Almost 3 years later, and I am running into this issue, trying to set up an ETL job for my organization, to import a csv file from GCS into a Cloud SQL instance. The only time it has been possible so far is to make the service account a project-wide editor, which is obviously not desirable for us. It was also necessary to add the SQL instance's service account to the GCS bucket's permissions list, but that is insufficient. The service account being used to launch the import task has all of the Cloud SQL roles available already: Editor, Viewer, Client.
On Friday, March 3, 2017 at 8:11:35 AM UTC+9, David Newgas wrote:
-- On Friday, March 3, 2017 at 8:11:35 AM UTC+9, David Newgas wrote:
I also looked into this earlier (https://groups.google.com/d/topic/google-cloud-sql- discuss/5jU0Upr7uqY/discussion ). Nick is correct, and we are also trying to address fix this so that cloudsql.client is sufficient. I don't believe our fix is in prod yet though, so follow nick's advice in the mean time. On Thu, Mar 2, 2017 at 2:59 PM, 'paynen' via Google Cloud SQL discuss <google-cloud...@googlegroups.com > wrote:Hey Pierfrancesco,--
That seems like a strange error - you'd think if it was an auth issue, it would be all-or-nothing, or else it might occur after only 1 hour (maybe an oauth token timeout issue, where usually 3600 seconds - or 1 hour - is the timeout when a refresh token is needed).
However, thankfully it appears that this is a known issue reported on the Cloud SQL github page. 9 days ago, a user "abstrctn" had the same issue (from the sounds of it), and they resolved it by adding the "roles/cloudsql.client" role to the service account. Other users said that adding the service account as a project editor resolved the issue, so that would be worth checking as well.
Could you see about whether that resolves the issue and let me know? I'll be happy to answer any additional questions you have as well.
Cheers,
Nick
Cloud Platform Community Support
On Wednesday, March 1, 2017 at 7:20:32 PM UTC-5, Pierfrancesco Marsiaj wrote:I have an SQL cloud instance and a compute Engine with a Centos 7 VM on different projects. I use Utilizzo l'SQL proxy cloud_sql_proxy to connect to the SQL instance with mysql CLI client and via php-mysql (wordpress). accesses are configured properly, VM's service account has a role of SQL administrator on the SQL instance. everything works fine for 30-40 minutes, I can run mysql CLI commands, wordpress works fine.then suddenly I get on the proxy console:2017/03/01 23:17:44 couldn't connect to "database-xxxx:europe-west1:xxxx": ensure that the account has access to "database-xxxx:europe-west1: xxxx" (and make sure there's no typo in that name). Error during createEphemeral for database-xxxx:europe-west1: xxxx: googleapi: Error 403: The client is not authorized to make this request., notAuthorized and the mysql connection is lost. I tried the proxy authenticated as service account (VM has SQL apis enabled) AND with a service account created on purpose to run the proxy authenticated with the -credential-file option and the private JSON generated for that service account. works for a while, sometimes 10 minutes, sometimes an hour, maybe more, and then suddenly I get "notAuthorized" errors.closing and restarting the proxy doesn't help, closing and reopening the SQL connection doesn't help either.This happens at differents times of the day, mornings, afternoons, evenings, nights.Are there stability issues with this infrastructure? It seems totally unreliable.Really reluctant to put my production server here until I don't understand what's going on.
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com .
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql- .discuss/7ca5799f-4874-49be- ba7f-d7e272f989e3% 40googlegroups.com
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/0f2f4082-d78a-4c3f-a9b1-f5d865851574%40googlegroups.com.
No comments:
Post a Comment