Is is possible to run postgREST on google cloud sql

[Bart Kus]

Hi, I was wondering about possibility of running https://postgrest.org/en/stable/index.html on google cloud sql
It seems that altho everything seems to be working, I'm not able to specify one key env variable for the whole things to work, i.e. `DB_ANON_ROLE: anonymous`
Please advice!

If you have received this email in error, please let me know by return email so I can make sure it doesn't happen again. Because emails can contain confidential and privileged material, I'd ask for your help by deleting it and any attachments. Thanks!

We like to keep people up to date with information about new products and services at ATB or changes that could affect you. You can check out more about ATB and CASL at http://www.atb.com/important-information/privacy-security/Pages/ATB-and-CASL.aspx 

If you would like to unsubscribe from our updates, please use this URL - http://www.atb.com/important-information/privacy-security/Pages/unsubscribe.aspx

[darrel...@google.com]

Hi,

Can you be more specific on what the issue is? Are you getting any error messages? 

I propose to submit your post to StackOverflow to have more expert visibility on your issue. Do note that Google Groups is geared towards general questions about GCP products.

[Bart Kus]

Yes, I'm sorry I should have been more specific in this regard however at the time of opening the ticket I wasnt properly informed and thus wasn't specific.

The issue is in relation to role impersonation. Given:

```
-- This file contains the definition of the applications specific roles
-- the roles defined here should not be made owners of database entities (tables/views/...)

\echo # Loading roles

-- the role used by postgrest to connect to the database
-- notice how this role does not have any privileges attached specifically to it
-- it can only switch to other roles
drop role if exists authenticator;
create role authenticator with
login
noinherit
password 'password1234blahblah';

-- this is an application level role
-- requests that are not authenticated will be executed with this role's privileges
drop role if exists anonymous;
create role anonymous;
grant anonymous to authenticator;
```

I'm not able to get the authenticator role to successfully switch/impersonate an anonymous role despite the above and given that the db uri uses the authenticator/password1234blahblah combo
In logs I get `ERROR: permission denied to set role "anonymous"`
Everything however works as expected if for example I use postgres/postgresPassword uri and with `grant anonymous to postgres` instead of the last line as shown above;

Is there some specific configuration settings that needs to be enables or adjusted to enable the above to function as expected and without using the postgres admin role specifically?

[George (Cloud Platform Support)]

You have the option to Use the Cloud SQL Admin API as a REST API. 

Your implementation details are better helped with by forums such as stackoverflow, where expert programmers are active and ready to help. This is a forum oriented towards opinions and general discussion on Cloud SQL matters.