我有一个程序可以在我们的项目中创建一个 CloudSQL 实例。 我的组织最近引入了一项策略,阻止使用公共 IP 创建 CloudSQL 实例 (https://cloud.google.com/sql/docs/mysql/org-policy/org-policy#connection_organization_policies)
Restrict public IP access on Cloud SQL instances
但是,我的代码无论如何都不应该在实例上添加公共 IP,因为设置
Ipv4Enabled
是 false。
这是我创建实例的方法:
scannerInstance := &sqladmin.DatabaseInstance{
DatabaseVersion: targetInstance.DatabaseVersion,
Settings: &sqladmin.Settings{
IpConfiguration: &sqladmin.IpConfiguration{
RequireSsl: true,
Ipv4Enabled: false,
PrivateNetwork: cloudSqlRequest.VpcNetwork,
},
Kind: "sql#settings",
AvailabilityType: "ZONAL",
DatabaseFlags: targetInstance.Settings.DatabaseFlags,
BackupConfiguration: &sqladmin.BackupConfiguration{Enabled: false},
DatabaseReplicationEnabled: false,
DataDiskSizeGb: targetInstance.Settings.DataDiskSizeGb,
Tier: targetInstance.Settings.Tier,
TimeZone: targetInstance.Settings.TimeZone,
},
Name: InstanceName,
InstanceType: "CLOUD_SQL_INSTANCE",
Project: cloudSqlRequest.ProjectId,
Region: targetInstance.Region,
RootPassword: rootPassword,
}
_, err = scannerClient.SqlService.Instances.Insert(cloudSqlRequest.ScannerProjectId, scannerInstance).Context(ctx).Do()
但是,当此代码运行时,我收到此错误:
googleapi: Error 400: Invalid request: Organization Policy check failure: the external IP of this instance violates the constraints/sql.restrictPublicIp enforced at the XXX project
根据文档,
Ipv4Enabled
决定公共IP是否附加到实例。
如何在不触发此策略的情况下创建此实例?
因此,实际的解决方案是
sqladmin.IPConfiguration
有一个额外的字段 ForceSendFields
,您可以在其中传递否则会被删除的字段,因为具有值 false
的字段将被删除。以下作品:
scannerInstance := &sqladmin.DatabaseInstance{
DatabaseVersion: targetInstance.DatabaseVersion,
Settings: &sqladmin.Settings{
IpConfiguration: &sqladmin.IpConfiguration{
RequireSsl: true,
Ipv4Enabled: false,
ForceSendFields: []string{"Ipv4Enabled"}, // relevant part
},
...
...
}