问题描述

我有两个GCP项目(其中一个是firebase项目)，我正在尝试从另一个项目的firebase云功能访问一个项目上的云SQL实例.

I have two GCP projects(one of them is a firebase project), and I am trying access a cloud SQL instance on one project from the other project's firebase cloud functions.

我已按照此处的说明进行操作: https://cloud.google.com/sql/docs/mysql/connect-功能

I have followed the instructions here:https://cloud.google.com/sql/docs/mysql/connect-functions

在此说明中，

我不确定我是否正确地执行了这一部分.我要做的是从我的云功能项目中复制服务帐户电子邮件地址，如下所示:"service-YOUR_PROJECT_NUMBER@gcf-admin-robot.iam.gserviceaccount.com"，然后将其复制到我的其他GCP项目的IAM页面中，它是CloudSQL客户端角色.

and I am not entirely sure if I'm doing this part correct. What I did was to copy the service account email address from my cloud function project that looks like this: "service-YOUR_PROJECT_NUMBER@gcf-admin-robot.iam.gserviceaccount.com" and copied that into my other GCP project's IAM page and gave it a CloudSQL Client role.

这是我用来访问数据库的代码:

This is the code that I am using to access the database:

import * as functions from "firebase-functions";
import * as mysql from "mysql";

export const sql = functions
  .https.onRequest((request, response) => {
    return new Promise<any>(async (resolve, reject) => {
      const query = "select * from my_table limit 1;";
      const pool: mysql.Pool = mysql.createPool({
        socketPath: functions.config().cloud_sql.socket_path,
        user: functions.config().cloud_sql.user,
        password: functions.config().cloud_sql.password,
        database: functions.config().cloud_sql.database,
        connectionLimit: 5,
        timezone: "+0900"
      });

      pool.query(query, [], (err: mysql.MysqlError | null, results: any) => {
        if (err) {
          console.log(err);
          reject(err);
        } else {
          resolve(results);
        }
      });
    });
  });

访问此功能时，在控制台中出现此错误:

When I access this function, I get this error in the console:

我可能会缺少什么?任何帮助是极大的赞赏.

What could I be missing? Any help is greatly appreciated.

推荐答案

我在发布此问题后不久就解决了这个问题.

I just solved it shortly after I post this question lol.

我给错误的服务帐户提供了IAM角色.而不是将Cloud SQL Client角色添加到"service-YOUR_PROJECT_NUMBER@gcf-admin-robot.iam.gserviceaccount.com"，官方文档中所述的帐户( https://cloud.google.com/sql/docs/mysql/connect-functions )，则需要将Cloud SQL Client角色添加到App Engine默认服务帐户，该帐户的结尾应为< YOUR_PROJECT_ID> @ appspot.gserviceaccount.com"

I was giving wrong service account the IAM role. Instead of adding Cloud SQL Client role to "service-YOUR_PROJECT_NUMBER@gcf-admin-robot.iam.gserviceaccount.com" account like it says in the official documentation(https://cloud.google.com/sql/docs/mysql/connect-functions), you need to add Cloud SQL Client role to App Engine default service account, which ends with something like this "<YOUR_PROJECT_ID>@appspot.gserviceaccount.com"

这篇关于无法从其他项目中的Firebase云功能访问云SQL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！