stackoom
  简体   繁体   中英

Default Compute Engine service account cant access Cloud SQL

 原文  2016-04-17 18:54:15       google-compute-engine/ google-cloud-sql

Question

Im trying to get my compute engine instance to communicate with Cloud SQL using the Proxy. I keep getting this error when I try to start the proxy:

the default Compute Engine service account is not configured with sufficient permissions to access the Cloud SQL API from this VM. Please create a new VM with Cloud SQL access (scope) enabled under "Identity and API access". Alternatively, create a new "service account key" and specify it using the -credentials_file parameter

When I describe my instance using gcloud compute instances describe the service account and scopes are:

serviceAccounts:
- email: 123456-compute@developer.gserviceaccount.com
  scopes:
  - https://www.googleapis.com/auth/devstorage.full_control
  - https://www.googleapis.com/auth/logging.write
  - https://www.googleapis.com/auth/monitoring.write
  - https://www.googleapis.com/auth/sqlservice
  - https://www.googleapis.com/auth/sqlservice.admin

I can get this working if I create a new instance with full scope permissions:

serviceAccounts:
- email: 123456-compute@developer.gserviceaccount.com
  scopes:
  - https://www.googleapis.com/auth/cloud-platform

But this seems less secure than just specifying the scopes I need.

1 answers

solution1
 0 ACCPTED  2016-04-17 22:08:57

It is an issue fixed in https://github.com/GoogleCloudPlatform/cloudsql-proxy/pull/21 .

We will roll out a new release on Monday (4/18). Or you can compile from the source on github. Sorry for the inconvenience.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Deleted Compute Engine default service account Sign Google Cloud Storage URLs with Google Compute Engine default service account Google app engine service account to start Cloud Compute instances Cant connect to google cloud SQL from Compute Engine Instance HTTP requests from compute engine to app-engine standard with compute engine default service account Update default compute service account permission in google cloud? What IAM permissions do I need to use to create a Service Account similar to Default Compute Engine Service Account? How to access Google Cloud SQL by Python in Google Compute Engine compute engine's service account has insufficient scopes for cloud vision api How to change the scope of a Google Compute Engine service account to write data to a Google Cloud Storage bucket?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM