https://pulumi.com logo
Title
b

busy-lawyer-33856

03/22/2023, 7:12 AM
Hi, Im trying to create a user for my postgres db, that has some of the privileges that the postgres superuser has. My db run in GCP, and I have created my db instance and db with
pulumi_gcp.sql
. I have found the library
pulumi_postgresql
, but I find it hard to get it to work from the documentation. I have made tried making the resource
pulumi_postgresql.Grant
:
grants_to_user = postgresql.Grant("user-GRANTS",
        database=database.name,
        object_type="database",
        privileges=["SELECT"],
        role=db_role.name,
    )
where
db_role.name
is made with
pulumi_postgresql.Role
:
db_role= postgresql.Role('DB-ROLE',
        login=True,
        roles=["SELECT"],
        password = 'PASSWORD'
    )
They both grant the same error:
error: 1 error occurred:
        * error detecting capabilities: error PostgreSQL version: dial tcp [::1]:5432: connect: connection refused
I find it hard to debug this error, so I was wondering if anyone have a solution for the problem? Any help is greatly appreciated! Best Regards Elias
s

stocky-restaurant-98004

03/22/2023, 2:49 PM
How are you configuring the postgres provider? In order to use that provider, your database has to be reachable over the network. (The provider is executing on your local machine and has to be able to connect to the DB, which is provisioned in Google Cloud.)
I should also note that you generally do not want your database to be addressable over the internet for production environments (and maybe any environment). Instead, you should use a VPN.
b

busy-lawyer-33856

03/22/2023, 2:53 PM
can you elaborate on what the provider is? my database is reachable in GCP and I can use my postgres (superuser) in the connection str to connect to the my app to the database.
s

stocky-restaurant-98004

03/22/2023, 2:56 PM
Where is the app running: locally or in GCP?
b

busy-lawyer-33856

03/22/2023, 2:57 PM
in gcp with cloudrun service
s

stocky-restaurant-98004

03/22/2023, 2:57 PM
Right, so when you run Pulumi on your local machine, it probably can't reach the database over the network unless you've configured your DB to be reachable over the internet.
b

busy-lawyer-33856

03/22/2023, 3:00 PM
yea that makes sense. How would you then suggest i create a user that can be used in my connection str with pulumi? Is it even possible yet?
s

stocky-restaurant-98004

03/22/2023, 3:04 PM
There's a few ways you can solve this: You can make another CloudRun container that runs your DB migrations either using Pulumi (the automation API would probably be a good fit) or using a tool like Flyway or Django migrations. You've already established connectivity, so this is probably easiest. You can establish a VPN connection to run your migrations from your machine.
In a production scenario, you would run your DB migrations (including creating that first app user, tables, views, etc.) as part of your CI/CD pipeline.
b

busy-lawyer-33856

03/22/2023, 3:07 PM
alright! Thank you very much for the applies and suggest solutions to fix my problem.
s

stocky-restaurant-98004

03/22/2023, 3:15 PM
You're welcome! Good luck!