Skip to main content

PostgreSQL

Type: bindings.postgres

Status: stable

Reference: https://docs.dapr.io/reference/components-reference/supported-bindings/postgres/

Example

apiVersion: cra.diagrid.io/v1beta1
kind: Component
metadata:
name: <name>
spec:
type: bindings.postgres
version: v1
metadata:
# The connection string for the PostgreSQL database
- name: connectionString
value: |
user=dapr password=secret host=dapr.example.com port=5432 dbname=dapr sslmode=verify-ca
or postgres://dapr:secret@dapr.example.com:5432/dapr?sslmode=verify-ca
# Max idle time before unused connections are automatically closed in the connection pool. By default, there's no value and this is left to the database driver to choose. (Optional)
#- name: connectionMaxIdleTime
# value: "5m"
# Maximum number of connections pooled by this component. Set to 0 or lower to use the default value, which is the greater of 4 or the number of CPUs. (Optional)
#- name: maxConns
# value: "0"
# Controls the default mode for executing queries. By default Dapr uses the extended protocol and automatically prepares and caches prepared statements. However, this may be incompatible with proxies such as PGBouncer. In this case it may be preferrable to use `exec` or `simple_protocol`. (Optional)
#- name: queryExecMode
# value: "cache_describe"
# Timeout for all database operations. (Optional)
#- name: timeout
# value: "20s"

Binding information

Input Binding: no

Output Binding: yes

Output Binding operations:

  • exec: The exec operation can be used for DDL operations (like table creation), as well as INSERT, UPDATE, DELETE operations which return only metadata (e.g. number of affected rows).

  • query: The query operation is used for SELECT statements, which return both the metadata and the retrieved data in a form of an array of row values.

  • close: The close operation can be used to explicitly close the DB connection and return it to the pool. This operation doesn't have any response.

Authentication profiles

Available authentication profiles:

  • Connection string

  • Azure AD: Client credentials

  • Azure AD: Client certificate

  • AWS: Access Key ID and Secret Access Key

Connection string

Authenticate using a Connection String

connectionString (string)

Required - The connection string for the PostgreSQL database

Example value: user=dapr password=secret host=dapr.example.com port=5432 dbname=dapr sslmode=verify-ca or postgres://dapr:secret@dapr.example.com:5432/dapr?sslmode=verify-ca

More details: https://docs.dapr.io/reference/components-reference/supported-bindings/postgres/#url-format

Azure AD: Client credentials

Authenticate using Azure AD with client credentials, also known as "service principals".

azureClientId

Required - Client ID (application ID)

Example value: c7dd251f-811f-4ba2-a905-acd4d3f8f08b

azureClientSecret

Required - Client secret (application password)

Example value: Ecy3XG7zVZK3/vl/a2NSB+a1zXLa8RnMum/IgD0E

azureTenantId

Required - ID of the Azure AD tenant

Example value: cd4b2887-304c-47e1-b4d5-65447fdd542a

connectionString (string)

Required - The connection string for the PostgreSQL database This must contain the user, which corresponds to the name of the user created inside PostgreSQL that maps to the Azure AD identity; this is often the name of the corresponding principal (e.g. the name of the Azure AD application). This connection string should not contain any password.

Example value: host=mydb.postgres.database.azure.com user=myapplication port=5432 database=dapr_test sslmode=require

useAzureAD (bool)

Required - Must be set to true to enable the component to retrieve access tokens from Azure AD. This authentication method only works with Azure Database for PostgreSQL databases.

Default value: true

Example value: true

azureEnvironment

Optional name for the Azure environment if using a different Azure cloud

Default value: AzurePublicCloud

Example value: AzurePublicCloud

Allowed values:

  • AzurePublicCloud

  • AzureChinaCloud

  • AzureUSGovernmentCloud

Azure AD: Client certificate

Authenticate using Azure AD with a client certificate. "azureCertificate" is required.

azureClientId

Required - Client ID (application ID)

Example value: c7dd251f-811f-4ba2-a905-acd4d3f8f08b

azureTenantId

Required - ID of the Azure AD tenant

Example value: cd4b2887-304c-47e1-b4d5-65447fdd542a

connectionString (string)

Required - The connection string for the PostgreSQL database This must contain the user, which corresponds to the name of the user created inside PostgreSQL that maps to the Azure AD identity; this is often the name of the corresponding principal (e.g. the name of the Azure AD application). This connection string should not contain any password.

Example value: host=mydb.postgres.database.azure.com user=myapplication port=5432 database=dapr_test sslmode=require

useAzureAD (bool)

Required - Must be set to true to enable the component to retrieve access tokens from Azure AD. This authentication method only works with Azure Database for PostgreSQL databases.

Default value: true

Example value: true

azureCertificate

Certificate and private key (in either a PEM file containing both the certificate and key, or in PFX/PKCS#12 format)

Example value:

-----BEGIN PRIVATE KEY-----\n MIIEvgI... \n -----END PRIVATE KEY-----
\n -----BEGIN CERTIFICATE----- \n MIICoTC... \n -----END CERTIFICATE----- \n

azureCertificatePassword

Password for the certificate if encrypted.

Example value: password

azureEnvironment

Optional name for the Azure environment if using a different Azure cloud

Default value: AzurePublicCloud

Example value: AzurePublicCloud

Allowed values:

  • AzurePublicCloud

  • AzureChinaCloud

  • AzureUSGovernmentCloud

AWS: Access Key ID and Secret Access Key

Authenticate using an Access Key ID and Secret Access Key included in the metadata

awsAccessKey (string)

Required - AWS access key associated with an IAM account.

Example value: AKIAIOSFODNN7EXAMPLE

awsRegion (string)

Required - The AWS Region where the AWS Relational Database Service is deployed to.

Example value: us-east-1

awsSecretKey (string)

Required - The secret key associated with the access key.

Example value: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

connectionString (string)

Required - The connection string for the PostgreSQL database This must contain the user, which corresponds to the name of the user created inside PostgreSQL that maps to the AWS IAM policy. This connection string should not contain any password. Note that the database name field is denoted by dbname with AWS.

Example value: host=mydb.postgres.database.aws.com user=myapplication port=5432 dbname=dapr_test sslmode=require

useAWSIAM (bool)

Required - Must be set to true to enable the component to retrieve access tokens from AWS IAM. This authentication method only works with AWS Relational Database Service for PostgreSQL databases.

Example value: true

sessionToken (string)

AWS session token to use. A session token is only required if you are using temporary security credentials.

Example value: TOKEN

Metadata

connectionMaxIdleTime (duration)

Max idle time before unused connections are automatically closed in the connection pool. By default, there's no value and this is left to the database driver to choose.

Example value: 5m

maxConns (number)

Maximum number of connections pooled by this component. Set to 0 or lower to use the default value, which is the greater of 4 or the number of CPUs.

Default value: 0

Example value: 4

queryExecMode

Controls the default mode for executing queries. By default Dapr uses the extended protocol and automatically prepares and caches prepared statements. However, this may be incompatible with proxies such as PGBouncer. In this case it may be preferrable to use exec or simple_protocol.

Example value: cache_describe

Allowed values:

  • cache_statement

  • cache_describe

  • describe_exec

  • exec

  • simple_protocol

timeout (duration)

Timeout for all database operations.

Default value: 20s

Example value: 30s