Dataproc尝试通过JDBC连接到Postgres,缺少权限

时间:2019-04-01 07:04:12

标签: postgresql jdbc google-cloud-platform google-cloud-sql google-cloud-dataproc

预先感谢...

  1. 我想使用JDBC API连接/写入到以编程方式使用Cloud SQL运行的Postgres SQL实例。我使用了以下罐子:
    1. PostgreSQL
    2. postgres-socket-factory
    3. postgres-socket-factory-1.0.11-jar-with-dependencies.jar

我正在运行Dataproc,它将尝试使用第1步进行连接,但是出现以下异常:

2019-04-01 11:05:03.998 IST
Something unusual has occurred to cause the driver to fail. Please report this exception.
    at org.postgresql.Driver.connect(Driver.java:277)
    at java.sql.DriverManager.getConnection(DriverManager.java:664)
    at java.sql.DriverManager.getConnection(DriverManager.java:270)
    at rdsConnector$.getConnection(rdsConnector.scala:33) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.apache.spark.deploy.yarn.ApplicationMaster$$anon$4.run(ApplicationMaster.scala:721)
Caused by: java.lang.RuntimeException: Unable to retrieve information about Cloud SQL instance [projectID:us-east1:dB]
    at com.google.cloud.sql.core.SslSocketFactory.obtainInstanceMetadata(SslSocketFactory.java:459)
    at com.google.cloud.sql.core.SslSocketFactory.fetchInstanceSslInfo(SslSocketFactory.java:333)
    at com.google.cloud.sql.core.SslSocketFactory.getInstanceSslInfo(SslSocketFactory.java:313)
    at com.google.cloud.sql.core.SslSocketFactory.createAndConfigureSocket(SslSocketFactory.java:194)
    at com.google.cloud.sql.core.SslSocketFactory.create(SslSocketFactory.java:160)
    at com.google.cloud.sql.postgres.SocketFactory.createSocket(SocketFactory.java:96)
    at org.postgresql.core.PGStream.<init>(PGStream.java:62)
    at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:91)
    at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192)
    at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
    at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195)
    at org.postgresql.Driver.makeConnection(Driver.java:454)
    at org.postgresql.Driver.connect(Driver.java:256)
    ... 11 more
Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden

2019-04-01 11:05:03.000 IST
User class threw exception: org.postgresql.util.PSQLException: Something unusual has occurred to cause the driver to fail. Please report this exception.

我将其理解为权限问题,但是由于我正在使用Dataproc连接到Postgres,因此缺少什么权限?如果我是从本地便携式计算机运行的,则必须将GOOGLE_APPLICATION_CREDENTIALS设置为json文件。但是,如果使用Dataproc,该如何处理?

2 个答案:

答案 0 :(得分:1)

JDBC SocketFactory使用Application Default Credentials策略来访问帐户凭据。

对于Cloud Dataproc,位于 <tr> <td colspan="4" style="height: 3em ">Art Surrounds Us</td> </tr> 处为您提供了一个默认服务帐户。您授予该帐户“ Cloud SQL Client” IAM角色,JDBC SocketFactory将使用它来进行身份验证,因此您将能够连接到您的应用程序。

答案 1 :(得分:1)

只需为未来的访问者留下进一步的注释:

如果您遇到的错误是:

{
  "code" : 403,
  "errors" : [ {
    "domain" : "global",
    "message" : "Insufficient Permission",
    "reason" : "insufficientPermissions"
  } ],
  "message" : "Request had insufficient authentication scopes.",
  "status" : "PERMISSION_DENIED"
}

那么它可能是由 VM 实例的范围(云 API 访问范围)问题引起的。解决此问题的一种方法是在创建 Dataproc 集群时添加 sql-admin 的范围。例如:

gcloud dataproc clusters create <your-cluster-name> \
    --region=<your-region> \
    --zone=<your-zone> \
    --scopes=https://www.googleapis.com/auth/sqlservice.admin \
    ...

另一种方法是在 VM 实例中进行编辑。

详情见CMD error

相关问题
最新问题