[英]Connect to a GCP Cloud SQL Auth Proxy using SQL alchemy and a GCP service account
I am using terraform to set up a simple application that has a postgres db via Cloud SQL in google cloud platform (GCP).我正在使用 terraform 设置一个简单的应用程序,该应用程序通过谷歌云平台(GCP)中的云 SQL 具有 postgres 数据库。 I set up a GCP Cloud SQL Auth proxy for my postgresql db using this guide .
我使用本指南为我的 postgresql 数据库设置了 GCP Cloud SQL Auth 代理。 I set up the proxy as a sidecar to my main kube.netes application.
我将代理设置为我的主要 kube.netes 应用程序的 sidecar。 I also set up a GCP service account to be used for authentication in the cloud proxy.
我还设置了一个 GCP 服务帐户,用于在云代理中进行身份验证。 In other words, I set the
service_account_name
in the kube.netes_deployment
resource in my terraform file to be a gcp service account with the necessary roles to connect to the database.换句话说,我将 terraform 文件中
kube.netes_deployment
资源中的service_account_name
设置为具有连接数据库所需角色的 gcp 服务帐户。
Now, I'd like to use python and sql alchemy to connect to this postgresql db through the Cloud SQL proxy.现在,我想使用 python 和 sql 炼金术通过 Cloud SQL 代理连接到这个 postgresql 数据库。 Everything I found online (like this documentation ) suggest that I need to add a username and password like this to connect to the cloud proxy:
mysql+pymysql://<db_user>:<db_pass>@<db_host>:<db_port>/<db_name>
.我在网上找到的所有内容(如本文档)都表明我需要像这样添加用户名和密码才能连接到云代理:
mysql+pymysql://<db_user>:<db_pass>@<db_host>:<db_port>/<db_name>
。 However, my google service account doesn't have a username and password.但是,我的谷歌服务帐户没有用户名和密码。
My question: is there a way to connect to the google cloud auth proxy without a password using my gcp service account?我的问题:有没有办法使用我的 gcp 服务帐户在没有密码的情况下连接到 google cloud auth 代理?
The Cloud SQL Python Connector is a Python package that makes connecting to Cloud SQL both easy and secure for all three supported database engines (Postgres, MySQL, and SQL Server), from anywhere (local machine, Cloud Run, App Engine, Cloud Functions, etc.). The Cloud SQL Python Connector is a Python package that makes connecting to Cloud SQL both easy and secure for all three supported database engines (Postgres, MySQL, and SQL Server), from anywhere (local machine, Cloud Run, App Engine, Cloud Functions, ETC。)。 (source: gcp blogs)
(来源:gcp 博客)
This connector uses IAM permissions and TLS certificates for getting connected to the cloud sql instances.此连接器使用 IAM 权限和 TLS 证书来连接到云 sql 实例。 This source code is available in github and there are versions available for java and go languages as well.
此源代码在 github 中可用,并且还有适用于 java 和 go 语言的版本。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.