Cloud SQL IAM authentication on Cloud Functions causing ER_NOT_SUPPORTED_AUTH_MODE

[Michael Slowik]

Not everyone knows but Cloud SQL allows password-less IAM authentication (https://cloud.google.com/sql/docs/mysql/iam-logins). I'm using it a lot on AppEngine and it works great.

I was trying to implement this functionality on Cloud Functions + Node with code like:

axios.get('http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token', {

headers: {

'Metadata-Flavor': 'Google'

}

}).then((respone) => {

return respone.data.access_token;

}).then((token) => {

return mysql.createConnection({

user: process.env.DB_USER,

password: token,

database: process.env.DB_DATABASE,

socketPath: process.env.DB_SOCKET,

});

})

I get:

Error: ER_NOT_SUPPORTED_AUTH_MODE: Client does not support authentication protocol requested by server;

My guess is:

Perhaps cloud functions proxy missing enable_iam_login flag (https://github.com/GoogleCloudPlatform/cloudsql-proxy#-enable_iam_login)?

[darrel...@google.com]

Hi,

Thank you for sharing features that users may not be aware of and I am glad that it works wonderfully on AppEngine. 

I found this feature request[2] that may be relevant to your issue as one of the users also suspects that Cloud Run and Cloud Functions do not have the -enable_iam_login flag. I suggest to comment and follow this thread to raise awareness to your use case. 

[1] https://cloud.google.com/sql/docs/postgres/authentication#options

[2] https://issuetracker.google.com/200745679

[Robert Carl Patterson Jr]

bit.ly/KCAYSJ it's An system in a browser #google #chromebook #systemonachip #QuantumComputing #ibmwatsonhello #googledeepmind bit.ly/2nUpq54 bit.ly/2tXn88t http://bit.ly/2tfGoxB http:// goo.gle/3bm2Ds8

Hide quoted text

On Fri, Oct 8, 2021, 2:28 PM Robert Carl Patterson Jr <intheh...@gmail.com> wrote:

I am the owner.. I made changes yesterday.. What you viewing is user based

On Fri, Oct 8, 2021, 11:39 AM 'Elliott (Google Cloud Platform Support)' via Google Cloud Developers <google-c...@googlegroups.com> wrote:

Hello,

Thank you for reaching out to the community. I understand that you are asking why while the Cloud Functions overview chart shows errors, there are none present in the logs.

I looked in our documentation for common issues and when I did this, I found that you’ve actually posted the question in the Stackoverflow forum, where you are getting help from a member of the community. 

There is progress being made and you did the right thing posting the question in Stackoverflow as Google Groups is meant for general questions about Google products and services and not technical issues.

I would like to encourage you to keep the conversation going in Stackoverflow to see the best way to help you.

On Wednesday, October 6, 2021 at 9:30:10 AM UTC-4 silve...@gmail.com wrote:

--
You received this message because you are subscribed to the Google Groups "Google Cloud Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-d...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Google Cloud Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-d...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-dev/ad7e842d-91b9-4ae3-8f77-45f6e61e3173n%40googlegroups.com.