-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add service account e-mail to google_sql_database_instance returned attributes #632
Comments
Hi there, I have encountered the same issue, and my question is where does the account like And I already created a service account as But when I import csv from GCS to Cloud SQL(mysql) I still can't import successfully unless I add such as Is there any update about this issue? |
Bumping this question >> I have the same issue as @patrykmikula . For our pipeline to work, I need to grant Object Viewer permissions on GCS bucket to the service account generated by GCP for my CloudSQL instance. It appears that terraform does not the service account generated for the
|
To add some clarity here, the specific need would be to add the @rtindru As a temporary workaround you could add a small gcloud script to fetch the service account into your Terraform and then grant the required role for that account. |
I encountered the same issue as @patrykmikula... it's been 10 months since it was first reported is it likely to be fixed? importing the service account isn't ideal as I really hate manual steps when creating new environments... |
w/a is to use "null_resource" and "local_file", though this requires gcloud to be installed along with terraform. In below code gcloud uses another service account for auth, but you can use other methods.
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
Currently there is no option to reach google_sql_database_instance service account e-mail address.
Service account e-mail address is required to grant write permission to GCP storage bucket in order to export SQL data from instance there (SQL dump/CSV).
'google_storage_bucket_acl' role_entity supports SQL instance service account email:
role_entity = [
"WRITER:user-XXXXXXYYYYYZZZZZ@speckle-umbrella-11.iam.gserviceaccount.com",
]
but SQL instance e-mail string is unreachable for terraform.
As a consequence export command
gcloud sql instances export DB_NAME gs://BUCKET/DIR/FILE.sql
causesExporting Cloud SQL instance... ..failed. ERROR: (gcloud.sql.instances.export) ERROR_RDBMS
and
Access denied for account XXXXXXYYYYYZZZZZ@speckle-umbrella-11.iam.gserviceaccount.com (permission issue?)
visible in SQL instance logs as there is no way to automatically grant RW permission to bucket for each new SQL instance.The text was updated successfully, but these errors were encountered: