Azure Database for PostgreSQL - Flexible Server adds support for concept of extension allow-lists for newly created Flexible servers to provide database administrators more control over usage of extensions.
Azure Database for PostgreSQL - Flexible Server supports over 50 PostgreSQL extensions. Extensions expand on the functionality provided by the PostgreSQL engine. However, for regulatory or compliance purposes, some organizations would like to be able to specify approved extensions. With extension allow-list setup by server parameters, you can specify which specific extensions can be installed on a PostgreSQL DB instance.
Using the Azure portal:
- Select your Azure Database for PostgreSQL - Flexible Server.
- On the sidebar, select Server Parameters.
- Search for the azure.extensions parameter.
- Select extensions you wish to allow-list.
Figure 1. Azure.extensions server parameters that can be used to allow-list extensions in Azure portal.
Using Azure CLI:
az postgres flexible-server parameter set --resource-group <your resource group> --server-name <your server name> --subscription <your subscription id> --name azure.extensions --value <extension name>,<extension name>
Example, using CLI to allow-list extensions hstore, lsn, pageinspect on server mypostgreserver in resource group myresource group. in this example subscription id parameter isnt provided since current context was set to proper subscription using CLI command
az account set --subscription XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXaz postgres flexible-server parameter set --resource-group myresourcegroup --server-name mypostgreserver --name azure.extensions --value hstore,lsn,pageinspect
More information on using CLI to set parameters in Postgres Flexible Server available in docs.
Using ARM Templates:
Example below allow-lists extensions dblink, dict_xsyn, pg_buffercache on server mypostgreserver
{
"$schema": https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#,
"contentVersion": "1.0.0.0",
"parameters": {
"flexibleServers_name": {
"defaultValue": "mypostgreserver",
"type": "String"
},
"azure_extensions_set_value": {
"defaultValue": " dblink,dict_xsyn,pg_buffercache",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.DBforPostgreSQL/flexibleServers/configurations",
"apiVersion": "2021-06-01",
"name": "[concat(parameters('flexibleServers_name'), '/azure.extensions')]",
"properties": {
"value": "[parameters('azure_extensions_set_value')]",
"source": "user-override"
}
}
]
}
After extensions are allow-listed, these must be installed in your database before you can use them. To install a particular extension, you should run the CREATE EXTENSION command. This command loads the packaged objects into your database.
For more information about Azure Database for PostgreSQL and its support for extensions see - Azure Database for PostgreSQL - Flexible Server | Microsoft Docs
We’re always eager to get your feedback, so please reach out via email to Ask Azure DB for PostgreSQL.