The client is not authorized to make this request -- while trying to get google cloud sql instance by java

Question

I want to get details of Google Cloud Sql instance by using google cloud service account. I have created a service account which is billing enabled. I have successfully did Google Cloud Storage functionality like bucket create, bucket delete and so on by using this service account from java code. But while I tried to get GCS Sql functionality I am getting following error:

{
   "code" : 403,
   "errors" : [ {
        "domain" : "global",
        "message" : "The client is not authorized to make this request.",
        "reason" : "notAuthorized"
   } ],
   "message" : "The client is not authorized to make this request."
}

Below are my java code snippet:

private SQLAdmin authorizeSqlAdmin() throws Exception {

    if (cloudSqlAdmin == null) {

        HttpTransport httpTransport = new NetHttpTransport();
        JsonFactory jsonFactory = new JacksonFactory();

        List<String> scopes = new ArrayList<String>();
        scopes.add(SQLAdminScopes.CLOUD_PLATFORM);
        scopes.add(SQLAdminScopes.SQLSERVICE_ADMIN);
        String propertiesFileName = "/cloudstorage.properties";
        Properties cloudStorageProperties = null;
        try {
            cloudStorageProperties = Utilities.getProperties(propertiesFileName);
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
            return null;
        }

        Credential credential = new GoogleCredential.Builder()
                .setTransport(httpTransport)
                .setJsonFactory(jsonFactory)
                .setServiceAccountId(
                        cloudStorageProperties.getProperty(ACCOUNT_ID_PROPERTY)
                )
                .setServiceAccountPrivateKeyFromP12File(
                        new File(cloudStorageProperties.getProperty(PRIVATE_KEY_PATH_PROPERTY))
                )
                .setServiceAccountScopes(scopes).build();

        cloudSqlAdmin = new SQLAdmin.Builder(httpTransport, jsonFactory, credential)
                .setApplicationName(
                        cloudStorageProperties.getProperty(APPLICATION_NAME_PROPERTY)
                )
                .build();
    }

    return cloudSqlAdmin;
}

public DatabaseInstance getInstanceByInstanceId(String projectId, String instanceId) throws Exception {
    SQLAdmin cloudSql = authorizeSqlAdmin();
    Get get = cloudSql.instances().get(projectId, instanceId);
    DatabaseInstance dbInstance = get.execute();
    return dbInstance;
}

What am I missing here? Somebody please help me.

NB: I have added that service account as a member in permissions tab and gave this account as CAN EDIT permission

Answer 1

Solved this issue by replacing instance id value.

From GCS console I got the instance id as project-id:instance-name . I putted whole part of project-id:instance-name as instance id and thats why I got the above error

After some trials I found that I need to give instance-name as instanceId in here

Get get = cloudSql.instances().get(projectId, instanceId);

That solved my problem.

Answer 2

Updated answer

if you are on terraform and receive this error, it means that your master instance name is set wrongly. A master should refer to an instance name that already exists in cloud sql( ie, whichever is to be the master of the instance your are creating)

master_instance_name = "${google_sql_database_instance.master.name}"         

It would be the same for json setup

"masterInstanceName": "source-instance"