科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>MySQL, go-sql-driver with google auth token - Stack Overflow

    MySQL, go-sql-driver with google auth token - Stack Overflow

    programmeradmin4浏览0评论

    I am looking to connect to a gcp managed db (running on GCP) via a cloud proxy (jump box with local port to connect to managed instance) with go-sql-driver but everything I've tried gcp MySQL instance is rejecting my login. i am able to connect, but when trying to query it returns an error.

    this is the code I'm using (note it works if i have a "normal user/password", tested from gcp and local database):

    package main

import (
    "database/sql"
    "fmt"
    "log"
    "os"

    "github/go-sql-driver/mysql"
    _ "github/go-sql-driver/mysql"
)

func connectTCPSocket() (*sql.DB, error) {
    mustGetenv := func(k string) string {
        v := os.Getenv(k)
        if v == "" {
            log.Fatalf("Fatal Error in connect_tcp.go: %s environment variable not set.", k)
        }
        return v
    }

    c := mysql.Config{
        User:   mustGetenv("DB_USER"),
        Passwd: mustGetenv("DB_PASS"),
        Net:    "tcp",
        Addr:   mustGetenv("INSTANCE_HOST") + ":" + mustGetenv("DB_PORT"),
        DBName: mustGetenv("DB_NAME"),
        ParseTime: true, // demo option
        AllowNativePasswords:    true,
        AllowOldPasswords:       true,
        AllowCleartextPasswords: true,
    }

    dbPool, err := sql.Open("mysql", c.FormatDSN())

    if err != nil {
        return nil, fmt.Errorf("sql.Open: %w", err)
    }

    // ...

    return dbPool, nil
}

func main() {
    fmt.Println("Starting")
    db, err := connectTCPSocket()

    if err != nil {
        log.Fatal(err)
    }
    // fmt.Println(db)

    rows, err2 := db.Query("Select field1 from table")
    if err2 != nil {
        log.Fatal(err2)
    }
}

    when calling it i get Access denied for user ‘user’@‘ipaddress’ (using password: YES)

    the auth token/password is from: gcloud sql generate-login-token command. and i have been able to use this in normal DB Utilities (intellij, dbbeaver, ect).

    any suggestions on what i need to use to get it to work?

    Edit to answer comments:

    1. using "gcloud compute ssh cloudsql-jump" not gcloud shell.
    2. gcloud compute ssh cloudsql-jump --project projectName --zone us-east4-c --internal-ip -- -L 1234:1.0.0.1:3306
    3. gcloud sql generate-login-token - for the auth token
    4. INSTANCE_HOST = localhost
    5. DB_PORT = 1234 (see #1 for jump box port forwarding)
    • from intellij using jdbc:mysql://localhost:1234 works with the auth token from #3.
    1. for code running, i see:
    Starting
2025/03/27 06:42:47 Error 1045 (28000): Access denied for user 'user'@'10.0.0.1' (using password: YES)

    I am looking to connect to a gcp managed db (running on GCP) via a cloud proxy (jump box with local port to connect to managed instance) with go-sql-driver but everything I've tried gcp MySQL instance is rejecting my login. i am able to connect, but when trying to query it returns an error.

    this is the code I'm using (note it works if i have a "normal user/password", tested from gcp and local database):

    package main

import (
    "database/sql"
    "fmt"
    "log"
    "os"

    "github/go-sql-driver/mysql"
    _ "github/go-sql-driver/mysql"
)

func connectTCPSocket() (*sql.DB, error) {
    mustGetenv := func(k string) string {
        v := os.Getenv(k)
        if v == "" {
            log.Fatalf("Fatal Error in connect_tcp.go: %s environment variable not set.", k)
        }
        return v
    }

    c := mysql.Config{
        User:   mustGetenv("DB_USER"),
        Passwd: mustGetenv("DB_PASS"),
        Net:    "tcp",
        Addr:   mustGetenv("INSTANCE_HOST") + ":" + mustGetenv("DB_PORT"),
        DBName: mustGetenv("DB_NAME"),
        ParseTime: true, // demo option
        AllowNativePasswords:    true,
        AllowOldPasswords:       true,
        AllowCleartextPasswords: true,
    }

    dbPool, err := sql.Open("mysql", c.FormatDSN())

    if err != nil {
        return nil, fmt.Errorf("sql.Open: %w", err)
    }

    // ...

    return dbPool, nil
}

func main() {
    fmt.Println("Starting")
    db, err := connectTCPSocket()

    if err != nil {
        log.Fatal(err)
    }
    // fmt.Println(db)

    rows, err2 := db.Query("Select field1 from table")
    if err2 != nil {
        log.Fatal(err2)
    }
}

    when calling it i get Access denied for user ‘user’@‘ipaddress’ (using password: YES)

    the auth token/password is from: gcloud sql generate-login-token command. and i have been able to use this in normal DB Utilities (intellij, dbbeaver, ect).

    any suggestions on what i need to use to get it to work?

    Edit to answer comments:

    1. using "gcloud compute ssh cloudsql-jump" not gcloud shell.
    2. gcloud compute ssh cloudsql-jump --project projectName --zone us-east4-c --internal-ip -- -L 1234:1.0.0.1:3306
    3. gcloud sql generate-login-token - for the auth token
    4. INSTANCE_HOST = localhost
    5. DB_PORT = 1234 (see #1 for jump box port forwarding)
    • from intellij using jdbc:mysql://localhost:1234 works with the auth token from #3.
    1. for code running, i see:
    Starting
2025/03/27 06:42:47 Error 1045 (28000): Access denied for user 'user'@'10.0.0.1' (using password: YES)
    • go
    • google-cloud-sql
    • mysql-connector
    Share Improve this question edited Mar 27 at 11:32 sherring asked Mar 26 at 18:55 sherringsherring 1411 gold badge2 silver badges11 bronze badges 4
    • see https://cloud.google/sql/docs/mysql/iam-logins – Source code Commented Mar 27 at 1:09
    • Your question is unclear and is not a minimal repro. Your Go code can be configured for both direct (to SQL) and proxied connections but, for example. INSTANCE_HOST and DB_PORT will usually (!) be localhost (127.0.0.1) and 3306 when proxied. Please include the commands that you're running and the output they're generating. – DazWilkin Commented Mar 27 at 2:22
    • 1 What does "i forward a port locally to gcp shell to connect" mean? Do you mean Cloud Shell? If you're port-forwarding to the proxy, this is ill-advised. – DazWilkin Commented Mar 27 at 2:25
    • The tutorial may help. – DazWilkin Commented Mar 27 at 2:27
    Add a comment  | 

    1 Answer 1

    Reset to default 0

    Check if you are using MySQL 8.4. By default in Cloud SQL, Mysql 8.4 the caching_sha2_password auth plugin is the default. You may need to configure your go mysql client to use caching_sha2_password also.

    It looks like you already found the article describing several ways to connect to a private-ip Cloud SQL instance. Just in case others find it useful also, here's the link: https://cloud.google/sql/docs/mysql/connect-to-instance-from-outside-vpc

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论