CODEWITHSUNDEEP
google-cloud-platformgoogle-cloud-sqlgoogle-app-engine-python
mixolydian
mixolydian

Reputation: 23

Connecting App Engine to Cloud SQL Access Denied

I'm trying to get my Flask App Engine project to read data stored in Cloud SQL MySQL 5.7 database. Something has gone wrong as all I've gotten are pymysql.err.OperationalError. I've been following the instructions here: https://cloud.google.com/sql/docs/mysql/connect-app-engine.

  1. The Cloud SQL Admin API is enabled.

  2. According to the linked document:

    App Engine uses a service account to authorize your connections to Cloud SQL. This service account must have the correct IAM permissions to successfully connect. Unless otherwise configured, the default service account is in the format service-PROJECT_NUMBER@gae-api-prod.google.com.iam.gserviceaccount.com.

The IAM page listing the permissions for my project doesn't contain a member in the above format. The "App Engine default service account" is of the format: [email protected]. This service account has Cloud SQL Client and Editor roles.

  1. While my queries are unsuccessful, after each attempt I note in the Logs Viewer: 7183 [Note] Access denied for user 'www-data'@'cloudsqlproxy~xxx.xxx.xx.xx' (using password: YES) (IP address redacted). This is somewhat confusing as 'www-data' isn't a user I specified in my code.

  2. The code used to connect:

app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql+pymysql://' + ':' + db_user + '@/' + db_name + '?unix_socket=/cloudsql/' + connection_name

Where have I gone wrong and how might I fix it?

Upvotes: 2

Views: 1524

Answers (2)

Yaakov Bressler
Yaakov Bressler

Reputation: 12148

Mostly likely, you're building and testing your app locally where you're supplying your credentials with a username that has access to Cloud SQL. Upon build, unless you otherwise specify, a default username will be assigned to the app engine instance.

To fix this:

  1. Head over to IAM & admin
  2. Search for the app engine account --> ending with gae-api-prod.google.com.iam.gserviceaccount.com
  3. Edit
  4. Assign permission Cloud SQL Client

Let me know if this solves it for you!

Upvotes: 0

Soni Sol
Soni Sol

Reputation: 2612

This error is a mySQL error when trying to connect to a database with wrong credentials.

Please verify that the values you are using are the right ones.

If you dont rember the database username and password you can change it on the console by following the next steps which are also expalined here

  • Go to CloudSQL console
  • Select your database
  • Go to users
  • next to the user select click on the three dots
  • And select Change password
  • Type the new password and click OK

Upvotes: 3

Related Questions