Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
b
busy-lawyer-33856
03/22/2023, 7:12 AMHi,
Im trying to create a user for my postgres db, that has some of the privileges that the postgres superuser has. My db run in GCP, and I have created my db instance and db with
pulumi_gcp.sqlpulumi_postgresqlpulumi_postgresql.Grantgrants_to_user = postgresql.Grant("user-GRANTS",
database=database.name,
object_type="database",
privileges=["SELECT"],
role=db_role.name,
)db_role.namepulumi_postgresql.Roledb_role= postgresql.Role('DB-ROLE',
login=True,
roles=["SELECT"],
password = 'PASSWORD'
)error: 1 error occurred:
* error detecting capabilities: error PostgreSQL version: dial tcp [::1]:5432: connect: connection refuseds
stocky-restaurant-98004
03/22/2023, 2:49 PMHow are you configuring the postgres provider? In order to use that provider, your database has to be reachable over the network. (The provider is executing on your local machine and has to be able to connect to the DB, which is provisioned in Google Cloud.)
I should also note that you generally do not want your database to be addressable over the internet for production environments (and maybe any environment). Instead, you should use a VPN.
b
busy-lawyer-33856
03/22/2023, 2:53 PMcan you elaborate on what the provider is? my database is reachable in GCP and I can use my postgres (superuser) in the connection str to connect to the my app to the database.
s
stocky-restaurant-98004
03/22/2023, 2:56 PMWhere is the app running: locally or in GCP?
b
busy-lawyer-33856
03/22/2023, 2:57 PMin gcp with cloudrun service
s
stocky-restaurant-98004
03/22/2023, 2:57 PMRight, so when you run Pulumi on your local machine, it probably can't reach the database over the network unless you've configured your DB to be reachable over the internet.
b
busy-lawyer-33856
03/22/2023, 3:00 PMyea that makes sense.
How would you then suggest i create a user that can be used in my connection str with pulumi?
Is it even possible yet?
s
stocky-restaurant-98004
03/22/2023, 3:04 PMThere's a few ways you can solve this:
You can make another CloudRun container that runs your DB migrations either using Pulumi (the automation API would probably be a good fit) or using a tool like Flyway or Django migrations. You've already established connectivity, so this is probably easiest.
You can establish a VPN connection to run your migrations from your machine.
In a production scenario, you would run your DB migrations (including creating that first app user, tables, views, etc.) as part of your CI/CD pipeline.
b
busy-lawyer-33856
03/22/2023, 3:07 PMalright! Thank you very much for the applies and suggest solutions to fix my problem.
s
stocky-restaurant-98004
03/22/2023, 3:15 PMYou're welcome! Good luck!