Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

no encryption error, but equivalent python code works #485

Closed
nick-youngblut opened this issue Dec 20, 2024 · 5 comments
Closed

no encryption error, but equivalent python code works #485

nick-youngblut opened this issue Dec 20, 2024 · 5 comments

Comments

@nick-youngblut
Copy link

Works:

import psycopg2
from psycopg2.extensions import connection

def db_connect() -> connection:
    db_params = {
        'host': os.environ["DB_HOST"],
        'database': os.environ["DB_NAME"],
        'user': os.environ["DB_USERNAME"],
        'password': os.environ["DB_PASSWORD"]
        'port': '5432'
    }
    return psycopg2.connect(**db_params)

The equivalent R code does not work:

db_connect = function(){
  pool::dbPool(
    RPostgres::Postgres(),
    host = config::get("DB_HOST"),
    dbname = config::get("DB_NAME"),
    user = config::get("DB_USERNAME"),
    password = Sys.getenv("DB_PASSWORD"),
    port = 5432,
    sslmode = "disable"
  )
}

The error:

Error: connection to server at "***", port 5432 failed: FATAL:  pg_hba.conf rejects connection for host "***", user "***", database "***", no encryption

Changing sslmode to any of the other possible settings does not help.

I'm using a GCP Postgresql database.
@nick-youngblut
Copy link
Author

nick-youngblut commented Dec 20, 2024
edited
Loading

Note: providing sslcert and sslkey results in the same error.

I can only connect with RPostgres::Postgres() if I use cloud-sql-proxy.

@krlmlr
Copy link
Member

krlmlr commented Dec 31, 2024

Thanks. Is there any way you could share temporary credentials with me, or perhaps teach me to set up such a database service?

@nick-youngblut
Copy link
Author

Sorry , but I can't provide the temporary credentials.

I ended up using sslmode = "verify-ca"

@krlmlr
Copy link
Member

krlmlr commented Jan 2, 2025

Thanks. Did you connect successfully with RPostgres? Did you need to add sslkey and sslcert as well? Would you like to post the code that worked for you, for other users?

@krlmlr krlmlr closed this as completed Jan 2, 2025
@nick-youngblut
Copy link
Author

nick-youngblut commented Jan 5, 2025
edited
Loading

I was able to successfully connect with RPostgres. I did add sslkey and sslcert.

My example code:

make_db_conn = function(){
  pool::dbPool(
    RPostgres::Postgres(),
    host = config::get("GCP_SQL_DB_HOST"),
    dbname = config::get("GCP_SQL_DB_NAME"),
    user = config::get("GCP_SQL_DB_USERNAME"),
    password = Sys.getenv("GCP_SQL_DB_PASSWORD"),
    sslmode = "verify-ca",
    sslcert = PATH_TO_CLIENT_CERT,
    sslkey = PATH_TO_CLIENT_KEY,
    sslrootcert = PATH_TO_SERVER_CA,
    port = 5432
  )
}

Note: the cert files must have 0600 permissions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@krlmlr @nick-youngblut