supabase / supavisor

A cloud-native, multi-tenant Postgres connection pooler.
Apache License 2.0
1.73k stars 55 forks source link

Specify where to get auth token of user to create first tenant #327

Closed hgezim closed 6 months ago

hgezim commented 6 months ago

Improve documentation


Describe the problem

I'm wrecking my brain trying to come up with that first user and how to get that token.

Describe the improvement

I would like to know how that initial user is generate. I do not know how that's done.

Additional context

I'm running supavisor using the docker-compose.yml provided in this repo. Many thanks for that.

J0 commented 6 months ago

Hey @hgezim,

Thanks for the query! Did you already try the token provided? I haven't tried in a while but I think it should work. Do you mind sharing the error if it doesn't? I'll take a look. I do know that I used a token with the role modified to manager a while back and I think that worked.

hgezim commented 6 months ago

@J0 I'm getting this error when trying to call the PUT endpoint. It should be noted that _supavisor schema tables are not populated excepts for the migrations table:

> docker compose logs --follow supavisor
supavisor  | Setting RLIMIT_NOFILE to 100000
supavisor  | 05:38:16.143 [info] == Running 20230125140723 Supavisor.Repo.Migrations.CreateTenants.change/0 forward
supavisor  | 05:38:16.145 [info] create table _supavisor.tenants
supavisor  | 05:38:16.153 [info] create index _supavisor.tenants_external_id_index
supavisor  | 05:38:16.157 [info] == Migrated 20230125140723 in 0.0s
supavisor  | 05:38:16.180 [info] == Running 20230418151441 Supavisor.Repo.Migrations.CreateUsers.change/0 forward
supavisor  | 05:38:16.181 [info] create table _supavisor.users
supavisor  | 05:38:16.186 [info] create index _supavisor.users_db_user_alias_tenant_external_id_mode_type_index
supavisor  | 05:38:16.188 [info] == Migrated 20230418151441 in 0.0s
supavisor  | 05:38:16.190 [info] == Running 20230502101623 Supavisor.Repo.Migrations.AddTimeoutToUsers.up/0 forward
supavisor  | 05:38:16.190 [info] alter table _supavisor.users
supavisor  | 05:38:16.191 [info] == Migrated 20230502101623 in 0.0s
supavisor  | 05:38:16.192 [info] == Running 20230601125553 Supavisor.Repo.Migrations.AddTenantDefaultPS.up/0 forward
supavisor  | 05:38:16.192 [info] alter table _supavisor.tenants
supavisor  | 05:38:16.193 [info] == Migrated 20230601125553 in 0.0s
supavisor  | 05:38:16.194 [info] == Running 20230619091028 Supavisor.Repo.Migrations.AddTenantIpVersion.up/0 forward
supavisor  | 05:38:16.194 [info] alter table _supavisor.tenants
supavisor  | 05:38:16.195 [info] create check constraint ip_version_values on table _supavisor.tenants
supavisor  | 05:38:16.195 [info] == Migrated 20230619091028 in 0.0s
supavisor  | 05:38:16.196 [info] == Running 20230705154938 Supavisor.Repo.Migrations.AddUpstreamSslOpts.up/0 forward
supavisor  | 05:38:16.196 [info] alter table _supavisor.tenants
supavisor  | 05:38:16.197 [info] create check constraint upstream_verify_values on table _supavisor.tenants
supavisor  | 05:38:16.197 [info] create check constraint upstream_constraints on table _supavisor.tenants
supavisor  | 05:38:16.198 [info] == Migrated 20230705154938 in 0.0s
supavisor  | 05:38:16.199 [info] == Running 20230711142028 Supavisor.Repo.Migrations.AddEnforceSsl.up/0 forward
supavisor  | 05:38:16.199 [info] alter table _supavisor.tenants
supavisor  | 05:38:16.199 [info] == Migrated 20230711142028 in 0.0s
supavisor  | 05:38:16.200 [info] == Running 20230714153019 Supavisor.Repo.Migrations.AddAuthQuery.up/0 forward
supavisor  | 05:38:16.200 [info] alter table _supavisor.tenants
