Connecting to Cloud SQL from Azure Data Studio using an IAM user - postgresql

Following the instructions here, I'm having problem connecting to the DB from Azure Data Studio using the token I generate. It connects to the DB successfully, but as soon as I want to run a simple query ( I already gave my user read access there), it gives me this connection error, and I need to connect using the token again and the disconnection happens again randomly after a short while:
FATAL: Cloud SQL IAM user authentication failed for user
"user#company.com" FATAL: pg_hba.conf rejects connection for host
"...", user "user#company.com", database "db-name",
SSL off
I did some search and found there is also a way of logging in with IAM database authentication using the Cloud SQL Auth proxy but the documentation is limited to Postgress command line and not a GUI database tool like Azure Data Studio. Can anyone shed some light on this about what's needed if you want to connect with a GUI tool in this case?
And about changing the pg_hba.conf file, since I work with a cloud SQL instance, I'm not sure how to turn sslmode off on the cloud instance. I checked the connection tab of my instance and SSL encryption wasn't checked there (not sure if that's the same),and I changed the sslmode to disable on my Azure Data Studio for the connection but it won't allow me to connect after this change:
FATAL: pg_hba.conf rejects connection for host "*.*.*.*", user "user#company.com", database "database", SSL off
Help, anyone?

I've found the answer: we can connect using IAM database authentication using the Cloud SQL Auth proxy. The only step after to be done from the GUI DB tool (mine is Azure Data Studio) would be, to connect to the IP (127.0.0.1 in my case)the Cloud SQL Auth proxy listens on(127.0.0.1 is the default) after starting the Cloud SQL Auth proxy using:
./cloud_sql_proxy -instances=<GCPproject:Region:DBname>=tcp:127.0.0.1:5432

Related

What could I be missing with Prisma client, Cloud Run, and Cloud SQL - my Prisma client can't socket-connect to my Cloud SQL instance DB?

Background
I have a NestJS project with Prisma ORM, and I am continually receiving the error:
PrismaClientInitializationError: Can't reach database server at `localhost`:`5432`
This is happening during the Cloud Build Deploy step.
Since this is a containerized application (attempting to) run in a Cloud Run instance, I'm supposed to use a socket connection. Here's the documentation from Prisma on connecting to a Postgres DB through a socket connection: https://www.prisma.io/docs/concepts/database-connectors/postgresql#connecting-via-sockets
Connecting via sockets
To connect to your PostgreSQL database via sockets, you must add a host field as a query parameter to the connection URL (instead of setting it as the host part of the URI). The value of this parameter then must point to the directory that contains the socket, e.g.: postgresql://USER:PASSWORD#localhost/database?host=/var/run/postgresql/
Note that localhost is required, the value itself is ignored and can be anything.
I've done this to the letter, as described in the Cloud SQL documentation, with the exception that I percent-encoded my path to the directory containing the socket. I've included and excluded the trailing slash.
So my host var looks like this, mapped from the percent-encoded values:
/cloudsql/<MY CLOUD SQL CONNECTION NAME>/<DB>
I've read over the Cloud Run documentation, and in my mind, I should expect a different error if the instance itself can't connect to the Cloud SQL instance. I've followed the "Make sure you have the appropriate permissions and connection" from the documentation a few times now.
Is there anything obvious that I'm missing? Am I wrong about an error related to Cloud Run instance just not connecting with Cloud SQL instance?
Things I've tried & things I know
I CAN connect directly to the Cloud SQL instance locally through psql
I CAN run a local server with the Cloud SQL instance public IP and establish a client connection & interact with the database
I CAN successfully create an image and run a container from that image locally
My big concern
It doesn't make sense to me in which order things should connect to the Cloud SQL instance. To me, the Cloud Run - Cloud SQL connection MUST be established before the application run inside the Cloud Run instance can establish its connection through the socket to the Cloud SQL instance. -- Am I thinking through that correctly?

Connect to cloud SQL using Cloud SQL Auth is none resposinve in MySQL workbench

Im trying to create a connection for my SQL instance in GCP following their guide:
https://cloud.google.com/sql/docs/mysql/connect-admin-proxy
I set up the proxy running but I cant connect to my server.
I use MySQL workbench and the connection just timeout.
I went trough the trouble shoot guide and could not find the issue.
No errors in the cloud logs.
I try to connect using the owner google account of the project (I have all the permissions).
Cloud SQL Admin API is enabled.
I entered the password in the menu.
I saw another google guide telling to white list your IP.
I did this and its the same error.
It seems like there is a firewall or something is blocking from GCP to connect to the server but Im not sure what.
The solution for me was:
Use Cloud SQL authorized network as JM Gelilio suggested and to use pgAdmin 4 for Postgres connections.

Not able to connect to azure postgres db from azure data factory when SSL is enabled

I'm new to Azure Data factory and i'm trying to create data set that connects to azure postgres db where SSL is enabled, but i get the below error, any idea how to solve this error without disabling SSL on postgres.
when i try to add sslmode=Allow to connection parameters, i get this error
You need to select EncryptionMethod option in link service. As MSDN shows,
Update:
I haven't met your error. I can connect successfully via integration run time.
The following is my setting, you can have a try.
In Azure Database for PostgreSQL:
Link service:

AWS RDS Postgres 11 database Connected to pgAdmin 4

Question
What extra do I get if I fix this and get access to the admin database? (MyDataBaseName normal database works perfectly well)
Do I even need to fix this to use this postgres database for a Django 3.0 project?
Done -> ERROR
I have created a free tear AWS RDS Postgres 11 database.
I allowed external connections at creation and have successfully configured the inbound rules.
Than I have connected to pgAdmin (right click on server groups/create/server)
Than I got 3 database:
MyDataBaseName how I have named my database
postgesql that is auto generated
rdsadmin this is also auto generated,
I have problem with this one that it doesn't opens,
it has a rex x at the database icon
if i click on it it gives the following ERROR message
INTERNAL SERVER ERROR
FATAL: SomeConfigFileName.conf rejects connection for host "host.ip.adders.actully.with.numbers", user "myPersonalUsername", database "rdsadmin", SSL on
FATAL: SomeConfigFileName.conf rejects connection for host "host.ip.adders.actully.with.numbers", user "myPersonalUsername", database "rdsadmin", SSL off
"rdsadmin" is used for internal purposes by AWS. There should be no need to "fix" this.
The only things you are missing is things you aren't allowed to do anyway, and indeed not needing to deal with them yourself is what you are paying Amazon for.
Django shouldn't care. If it demands access to this database, that would be a bug in Django (or a configuration error)

Connecting to Google Cloud SQL with MySQL Workbench

I can't seem to connect to Cloud SQL with Workbench. I keep getting this error.
Failed to Connect to MySQL at CLOUD-SQL-IPv4:3306 with user root
Access denied for use 'root'#'WHITE-LISTED-IP-ADDRESS' (using password: YES)
I have white listed my IP.
I have set an IP for the SQL instance.
I have checked the username and Password several times.
Any idea why this is happening?
It seems you have to create a new user in the Google Cloud Console with the host name set to %(any host). You can't seem to connect using the root user.
Is it possible to connect with the #root user but after you finish the setup you have to restart the sql server.
What is important to set up an SSL certificate if you connect to you production database, but if you only try it out you can allow unsecured connection. Another important thing is to add your IP to the Authorised Networks in the Connection tab.