Hi everyone,
We're currently considering switching the way we connect our services to our Postgres DB managed in Cloud SQL and leverage IAM authentication to use a service account.
The last blocking point is the extensions ! Each time we deploy a new version of our service, they run a SQL script to update their DB schemas. And from time to time, those scripts will contain a line with `CREATE EXTENSION .. IF NOT EXISTS; `
With the 'postgres' role , as it inherits from cloudsqlsuperuser, we have no problem but when we try with a service account, it fails with an error like this:
```
permission denied to create extension "pg_trgm"
Indice : Must be superuser to create this extension.
```
The doc says the user must have superuser privileges which I rather understand like must be inherit from the cloudsqlsuperuser but it isn't the case for a service account.
So is there any way to allow members of {cloudsqliamaccount} or {cloudsqliamuser} to create extensions or should we just manage them separately and create them with a {cloudsqlsuperuser} account?
Thanks in advance for your help