I have a Cloud Function that I want to connect to a SQL Server Instance. By documentation, you can only connect using a private IP.
Everytime I try to connect I get the error:
ERROR: (gcloud.functions.call) ResponseError: status=[400], code=[Bad Request], message= [Function failed on loading user code. Error message: {"code":"ELOGIN","originalError": {"message":"Logon failed for login 'sqlserver' due to trigger execution.","code":"ELOGIN"},"name":"ConnectionError"}]
My Cloud Function code:
const sql = require('mssql');
exports.test = (req, res) => {
const config = {
user: 'sqlserver',
password: 'test',
server: '10.60.80.3',
port:1433,
pool: {
max: 10,
min: 0,
idleTimeoutMillis: 30000
}
};
const pool = new sql.ConnectionPool(config);
pool.connect()
.then(() => {
res.status(200).send({message: "Connection ready."});
})
.catch(err => {
res.status(500).send(err);
pool.close();
});
};
I have done the following configurations:
VPC Connector on default network
The default network was applied to Private IP configuration of SQL Server instance.
SQL Server Instance configuration
When creating the Cloud Function, you are required to select a service account and a VPC connector. I chose the connect-ip-sql connector. For service account, I tried with App Engine Default Service Account and Compute Engine Service Account ( both given the role of Cloud SQL client). Same error.
It seems to be a problem with SQL Server login and not about finding the network since I tried changing the network (setting the SQL Server in another VPC) and it returned CONNECTION TIMEOUT.
I can login using public ip in my SSMS using the default username-password. When I run the query:
select * from sys.server_triggers
There are three server triggers but there is no information what they do.
gcloudsql_RoleManagement
TRG_ProtectDropCustRootLogin
TRG_DisableRemoteConnectionForDbRoot
You cannot drop or change them, because Cloud SQL is a managed service and you have no access on the 'sa' superuser.
It would be best to request Google Cloud Support assistance (public tracker is mostly for bugs) since it could be a lot of things that could go wrong here.
But with that said, I assume you have the following in place:
I would recommend for you to enable flow logs and GCP firewall logs , also running connectivity test can also give you a hint on what might be blocking you
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.