Hi Im trying to create a user for my postgres db that has so Pulumi Community #python

Hi, Im trying to create a user for my postgres db...

busy-lawyer-33856

03/22/2023, 7:12 AM

Hi, Im trying to create a user for my postgres db, that has some of the privileges that the postgres superuser has. My db run in GCP, and I have created my db instance and db with

pulumi_gcp.sql

. I have found the library

pulumi_postgresql

, but I find it hard to get it to work from the documentation. I have made tried making the resource

pulumi_postgresql.Grant

Copy code

grants_to_user = postgresql.Grant("user-GRANTS",
        database=database.name,
        object_type="database",
        privileges=["SELECT"],
        role=db_role.name,
    )

where

db_role.name

is made with

pulumi_postgresql.Role

Copy code

db_role= postgresql.Role('DB-ROLE',
        login=True,
        roles=["SELECT"],
        password = 'PASSWORD'
    )

They both grant the same error:

Copy code

error: 1 error occurred:
        * error detecting capabilities: error PostgreSQL version: dial tcp [::1]:5432: connect: connection refused

I find it hard to debug this error, so I was wondering if anyone have a solution for the problem? Any help is greatly appreciated! Best Regards Elias

stocky-restaurant-98004

03/22/2023, 2:49 PM

How are you configuring the postgres provider? In order to use that provider, your database has to be reachable over the network. (The provider is executing on your local machine and has to be able to connect to the DB, which is provisioned in Google Cloud.)

stocky-restaurant-98004

03/22/2023, 2:50 PM

I should also note that you generally do not want your database to be addressable over the internet for production environments (and maybe any environment). Instead, you should use a VPN.

busy-lawyer-33856

03/22/2023, 2:53 PM

can you elaborate on what the provider is? my database is reachable in GCP and I can use my postgres (superuser) in the connection str to connect to the my app to the database.

stocky-restaurant-98004

03/22/2023, 2:56 PM

Where is the app running: locally or in GCP?

busy-lawyer-33856

03/22/2023, 2:57 PM

in gcp with cloudrun service

stocky-restaurant-98004

03/22/2023, 2:57 PM

Right, so when you run Pulumi on your local machine, it probably can't reach the database over the network unless you've configured your DB to be reachable over the internet.

busy-lawyer-33856

03/22/2023, 3:00 PM

yea that makes sense. How would you then suggest i create a user that can be used in my connection str with pulumi? Is it even possible yet?

stocky-restaurant-98004

03/22/2023, 3:04 PM

There's a few ways you can solve this: You can make another CloudRun container that runs your DB migrations either using Pulumi (the automation API would probably be a good fit) or using a tool like Flyway or Django migrations. You've already established connectivity, so this is probably easiest. You can establish a VPN connection to run your migrations from your machine.

stocky-restaurant-98004

03/22/2023, 3:04 PM

In a production scenario, you would run your DB migrations (including creating that first app user, tables, views, etc.) as part of your CI/CD pipeline.

busy-lawyer-33856

03/22/2023, 3:07 PM

alright! Thank you very much for the applies and suggest solutions to fix my problem.

stocky-restaurant-98004

03/22/2023, 3:15 PM

You're welcome! Good luck!

26 Views

Open in Slack

Previous Next