我正在使用 Spring 云依赖项将本地计算机上的 Springboot 应用程序连接到 GCP Cloud SQL
com.google.cloud:spring-cloud-gcp-starter-sql-postgresql:4.8.2
依赖项尝试调用以下端点并收到未经授权的 401。
https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/connect/generateEphemeralCert
我使用具有 Cloud SQL 管理员、Cloud SQL 客户端、Cloud SQL 编辑器、Cloud SQL 实例用户角色的服务帐户进行呼叫。下载 json 密钥文件并将其放在我的资源文件夹下。配置的application.properties如下。
datasource:
driver-class-name: org.postgresql.Driver
username: username
password: password
cloud:
gcp:
sql:
database-name: database-name
instance-connection-name: instance-connection-name
credentials:
location: file:credential.json
scopes: DEFAULT_SCOPES,https://www.googleapis.com/auth/sqlservice.admin,https://www.googleapis.com/auth/cloud-platform
当我启动 Springboot 应用程序时,它会说
java.lang.RuntimeException: Failed to create ephemeral certificate for the Cloud SQL instance.
at com.google.cloud.sql.core.SqlAdminApiFetcher.addExceptionContext(SqlAdminApiFetcher.java:380)
at com.google.cloud.sql.core.SqlAdminApiFetcher.fetchEphemeralCertificate(SqlAdminApiFetcher.java:277)
at com.google.cloud.sql.core.SqlAdminApiFetcher.lambda$getInstanceData$1(SqlAdminApiFetcher.java:117)
at com.google.common.util.concurrent.CombinedFuture$CallableInterruptibleTask.runInterruptibly(CombinedFuture.java:196)
at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:74)
... 6 common frames omitted
Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 401 Unauthorized
POST https://sqladmin.googleapis.com/sql/v1beta4/projects/my-project-id/instances/my-sql-instance:generateEphemeralCert
at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:146)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:118)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:37)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest$3.interceptResponse(AbstractGoogleClientRequest.java:466)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1111)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:552)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:493)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:603)
at com.google.cloud.sql.core.SqlAdminApiFetcher.fetchEphemeralCertificate(SqlAdminApiFetcher.java:275)
... 9 common frames omitted
我还尝试添加依赖项
com.google.cloud:spring-cloud-gcp-starter:4.8.2
并在spring.cloud.gcp下配置凭据和项目id,但它根本没有帮助。我是 GCP 的新手。我也尝试打开防火墙规则,也没有帮助。
我怀疑使用密钥文件进行身份验证时依赖项 com.google.cloud:spring-cloud-gcp-starter-sql-postgresql:4.8.2 有问题,或者另一种解释是依赖项无法读取我的密钥文件,但不会抛出任何无法读取密钥的消息。
我尝试了另一种方法,使用 ADC 的 gcloud cli,该方法有效。