https://pulumi.com logo
#azure
Title
# azure
It wants
server_name
but simply giving it the coordinator hostname fails
c

clever-sunset-76585

02/23/2024, 4:23 AM
I think you just need to provide the cluster's name and not the hostname.
h

hundreds-gpu-71155

02/23/2024, 3:33 PM
So at least for
FirewallRule
that's not true, I get the same error:
Copy code
error: Code="ResourceNotFound" Message="The Resource 'Microsoft.DBforPostgreSQL/flexibleServers/agreksys' under resource group 'thomasc32e3e97' was not found. For more details please go to <https://aka.ms/ARMResourceNotFoundFix>"
and same for
Database
c

clever-sunset-76585

02/23/2024, 4:29 PM
Judging from that error message I can't tell if you are passing in the
id
property and not just the server name or if Azure is formatting the name in the error message with the resource provider. I believe the
Database
resource is looking just for the name and in your case it would be
agreksys
, assuming you aren't using auto-naming for the cluster resource.
h

hundreds-gpu-71155

02/23/2024, 4:30 PM
i'm using
.name
c

clever-sunset-76585

02/23/2024, 4:31 PM
If you can post some relevant code snippets it would be helpful.
h

hundreds-gpu-71155

02/23/2024, 4:31 PM
i've tried
Cluster.name
and
ServerNameItemResponse.name
, and I would have used
Server.name
except
getServer
panicked
plus things like:
Copy code
apg.Database(
        f"{name}-db",
        charset="utf8",
        collation="en_US.utf8",
        database_name="test_db",
        resource_group_name=env.resource_group.name,
        server_name=cluster.name,
        **OPTS
    )
and yes, they're all in the same resource group
so, like,
cluster.name
doesn't work,
cluster.id
doesn't work,
cname.name
doesn't work
getSever
can't find it, so I can't try
coordinator.id
so talking in DMs, it looks like the immediate solution is to use the azure classic API for some of these aspects.
c

clever-sunset-76585

02/23/2024, 6:02 PM
For posterity, it seems that the
Database
resource and some of the other resources in the
dbforpostgresql
module are for specifically working with the
Server
resource aka Flexible Server. While you can create the DB via SQL, things like setting up the cluster for private access requires firewall rules etc. are available in the Azure Classic provider https://www.pulumi.com/registry/packages/azure/api-docs/cosmosdb/. See the
Postgresql*
resources. You can even create a cluster that way if you wish to.
m

microscopic-arm-69377

02/23/2024, 6:08 PM
This is good to know since I'm about to embark on this resource as well.
h

hundreds-gpu-71155

02/23/2024, 6:09 PM
I'm pretty sure someone has a bug, but I'm not sure if it's pulumi or azure
and yup, implemented it in my code base and it worked flawlessly
ok, so I stumbled on a problem with the
Database
version of this
and neither Cluster has it as a built-in arg
oh, i see
but the UI has the parameter
m

microscopic-arm-69377

02/27/2024, 7:35 PM
I know there's a lot in the API which doesn't exist in the UI, and vice versa. It's the worst.
Or they call it something different
Oh, one last follow up on this whole CosmosDB thing: azure classic's
PostgresqlRole
does create a role with a password in postgres, like it says. But that role does not have permissions to the database. You need to run a separate
GRANT SELECT ON ALL TABLES IN SCHEMA public TO $(role.name)
(or whatever is appropriate for you) in SQL.
There's presumably a way to get Pulumi to do this for you. Maybe https://www.pulumi.com/registry/packages/postgresql/ ?
c

clever-sunset-76585

03/06/2024, 5:23 PM
You can use that package if your DB/cluster is accessible over the internet. Or you'd have to figure out a way to run the program from within your VPC. It's certainly doable. Personally, I would just run that as a one-off query directly from within the VPC and then use some DB migrations tool for the schema that is orchestrated as an init container or something else.
h

hundreds-gpu-71155

03/06/2024, 5:24 PM
i kinda don't want to do it as a one-off since i expect to have a bunch of roles, but I might look into exposing it on our VPN
c

clever-sunset-76585

03/06/2024, 5:25 PM
Gotcha. Yeah that would be your best bet then.