Programmer puzzle solving

    最新消息:Welcome to the puzzle paradise for programmers! Here, a well-designed puzzle awaits you. From code logic puzzles to algorithmic challenges, each level is closely centered on the programmer's expertise and skills. Whether you're a novice programmer or an experienced tech guru, you'll find your own challenges on this site. In the process of solving puzzles, you can not only exercise your thinking skills, but also deepen your understanding and application of programming knowledge. Come to start this puzzle journey full of wisdom and challenges, with many programmers to compete with each other and show your programming wisdom! Translated with DeepL.com (free version)
    你的位置: HOME>matter>MySQL, go-sql-driver with google auth token - Stack Overflow

    MySQL, go-sql-driver with google auth token - Stack Overflow

    matteradmin7PV0评论

    I am looking to connect to a gcp managed db (running on GCP) via a cloud proxy (jump box with local port to connect to managed instance) with go-sql-driver but everything I've tried gcp MySQL instance is rejecting my login. i am able to connect, but when trying to query it returns an error.

    this is the code I'm using (note it works if i have a "normal user/password", tested from gcp and local database):

    package main

import (
    "database/sql"
    "fmt"
    "log"
    "os"

    "github/go-sql-driver/mysql"
    _ "github/go-sql-driver/mysql"
)

func connectTCPSocket() (*sql.DB, error) {
    mustGetenv := func(k string) string {
        v := os.Getenv(k)
        if v == "" {
            log.Fatalf("Fatal Error in connect_tcp.go: %s environment variable not set.", k)
        }
        return v
    }

    c := mysql.Config{
        User:   mustGetenv("DB_USER"),
        Passwd: mustGetenv("DB_PASS"),
        Net:    "tcp",
        Addr:   mustGetenv("INSTANCE_HOST") + ":" + mustGetenv("DB_PORT"),
        DBName: mustGetenv("DB_NAME"),
        ParseTime: true, // demo option
        AllowNativePasswords:    true,
        AllowOldPasswords:       true,
        AllowCleartextPasswords: true,
    }

    dbPool, err := sql.Open("mysql", c.FormatDSN())

    if err != nil {
        return nil, fmt.Errorf("sql.Open: %w", err)
    }

    // ...

    return dbPool, nil
}

func main() {
    fmt.Println("Starting")
    db, err := connectTCPSocket()

    if err != nil {
        log.Fatal(err)
    }
    // fmt.Println(db)

    rows, err2 := db.Query("Select field1 from table")
    if err2 != nil {
        log.Fatal(err2)
    }
}

    when calling it i get Access denied for user ‘user’@‘ipaddress’ (using password: YES)

    the auth token/password is from: gcloud sql generate-login-token command. and i have been able to use this in normal DB Utilities (intellij, dbbeaver, ect).

    any suggestions on what i need to use to get it to work?

    Edit to answer comments:

    1. using "gcloud compute ssh cloudsql-jump" not gcloud shell.
    2. gcloud compute ssh cloudsql-jump --project projectName --zone us-east4-c --internal-ip -- -L 1234:1.0.0.1:3306
    3. gcloud sql generate-login-token - for the auth token
    4. INSTANCE_HOST = localhost
    5. DB_PORT = 1234 (see #1 for jump box port forwarding)
    • from intellij using jdbc:mysql://localhost:1234 works with the auth token from #3.
    1. for code running, i see:
    Starting
2025/03/27 06:42:47 Error 1045 (28000): Access denied for user 'user'@'10.0.0.1' (using password: YES)

    I am looking to connect to a gcp managed db (running on GCP) via a cloud proxy (jump box with local port to connect to managed instance) with go-sql-driver but everything I've tried gcp MySQL instance is rejecting my login. i am able to connect, but when trying to query it returns an error.

    this is the code I'm using (note it works if i have a "normal user/password", tested from gcp and local database):

    package main

import (
    "database/sql"
    "fmt"
    "log"
    "os"

