使用 SQL alchemy 和 GCP 服务帐户连接到 GCP Cloud SQL Auth Proxy

Question

I am using terraform to set up a simple application that has a postgres db via Cloud SQL in google cloud platform (GCP). I set up a GCP Cloud SQL Auth proxy for my postgresql db using this guide . I set up the proxy as a sidecar to my main kube.netes application. I also set up a GCP service account to be used for authentication in the cloud proxy. In other words, I set the service_account_name in the kube.netes_deployment resource in my terraform file to be a gcp service account with the necessary roles to connect to the database.

Now, I'd like to use python and sql alchemy to connect to this postgresql db through the Cloud SQL proxy. Everything I found online (like this documentation ) suggest that I need to add a username and password like this to connect to the cloud proxy: mysql+pymysql://<db_user>:<db_pass>@<db_host>:<db_port>/<db_name> . However, my google service account doesn't have a username and password.

My question: is there a way to connect to the google cloud auth proxy without a password using my gcp service account?

Answer 1

The Cloud SQL Python Connector is a Python package that makes connecting to Cloud SQL both easy and secure for all three supported database engines (Postgres, MySQL, and SQL Server), from anywhere (local machine, Cloud Run, App Engine, Cloud Functions, etc.). (source: gcp blogs)

This connector uses IAM permissions and TLS certificates for getting connected to the cloud sql instances. This source code is available in github and there are versions available for java and go languages as well.