Re: name. I'm using the 3-part format with colons.
Re: sockets. I'm connecting from a Mac -- I'll read over the link to see if it's something I can try out.
Thanks,
BC
On Monday, 2 October 2017 22:59:30 UTC-4, Kamran (Google Cloud Support) wrote:
-- Re: sockets. I'm connecting from a Mac -- I'll read over the link to see if it's something I can try out.
Thanks,
BC
On Monday, 2 October 2017 22:59:30 UTC-4, Kamran (Google Cloud Support) wrote:
BC Holmes,Are you using INSTANCE_CONNECTION_NAME or INSTANCE ID?In the command you will need to specify INSTANCE_CONNECTION_NAME which is this format:<Your-Project-ID>:<Your-Instance-Name>:<Your-SQL- Instance-ID> If you're connecting to your SQL instance from Linux machine, can you try Unix Socket method and let know if it works?
On Monday, October 2, 2017 at 10:45:37 AM UTC-4, BC Holmes wrote:Thanks for your suggestion, but sadly, I get the same response.
I made sure that my service name is not one that I'd used before.
I still feel like there's something wonky about the fact that it's a project that I have access to, but not one that I own.
BCing you
On Friday, 29 September 2017 17:19:47 UTC-4, Ankush Agarwal wrote:Can you try creating a new service account, using a name which has not been used before?1. Go to https://console.cloud.google.com/iam-admin/serviceaccounts/ <project-id>project?project= 2. Click on "CREATE SERVICE ACCOUNT"3. Enter the "Service account name". Ensure that you've not used this name before. Select "Cloud SQL > Cloud SQL Client" as the Role.4. Click on "Furnish a new private key" and choose "JSON" as the Key Type5. Don't check "Enable G Suite Domain-wide Delegation"6. Click "Create"7. You should now have a downloaded "credentials.json" file8. Try running the proxy with this .json file in the -credential_file flagOn Fri, Sep 29, 2017 at 1:50 PM, BC Holmes <g...@bcholmes.org> wrote:I seem to be having a problem with configuring the Cloud SQL Proxy. I'm getting a 403 notAuthorized error when I try to connect with my Cloud SQL Postgres database instance.
I've read several of the previous messages on this group discussing the topic (usually about MySQL). The part that's most perplexing is that I've successfully configured this before (in a Google Cloud instance that I set up), and as I'm trying to reproduce the same set up in a different Google Cloud instance (my client's configuration) I can't seem to get past this error. Here's the error message:
2017/09/29 16:23:11 couldn't connect to "[database-instance-id]": ensure that the account has access to "[database-instance-id]" (and make sure there's no typo in that name). Error during createEphemeral for [database-instance-id]: googleapi: Error 403: The client is not authorized to make this request., notAuthorized
I've double-checked the database instance id a few times, and have copy-and-pasted it directly from the "Instance Details" page on the Cloud SQL console to try to prevent typos.
Here's the set up:
1. I've tried two configurations: the first is an instance of the Cloud SQL Proxy running in a GKE environment, and the second is a Cloud SQL Proxy instance running locally via the command line of my Mac. I get the same errors in both instances.
2. I've set up my SQL service account and granted it the SQL Client role. (I've also tried other roles combinations that have come up in other posts, such as Cloud SQL Viewer, and sometimes all of the Cloud SQL roles).
3. When I run the Cloud SQL Proxy locally, the error happens at the moment I try a first database connection (using psql). Here's the command I run locally:
./cloud_sql_proxy --dir='./cloudsql' -instances=[database-instance-id]=tcp:5433 -credential_file=/path/to/ credentials.json
(The real command has no square brackets in it -- I'm just putting those in to represent a placeholder. Some related group messages have talked about extraneous square brackets. I'm also using 5433 instead of the typical 5432 for my local environment because of port conflicts; my GKE configuration uses 5432).
I feel like the fact that I'm not the Owner of this Cloud project is one of the key differences between my working version and my non-working version. I've been the one to set up the Cloud SQL instance, the database and user, and the SQL service. At one point, *my* id didn't have the Cloud SQL Client role or the Cloud SQL Viewer role, but I've had those subsequently added to my id.
Any ideas?
BCing you--Ankush AgarwalSoftware Engineer, Cloud SQLThere are 10 types of people in this world - those who understand binary and those who don't
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/ada7c3c7-d65f-4a82-9ec0-e21ed78c6dad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment