我们的团队正在将数据库迁移到 AWS RDS,但我们无法获得
prisma
数据库连接来工作。只需运行任何 prisma 命令就会生成可怕的 User was denied access on the database error
。我已经阅读了所有其他类似的错误报告和 stackoverflow 帖子,但所提出的解决方案似乎都不起作用。使用相同的凭据,我们可以使用 psql
连接到运行 Postgres 的 RDS 实例,并可以运行任何命令。
我读到这可能是 prisma 需要创建影子数据库的问题,因此我授予我们的数据库用户访问
CREATEDB
权限,并在我们的数据库实例中显式设置影子数据库。这并没有解决问题。
root@8k3k2k29s:/code# prisma migrate status
Environment variables loaded from .env
Prisma schema loaded from prisma/schema.prisma
Datasource "db": PostgreSQL database "api-dev", schema "public" at "api-dev.xxxxxx.us-east-9.rds.amazonaws.com"
Error: P1010: User `backuser` was denied access on the database `api-dev.public`
但这不是我们的凭据的问题,我们可以在 Docker 实例中使用
psql
进行连接就可以了:
root@398fba4348c9:/code# psql -h api-dev.xxxxxx.us-east-9.rds.amazonaws.com -U backuser -d api-dev
Password for user backuser:
psql (15.6 (Debian 15.6-0+deb12u1), server 16.1)
WARNING: psql major version 15, server major version 16.
Some psql features might not work.
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, compression: off)
Type "help" for help.
api-dev=>
这是我们的
docker-compose.yml
的副本:
version: '3'
services:
api:
platform: linux/x86_64
container_name: api
image: api
build:
context: .
dockerfile: Dockerfile
volumes:
- .:/code
ports:
- "8081:8000"
environment:
- APP_ENV=dev
- PORT=8000
- DATABASE_URL=postgresql://backuser:[email protected]/api-dev?sslmode=disable&schema=public
- SHADOW_DATABASE_URL=postgresql://backuser:supersecretpassword@api-shadow.xxxxxx.us-east-9.rds.amazonaws.com/api?sslmode=disable&schema=public
我已经尝试了所有我能想到的方法,但还是没有想法……需要帮助。
我认为更多的是环境设置而不是步骤,但你就可以了
rds.forcessl
更改为 0
prisma migrate status
可以连接到Postgres的RDS实例并输出
prisma migrate status
的结果
generator client {
provider = "prisma-client-js"
output = "../src/generated/client"
previewFeatures = ["postgresqlExtensions", "fullTextSearch"]
binaryTargets = ["native", "debian-openssl-3.0.x"]
}
datasource db {
provider = "postgresql"
url = env("DATABASE_URL")
shadowDatabaseUrl = env("SHADOW_DATABASE_URL")
extensions = [pgcrypto()]
}
v21.7.1
prisma : 5.11.0
@prisma/client : 5.10.2
Computed binaryTarget : debian-openssl-3.0.x
Operating System : linux
Architecture : x64
Node.js : v21.7.1
Query Engine (Node-API) : libquery-engine efd2449663b3d73d637ea1fd226bafbcf45b3102 (at ../../../usr/local/lib/node_modules/prisma/node_modules/@prisma/engines/libquery_engine-debian-openssl-3.0.x.so.node)
Schema Engine : schema-engine-cli efd2449663b3d73d637ea1fd226bafbcf45b3102 (at ../../../usr/local/lib/node_modules/prisma/node_modules/@prisma/engines/schema-engine-debian-openssl-3.0.x)
Schema Wasm : @prisma/prisma-schema-wasm 5.11.0-15.efd2449663b3d73d637ea1fd226bafbcf45b3102
Default Engines Hash : efd2449663b3d73d637ea1fd226bafbcf45b3102
Studio : 0.499.0
Preview Features : fullTextSearch, postgresqlExtensions
为了排除用户权限问题,我在 Postgres 的 RDS 实例上运行以下 SQL 命令:
GRANT CONNECT ON DATABASE "api-dev" TO backuser;
GRANT USAGE ON SCHEMA public TO backuser;
GRANT ALL ON DATABASE "api-dev" TO backuser;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO backuser;
ALTER USER backuser CREATEDB;
找到了解决方案,更改
sslmode=no-verify
允许建立数据库连接并运行 prisma migrate <action>
。 sslmode
的此设置不在 prisma 文档中,但我在 GitHub 问题线程中发现它是一个可能的设置。
这是完整的
DATABASE_URL
:postgresql://backuser:[email protected]/api-dev?sslmode=no-verify&schema=public