The Cloud SQL Connectors are libraries that provide encryption and Identity and Access Management (IAM)-based authorization when connecting to a Cloud SQL instance. They can't provide a network path to a Cloud SQL instance if one is not already present.
Other ways to connect to a Cloud SQL instance include using a database client or the Cloud SQL Auth Proxy. See the About connection options page for more information about connecting to a Cloud SQL instance.
This page discusses the following Cloud SQL Connectors:
Using a Cloud SQL connector provides the following benefits:
For more information about creating instances, see Create instances.
For more information about configuring the default user, see Set the password for the default user account.
The Cloud SQL Java Connector is a library that provides IAM-based authorization and encryption when connecting to a Cloud SQL instance. It can not provide a network path to a Cloud SQL instance if one is not already present.
InstallFor instructions on building and using the drivers for JDBC and R2DBC with the Cloud SQL Java Connector, see the following links:
For examples of this library being used in the context of an application, check out these sample applications.
AuthenticateThis library uses Application Default Credentials to authenticate the connection to the Cloud SQL server.
To activate credentials locally, use the following gcloud command:
gcloud auth application-default login
Connect with Intellij
In order to connect IntelliJ to your Cloud SQL instance, you will need to add the library as a jar with dependencies in the Additional Files section on the driver settings page. For example, prebuilt fat jars can be found on the Cloud SQL Java Connector Releases page for this purpose.
PythonThe Cloud SQL Python Connector is a library that can be used alongside a database driver to allow users with sufficient permissions to connect to a Cloud SQL database without having to manually allowlist IPs or manage SSL certificates.
For interactive examples of using the Cloud SQL Python Connector, open the Cloud SQL Python Connector notebook.
The drivers that PostgreSQL supports are pg8000 and asyncpg.
InstallTo install the latest release of the Cloud SQL Python Connector, use the pip install command and specify either the pg8000 or asyncpg driver for your database:
pip install "cloud-sql-python-connector[pg8000]"
or
pip install "cloud-sql-python-connector[asyncpg]"
Authenticate
This library uses Application Default Credentials to authenticate the connection to the Cloud SQL server.
To activate credentials locally, use the following gcloud command:
gcloud auth application-default login
Go
The Cloud SQL Go connector is a Cloud SQL connector designed for use with the Go language. For improved security, this connector uses robust, manually authenticated TLS 1.3 encryption between the client connector and the server-side proxy, independent of the database protocol.
InstallYou can install this repo with go get:
go get cloud.google.com/go/cloudsqlconn
Node.js
The Node.js Connector is a library designed for use with the Node.js runtime that allows you to connect securely to your Cloud SQL instance.
InstallYou can install the library with npm install:
npm install @google-cloud/cloud-sql-connector
Use Java
To see this snippet in the context of a web application, view the README on GitHub.
PythonSee How to use this Connector for detailed instructions on using the library. View example connection test code on GitHub.
GoSee Usage for detailed instructions on using the library. View example connection test code on GitHub.
Node.jsFor detailed instructions on using the library, see Usage.
EnforceBy using connector enforcement, you can enforce using only the Cloud SQL Auth Proxy or Cloud SQL Language Connectors to connect to Cloud SQL instances. With connector enforcement, Cloud SQL rejects direct connections to the database.
If you're using a Private Service Connect-enabled instance, then there's a limitation. If the instance has connector enforcement enabled, then you can't create read replicas for the instance. Similarly, if the instance has read replicas, then you can't enable connector enforcement for the instance.
gcloudTo enforce using only the Cloud SQL Auth Proxy or Cloud SQL Language Connectors to connect to an instance, use the gcloud sql instances patch command:
gcloud sql instances patch INSTANCE_NAME \ --connector-enforcement=REQUIRED
Replace INSTANCE_NAME with the name of your Cloud SQL instance.
Before using any of the request data, make the following replacements:
connectorEnforcement parameter to REQUIRED, all connections must use the Cloud SQL Language Connectors, including the Cloud SQL Auth Proxy and the Java, Python, Go, and Node.js connectors.
HTTP method and URL:
PATCH https://sqladmin.googleapis.com/v1/projects/PROJECT_ID/instances/INSTANCE_NAME
Request JSON body:
{
"kind": "sql#instance",
"name": INSTANCE_NAME,
"project": PROJECT_ID,
"settings": {
"connectorEnforcement": "REQUIRED",
"kind": "sql#settings"
}
}
To send your request, expand one of these options:
curl (Linux, macOS, or Cloud Shell) Note: The following command assumes that you have logged in to thegcloud CLI with your user account by running gcloud init or gcloud auth login , or by using Cloud Shell, which automatically logs you into the gcloud CLI . You can check the currently active account by running gcloud auth list.
Save the request body in a file named request.json, and execute the following command:
curl -X PATCH \PowerShell (Windows) Note: The following command assumes that you have logged in to the
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json; charset=utf-8" \
-d @request.json \
"https://sqladmin.googleapis.com/v1/projects/PROJECT_ID/instances/INSTANCE_NAME"
gcloud CLI with your user account by running gcloud init or gcloud auth login . You can check the currently active account by running gcloud auth list.
Save the request body in a file named request.json, and execute the following command:
$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }Invoke-WebRequest `
-Method PATCH `
-Headers $headers `
-ContentType: "application/json; charset=utf-8" `
-InFile request.json `
-Uri "https://sqladmin.googleapis.com/v1/projects/PROJECT_ID/instances/INSTANCE_NAME" | Select-Object -Expand Content
You should receive a JSON response similar to the following:
{
"kind": "sql#operation",
"targetLink": "https://sqladmin.googleapis.com/v1/projects/PROJECT_ID/instances/INSTANCE_NAME",
"status": "PENDING",
"user": "user@example.com",
"insertTime": "2020-01-16T02:32:12.281Z",
"operationType": "UPDATE",
"name": "OPERATION_ID",
"targetId": "INSTANCE_NAME",
"selfLink": "https://sqladmin.googleapis.com/v1/projects/PROJECT_ID/operations/OPERATION_ID",
"targetProject": "PROJECT_ID"
}
Troubleshoot Driver versions
Make sure you are using the latest version of the Cloud SQL Connectors and your database driver to avoid incompatibilities. Some older versions of drivers are not supported.
Connection pathsThe Cloud SQL Connectors provide authorization for connections, but they don't provide new paths to connectivity. For example, in order to connect to a Cloud SQL instance using a Private IP address, your application must already have VPC access.
Debug connection issuesFor additional help with connection issues, see the Troubleshoot and Debug connection issues pages.
What's nextRetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4