Re: [google-cloud-sql-discuss] Cannot Connect by Cloud SQL Proxy from Cloud Shell By Proxy

Hi,

I added an answer on Stack Overflow. Basically I tihnk you might need to give your service account the "Cloud SQL Viewer" role in addition to "Cloud SQL Client". As we document that only the client role is necessary, I'm going to see if there is a docs issue or a code issue too.

On Thu, Feb 16, 2017 at 11:58 PM, Yin-Shen Chao <yinshen@gmail.com> wrote:

Dear google-cloud-sql-discuss,

Copy my question from stackoverflow

I am following the Django sample for GAE and have problem to connect to Cloud SQL instance by Proxy from Google Cloud Shell. Possibly related to permission setting since I see the request not authorized,

Other context,

1. "gcloud beta sql connect auth-instance --user=root" has no problem to connect.

2. 
   

3. I have a service account for SQL Proxy Client.

I possibly miss something. Could someone please shed some light? 

Proxy log:

./cloud_sql_proxy -instances=auth-158903:asia-east1:auth-instance=tcp:3306

2017/02/17 14:00:59 Listening on 127.0.0.1:3306 for auth-158903:asia-east1:auth-instance 2017/02/17 14:00:59 Ready for new connections 2017/02/17 14:01:07 New connection for "auth-158903:asia-east1:auth-instance" 2017/02/17 14:03:16 couldn't connect to "auth-158903:asia-east1:auth-instance": dial tcp 107.167.191.26:3307: getsockopt: connection timed o ut

Client Log:

mysql -u root -p --host 127.0.0.1 

Enter password: ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0

I also try with credential file but still no luck,

./cloud_sql_proxy -instances=auth-158903:asia-east1:auth-instance=tcp:3306 -credential_file=Auth-2eede8ae0d0b.jason

2017/02/17 14:21:36 using credential file for authentication; email=xxxxxx@auth-xxxxx.iam.gserviceaccount.com 2017/02/17 14:21:36 Listening on 127.0.0.1:3306 for auth-158903:asia-east1:auth-instance 2017/02/17 14:21:36 Ready for new connections 2017/02/17 14:21:46 New connection for "auth-158903:asia-east1:auth-instance" 2017/02/17 14:21:48 couldn't connect to "auth-158903:asia-east1:auth-instance": ensure that the account has access to "auth-158903:asia-east1:auth-instance" (and make sure there's no typo in that name). 

Error during get instance auth-158903:asia-east1:auth-instance: googleapi: Error 403: The client is not authorized to make this request., notAuthorized

Thanks,

Yin-shen 

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/1fd37b60-393a-446f-8b8a-1a08aa28902a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/CAJZK_bbsJytVgjteGrDP7kSWh%3DAVdv6tS8JcW_dpbj%3DtW_6jMw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.