supavisor  | 05:38:16.201 [info] create check constraint auth_query_constraints on table _supavisor.tenants
supavisor  | 05:38:16.201 [info] == Migrated 20230714153019 in 0.0s
supavisor  | 05:38:16.202 [info] == Running 20230718175315 Supavisor.Repo.Migrations.AddSniHost.change/0 forward
supavisor  | 05:38:16.203 [info] alter table _supavisor.tenants
supavisor  | 05:38:16.203 [info] == Migrated 20230718175315 in 0.0s
supavisor  | 05:38:16.204 [info] == Running 20230801090256 Supavisor.Repo.Migrations.AddUserMaxClients.change/0 forward
supavisor  | 05:38:16.204 [info] alter table _supavisor.users
supavisor  | 05:38:16.204 [info] == Migrated 20230801090256 in 0.0s
supavisor  | 05:38:16.205 [info] == Running 20230801090942 Supavisor.Repo.Migrations.AddTenantDefMaxClients.change/0 forward
supavisor  | 05:38:16.205 [info] alter table _supavisor.tenants
supavisor  | 05:38:16.205 [info] == Migrated 20230801090942 in 0.0s
supavisor  | 05:38:16.206 [info] == Running 20230914102712 Supavisor.Repo.Migrations.AddClientIdleTimeout.change/0 forward
supavisor  | 05:38:16.206 [info] alter table _supavisor.tenants
supavisor  | 05:38:16.207 [info] == Migrated 20230914102712 in 0.0s
supavisor  | 05:38:16.208 [info] == Running 20230919091334 Supavisor.Repo.Migrations.CreateClusters.change/0 forward
supavisor  | 05:38:16.208 [info] create table _supavisor.clusters
supavisor  | 05:38:16.211 [info] create index _supavisor.clusters_alias_index
supavisor  | 05:38:16.212 [info] == Migrated 20230919091334 in 0.0s
supavisor  | 05:38:16.215 [info] == Running 20230919100141 Supavisor.Repo.Migrations.CreateClusterTenants.change/0 forward
supavisor  | 05:38:16.215 [info] create table _supavisor.cluster_tenants
supavisor  | 05:38:16.220 [info] create check constraint type on table _supavisor.cluster_tenants
supavisor  | 05:38:16.220 [info] create index _supavisor.cluster_tenants_tenant_external_id_index
supavisor  | 05:38:16.221 [info] == Migrated 20230919100141 in 0.0s
supavisor  | 05:38:16.223 [info] == Running 20231004133121 Supavisor.Repo.Migrations.AddDefaultPoolStrategy.change/0 forward
supavisor  | 05:38:16.223 [info] alter table _supavisor.tenants
supavisor  | 05:38:16.224 [info] create check constraint default_pool_strategy_values on table _supavisor.tenants
supavisor  | 05:38:16.224 [info] == Migrated 20231004133121 in 0.0s
supavisor  | 05:38:16.225 [info] == Running 20231214120555 Supavisor.Repo.Migrations.AddHeartbeatInterval.change/0 forward
supavisor  | 05:38:16.225 [info] alter table _supavisor.tenants
supavisor  | 05:38:16.225 [info] == Migrated 20231214120555 in 0.0s
supavisor  | 05:38:16.227 [info] == Running 20231229010413 Supavisor.Repo.Migrations.AddTenantAllowList.change/0 forward
supavisor  | 05:38:16.227 [info] alter table _supavisor.tenants
supavisor  | 05:38:16.227 [info] == Migrated 20231229010413 in 0.0s
supavisor  | 05:38:17.297 [notice]     :alarm_handler: {:set, {{:disk_almost_full, '/'}, []}}
supavisor  | 05:38:17.297 [notice]     :alarm_handler: {:set, {{:disk_almost_full, '/etc/hosts'}, []}}
supavisor  | 05:38:17.298 region=local [info] Elixir.Supavisor.SignalHandler is being initialized...
supavisor  | 05:38:17.300 region=local [warning] Proxy started transaction on port 6543, result: {:ok, #PID<0.2602.0>}
supavisor  | 05:38:17.301 region=local [warning] Proxy started session on port 5452, result: {:ok, #PID<0.2705.0>}
supavisor  | 05:38:17.301 region=local [notice] SYN[supavisor@31c737fe1bd2] Adding node to scope <tenants>
supavisor  | 05:38:17.301 region=local [notice] SYN[supavisor@31c737fe1bd2] Creating tables for scope <tenants>
supavisor  | 05:38:17.301 region=local [notice] SYN[supavisor@31c737fe1bd2|registry<tenants>] Discovering the cluster
