https://pulumi.com logo
#general
Title
# general
b

better-actor-92669

02/20/2020, 9:40 AM
Hi guys! I want to use this module https://github.com/pulumi/pulumi-postgresql to create roles and grants for GCP CloudPostgre Instances. My SDK is Python and I use
pulumi-gcp
module to create a CloudSQL DB Instance https://github.com/pulumi/pulumi-gcp/blob/master/sdk/python/pulumi_gcp/sql/database_instance.py. Since
pulumi-postgresql
connects to an instance similarly to pgsql, I define
PGHOST
,
PGUSER
, and
PGPASSWORD
during Pulumi runtime. Since the CloudSQL Instance is created via the same execution, I define dependencies like:
Copy code
opts=ResourceOptions(
                depends_on=[cloud_pgsql_main_1],
            ),
Nevertheless, it doesn't seem to work as it tries to connect to the instance immediately, however the instance is obviously not ready, and
pulumi up
fails. Do you think it is possible that two separate modules
pulumi-gcp
and
pulumi-postgresql
do not appropriately share dependencies during runtime?
l

limited-rainbow-51650

02/20/2020, 9:47 AM
If you want to chain correctly, then create a
postgresql.Provider
after the CloudSQL instance creation and create the roles passing the provider to it. Because of this chaining, it will wait correctly:
Copy code
const dbServerResource = new ... // CloudSQL creation here

const databaseProvider = new postgresql.Provider("adminconnection", {
    username: dbAdminUser,
    password: dbAdminPassword,
    superuser: false,
    host: dbServerResource.fqdn,
    port: 5432
})

const databaseRole = new postgresql.Role("your_role", {
    connectionLimit: 4,
    login: true,
    name: "your_role_name",
    password: dbRolePassword
},
{
    provider: databaseProvider
})
BTW, this is a Typescript example, but the Python equivalent should work too.
b

better-actor-92669

02/20/2020, 9:51 AM
@limited-rainbow-51650, thanks a lot! I will try that. I do see a
pulumi_postgresql.Provider
class in the postgresq l module.
@limited-rainbow-51650, do you use HTTPS while creating objects from pulumi_postgresql? If so, how do you do that?
l

limited-rainbow-51650

02/27/2020, 2:09 PM
@better-actor-92669 the PostgreSQL provider uses the psql go client library. It connects directly to the Postgres port (default: 5432). It supports SSL protected connections by default. I didn’t have to do anything special to connect e.g. to an Azure PostgreSQL server.
b

better-actor-92669

02/27/2020, 2:11 PM
@limited-rainbow-51650, to be specific, it uses libpq library. Do you specify client cert, client key and ca cert via runtime?
l

limited-rainbow-51650

02/27/2020, 2:12 PM
I didn’t. To be honest, I’m actually assuming I’m on an SSL protected connection. Good that you trigger me on that. I should verify this explicitly.
b

better-actor-92669

02/27/2020, 2:13 PM
Predefined config file for libpq works, but if you create Pulumi Objects via runtime, it is not possible (at least for python sdk and pulumi_postgresql) module to access its properties, that is why I wandered how you do that
l

limited-rainbow-51650

02/27/2020, 2:17 PM
Strange. I would file an issue in the
pulumi-postgresql
provider Github repo for further investigation. At runtime, you should be able to set all properties on a newly created Provider object. If that is not available, an issue is your means to communicate your desire. 😉
b

better-actor-92669

02/27/2020, 2:21 PM
Yeah, I tried to set up some ENVIRONMENTAL variables as a workaround, but @many-garden-84306 advocates against it in asynchronous operation 🙂