From 1a42e96a3b04a780c0b68e4314a7ef9cbb261965 Mon Sep 17 00:00:00 2001 From: Rain6435 Date: Thu, 14 Aug 2025 01:45:02 -0400 Subject: [PATCH] fix: resolve Azure PostgreSQL pgvector extension permission issue Replace direct CREATE EXTENSION commands with conditional checks to avoid permission errors on Azure PostgreSQL Flexible Server where only azure_pg_admin members can create extensions. - Check pg_extension table before attempting to create vector extension - Apply same fix to pgcrypto extension for consistency - Allows following least privilege principle for database users Fixes #12453 --- .../retrieval/vector/dbs/pgvector.py | 20 +++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/backend/open_webui/retrieval/vector/dbs/pgvector.py b/backend/open_webui/retrieval/vector/dbs/pgvector.py index 9deb61f5a3..4c5d1f7dcd 100644 --- a/backend/open_webui/retrieval/vector/dbs/pgvector.py +++ b/backend/open_webui/retrieval/vector/dbs/pgvector.py @@ -111,11 +111,27 @@ class PgvectorClient(VectorDBBase): try: # Ensure the pgvector extension is available - self.session.execute(text("CREATE EXTENSION IF NOT EXISTS vector;")) + # Use a conditional check to avoid permission issues on Azure PostgreSQL + self.session.execute(text(""" + DO $$ + BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'vector') THEN + CREATE EXTENSION IF NOT EXISTS vector; + END IF; + END $$; + """)) if PGVECTOR_PGCRYPTO: # Ensure the pgcrypto extension is available for encryption - self.session.execute(text("CREATE EXTENSION IF NOT EXISTS pgcrypto;")) + # Use a conditional check to avoid permission issues on Azure PostgreSQL + self.session.execute(text(""" + DO $$ + BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pgcrypto') THEN + CREATE EXTENSION IF NOT EXISTS pgcrypto; + END IF; + END $$; + """)) if not PGVECTOR_PGCRYPTO_KEY: raise ValueError(