https://pulumi.com logo
Join Slack
Powered by
What should I give <https://www.pulumi.com/registr...
# azure
h
It wants 
server_name
but simply giving it the coordinator hostname fails
c
I think you just need to provide the cluster's name and not the hostname.
h
So at least for 
FirewallRule
that's not true, I get the same error:
Copy code
error: Code="ResourceNotFound" Message="The Resource 'Microsoft.DBforPostgreSQL/flexibleServers/agreksys' under resource group 'thomasc32e3e97' was not found. For more details please go to <https://aka.ms/ARMResourceNotFoundFix>"
and same for 
Database
c
Judging from that error message I can't tell if you are passing in the 
id
property and not just the server name or if Azure is formatting the name in the error message with the resource provider. I believe the 
Database
resource is looking just for the name and in your case it would be 
agreksys
, assuming you aren't using auto-naming for the cluster resource.
h
i'm using 
.name
c
If you can post some relevant code snippets it would be helpful.
h
i've tried 
Cluster.name
and 
ServerNameItemResponse.name
, and I would have used 
Server.name
except 
getServer
panicked
plus things like:
Copy code
apg.Database(
        f"{name}-db",
        charset="utf8",
        collation="en_US.utf8",
        database_name="test_db",
        resource_group_name=env.resource_group.name,
        server_name=cluster.name,
        **OPTS
    )
and yes, they're all in the same resource group
so, like, 
cluster.name
doesn't work, 
cluster.id
doesn't work, 
cname.name
doesn't work
getSever
can't find it, so I can't try 
coordinator.id
so talking in DMs, it looks like the immediate solution is to use the azure classic API for some of these aspects.
c
For posterity, it seems that the 
Database
resource and some of the other resources in the 
dbforpostgresql
module are for specifically working with the 
Server
resource aka Flexible Server. While you can create the DB via SQL, things like setting up the cluster for private access requires firewall rules etc. are available in the Azure Classic provider https://www.pulumi.com/registry/packages/azure/api-docs/cosmosdb/. See the 
Postgresql*
resources. You can even create a cluster that way if you wish to.
m
This is good to know since I'm about to embark on this resource as well.
h
I'm pretty sure someone has a bug, but I'm not sure if it's pulumi or azure
and yup, implemented it in my code base and it worked flawlessly
ok, so I stumbled on a problem with the 
Database
version of this
and neither Cluster has it as a built-in arg
oh, i see
but the UI has the parameter
m
I know there's a lot in the API which doesn't exist in the UI, and vice versa. It's the worst.
Or they call it something different
h
Oh, one last follow up on this whole CosmosDB thing: azure classic's 
PostgresqlRole
does create a role with a password in postgres, like it says. But that role does not have permissions to the database. You need to run a separate 
GRANT SELECT ON ALL TABLES IN SCHEMA public TO $(role.name)
(or whatever is appropriate for you) in SQL.
There's presumably a way to get Pulumi to do this for you. Maybe https://www.pulumi.com/registry/packages/postgresql/ ?
c
You can use that package if your DB/cluster is accessible over the internet. Or you'd have to figure out a way to run the program from within your VPC. It's certainly doable. Personally, I would just run that as a one-off query directly from within the VPC and then use some DB migrations tool for the schema that is orchestrated as an init container or something else.
h
i kinda don't want to do it as a one-off since i expect to have a bunch of roles, but I might look into exposing it on our VPN
c
Gotcha. Yeah that would be your best bet then.
Open in Slack
PreviousNext
Powered by