supavisor  | 05:38:17.301 region=local [notice] SYN[supavisor@31c737fe1bd2|pg<tenants>] Discovering the cluster
supavisor  | 05:38:17.312 region=local [info] Running SupavisorWeb.Endpoint with cowboy 2.10.0 at (http)
supavisor  | 05:38:17.317 region=local [info] Access SupavisorWeb.Endpoint at http://localhost:4000
supavisor  | 05:38:17.338 region=local [info] [libcluster:postgres] Connected to Postgres database
gezim@PMF-Silver ~/t/supavisor-test [SIGINT]> curl -X PUT \
                                                    'http://localhost:4000/api/tenants/dev_tenant' \
                                                    --header 'Accept: application/json' \
                                                    --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJvbGUiOiJhbm9uIiwiaWF0IjoxNjQ1MTkyODI0LCJleHAiOjE5NjA3Njg4MjR9.M9jrxyvPLkUxWgOYSf5dNdJ8v_eRrq810ShFRT8N-6M' \
                                                    --header 'Content-Type: application/json' \
                                                    --data-raw '{
                                                "tenant": {
                                                  "db_host": "db",
                                                  "db_port": 5432,
                                                  "db_database": "postgres",
                                                  "ip_version": "auto",
                                                  "require_user": true,
                                                  "upstream_ssl": true,
                                                  "enforce_ssl": false,
                                                  "upstream_verify": "peer",
                                                  "upstream_tls_ca": "-----BEGIN CERTIFICATE-----\nblalblalblablalblalblaba\n-----END CERTIFICATE-----\n",
                                                  "default_max_clients": 200,
                                                  "default_pool_size": 15,
                                                  "users": [
                                                      "db_user": "postgres",
                                                      "db_password": "postgres",
                                                      "mode_type": "transaction",
                                                      "pool_checkout_timeout": 100,
                                                      "pool_size": 10
{"error":"Can't connect the user postgres: %DBConnection.ConnectionError{message: \"connection not available and request was dropped from queue after 10000ms. This means requests are coming in and your connection pool cannot serve them fast enough. You can address this by:\\n\\n  1. Ensuring your database is available and that you can connect to it\\n  2. Tracking down slow queries and making sure they are running fast enough\\n  3. Increasing the pool_size (although this increases resource consumption)\\n  4. Allowing requests to wait longer by increasing :queue_target and :queue_interval\\n\\nSee DBConnection.start_link/2 for more information\\n\", severity: :error, reason: :queue_timeout}"}⏎
hgezim commented 6 months ago

The issue above was because I had upstream_tls_ca set to true. Turning that false and removing upstream_verify (none is not valid) made that authentication token work.

It still would be good to document how that key is derived.

J0 commented 6 months ago

Updated the quick start guide but feel free to re-open if still unclear.


dfang commented 5 months ago

@hgezim the updated doc is still not clear,

I can get the token via curl http://localhost:4000/api/openapi | grep Bearer