Describe connecting with read-only credentions on GCP

BemiHQ · Oct 21, 2024 · bc3cdc0 · bc3cdc0
1 parent 29a501e
commit bc3cdc0
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 2 deletions.
diff --git a/docs/docs/hosting/aws.md b/docs/docs/hosting/aws.md
@@ -7,7 +7,7 @@ keywords: [Bemi, AWS RDS, PostgreSQL, Change Data Capture, real-time data tracki
 image: 'img/social-card.png'
 ---
 
-# AWS RDS
+# Amazon Web Services RDS
 
 ## WAL level
 

diff --git a/docs/docs/hosting/gcp.md b/docs/docs/hosting/gcp.md
@@ -7,7 +7,7 @@ keywords: [Bemi, GCP Cloud SQL, PostgreSQL, Change Data Capture, real-time data
 image: 'img/social-card.png'
 ---
 
-# GCP Cloud SQL
+# Google Cloud Platform Cloud SQL
 
 ## WAL level
 
@@ -20,3 +20,40 @@ Run the below command and then you can connect with the same credentials on the
 -- Grant replication permission to allow using replication slots
 ALTER USER [user] WITH REPLICATION;
 ```
+
+## Read-only credentials
+
+Alternatively, you can manually create read-only PostgreSQL database credentials to connect to the primary instance's WAL.
+At a high level, you need to run these commands that are safe to execute without any downtime or performance issues:
+
+* `CREATE ROLE` creates a new read-only user for Bemi to read database changes.
+* `CREATE PUBLICATION` creates a "channel" that we'll subscribe to and track changes in real-time.
+* `REPLICA IDENTITY FULL` enhances records stored in WAL to record the previous state (“before”) in addition to the tracked by default new state (“after”).
+
+```sql
+-- Create read-only user with REPLICATION permission
+CREATE ROLE [username] WITH LOGIN NOSUPERUSER NOCREATEDB NOCREATEROLE REPLICATION PASSWORD '[password]';
+-- Grant SELECT access to tables for selective tracking
+GRANT SELECT ON ALL TABLES IN SCHEMA public TO [username];
+-- Grant SELECT access to new tables created in the future for selective tracking
+ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO [username];
+
+-- Create "bemi" PUBLICATION to enable logical replication
+CREATE PUBLICATION bemi FOR ALL TABLES;
+
+-- Create a procedure to set REPLICA IDENTITY FULL for tables to track the "before" state on DB row changes
+CREATE OR REPLACE PROCEDURE _bemi_set_replica_identity() AS $$ DECLARE current_tablename TEXT;
+BEGIN
+ FOR current_tablename IN SELECT tablename FROM pg_tables LEFT JOIN pg_class ON relname = tablename WHERE schemaname = 'public' AND relreplident != 'f' LOOP
+ EXECUTE format('ALTER TABLE %I REPLICA IDENTITY FULL', current_tablename);
+ END LOOP;
+END $$ LANGUAGE plpgsql;
+-- Call the created procedure
+CALL _bemi_set_replica_identity();
+-- Create a trigger function that calls the created procedure
+CREATE OR REPLACE FUNCTION _bemi_set_replica_identity_func() RETURNS event_trigger AS $$
+BEGIN CALL _bemi_set_replica_identity(); END $$ LANGUAGE plpgsql;
+-- Create a trigger to set REPLICA IDENTITY FULL for all new created tables
+CREATE EVENT TRIGGER _bemi_set_replica_identity_trigger ON ddl_command_end WHEN TAG IN ('CREATE TABLE')
+EXECUTE FUNCTION _bemi_set_replica_identity_func();
+```