AppEngine Managed VM with Java and Cloud SQL

Question

I want a Java Appengine Managed VM application to connect to a 2nd Gen Cloud SQL Instance. There are discrepancies in the documentation - I can't figure out if this is actually supported by Google or not!

https://cloud.google.com/appengine/docs/managed-vms/java/using-cloud-sql states:

4: In the console, grant your App Engine application access to the Google Cloud SQL instance.

But I see no way of doing this. In the Cloud SQL management console, under properties of an instance, there is:

Authorized applications: None

and seemingly no way to authorize applications?

Then on this page https://cloud.google.com/sql/docs/dev-access it states:

Java App Engine Applications

Using the Cloud SQL Proxy is not supported for Java.

So you seemingly cant use the Cloud SQL proxy. The only way I have got it all working is to open the SQL port to the world, so that the managed VM instances can connect to it on its public IP address, but that is a horrific solution!

Is there an actual supported way of doing this? Anyone from Google able to answer?

Answer 1

April 2016 Update

We have a new Java library for connecting to Cloud SQL instances from Managed VMs and other environments: https://github.com/GoogleCloudPlatform/cloud-sql-mysql-socket-factory

It's still very new so the usual caveats apply, but we haven't found any issues in our testing.

---

Old answer:

I think the best option right now is to use the junixsocket library as explained in this post: https://stackoverflow.com/a/34820600

If you are using the maven-war-plugin to package your application, then adding the following two dependencies should be enough:

<dependency>
  <groupId>com.kohlschutter.junixsocket</groupId>
  <artifactId>junixsocket-mysql</artifactId>
  <version>2.0.4</version>
</dependency>
<dependency>
  <groupId>com.kohlschutter.junixsocket</groupId>
  <artifactId>junixsocket-native-common</artifactId>
  <version>2.0.4</version>
</dependency>

For Play Framework, add the following dependencies:

libraryDependencies += "com.kohlschutter.junixsocket" % "junixsocket-mysql" % "2.0.4"
libraryDependencies += "com.kohlschutter.junixsocket" % "junixsocket-native-common" % "2.0.4"

Configure your Play application.conf as follows:

db.default.url="jdbc:mysql:///mydb?socketFactory=org.newsclub.net.mysql.AFUNIXDatabaseSocketFactory&junixsocket.file=/cloudsql/PROJECT_ID:REGION:INSTANCE_NAME"

We hope to offer something in the future that does not require the use of junixsocket or a similar library.

We'll review/fix the documentation at https://cloud.google.com/appengine/docs/managed-vms/java/using-cloud-sql as it has some issues. Thanks for bringing it to our attention.

Answer 2

I did finally get it running with a managed VM with this xml:

<?xml version="1.0" encoding="utf-8"?>
<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
    <application>thmadmin-ben</application>
    <version>master</version>

    <threadsafe>true</threadsafe>
    <vm>true</vm>
    <precompilation-enabled>false</precompilation-enabled>

    <manual-scaling>
        <instances>1</instances>
    </manual-scaling>

    <beta-settings>
        <setting name="cloud_sql_instances" value="xxx-ben:us-east1:yyy"/>
    </beta-settings>
</appengine-web-app>

But after following the rabit hole I dont think its going to be easy to swap out the TCP database connector with the socket based one in the framework Im using (play framework).

REALLY would love to be able to define "allowed" AppEngine projects in the Cloud SQL instance settings - without this ability Im going to have to run on AWS...