{"id":44267743,"url":"https://github.com/nullstone-modules/gcp-postgres-access","last_synced_at":"2026-02-10T18:37:28.316Z","repository":{"id":174219323,"uuid":"651941603","full_name":"nullstone-modules/gcp-postgres-access","owner":"nullstone-modules","description":"Grants an application access to a newly-created postgresql database managed by GCP","archived":false,"fork":false,"pushed_at":"2026-01-16T15:52:50.000Z","size":27,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-01-30T14:54:44.320Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nullstone-modules.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-06-10T15:09:39.000Z","updated_at":"2026-01-16T15:52:54.000Z","dependencies_parsed_at":null,"dependency_job_id":"85fdde12-8bd1-415d-8c05-bd495069f8be","html_url":"https://github.com/nullstone-modules/gcp-postgres-access","commit_stats":null,"previous_names":["nullstone-modules/gcp-postgres-access"],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/nullstone-modules/gcp-postgres-access","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nullstone-modules%2Fgcp-postgres-access","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nullstone-modules%2Fgcp-postgres-access/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nullstone-modules%2Fgcp-postgres-access/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nullstone-modules%2Fgcp-postgres-access/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nullstone-modules","download_url":"https://codeload.github.com/nullstone-modules/gcp-postgres-access/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nullstone-modules%2Fgcp-postgres-access/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29311363,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-10T17:48:59.043Z","status":"ssl_error","status_checked_at":"2026-02-10T17:45:37.240Z","response_time":65,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-02-10T18:37:26.587Z","updated_at":"2026-02-10T18:37:28.297Z","avatar_url":"https://github.com/nullstone-modules.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# gcp-postgres-access\n\nNullstone capability to grant access for a postgres database to a service.\n- Grant network access to the postgres cluster.\n- Create database and user (with full access to database) in postgres.\n- Inject credentials into application as environment variable (from secrets manager).\n\n## How it works\n\nThis module performs database administration against the cluster using a GCP Cloud Function in 3 steps:\n1. Create long-lived database owner (role name will be same as database name)\n2. Create database (owner will be the role with the same name)\n3. Create app role (usually named `\u003capp-name\u003e-\u003crandom-5-digits\u003e`)\n4. Grant membership to app role in database owner role\n5. Set default schema privileges on app role (grants full access to database)\n6. Set default grants on app role (when objects are created, the owner is set to long-lived database owner)\n\n## Unable to run database migrations\n\nDo not run database migrations as the admin user of your postgres cluster.\nIf you do, your database will be in a state where you will be unable to run database migrations on app startup.\nIf you want to recover from this situation, keep reading.\n\n### What should my configuration look like?\n\nAfter connecting to your cluster with `psql`, use the following commands to introspect your database.\nThe example shows what your database *should* look like with a database `webapp`.\nThe web application has access credentials for user `webapp-zshgw`.\n\n```shell\nwebapp=\u003e \\dp\n                                               Access privileges\n Schema |             Name              |   Type   |      Access privileges      | Column privileges | Policies\n--------+-------------------------------+----------+-----------------------------+-------------------+----------\n public | ar_internal_metadata          | table    | postgres0=arwdDxt/postgres0+|                   |\n        |                               |          | webapp=arwdDxt/postgres0    |                   |\n(1 rows)\n```\n\n```shell\nwebapp=\u003e \\ddp\n                        Default access privileges\n    Owner     | Schema |   Type   |           Access privileges           \n--------------+--------+----------+---------------------------------------\n webapp-zshgw |        | function | =X/\"webapp-zshgw\"                    +\n              |        |          | webapp=X/\"webapp-zshgw\"              +\n              |        |          | \"webapp-zshgw\"=X/\"webapp-zshgw\"\n webapp-zshgw |        | schema   | webapp=UC/\"webapp-zshgw\"             +\n              |        |          | \"webapp-zshgw\"=UC/\"webapp-zshgw\"\n webapp-zshgw |        | sequence | webapp=rwU/\"webapp-zshgw\"            +\n              |        |          | \"webapp-zshgw\"=rwU/\"webapp-zshgw\"\n webapp-zshgw |        | table    | webapp=arwdDxt/\"webapp-zshgw\"        +\n              |        |          | \"webapp-zshgw\"=arwdDxt/\"webapp-zshgw\"\n webapp-zshgw |        | type     | =U/\"webapp-zshgw\"                    +\n              |        |          | webapp=U/\"webapp-zshgw\"              +\n              |        |          | \"webapp-zshgw\"=U/\"webapp-zshgw\"\n(5 rows)\n```\n\n```shell\nwebapp=\u003e select * from pg_tables where schemaname='public';\nschemaname |       tablename        | tableowner | tablespace | hasindexes | hasrules | hastriggers | rowsecurity \n------------+------------------------+------------+------------+------------+----------+-------------+-------------\n public     | ar_internal_metadata   | webapp     |            | t          | f        | f           | f\n(1 rows)\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnullstone-modules%2Fgcp-postgres-access","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnullstone-modules%2Fgcp-postgres-access","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnullstone-modules%2Fgcp-postgres-access/lists"}