    "github/go-sql-driver/mysql"
    _ "github/go-sql-driver/mysql"
)

func connectTCPSocket() (*sql.DB, error) {
    mustGetenv := func(k string) string {
        v := os.Getenv(k)
        if v == "" {
            log.Fatalf("Fatal Error in connect_tcp.go: %s environment variable not set.", k)
        }
        return v
    }

    c := mysql.Config{
        User:   mustGetenv("DB_USER"),
        Passwd: mustGetenv("DB_PASS"),
        Net:    "tcp",
        Addr:   mustGetenv("INSTANCE_HOST") + ":" + mustGetenv("DB_PORT"),
        DBName: mustGetenv("DB_NAME"),
        ParseTime: true, // demo option
        AllowNativePasswords:    true,
        AllowOldPasswords:       true,
        AllowCleartextPasswords: true,
    }

    dbPool, err := sql.Open("mysql", c.FormatDSN())

    if err != nil {
        return nil, fmt.Errorf("sql.Open: %w", err)
    }

    // ...

    return dbPool, nil
}

func main() {
    fmt.Println("Starting")
    db, err := connectTCPSocket()

    if err != nil {
        log.Fatal(err)
    }
    // fmt.Println(db)

    rows, err2 := db.Query("Select field1 from table")
    if err2 != nil {
        log.Fatal(err2)
    }
}

    when calling it i get Access denied for user ‘user’@‘ipaddress’ (using password: YES)

    the auth token/password is from: gcloud sql generate-login-token command. and i have been able to use this in normal DB Utilities (intellij, dbbeaver, ect).

    any suggestions on what i need to use to get it to work?

    Edit to answer comments:

    1. using "gcloud compute ssh cloudsql-jump" not gcloud shell.
    2. gcloud compute ssh cloudsql-jump --project projectName --zone us-east4-c --internal-ip -- -L 1234:1.0.0.1:3306
    3. gcloud sql generate-login-token - for the auth token
    4. INSTANCE_HOST = localhost
    5. DB_PORT = 1234 (see #1 for jump box port forwarding)
    • from intellij using jdbc:mysql://localhost:1234 works with the auth token from #3.
    1. for code running, i see:
    Starting
2025/03/27 06:42:47 Error 1045 (28000): Access denied for user 'user'@'10.0.0.1' (using password: YES)
    • go
    • google-cloud-sql
    • mysql-connector
    Share Improve this question edited Mar 27 at 11:32 sherring asked Mar 26 at 18:55 sherringsherring 1411 gold badge2 silver badges11 bronze badges 4
    • see https://cloud.google/sql/docs/mysql/iam-logins – Source code Commented Mar 27 at 1:09
    • Your question is unclear and is not a minimal repro. Your Go code can be configured for both direct (to SQL) and proxied connections but, for example. INSTANCE_HOST and DB_PORT will usually (!) be localhost (127.0.0.1) and 3306 when proxied. Please include the commands that you're running and the output they're generating. – DazWilkin Commented Mar 27 at 2:22
    • 1 What does "i forward a port locally to gcp shell to connect" mean? Do you mean Cloud Shell? If you're port-forwarding to the proxy, this is ill-advised. – DazWilkin Commented Mar 27 at 2:25
    • The tutorial may help. – DazWilkin Commented Mar 27 at 2:27
    Add a comment  | 

    1 Answer 1

    Reset to default 0

    Check if you are using MySQL 8.4. By default in Cloud SQL, Mysql 8.4 the caching_sha2_password auth plugin is the default. You may need to configure your go mysql client to use caching_sha2_password also.

    It looks like you already found the article describing several ways to connect to a private-ip Cloud SQL instance. Just in case others find it useful also, here's the link: https://cloud.google/sql/docs/mysql/connect-to-instance-from-outside-vpc

    Articles related to this article

    Post a comment

    comment list (0)

    1. No comments so far