使用 bq 命令在 GCP Bigquery 和 Cloud SQL (Mysql 5.7) 之间创建连接时出现错误
[英]Error emitted when creating a connection between GCP Bigquery and Cloud SQL (Mysql 5.7) using bq command
问题描述
I want to create a connection between Bigquery and Cloud SQL(MySQL 5.7) in a newly created project , (not in existing project, I can create the connection in existing project with no problem)
我想在新创建的项目中创建 Bigquery 和 Cloud SQL(MySQL 5.7) 之间的连接,(不在现有项目中,我可以毫无问题地在现有项目中创建连接)
This is the command I used这是我使用的命令
bq mk --connection --connection_type='CLOUD_SQL' --properties='{"instanceId":"<PROJECT ID>:<REGION>:<MYSQL INSTANCE>","database":"<MY DATABASE>","type":"MYSQL"}' --connection_credential='{"username":"root", "password":"<PASSWORD>"}' --project_id=<PROJECT ID> --location=<REGION> <MYSQL INSTANCE>
but I got the error like below但我得到如下错误
BigQuery error in mk operation: Access Denied: URI: services/bigqueryconnection.googleapis.com/projects/<PROJECT ID>:
APPLICATION_ERROR;google.api.serviceconsumermanagement.v1beta1/ServiceConsumerManagerV1Beta1.GenerateServiceIdentity;Permission denied to generate service identity for service
[bigqueryconnection.googleapis.com]
Details: [{
IAM{policy: 'serviceconsumermanagement_consumers-/000000555846b828/bigqueryconnection.googleapis.com/000000b742218216' resource: 'services/bigqueryconnection.googleapis.com/consumers/<PROJECT ID>'
permission: 'serviceconsumermanagement.consumers.generateServiceAccount'}
allowed: false auditlog: false cloudaudit: false
}]
...
...
After a lot of research, I think the problem is maybe I don't have a service acccount like this with a role called BigQuery Connection Service agent .经过大量研究,我认为问题可能是我没有这样的服务帐户,其角色称为BigQuery Connection Service agent 。 because I have this kind of service account in another project.因为我在另一个项目中有这种服务帐户。
service-<project id>@gcp-sa-bigqueryconnection.iam.gserviceaccount.com
I don't really know how this service account being created, maybe by enabling the Bigquery Connection API service, I will have a service account like above being created.我真的不知道这个服务帐户是如何创建的,也许通过启用 Bigquery Connection API 服务,我将创建一个像上面这样的服务帐户。
Although the bigquery Connection API has already being enabled, I disalbed it then enabled it again.虽然 bigquery 连接 API 已经启用,但我将其禁用然后再次启用。 but the service account still not being created.但服务帐户仍未创建。
Does anyone has any idea about this problem?有没有人知道这个问题? Thank you so much.太感谢了。
update:更新:
Sorry I forgot to say I already have the bigquery Admin/bigquery connection admin/cloud sql admin permissions抱歉,我忘了说我已经拥有 bigquery Admin/bigquery connection admin/cloud sql 管理员权限
2 个解决方案
解决方案1
0 2020-09-01 05:48:28
You need grant bigquery.admin access.您需要授予bigquery.admin访问权限。 Document link文档链接
gcloud projects add-iam-policy-binding project_id \
--member group/user:address \
--role roles/bigquery.admin
Example:例子:
$ bq mk --connection --connection_type='CLOUD_SQL' --properties='{"instanceId":"data-lab:us-east1:instance-mysql","database":"information_schema","type":"MYSQL"}' --connection_credential='{"username":"root", "password":"*****"}' --project_id=data-lab --location=us MyExternalSQL
Connection 906721254566.us.MyExternalSQL successfully created
解决方案2
0 2020-09-02 19:49:39
When you enable the BigQuery Connection API, a service account should be automatically created on your behalf with the following roles:当您启用 BigQuery Connection API 时,应该会自动为您创建一个具有以下角色的服务帐户:
cloudsql.client
logging.logWriter
metrics.metricWriter
and to create and maintain a connection resource, user must have the bigquery.admin predefined role as @Soumendra mentioned.要创建和维护连接资源,用户必须具有@Soumendra 提到的 bigquery.admin 预定义角色。
Check Document Cloud SQL federated queries检查文档云 SQL 联合查询
I enabled the API, but a service account wasn't created.我启用了 API,但未创建服务帐户。
Check Document BigQuery Connection API Client Libraries for creating that service account.检查文档BigQuery 连接 API 客户端库以创建该服务帐户。
Once that is done, try connecting.完成后,尝试连接。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.