fix(sync): tolerate missing USAGE on the wal2delta schema#47
Merged
Conversation
enable_sync() and the tiering durability gate probe wal2delta only to detect
whether Lakebase CDF is active. The probe used to_regclass('wal2delta.tables'),
which resolves a name inside the schema and therefore requires USAGE on it.
wal2delta is owned by the CDF subsystem, so a role without USAGE got
'42501 permission denied for schema wal2delta' instead of the NULL the code
assumed -- aborting enable_sync at its preflight.
- enable_sync: wrap the CDF probe in an exception handler; treat
insufficient_privilege the same as 'not visible' and warn-and-continue
(the function does not otherwise touch wal2delta).
- _cdf_committed_lsn: drop the pre-check and catch insufficient_privilege /
undefined_table / invalid_schema_name, returning NULL so the gate fails
closed -- never evict data whose durability it cannot verify.
- docs: add a troubleshooting entry explaining the error and the grants
needed for CDF-gated tiering to evict.
github-actions
Bot
added
documentation
taran-dbx
added a commit
that referenced
this pull request
Jun 8, 2026
Patch release: wal2delta USAGE-tolerant CDF probe (PR #47).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Calling
lakets.enable_sync(...)fails with:enable_syncand the tiering durability gate probewal2deltaonly to detect whether Lakebase CDF is active — they never write to it. The probe usedto_regclass('wal2delta.tables'), which resolves a name inside the schema and therefore requiresUSAGEon it. Sincewal2deltais owned by the CDF subsystem, a role withoutUSAGEgets42501instead of theNULLthe code assumed for "not present" — abortingenable_syncat its preflightIF.Fix
enable_sync— wrap the CDF probe in an exception handler; treatinsufficient_privilegethe same as "not visible" and warn-and-continue. The function does not otherwise touchwal2delta, so the shadow + trigger are created as normal._cdf_committed_lsn(tiering gate) — drop theto_regclasspre-check and catchinsufficient_privilege/undefined_table/invalid_schema_name, returningNULLso the gate fails closed — it never evicts data whose durability it cannot verify.GRANT USAGE … / GRANT SELECT …needed if you want CDF-gated tiering to actually evict.Test plan
make buildis clean (14 modules, version 0.1.0)enable_syncas a role withoutwal2deltaUSAGE → completes with a WARNING instead of42501Note: CI runs lint + Python unit tests; it does not execute SQL against a live Lakebase, so live verification of the privilege path is manual.