My computer rebooted and for some reasons I ignore, cloud_sql_proxy tries to use a credential file instead of my gcloud auth login:
cloud_sql_proxy --instances=instance:region:orcadb=tcp:54321
2022/09/06 12:43:07 Rlimits for file descriptors set to {Current = 8500, Max =
9223372036854775807}
2022/09/06 12:43:07 using credential file for authentication; email=example#example.iam.gserviceaccount.com
2022/09/06 12:43:08 errors parsing config:
googleapi: Error 403: The client is not authorized to make this request., notAuthorized
I checked that my gcloud login is correct by using gcloud auth login, and then checking using gcloud config list account.
I also tried adding the flag --enable_iam_login to the command.
My permissions are already set to owner.
How can I use cloud_sql_proxy without the credential file? Thanks! :)
If no credential file is pointed for cloud_sql_proxy then it takes the file path from the GOOGLE_APPLICATION_CREDENTIALS env. var first.
You have to check if this env var has a value
echo %GOOGLE_APPLICATION_CREDENTIALS%
If yes then clean it up
set GOOGLE_APPLICATION_CREDENTIALS=
Now the cloud_sql_proxy should take the current glcoud account
Related
I have gcloud working in power shell:
> gcloud version
Google Cloud SDK 375.0.0
bq 2.0.74
core 2022.02.25
gsutil 5.6
I've been trying to follow these directions to get my Sql Management Studio to connect to a Google SQL service:
https://cloud.google.com/sql/docs/sqlserver/connect-admin-proxy#start-proxy
But I get this error:
PS C:\gcloud_stuff> ./cloud_sql_proxy -instances=<my instance connection>=tcp:1433
2022/03/06 02:02:51 GcloudConfig: error reading config: exit status 1; stderr was:
The system cannot find the path specified.
The system cannot find the path specified.
2022/03/06 02:02:51 google: could not find default credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.
Does anyone know how to fix this? (I am new to Google Cloud)
Looks like you don't have a local set of credentials.
You can either run gcloud auth login and try again. Or you can create a service account key and pass it to the proxy with the -credentials_file flag. See the Proxy docs for details.
I'm trying to use Keycloak in order to success a login configuration with Kerberos. (Which is a big failure)
I've made a mistake which is Kerberos : Required.
In other word I opened Authentication > Select Browser > Requirement : Required on Kerberos
So I can't connect anymore, I got a "Invalid username or password" when logging on "http://localhost:8080/auth"
Has someone had an issue to resolve this without deleting and reconfiguring the server?
Found something which help me a lot. I solved my problem so, i will explain how
I've used in my bin directory : kcadmin.bat (or .sh)
Opened in a CMD
Login with kcadmin
kcadm.bat config credentials --server http://localhost:8080/auth --realm master --user admin
Next, i get the ID i need to update the flow (master) :
kcadmin.bat get authentication/flows/{FLOW}/executions
Next, i put in a JSON file {"id":"ID_of_my_flow", "requirement":"ALTERNATIVE"}
Save my file and finaly just wrote
kcadmin.bat update authentication/flows/master/executions -r REALM -f myfile.json
Thanks.
I'm just fished connect to my kubernete.
But affter that I need to change the gcloud location from /Download to /usr folder.
Next, I run install.sh file for update the new location in .bash_profile.
Then I check gcloud command. It working well
But when I run kubectl get pod. The error showing.
Unable to connect to the server: error executing access token command "/Users/panda/Downloads/google-cloud-sdk/bin/gcloud config config-helper --format=json": err=fork/exec /Users/panda/Downloads/google-cloud-sdk/bin/gcloud: no such file or directory output= stderr=
Hmm, how to update the location of gcloud sdk for solve this problem.
Thanks for your help.
In your Kubeconfig file (probably in ~/.kube/config) you’ll see it has the old path to your gcloud CLI. Update that file with the new path.
I'm just trying to move a simple text file from the local host to the remote host. I'm using Google's Cloud computing and more specifically, I'm using the gcloud command line tool. Here are the instructions and errors I received:
Admins-MacBook-Pro-4:downloads kylefoley$ gcloud compute scp lst_calc.txt instance-1:/home/kylefoley76/hey.txt
No zone specified. Using zone [us-central1-a] for instance: [instance-1].
Updating project ssh metadata...⠧Updated [https://www.googleapis.com/compute/v1/projects/atomic-drake-250022].
Updating project ssh metadata...done.
Waiting for SSH key to propagate.
Warning: Permanently added 'compute.1494876250178113937' (ECDSA) to the list of known hosts.
Enter passphrase for key '/Users/kylefoley/.ssh/google_compute_engine':
Enter passphrase for key '/Users/kylefoley/.ssh/google_compute_engine':
scp: /home/kylefoley76/hey.txt: Permission denied
ERROR: (gcloud.compute.scp) [/usr/bin/scp] exited with return code [1].
