docs: Add instructions for connecting to Cloud SQL as the firezone user (#7527)

This is needed to perform index surgery. --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
2026-01-27 10:18:54 +00:00 · 2024-12-15 16:39:29 -08:00
parent 9fdfbea818
commit fe164389c1
1 changed files with 20 additions and 1 deletions
--- a/elixir/README.md
+++ b/elixir/README.md
@@ -314,7 +314,7 @@ You can disable headless mode for the browser by adding

 to the acceptance test that you are running.

-## Connecting to a staging or production instances
+## Connecting to a staging or production instance

 We use Google Cloud Platform for all our staging and production infrastructure.
 You'll need access to this env to perform the commands below; to request access
@@ -488,6 +488,25 @@ token:
 gcloud auth application-default login
 ```

+### Connecting to Cloud SQL instance as the `firezone` user
+
+Some operations like DROPing indexes to recreate them require you to connect as the table owner, which in our case is the `firezone` user.
+
+The password for this user is randomly generated by Terraform, so to connect as this user you need to obtain the password
+from the Application configuration inside a running elixir container.
+
+First, [obtain an iex shell](#connecting-to-a-staging-or-production-instances), then view the password with:
+
+```elixir
+Application.get_env(:domain, Domain.Repo)
+```
+
+Now, you can connect to the Cloud SQL instance as the `firezone` user:
+
+```bash
+psql "host=localhost port=9000 sslmode=disable dbname=firezone user=firezone"
+```
+
 ## Deploying

 ### Apply Terraform changes without deploying new containers