PostgreSQL binding spec

Detailed documentation on the PostgreSQL binding component

Component format

To setup PostgreSQL binding create a component of type bindings.postgresql. See this guide on how to create and apply a binding configuration.

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4. name: <NAME>
  5. spec:
  6. type: bindings.postgresql
  7. version: v1
  8. metadata:
  9. # Connection string
  10. - name: connectionString
  11. value: "<CONNECTION STRING>"
  12. - name: direction
  13. value: "<DIRECTION_OF_BINDING>"

Warning

The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described here.

Spec metadata fields

Authenticate using a connection string

The following metadata options are required to authenticate using a PostgreSQL connection string.

FieldRequiredDetailsExample
connectionStringYThe connection string for the PostgreSQL database. See the PostgreSQL documentation on database connections for information on how to define a connection string.“host=localhost user=postgres password=example port=5432 connect_timeout=10 database=my_db”

Authenticate using Azure AD

Authenticating with Azure AD is supported with Azure Database for PostgreSQL. All authentication methods supported by Dapr can be used, including client credentials (“service principal”) and Managed Identity.

FieldRequiredDetailsExample
useAzureADYMust be set to true to enable the component to retrieve access tokens from Azure AD.“true”
connectionStringYThe connection string for the PostgreSQL database.
This must contain the user, which corresponds to the name of the user created inside PostgreSQL that maps to the Azure AD identity; this is often the name of the corresponding principal (e.g. the name of the Azure AD application). This connection string should not contain any password.
“host=mydb.postgres.database.azure.com user=myapplication port=5432 database=my_db sslmode=require”
azureTenantIdNID of the Azure AD tenant“cd4b2887-304c-…”
azureClientIdNClient ID (application ID)“c7dd251f-811f-…”
azureClientSecretNClient secret (application password)“Ecy3X…”

Other metadata options

FieldRequiredBinding supportDetailsExample
maxConnsNOutputMaximum number of connections pooled by this component. Set to 0 or lower to use the default value, which is the greater of 4 or the number of CPUs.“4”
connectionMaxIdleTimeNOutputMax idle time before unused connections are automatically closed in the connection pool. By default, there’s no value and this is left to the database driver to choose.“5m”
queryExecModeNOutputControls the default mode for executing queries. By default Dapr uses the extended protocol and automatically prepares and caches prepared statements. However, this may be incompatible with proxies such as PGBouncer. In this case it may be preferrable to use exec or simple_protocol.“simple_protocol”

URL format

The PostgreSQL binding uses pgx connection pool internally so the connectionString parameter can be any valid connection string, either in a DSN or URL format:

Example DSN

  1. user=dapr password=secret host=dapr.example.com port=5432 dbname=my_dapr sslmode=verify-ca

Example URL

  1. postgres://dapr:secret@dapr.example.com:5432/my_dapr?sslmode=verify-ca

Both methods also support connection pool configuration variables:

  • pool_min_conns: integer 0 or greater
  • pool_max_conns: integer greater than 0
  • pool_max_conn_lifetime: duration string
  • pool_max_conn_idle_time: duration string
  • pool_health_check_period: duration string

Binding support

This component supports output binding with the following operations:

  • exec
  • query
  • close

Parametrized queries

This binding supports parametrized queries, which allow separating the SQL query itself from user-supplied values. The usage of parametrized queries is strongly recommended for security reasons, as they prevent SQL Injection attacks.

For example:

  1. -- WRONG! Includes values in the query and is vulnerable to SQL Injection attacks.
  2. SELECT * FROM mytable WHERE user_key = 'something';
  3. -- GOOD! Uses parametrized queries.
  4. -- This will be executed with parameters ["something"]
  5. SELECT * FROM mytable WHERE user_key = $1;

exec

The exec operation can be used for DDL operations (like table creation), as well as INSERT, UPDATE, DELETE operations which return only metadata (e.g. number of affected rows).

The params property is a string containing a JSON-encoded array of parameters.

Request

  1. {
  2. "operation": "exec",
  3. "metadata": {
  4. "sql": "INSERT INTO foo (id, c1, ts) VALUES ($1, $2, $3)",
  5. "params": "[1, \"demo\", \"2020-09-24T11:45:05Z07:00\"]"
  6. }
  7. }

Response

  1. {
  2. "metadata": {
  3. "operation": "exec",
  4. "duration": "294µs",
  5. "start-time": "2020-09-24T11:13:46.405097Z",
  6. "end-time": "2020-09-24T11:13:46.414519Z",
  7. "rows-affected": "1",
  8. "sql": "INSERT INTO foo (id, c1, ts) VALUES ($1, $2, $3)"
  9. }
  10. }

query

The query operation is used for SELECT statements, which returns the metadata along with data in a form of an array of row values.

The params property is a string containing a JSON-encoded array of parameters.

Request

  1. {
  2. "operation": "query",
  3. "metadata": {
  4. "sql": "SELECT * FROM foo WHERE id < $1",
  5. "params": "[3]"
  6. }
  7. }

Response

  1. {
  2. "metadata": {
  3. "operation": "query",
  4. "duration": "432µs",
  5. "start-time": "2020-09-24T11:13:46.405097Z",
  6. "end-time": "2020-09-24T11:13:46.420566Z",
  7. "sql": "SELECT * FROM foo WHERE id < $1"
  8. },
  9. "data": "[
  10. [0,\"test-0\",\"2020-09-24T04:13:46Z\"],
  11. [1,\"test-1\",\"2020-09-24T04:13:46Z\"],
  12. [2,\"test-2\",\"2020-09-24T04:13:46Z\"]
  13. ]"
  14. }

close

The close operation can be used to explicitly close the DB connection and return it to the pool. This operation doesn’t have any response.

Request

  1. {
  2. "operation": "close"
  3. }

Last modified October 12, 2023: Update config.toml (#3826) (0ffc2e7)