CRE-2025-0078

SpiceDB Database Schema Failures: Missing Core TablesHigh

Impact: 10/10

Mitigation: 2/10

CRE-2025-0078View on GitHub

SpiceDBMigration FailureSchema ErrorPostgreSQL

Description

Detects critical SpiceDB database schema failures caused by missing core tables like `metadata`, `alembic_version`, or `relation_tuple_transaction`. These errors often stem from incomplete migrations, startup race conditions, or schema corruption, resulting in a complete breakdown of SpiceDB authorization capabilities.

Mitigation

IMMEDIATE ACTIONS: - Stop the SpiceDB service immediately to prevent further inconsistent behavior. - Check PostgreSQL connectivity and schema integrity. - Run: `psql -U postgres -d spicedb -c "\dt"` to inspect existing tables. - If tables are missing, initialize and apply migrations: `spicedb migrate init && spicedb migrate head`

References

• https://docs.authzed.com/spicedb/concepts/datastore-migrations
• https://github.com/authzed/spicedb/issues?q=relation+does+not+exist
• https://alembic.sqlalchemy.org
• https://github.com/authzed/spicedb/issues/1712