I'm trying to connect Google Data Studio to a MySQL first-generation instance in Google Cloud SQL.
Error message:
Access denied, please check your username and password.
Error ID: 4db6a388
I've tried to use Google Cloud SQL connector, tried MySQL connector. Both tried also via JDBC. No success. With MySQL connector I've tried to add list of Data Studio IP's
In Google Cloud SQL connector manual I've found:
A Data Studio data source can connect to a single Cloud SQL database table.
You must have at least cloudsql.client permission in the Cloud SQL project to create the connection. If you don't have this access, you can use the MySQL connector instead.
Should I use IAM to grant cloudsql.client permission? How should I specify Data Studio in New member textbox? I've tried to specify my user, but this also doesn't work.
You are likely typing in the instance connection name wrong. You can copy it from your Cloud SQL instance homepage. The instance connection name should be,
project name:sql server region:instance name
Related
I would like to connect to a Cloud SQL instance from Cloud Run, using a service account. The connection used to be created within the VPC and we would just provide a connection string with a user and a password to our PostgreSQL client. But now we want the authentication to be managed by Google Cloud IAM, with the service account associated with the Cloud Run service.
On my machine, I can use the enable_iam_login argument to use my own service account. The command to run the Cloud SQL proxy would look like this:
./cloud_sql_proxy -dir=/cloudsql -instances=[PROJECT-ID]:[REGION]:[INSTANCE] \
-enable_iam_login -credential_file=${HOME}/.config/gcloud/application_default_credentials.json
The problem is that I can't seem to find a way to use the IAM authentication method to run the Cloud SQL Proxy from Cloud Run, I can just provide an instance name. Has anyone face this problem before?
Unfortunately, there isn't a way to configure Cloud Run's use of the Cloud SQL proxy to do this for you.
If you are using Java, Python, or Go, there are language specific connectors you can use from Cloud Run. These all have the option to use IAM DB AuthN as part of them.
For anyone using NodeJS on Cloud Run :
you can't enable the -enable_iam_login option in Cloud Run (cf accepted answer), which means you have to use a connector.
AFAIK, there is no NodeJS connector right now.
Which means you have 2 options :
write a connector yourself (good luck) or wait for Google to do it
use built-in database authentication for now.
I have a Google Cloud SQL instance. Under the "Overview" tab, there's a "Connect to this instance" card with four fields:
Public IP address
Private IP address
Associated networking
Connection name
I'd like to construct a connection string in my python app to connect to this database. My connection string is formatted like:
SQLALCHEMY_DATABASE_URL = f"mysql+mysqlconnector://{username}:{password}#{host}:{port}/{DB_NAME}"
I know the username and password as I created a user under Cloud SQL -> Users -> Add User account.
I know the host is probably the Private IP address from the above card info.
I suspect the port is 3306 based on nothing concrete, it's just the most consistent number I see repeated throughout examples.
I believe I got the above portions of the string correct, because when I try to run the Python app, I get this error:
Unknown database {{Connection name}}
Where Connection name is the value I got from the info card. I thought that was the database name, but now I don't know. It looks like my-app-name:us-central1:my-sql-instance-name
I tried both the entire value, as well as only what's after the second : in the string (my-sql-instance-name). Neither worked.
How do I determine the database name of my Google Cloud SQL instance?
Login to the Google Cloud Console GUI.
Click the Hamburger menu, scroll down to Databases. Click SQL.
You should find a list of SQL instances. Click on the instance name.
In the left column, click on Databases.
You will then see a list of databases. Several of the databases are created by MySQL such as information_schema. Make note of the database name and then use that name in your connection string.
You can also use the CLI:
List the Cloud SQL instances:
gcloud sql instances list --project=PROJECT_ID
gcloud sql instances list
List the databases:
gcloud sql databases list --instance=INSTANCE_NAME --project=PROJECT_ID
gcloud sql databases list
Note: Your connection string is using IP:PORT. This means that you also need to whitelist your IP address(es) in order to connect to the SQL instance. I recommend that you use the Cloud SQL Auth Proxy instead. Some services such as Cloud Run already have the SQL Auth Proxy built-in. Consult the service's documentation on how to connect to Cloud SQL.
About the Cloud SQL Auth proxy
I have Cloud SQL and Instance in same project of Google Cloud.
I want to connect to Mysql (from Google Cloud SQL) from Instance using command line.
I am connecting using command:
gcloud sql connect cloud-sql-name --user=username
its giving:
ERROR: (gcloud.sql.connect) There was no instance found or you are not authorized to connect to it.
How do I make connection.
You probably missed the authorization of your instance's IP to be able to connect to the Cloud SQL database. This is done for e.g. through the Cloud Console in the Cloud SQL Instances page.
To see the step-by-step guide for connecting from Compute Engine instance to Cloud SQL (with the mysql client) check this docs page.
Are you trying to connect to your Cloud SQL instance from your Compute Engine VM instance?
