Reputation: 253
Google Cloud SQL import - HTTPError 403: Insufficient Permission
I would like to import mysql dump file into mysql database instance with the gcloud import tool, but I am getting an error:
ubuntu@machine:~/sql$ gcloud sql instances import sql-56-test-8ef0cb104575 gs://dbf/bt_ca_dev_tmp-2017-01-19.sql.gz
ERROR: (gcloud.sql.instances.import) HTTPError 403: Insufficient Permission
What exact permissions am I missing? I can create sql instance with registered service account but I am not possible to import data?
Upvotes: 3
Views: 4325
Answers (3)
Reputation: 3283
It's a permission problem of the Cloud SQL service account in the Google Storage bucket you're trying to use. To solve it you need to grant Storage Legacy Bucket Reader, Storage Legacy Object Owner, Storage Object Viewer roles to the service account email that you get from
gcloud sql instances describe <YOUR_DB_NAME> | grep serviceAccountEmailAddress
To do it go to the Cloud Storage / your bucket in Google Cloud Console and under Permission write the serviceAccountEmailAddress in ADD. Finally, add the roles you need.
Upvotes: 0
Reputation: 14729
According to the documentation, this should do the trick. The wierd thing is that it needs write permissions. This should do the trick:
gsutil iam ch serviceAccount:"${SERVICE_ACCOUNT}":roles/storage.legacyBucketWriter gs://${BUCKET_NAME}
gsutil iam ch serviceAccount:"${SERVICE_ACCOUNT}":roles/storage.objectViewer gs://${BUCKET_NAME}
Upvotes: 2
Reputation: 379
You have issue with permissions
create a bucket if you don't have one, run
`gsutil mb -p [PROJECT_NAME] -l [LOCATION_NAME] gs://[BUCKET_NAME]`
Describe the sql instance you are exporting from and copy the sa
`gcloud sql instances describe [INSTANCE_NAME]`
Add the service account to the bucket ACL as a writer
`gsutil acl ch -u [SERVICE_ACCOUNT_ADDRESS]:W gs://[BUCKET_NAME]`
Add the service account to the import file as a reader
`gsutil acl ch -u [SERVICE_ACCOUNT_ADDRESS]:R gs://[BUCKET_NAME]/[IMPORT_FILE_NAME]`
Import the file:
gcloud sql import csv [INSTANCE_NAME] gs://[BUCKET_NAME]/[FILE_NAME] \
--database=[DATABASE_NAME] --table=[TABLE_NAME]
Upvotes: 6
Related Questions
- Cloud sql database export import issue
- Google Cloud SQL import - ERROR: HTTPError 403: The client is not authorized to make this request
- Cloud SQL - PostgreSQL - Import failed due to the lack of superuser permission
- Not able to import SQL file on Google Cloud SQL
- Google Cloud SQL import from bucket : error 403
- gcloud sql import csv fails with permissions error when import file contains wildcard
- Cloud SQL import permissions issues for Cloud Storage bucket
- How to fix: 403 Error with Google Cloud SQL Export
- Import SQL Google Cloud SQL : HTTPError 403: Insufficient Permission
- Google Cloud SQL import unknown error