Postgres实例没有公共IP,并且正在使用VPC网络。为此,我使用OSX上的cloud sql docker代理和启用了cloud sql admin角色和cloud sql API的服务帐户。
我能够启动代理并请求与实例的连接:
$ Listening on 0.0.0.0:5432 for myproject:northamerica-northeast1:myproject-database-someid
$ Ready for new connections
$ New connection for "myproject:northamerica-northeast1:myproject-database-someid"
该请求最终由于被拒绝而超时:
$ couldn't connect to "myproject:northamerica-northeast1:myproject-database-someid": dial tcp 192.168.0.3:3307: connect: connection refused
但是在Postgres数据库日志中,我可以看到请求已达到并得到授权:
{
...,
authorizationInfo: [
0: {
granted: true
permission: "cloudsql.instances.connect"
resource: "instances/myproject-database-someid"
resourceAttributes: {}
}
]
methodName: "cloudsql.instances.connect"
我尝试在VPC网络上应用防火墙规则(开放端口3307)无济于事。