https://pulumi.com logo
Powered by
Title
b

better-actor-92669

03/04/2020, 9:16 AM
Hey! How do you guys create roles and grants for a CloudSQL Postgre Instances?
l

limited-rainbow-51650

03/04/2020, 10:35 AM
With the Pulumi PostgreSQL provider. https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/postgresql/
b

better-actor-92669

03/04/2020, 11:06 AM
@limited-rainbow-51650, if I do it via this module, it adds a role to a superusers group. How do you solve this problem?
l

limited-rainbow-51650

03/04/2020, 11:06 AM
What do you mean with “it adds a role to a superusers group”?
b

better-actor-92669

03/04/2020, 11:07 AM
so, if you add a user via console in GCP, it adds that user to a special group (predefined by google)
Since this module uses google's api, it does the same thing, regardless of the grants
But, it is not the biggest problem. The biggest problem is that https://github.com/pulumi/pulumi-postgresql (which I think is the module itself), doesn't support TLS. There is no way to specify client cert, key and server CA. So, for me, it is unacceptable to create users via unsecured connection
If you put 'sslmode' to verifyca, or even required, you will have that error
This module uses a terraform provider https://github.com/terraform-providers/terraform-provider-postgresql. I even tried libpq configuration file, but there is no way to specify SERVICE NAME https://www.postgresql.org/docs/current/libpq-pgservice.html. I also tried env variables, but there is no way to get it working https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
2 Views
#google-cloudJoin Slack
Powered by