https://pulumi.com logo
Join Slack
Powered by
Hi guys! I want to use this module <https://github...
# general
b
Hi guys! I want to use this module https://github.com/pulumi/pulumi-postgresql to create roles and grants for GCP CloudPostgre Instances. My SDK is Python and I use 
pulumi-gcp
module to create a CloudSQL DB Instance https://github.com/pulumi/pulumi-gcp/blob/master/sdk/python/pulumi_gcp/sql/database_instance.py. Since 
pulumi-postgresql
connects to an instance similarly to pgsql, I define 
PGHOST
, 
PGUSER
, and 
PGPASSWORD
during Pulumi runtime. Since the CloudSQL Instance is created via the same execution, I define dependencies like:
Copy code
opts=ResourceOptions(
                depends_on=[cloud_pgsql_main_1],
            ),
Nevertheless, it doesn't seem to work as it tries to connect to the instance immediately, however the instance is obviously not ready, and 
pulumi up
fails. Do you think it is possible that two separate modules 
pulumi-gcp
and 
pulumi-postgresql
do not appropriately share dependencies during runtime?
l
If you want to chain correctly, then create a 
postgresql.Provider
after the CloudSQL instance creation and create the roles passing the provider to it. Because of this chaining, it will wait correctly:
Copy code
const dbServerResource = new ... // CloudSQL creation here

const databaseProvider = new postgresql.Provider("adminconnection", {
    username: dbAdminUser,
    password: dbAdminPassword,
    superuser: false,
    host: dbServerResource.fqdn,
    port: 5432
})

const databaseRole = new postgresql.Role("your_role", {
    connectionLimit: 4,
    login: true,
    name: "your_role_name",
    password: dbRolePassword
},
{
    provider: databaseProvider
})
BTW, this is a Typescript example, but the Python equivalent should work too.
b
@limited-rainbow-51650, thanks a lot! I will try that. I do see a 
pulumi_postgresql.Provider
class in the postgresq l module.
@limited-rainbow-51650, do you use HTTPS while creating objects from pulumi_postgresql? If so, how do you do that?
l
@better-actor-92669 the PostgreSQL provider uses the psql go client library. It connects directly to the Postgres port (default: 5432). It supports SSL protected connections by default. I didn’t have to do anything special to connect e.g. to an Azure PostgreSQL server.
b
@limited-rainbow-51650, to be specific, it uses libpq library. Do you specify client cert, client key and ca cert via runtime?
l
I didn’t. To be honest, I’m actually assuming I’m on an SSL protected connection. Good that you trigger me on that. I should verify this explicitly.
b
Predefined config file for libpq works, but if you create Pulumi Objects via runtime, it is not possible (at least for python sdk and pulumi_postgresql) module to access its properties, that is why I wandered how you do that
l
Strange. I would file an issue in the 
pulumi-postgresql
provider Github repo for further investigation. At runtime, you should be able to set all properties on a newly created Provider object. If that is not available, an issue is your means to communicate your desire. 😉
b
Yeah, I tried to set up some ENVIRONMENTAL variables as a workaround, but @many-garden-84306 advocates against it in asynchronous operation 🙂
2 Views
Open in Slack
PreviousNext
Powered by