2024/07/08 05:36:18 PG Send: {"Type":"Parse","Name":"","Query":"do $$ declare\n  rec record;\nbegin\n  -- extensions\n  for rec in\n    select *\n    from pg_extension p\n    where p.extname not in ('pg_graphql', 'pg_net', 'pg_stat_statements', 'pgcrypto', 'pgjwt', 'pgsodium', 'plpgsql', 'supabase_vault', 'uuid-ossp')\n  loop\n    execute format('drop extension if exists %I cascade', rec.extname);\n  end loop;\n\n  -- functions\n  for rec in\n    select *\n    from pg_proc p\n    where p.pronamespace::regnamespace::name = 'public'\n  loop\n    -- supports aggregate, function, and procedure\n    execute format('drop routine if exists %I.%I(%s) cascade', rec.pronamespace::regnamespace::name, rec.proname, pg_catalog.pg_get_function_identity_arguments(rec.oid));\n  end loop;\n\n  -- tables (cascade to views)\n  for rec in\n    select *\n    from pg_class c\n    where\n      c.relnamespace::regnamespace::name = 'public'\n      and c.relkind not in ('c', 'S', 'v', 'm')\n    order by c.relkind desc\n  loop\n    -- supports all table like relations, except views, complex types, and sequences\n    execute format('drop table if exists %I.%I cascade', rec.relnamespace::regnamespace::name, rec.relname);\n  end loop;\n\n  -- truncate tables in auth and migrations schema\n  for rec in\n    select *\n    from pg_class c\n    where\n      (c.relnamespace::regnamespace::name = 'auth' and c.relname != 'schema_migrations'\n      or c.relnamespace::regnamespace::name = 'supabase_migrations')\n      and c.relkind = 'r'\n  loop\n    execute format('truncate %I.%I restart identity cascade', rec.relnamespace::regnamespace::name, rec.relname);\n  end loop;\n\n  -- sequences\n  for rec in\n    select *\n    from pg_class c\n    where\n      c.relnamespace::regnamespace::name = 'public'\n      and c.relkind = 's'\n  loop\n    execute format('drop sequence if exists %I.%I cascade', rec.relnamespace::regnamespace::name, rec.relname);\n  end loop;\n\n  -- types\n  for rec in\n    select *\n    from pg_type t\n    where\n      t.typnamespace::regnamespace::name = 'public'\n      and typtype != 'b'\n  loop\n    execute format('drop type if exists %I.%I cascade', rec.typnamespace::regnamespace::name, rec.typname);\n  end loop;\n\n  -- policies\n  for rec in\n    select *\n    from pg_policies p\n  loop\n    execute format('drop policy if exists %I on %I.%I cascade', rec.policyname, rec.schemaname, rec.tablename);\n  end loop;\nend $$;\n","ParameterOIDs":null}
2024/07/08 05:36:18 PG Send: {"Type":"Bind","DestinationPortal":"","PreparedStatement":"","ParameterFormatCodes":null,"Parameters":[],"ResultFormatCodes":[]}
2024/07/08 05:36:18 PG Send: {"Type":"Describe","ObjectType":"P","Name":""}
2024/07/08 05:36:18 PG Send: {"Type":"Execute","Portal":"","MaxRows":0}
2024/07/08 05:36:18 PG Send: {"Type":"Sync"}
2024/07/08 05:36:18 PG Recv: {"Type":"ParseComplete"}
2024/07/08 05:36:18 PG Recv: {"Type":"BindComplete"}
2024/07/08 05:36:18 PG Recv: {"Type":"NoData"}
2024/07/08 05:36:18 PG Recv: {"Type":"ErrorResponse","Severity":"ERROR","SeverityUnlocalized":"ERROR","Code":"42501","Message":"must be owner of extension postgis","Detail":"","Hint":"","Position":0,"InternalPosition":0,"InternalQuery":"","Where":"SQL statement \"drop extension if exists postgis cascade\"\nPL/pgSQL function inline_code_block line 10 at EXECUTE","SchemaName":"","TableName":"","ColumnName":"","DataTypeName":"","ConstraintName":"","File":"aclchk.c","Line":3788,"Routine":"aclcheck_error","UnknownFields":null}
2024/07/08 05:36:18 PG Recv: {"Type":"ReadyForQuery","TxStatus":"I"}
2024/07/08 05:36:18 PG Send: {"Type":"Terminate"}
ERROR: must be owner of extension postgis (SQLSTATE 42501)
At statement 0: do $$ declare
  rec record;
begin
  -- extensions
  for rec in
    select *
    from pg_extension p
    where p.extname not in ('pg_graphql', 'pg_net', 'pg_stat_statements', 'pgcrypto', 'pgjwt', 'pgsodium', 'plpgsql', 'supabase_vault', 'uuid-ossp')
  loop
    execute format('drop extension if exists %I cascade', rec.extname);
  end loop;

  -- functions
  for rec in
    select *
    from pg_proc p
    where p.pronamespace::regnamespace::name = 'public'
  loop
    -- supports aggregate, function, and procedure
    execute format('drop routine if exists %I.%I(%s) cascade', rec.pronamespace::regnamespace::name, rec.proname, pg_catalog.pg_get_function_identity_arguments(rec.oid));
  end loop;

  -- tables (cascade to views)
  for rec in
    select *
    from pg_class c
    where
      c.relnamespace::regnamespace::name = 'public'
      and c.relkind not in ('c', 'S', 'v', 'm')
    order by c.relkind desc
  loop
    -- supports all table like relations, except views, complex types, and sequences
    execute format('drop table if exists %I.%I cascade', rec.relnamespace::regnamespace::name, rec.relname);
  end loop;

  -- truncate tables in auth and migrations schema
  for rec in
    select *
    from pg_class c
    where
      (c.relnamespace::regnamespace::name = 'auth' and c.relname != 'schema_migrations'
      or c.relnamespace::regnamespace::name = 'supabase_migrations')
      and c.relkind = 'r'
  loop
    execute format('truncate %I.%I restart identity cascade', rec.relnamespace::regnamespace::name, rec.relname);
  end loop;

  -- sequences
  for rec in
    select *
    from pg_class c
    where
      c.relnamespace::regnamespace::name = 'public'
      and c.relkind = 's'
  loop
    execute format('drop sequence if exists %I.%I cascade', rec.relnamespace::regnamespace::name, rec.relname);
  end loop;

  -- types
  for rec in
    select *
    from pg_type t
    where
      t.typnamespace::regnamespace::name = 'public'
      and typtype != 'b'
  loop
    execute format('drop type if exists %I.%I cascade', rec.typnamespace::regnamespace::name, rec.typname);
  end loop;

  -- policies
  for rec in
    select *
    from pg_policies p
  loop
    execute format('drop policy if exists %I on %I.%I cascade', rec.policyname, rec.schemaname, rec.tablename);
  end loop;
end $$;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sweatybridge @thenbe