Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure DB for Postgres Flexible Server #229

Open
Iain-S opened this issue Jun 11, 2023 · 3 comments
Open

Azure DB for Postgres Flexible Server #229

Iain-S opened this issue Jun 11, 2023 · 3 comments
Labels
kind/bug Some behavior is incorrect or out of spec

Comments

@Iain-S
Copy link

Iain-S commented Jun 11, 2023

What happened?

I am migrating from using an Azure DB for Postgres Single Server, which is being deprecated in March 2025, to a Flexible Server. When I try to create a new Role on the Flexible Server, I get an error:

Diagnostics:
  postgresql:index:Role (dev-role):
    error: 1 error occurred:
        * error detecting capabilities: error PostgreSQL version: read tcp 10.10.8.16:51843->20.108.54.30:5432: read: connection reset by peer

Expected Behavior

I expect a new user/role to be added to the Flexible server.

Steps to reproduce

Please see this repo for a minimal reproducible example: https://github.com/Iain-S/pulumi-flexible-server

Output of pulumi about

CLI
Version 3.70.0
Go Version go1.20.4
Go Compiler gc

Plugins
NAME VERSION
azure-native 1.103.0
postgresql 3.8.0
python unknown
random 4.13.2

Host
OS darwin
Version 13.4
Arch arm64

NAME VERSION
black 23.3.0
pip 23.1.2
pulumi-azure-native 1.103.0
pulumi-postgresql 3.8.0
pulumi-random 4.13.2
setuptools 67.7.2
wheel 0.40.0

Additional context

It would be very helpful if there were simple examples of how to do this in the docs and some explanation of what is actually happening behind the scenes.

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@Iain-S Iain-S added kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team labels Jun 11, 2023
@AaronFriel AaronFriel removed the needs-triage Needs attention from the triage team label Jun 12, 2023
@AaronFriel
Copy link
Contributor

@Iain-S thank you for the repro! We'll take a look.

@Iain-S
Copy link
Author

Iain-S commented Jun 19, 2023

@AaronFriel while you look at the above, do you happen to know whether it is possible to open a wide firewall rule (e.g. to 10.10.x.x), add the Role and then remove the firewall rule at the end? This doesn't seem to fit in well with Pulumi's usual model but is there a better way than adding a custom pulumi.Command() at the very end to remove the rule?

@Iain-S
Copy link
Author

Iain-S commented Jun 21, 2023

I have stumbled across a solution, though I'm unsure why it is needed and think the error message could be much more descriptive.

The issue seems to be fixed by downloading the DigiCert Global Root CA linked to from this Microsoft page and providing the local path to it to the Provider.

provider = Provider(
    f"{STACK_NAME}-provider",
    ProviderArgs(
        host=server.fully_qualified_domain_name,
        username=admin_username,  # no @servername on flexible server
        password=password.result,
        superuser=False,
        sslmode="verify-full",  # I don't think "require" is sufficient
        sslrootcert="/path/to/my/downloads/DigiCertGlobalRootCA.crt.pem"
    ),
    # My machine needs access to the server
    opts=ResourceOptions(depends_on=firewall_rule),
)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Some behavior is incorrect or out of spec
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AaronFriel @Iain-S