I then tried putting root# in front of the remote path and got the following error:
Admins-MacBook-Pro-4:downloads kylefoley$ gcloud compute scp lst_calc.txt root#instance-1:/home/kylefoley76/hey.txt
No zone specified. Using zone [us-central1-a] for instance: [instance-1].
Updating project ssh metadata...⠛Updated [https://www.googleapis.com/compute/v1/projects/atomic-drake-250022].
Updating project ssh metadata...done.
Waiting for SSH key to propagate.
Enter passphrase for key '/Users/kylefoley/.ssh/google_compute_engine':
root#35.193.247.37: Permission denied (publickey).
Enter passphrase for key '/Users/kylefoley/.ssh/google_compute_engine':
root#35.193.247.37: Permission denied (publickey).
Enter passphrase for key '/Users/kylefoley/.ssh/google_compute_engine':
root#35.193.247.37: Permission denied (publickey).
Enter passphrase for key '/Users/kylefoley/.ssh/google_compute_engine':
root#35.193.247.37: Permission denied (publickey).
Enter passphrase for key '/Users/kylefoley/.ssh/google_compute_engine':
It was then clear that the program was caught in an infinite loop of some kind.
UPDATE
Also, I want to make it clear that my problem is not a linux problem but a gcloud problem. A lot of people who have this problem recommend putting the files in the /tmp folder. On the remote Linux computer that I'm connected to it seems that I have all of the necessary permissions. I've created folders and files on this remote machine and I've moved the files around with terminal, so I think that rules out the possibility that my problem lies with the permissions of the Linux computer itself.
Create a tmp dir under your home in your instance with chmod 777 and send files to that.
gcloud compute scp ./app.tar.gz my-vm:~/tmp
Reason of the message:
This message means that the network connection from the client to the server is working, and that SSH is running. However, key-based authenticatication failed.
Troubleshooting steps:
Make sure that you have authenticated to gcloud as an IAM user with the compute instance admin role.
run gcloud auth login [IAM-USER] then try gcloud compute ssh again.
Verify that persistent SSH Keys metadata for gcloud is set for either the project or instance.
gcloud compute project-info describe --format flattened | grep
commonInstanceMetadata.items | grep ssh | grep -v expireOn
It's possible that you lost the private key, mismatched a keypair, etc. You can force gcloud to generate a new SSH keypair by doing the following:
If present, by moving ~/.ssh/google_compute_engine and ~/.ssh/google_compute_engine.pub. For example:
mv ~/.ssh/google_compute_engine.pub ~/.ssh/google_compute_engine.pub.old
mv ~/.ssh/google_compute_engine ~/.ssh/google_compute_engine.old
Try gcloud compute ssh [INSTANCE-NAME] again. A new keypair will be created and the public key will be added to the SSH keys metadata.
Verify that the Linux Guest Environment scripts are installed and
running. If the Linux Guest
Environment is not installed, re-install it.
I'm having a need of using "Google speech API" for my application. For that, I had installed "Google cloud storage SDK". I followed this link
"https://cloud.google.com/sdk/docs/quickstart-debian-ubuntu" to install gcloud.
Then I had run this command "set GOOGLE_APPLICATION_CREDENTIALS /path/to/google-speech-API-key/key.json" on terminal to set the GOOGLE_APPLICATION_CREDENTIALS. But when I try to test I got this exception
"Error reading credential file from environment variable GOOGLE_APPLICATION_CREDENTIALS, value '/path/to/google-speech-API-key': File does not exist". I'm sure that the directory exists and it has all the permissions.
So then I ran this command "gcloud auth application-default login" to actually set the default key. I got the below warning
"The environment variable [GOOGLE_APPLICATION_CREDENTIALS] is set to:
[/path/to/google-speech-API-key]
Credentials will still be generated to the default location:
[/path/to/.config/gcloud/key.json]
To use these credentials, unset this environment variable before
running your application."
So, now how could I unset or overwrite the GOOGLE_APPLICATION_CREDENTIALS?
So if you follow Cloud Speech authentication documentation they suggest to do
export GOOGLE_APPLICATION_CREDENTIALS=PATH_TO_KEY_FILE
You can check the value and if file is readable by running following commands in your terminal
echo $GOOGLE_APPLICATION_CREDENTIALS
cat $GOOGLE_APPLICATION_CREDENTIALS
Note that GOOGLE_APPLICATION_CREDENTIALS is an environment variable which is set in your current shell session. If you start another terminal session (NOT via this one) that environment variable will not be set. Also you can unset it in this session via
export GOOGLE_APPLICATION_CREDENTIALS=
That said you probably should not use user credentials obtained via
gcloud auth application-default login
as they are not tied to your project. Instead use service account key obtained from your project.
UNIX:
export GOOGLE_APPLICATION_CREDENTIALS=
Windows
set GOOGLE_APPLICATION_CREDENTIALS=
More Information on docs page