发表新帖
发表新帖

Getting notAuthorized error with cloud_sql_proxy locally

前端 未结
关注
6 2248
挽巷
挽巷 2021-02-13 20:34

I\'m trying to setup a connection locally for 2nd generation cloud sql instance.

Call for the proxy is

./cloud_sql_proxy -dir=/cloudsql -instances=status
相关标签:
6条回答
  • 天命终不由人
    2021-02-13 21:09

    TL;DR: If your error log contains Error during createEphemeral.., please read on.

    Solution that works for me is from Github Cloud-SQL-Proxy Issue Tracker.

    It seems that you may have encountered a bug in backend that is triggered when there is an old service account with the same name. Follow the steps below to solve your issue:

    1. Go to the Cloud Project IAM page (Left Menu > IAM & Admin > IAM)
    2. Look for the row with the robot account that is having the issue.
    3. It should say "Cloud SQL Client" on the role column.
    4. Click on it to open the dropdown
    5. Click on the 'Cloud SQL Client' role that is checked to uncheck it.
    6. Click the blue save button above.
    7. Verify that the service account is removed from the IAM page.
    8. Click the Add button above in the same page.
    9. Enter the service account email address and select the Cloud SQL Client role
    10. Click Add
    11. The service account should appear again in the the list.

    Credits to Chees, but points are mine :P. Hope it solves your issue.

    0 讨论(0)
  • 醉话见心
    2021-02-13 21:16

    For my case, there are two mistakes that I did:

    1. Make sure you use your correct project for the cloud sql instance.

      $gcloud config set project my-project

    2. Use the correct connectionName. If you're like me following google documentation, you will possibly end up put square brackets in your connectionName. Remove them.

    Myname-MBP:django setoelkahfi$ ./cloud_sql_proxy -instances="[blitzkrig-9f158:us-central1:polls-instance]"=tcp:3306 2018/06/01 04:55:48 Listening on 127.0.0.1:3306 for [blitzkrig-9f158-9f158:us-central1:polls-instance] 2018/06/01 04:55:48 Ready for new connections 2018/06/01 04:56:48 New connection for "[blitzkrig-9f158-9f158:us-central1:polls-instance]" 2018/06/01 04:56:50 couldn't connect to "[blitzkrig-9f158-9f158:us-central1:olls-instance]": ensure that the account has access to "[blitzkrig-9f158-9f158:us-central1:polls-instance]" (and make sure there's no typo in that name). Error during createEphemeral for [blitzkrig-9f158-9f158:us-central1:polls-instance]: googleapi: Error 403: The client is not authorized to make this request., notAuthorized

    0 讨论(0)
  • 逝去的感伤
    2021-02-13 21:19

    Please double check the connection string. It sounds like your credentials are in order, so it's likely you have an error in the instance name.

    I recommend copying & pasting the "Instance connection name" from the Cloud Console page for the instance:

    0 讨论(0)
  • 闹比i
    2021-02-13 21:23

    There are many reasons for such error.

    following is solutions:

    1) Copy instance name from sql instance 'overview' tab.

    2) You may not have access of cloud sql client.

    here is more detail.

    0 讨论(0)
  • [愿得一人]
    2021-02-13 21:30

    Another take is that if you are using the -dir flag means you will be connecting through a unix-socket which for MySQL is an extra connection parameter and the =tcp:3306 becomes redundant, when connecting though 127.0.0.1 this wouldn't work because it is TCP and it is waiting connection on the socket.

    0 讨论(0)
  • 庸人自扰
    2021-02-13 21:32

    In my case the problem was that the service account didn't have the correct role. You should at least set it to Editor.

    0 讨论(0)
 看不清?
提交回复
热议问题