miniature-computer-95401
12/11/2023, 5:16 PM<http://run.googleapis.com/cloudsql-instances|run.googleapis.com/cloudsql-instances>
template metadata annotation equal to the to the gcp.sql.DatabaseInstance name when constructing the gcp.cloudrun.Service (see example). This exposes the database as a unix socket at /cloudsql/${DATABASE_INSTANCE_NAME}
.
I have already managed to mess with the IAM settings of the underlying gcp.cloudrun.Service by passing the location, project and name of the cloudfunctionv2 object to gcp.cloudrun.IamPolicy, and I suspect that it may be possible to also adjust the template metadata annotation with gcp.cloudrun.get_service.
Does anyone have experience with this?limited-farmer-68874
12/12/2023, 6:54 PMprojects.IAMBinding(
f"cloud-sql-client-binding",
role="roles/cloudsql.client",
members=[
pulumi.Output.concat("serviceAccount:", sa.service_accounts[user].email)
for user in sql_users
],
project=project_id,
opts=pulumi.ResourceOptions(depends_on=sql_user_resources),
)
projects.IAMBinding(
f"cloud-sql-user-binding",
role="roles/cloudsql.instanceUser",
members=[
pulumi.Output.concat("serviceAccount:", sa.service_accounts[user].email)
for user in sql_users
],
project=project_id,
opts=pulumi.ResourceOptions(depends_on=sql_user_resources),
)
Then in your service/function code, you just make use of Google's Cloud SQL Connector library
e.g.
import os
from google.cloud.sql.connector import Connector
def create_connection():
with Connector() as connector:
return connector.connect(
os.getenv("CLOUD_SQL_CONNECTION_NAME"),
"pg8000",
db="my-db",
user=os.getenv("CLOUD_SQL_USER"),
enable_iam_auth=True,
)
miniature-computer-95401
12/12/2023, 9:36 PMlimited-farmer-68874
12/12/2023, 9:37 PMbillions-piano-69192
06/09/2024, 4:34 PMlimited-farmer-68874
06/09/2024, 6:01 PMbillions-piano-69192
06/09/2024, 8:00 PM