Another note: after removing an account's access, existing connections to the database will continue to work (even after the hour expiration you noticed). To break old connections (to combat this in the case a service account is compromised) you can restart your database or reset the SSL certificates on your database instance via our API.
On Thursday, March 31, 2016 at 10:55:15 AM UTC-7, wob...@yblew.com wrote:
-- On Thursday, March 31, 2016 at 10:55:15 AM UTC-7, wob...@yblew.com wrote:
after an hour, now i'm gettingsql/v1beta4/projects/hidden/ : oauth2: cannot fetch token: 401 Unauthorizedinstances/hidden/ createEphemeral?alt=json Response: {"error" : "invalid_client","error_description" : "The OAuth client was not found."}Does it take a while for google cloud sql proxy to sync up with changes to permissions?On Thursday, March 31, 2016 at 12:49:47 PM UTC-4, wob...@yblew.com wrote:A bit scary. Was able to connect to my instance using google cloud sql proxy after deleting my service role account1. Created a service account under editor role2. Was able to access my server using:central1:sql-instance=tcp:3306 -credential_file=/ prod.json &3. Deleted my service account4. Was able to access my instance after deletion of service account using:central1:sql-instance=tcp:3306 -credential_file=/ prod.json &
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/0e2c1480-7028-4f24-ae4d-02ef8218dd09%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment