feat: remove pgedge_application built-in roles

[rshoemaker]

Summary

• Removes pgedge_application and pgedge_application_read_only uilt-in roles from the control plane
• Deletes CreateApplicationRole, CreateApplicationReadOnlyRole, and schemaReadOnly from postgres/roles.go
• Simplifies CreateBuiltInRoles to only create pgedge_superuser
• Removes application role grants from GrantBuiltinRolePrivileges
• Removes both roles from the builtinRoles conflict-check list
• Deletes docs/development/service-credentials.md (fully obsolete)
• Cleans up stale role references in dev docs

Context

These roles were created alongside every database but had no remaining consumers:

• pgedge_application_read_only was used as the PostgREST default anon role — removed in feat: require db_anon_role for PostgREST, remove pgedge_application_r… #361 (db_anon_role is now required)
• pgedge_application lost its last consumer when the svc_* service account model was replaced by connect_as in feat: remove ServiceUserRole #358/docs: update service docs for connect_as #360

This is the cleanup unblocked by those two PRs.

Behavior on existing databases

The roles are not dropped from existing databases. They will persist and continue to be replayed to new nodes via pg_dumpall --roles-only from the primary. No privileges are revoked. New databases created after this change will never have these roles.

Note

pgedge_application and pgedge_application_read_only are no longer reserved names. Users may now name their database_users entries either of those strings without a validation error.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ec70779c-7bbd-47fb-be7c-e2061837842f

📥 Commits

Reviewing files that changed from the base of the PR and between 7297fab and 8d682e0.

📒 Files selected for processing (5)

• docs/development/running-locally.md
• docs/development/service-credentials.md
• docs/development/supported-services.md
• server/internal/postgres/roles.go
• server/internal/postgres/roles_test.go

💤 Files with no reviewable changes (1)

• docs/development/service-credentials.md

---

📝 Walkthrough

Walkthrough

The pull request removes application-specific database roles (pgedge_application and pgedge_application_read_only) from the system, consolidating role management to exclusively use the superuser role. Documentation is updated to reflect this architectural simplification.

Changes

Cohort / File(s)	Summary
Documentation Updates docs/development/running-locally.md, docs/development/service-credentials.md, docs/development/supported-services.md	Removed service-credentials.md entirely; updated running-locally examples to remove pgedge_application role from user JSON definitions; removed references to credential generation workflow and read/write service user planned work.
Database Role Refactoring server/internal/postgres/roles.go, server/internal/postgres/roles_test.go	Removed pgedge_application and pgedge_application_read_only from builtin roles. Deleted functions CreateApplicationRole, CreateApplicationReadOnlyRole, and schemaReadOnly. Updated CreateBuiltInRoles to return only superuser role creation. Updated test case to use pgedge_superuser for role conflict validation.

Poem

🐰 Roles once many, now just one,
Superuser shines beneath the sun!
Application roles fade away,
Simpler systems win the day,
Cleaner code—our work is done! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is comprehensive and well-structured, covering summary, context, behavior on existing databases, and notes. However, it lacks several required template sections: Testing, Checklist items, and explicit breaking change callout.	Add Testing section with test commands, complete all Checklist items (especially Changelog entry for user-facing changes), and explicitly document the breaking change regarding reserved role names.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat: remove pgedge_application built-in roles' accurately and concisely summarizes the main change across the changeset: removing two built-in PostgreSQL roles from the control plane.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/PLAT-559/remove-application-roles

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics -4 complexity · 0 duplication

Metric	Results
Complexity	-4
Duplication	0

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes. Give us feedback}

[jason-lynch]

Thanks! We should talk about removing pgedge_superuser as well.