无法将公有云 PostgreSQL 实例连接到公有云数据融合实例

Question

I am trying to Connect Both Public Cloud SQL and Data Fusion instances but ended up receiving the 403 error.

Failed to create connection to database via connection string: jdbc:postgresql:///analytics?cloudSqlInstance=chatbot-dev-356403:europe-central2:chatbot&socketFactory=com.google.cloud.sql.postgres.SocketFactory and arguments: {user=chatbot-dev}. Error: GoogleJsonResponseException: 403 Forbidden { "code" : 403, "errors" : [ { "domain" : "global", "message" : "The client is not authorized to make this request.", "reason" : "notAuthorized" } ], "message" : "The client is not authorized to make this request." }. Make sure you specify the correct connection properties.

I am not sure if it's a permission issue. I have the following permissions in my service account added during Data fusion instance creation:

roles/storage.admin
roles/datafusion.admin
roles/datafusion.runner
roles/datafusion.serviceAgent
roles/dataproc.worker
roles/cloudsql.admin
roles/cloudsql.client

Also I can see another service account in the instance but Not sure if I have to add permissions to this account too?

Answer 1

Have you followed the instructions here: https://cloud.google.com/data-fusion/docs/how-to/reading-from-postgresql ?

I had the same problem because I was looking to the Service Account and Dataproc service account defined in the Data Fusion instance, but those are not the service accounts requiring permissions.

I had to:

1. Go into the IAM
2. Select the Grant Access action.
3. Find the service-PROJECT_NUMBER@gcp-sa-datafusion.iam.gserviceaccount.com service account and grant the roles at step #13 in the link I sent.

After performing those actions everything worked fine.

Please let us know if that works out for you.