Hello folks, I’m trying to automate granting privi...
# automation-api
Hello folks, I’m trying to automate granting privileges to MySQL users on GCP. In order to do so, I need to start a subprocess to create a new instance of google cloud_sql_proxy, which is used to ensure TLS when creating new connections to the database. On plain TS this can be done quite easily, but with pulumi resource provisioning fails (GRANTS), as pulumi hangs forever (most likely awaiting process termination). I’ve been trying to do this using promises but I’m still unable to nailed it. I’d be very appreciative if you could provide me with some insights on how to accomplish this task.
are you using the pulumi mysql provider?
@billowy-army-68599 I am. The pulumi provider works like a charm. The problem is that we’re using a proxy to establish the connection, which requires to spin up a new instance of the latter on my runtime environment. I’m aiming at a full e2e automation, which can be done using bash scripts to orchestrate both proxy and pulumi execution. I was wondering if the pulumi provider would allow me to point directly to the DB server public IP using a certificate, which could be provisioned with the gcp provider. But then I see no
to let the MySQL provider know that I wish to use this authentication method. I think it’s not supported…?
I'm trying to do the exact same thing right now, would love to know if you ended up coming up with a solution for this @fast-easter-23401
Hey @white-crayon-65245 I just got back from vacation. Three weeks under cloudy Chilean skies (it’s wintertime over there). There are a couple of options to solve this problem. 1. Write a new pulumi resource provider (too expensive IMO). 2. Leverage some of the available (available in java/go/python) GCP libraries to create a db client. I created a python DB client using https://github.com/GoogleCloudPlatform/cloud-sql-python-connector, and get it wrapped in a dynamic resource provider. This should be pretty straight-forward, but your code might need to perform so parameter validation to prevent SQL injections. The sweet part of this is that you won’t need to use the gcp cloud_sql_proxy. 3. You could use bash scripts to orchestrate the initialization of both
. Though a bit dirty, this was our preferred solution because our pulumi project is written in a TS, and the use of yet another programming language would require to create a new stack. Let me know if you want to find out more. I hope this helps,
@future-nail-59564 @limited-salesmen-97945 ☝️
👀 2