I am connecting a Springboot application on my local computer to GCP Cloud SQL, using Spring cloud dependency com.google.cloud:spring-cloud-gcp-starter-sql-postgresql:4.8.2
The dependency is trying to call below endpoint and got 401 unauthorized.
https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/connect/generateEphemeralCert
I am calling with a service account with roles Cloud SQL Admin, Cloud SQL Client, Cloud SQL Editor, Cloud SQL Instance User. Downloaded the json key file and put it under my resource folder. Configured application.properties as below.
datasource:
driver-class-name: org.postgresql.Driver
username: username
password: password
cloud:
gcp:
sql:
database-name: database-name
instance-connection-name: instance-connection-name
credentials:
location: file:credential.json
scopes: DEFAULT_SCOPES,https://www.googleapis.com/auth/sqlservice.admin,https://www.googleapis.com/auth/cloud-platform
When I startup my Springboot application, it is saying
java.lang.RuntimeException: Failed to create ephemeral certificate for the Cloud SQL instance.
at com.google.cloud.sql.core.SqlAdminApiFetcher.addExceptionContext(SqlAdminApiFetcher.java:380)
at com.google.cloud.sql.core.SqlAdminApiFetcher.fetchEphemeralCertificate(SqlAdminApiFetcher.java:277)
at com.google.cloud.sql.core.SqlAdminApiFetcher.lambda$getInstanceData$1(SqlAdminApiFetcher.java:117)
at com.google.common.util.concurrent.CombinedFuture$CallableInterruptibleTask.runInterruptibly(CombinedFuture.java:196)
at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:74)
... 6 common frames omitted
Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 401 Unauthorized
POST https://sqladmin.googleapis.com/sql/v1beta4/projects/my-project-id/instances/my-sql-instance:generateEphemeralCert
at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:146)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:118)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:37)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest$3.interceptResponse(AbstractGoogleClientRequest.java:466)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1111)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:552)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:493)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:603)
at com.google.cloud.sql.core.SqlAdminApiFetcher.fetchEphemeralCertificate(SqlAdminApiFetcher.java:275)
... 9 common frames omitted
I also tried to add the dependency com.google.cloud:spring-cloud-gcp-starter:4.8.2 and configure credentials and project-id under spring.cloud.gcp, but it does not help at all. I am new to GCP. I also tried to open up firewall rule, also does not help.
I suspect either there is something wrong for the dependency com.google.cloud:spring-cloud-gcp-starter-sql-postgresql:4.8.2 when using the key file to do authentication, or another explanation is the dependency cannot read my key file but not throwing out any message that it cannot read the key.
I tried another approach by using gcloud cli for ADC, which is working.