I'am evaluating a Quarkus application on App Engine. The application needs a Postgres DB on Cloud SQL, where I named the instance 'quarkus'.
But I'am stuck getting these access error: Not authorized to access instance: addlogic-foodiefnf-1:quarkus
The serviceAccount:addlogic-foodiefnf-1@appspot.gserviceaccount.com has these roles: Cloud SQL Admin Cloud SQL Service Agent Editor
What I'am missing?
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"status": {
"code": 7,
"message": "Not authorized to access instance: addlogic-foodiefnf-1:quarkus "
},
"authenticationInfo": {
"principalEmail": "addlogic-foodiefnf-1@appspot.gserviceaccount.com",
"serviceAccountDelegationInfo": [
{
"firstPartyPrincipal": {
"principalEmail": "app-engine-appserver@prod.google.com"
}
}
],
"principalSubject": "serviceAccount:addlogic-foodiefnf-1@appspot.gserviceaccount.com"
},
"requestMetadata": {
"callerIp": "107.178.230.54",
"requestAttributes": {
"time": "2021-09-27T06:18:33.283490Z",
"auth": {}
},
"destinationAttributes": {}
},
"serviceName": "cloudsql.googleapis.com",
"methodName": "cloudsql.instances.connect",
"authorizationInfo": [
{
"resource": "instances/quarkus ",
"permission": "cloudsql.instances.connect",
"granted": true,
"resourceAttributes": {
"service": "sqladmin.googleapis.com",
"name": "projects/addlogic-foodiefnf-1/instances/quarkus ",
"type": "sqladmin.googleapis.com/Instance"
}
}
],
"resourceName": "instances/quarkus ",
"request": {
"@type": "type.googleapis.com/google.cloud.sql.v1beta4.SqlInstancesCreateEphemeralCertRequest",
"instance": "europe-west3~quarkus ",
"project": "addlogic-foodiefnf-1",
"body": {}
},
"response": {}
},
"insertId": "-il5zyxe1b1rn",
"resource": {
"type": "cloudsql_database",
"labels": {
"project_id": "addlogic-foodiefnf-1",
"database_id": "addlogic-foodiefnf-1:quarkus ",
"region": "europe-west3"
}
},
"timestamp": "2021-09-27T06:18:33.270158Z",
"severity": "ERROR",
"logName": "projects/addlogic-foodiefnf-1/logs/cloudaudit.googleapis.com%2Factivity",
"receiveTimestamp": "2021-09-27T06:18:33.799357464Z"
}
Background story: I've set up my quarkus application regarding to https://quarkus.io/guides/deploying-to-google-cloud but class 'PostgreSQL10Dialect'failed to load: See Why is class PostgreSQL10Dialect not found on Quarkus in Google App Engine java11?
At this current post here I like to learn how to debug the access error at Google App Engine to Cloud SQL. Cloud SQL instance is set up with public IP. Is there anymore setup needed at Cloud SQL instance? As said above, service account at standard app engine has role 'Cloud SQL Admin' as required by https://cloud.google.com/sql/docs/postgres/connect-app-engine-standard#java
Any help appreciated.
I understand that using ´quarkus.datasource.db-kind=postgresql´ triggers hibernate to do auto configuration. And therefore the connection can not be established.
I have to use quarkus.datasource.db-kind=other
to prevent Quarkus auto-configuration and access problems.
(As this solves this question here, my issue at Why is class PostgreSQL10Dialect not found on Quarkus in Google App Engine java11? is still open.)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.