If this is the case, I can suggest to first grant your service account (the Compute Engine default service account or a new one) the corresponding IAM role/permission for Cloud SQL [1].
Then, authenticate/activate [2] your service account within your VM instance command line (it is recommended to generate a JSON key File instead of a P12 key File for your service account):
~$ gcloud auth activate-service-account [ACCOUNT] --key-file=KEY_FILE
To generate a key File for your service account, you can go to your Products and Services menu > IAM & admin > Service accounts. Click on the three-dotted button at the right of the corresponding service account and select "Create key".
Your key File should be stored/uploaded to your VM instance, so that it can use it to activate the service account.
It is possible that you would also need to grant your VM instance access for Cloud SQL within its Cloud API access scopes panel. Go to your Products and Services menu > Compute Engine > VM instances. Select your VM instance and edit it.
Be aware that you will need to stop your VM instance before editing Cloud API access scopes. Go to "Access scopes" > "Set access for each API". Enable and Save.
You will also have to enable the Cloud SQL Admin API. Go to your Products and Services menu > API and services. Search for SQL Admin and Enable it (wait a few minutes)
Start the VM instance and try your Cloud SQL tests (re-activate your service account if necessary).
Your Cloud SQL instance for MySQL creates the "root" user. Just make sure to use this as the username, or any other you have created (if any).
Take into account that since you would be connecting from a Compute Engine VM instance, it is possible that yo will be asked for a MySQL Client.
[1] https://cloud.google.com/sql/docs/mysql/project-access-control
[2] https://cloud.google.com/sdk/gcloud/reference/auth/activate-service-account
I'm attempting to connect to a Google Cloud SQL instance via a MySQL client which requires me to connect via the Google Cloud proxy. I have followed all instructions on the Google Cloud Docs, yet after running the command to start the proxy (using correct INSTANCE_CONNECTION_NAME and PATH_TO_KEY_FILE), I receive the following error.
Command :
./cloud_sql_proxy -dir=/cloudsql -instances=INSTANCE_CONNECTION_NAME \ - credential_file=PATH_TO_KEY_FILE &
Error :
couldn't connect to "INSTANCE_CONNECTION_NAME": ensure that the account has access to "INSTANCE_CONNECTION_NAME" (and make sure there's no typo in that name). Error during createEphemeral for INSTANCE_CONNECTION_NAME: googleapi: Error 403: Access Not Configured. Cloud SQL Administration API has not been used in project 563584335869 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/sqladmin.googleapis.com/overview?project=563584335869 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry., accessNotConfigured
I have confirmed that the Google Cloud SQL API is enabled on the console for the project, but the weird thing is my project name is not 563584335869, and I have already set the correct project name via the GC CLI to no avail. So when visiting https://console.developers.google.com/apis/api/sqladmin.googleapis.com/overview?project=563584335869, I see:
The API "sqladmin.googleapis.com" doesn't exist or you don't have permission to access it
I also created a service account under the role Cloud SQL Client, and downloaded the private key which PATH_TO_KEY_FILE points to.
Can you confirm that you have enabled the "Cloud SQL API" (sqladmin.googleapis.com) and not "Cloud SQL" API? (sql-component.googleapis.com)?
Can you also give some more information as to your environment? Are you running this from your local machine or are you working in Cloud Shell?
I'm trying to connect a GCE instance to a Cloud SQL instance (2nd gen) with Cloud SQL Proxy. When i ssh to the GCE instance and
sudo ./cloud_sql_proxy -dir=/cloudsql
I get
2016/07/13 18:59:28 Using gcloud's active project: xxxx-0000
2016/07/13 18:59:29 Error listing instances in xxxx-0000:
googleapi: Error 403: Access Not Configured.
Cloud SQL Administration API has not been used in project 000000000000
before or it is disabled. Enable it by visiting
https://console.developers.google.com/apis/api/sqladmin/overview?project=000000000000
then retry.
If you enabled this API recently, wait a few minutes for the action to
propagate to our systems and retry., accessNotConfigured
2016/07/13 18:59:29 no Cloud SQL Instances found in these projects: [xxxx-0000]
I have followed the documentations at
https://cloud.google.com/sql/docs/compute-engine-access#gce-connect-proxy and
https://cloud.google.com/sql/docs/sql-proxy
Both instances are within the same project and Cloud SQL API is enabled on the GCE instance (plus the default ones.) By my understanding, the default GCE service account should be able to authenticate the proxy.
Using cloud_sql_proxy with -instances seems to work but errors with accessNotConfigured too while trying to connect.
As per the error message, you need make sure that the "Cloud SQL Admin" API is enabled by visiting the provided link.
There's also a GUI way to connect your Compute Engine instance if you're using a 2nd gen GCloud SQL instance. You first get the external IP of your compute engine and include it in the Authorizations tab of your GCloud SQL dashboard. Here's a quick video
Enabling Cloud SQL Admin API will solve your problem: