update #3
Merged
update #3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Check for file descriptor limit on startup.
* Add user input flag ip_address_type to choose IP address for a given instance * Add PUBLIC as an alias for PRIMARY, change the IP address type to be uppercase and fix some grammar issues * Allow users to input multiple IP address types, and add the field IPAddrTypes in RemoteCertSource struct * Add user input flag ip_address_type to choose IP address for a given instance * remove additional ipAddressType in const due to the previous wrong Git operations * Revert "remove additional ipAddressType in const due to the previous wrong Git operations" This reverts commit b0c37b5. * Remove ip_address_type from const part * Add the default value PRIMARY to IPAddrTypeOpts field in struct RemoteOpts * Extract clientFromCredentials method from common.go to common_open_source.go * removed clientFromCredentials from common.go * Add findIpAddr helper function and improve the code based on comments * Change findIpAddr() to be part of struct RemoteCertSource and fix some format naming issues
…e is signed by the server CA since go 10.11 doesn't accept our non-standard CNs when verifying. (#196) Thankfully, we retrieve the certificates from the Cloud SQL API and that connection is encrypted and verified, so customers are not risking a MITM attack with this.
…198) This changes the oauth token source to first try to retrieve auth tokens using `gcloud config config-helper` first before trying application default credentials. This behavior will only exist when the proxy is invoked as a binary, but not when it is used as a library. The intent here is that its likely reasonable for individuals to run the proxy, but if they are using the proxy as a library, we do still want to encourage them to use a service account, since that is more reliable for production configurations
Fixes #147 where it takes awhile for the cloud sql proxy to notice that a client has disappeared, resulting in "wasted" database connections. Since customers can't control the max connection limit, this was causing some pain.
If an instance has no public IP and a private IP, the proxy client will then attempt to connect to the private IP.
* Add a CONTRIBUTING.md Describes the process of opening an issue, signing the CLA and our target response rate. Borrowed liberally from our exisitng bug update SLO and other Google contributing guides: https://github.com/GoogleCloudPlatform/google-cloud-python/blob/master/CONTRIBUTING.rst https://github.com/GoogleCloudPlatform/google-cloud-common/blob/master/contributing/readme.md https://github.com/GoogleCloudPlatform/google-cloud-go/blob/master/CONTRIBUTING.md
* Setup loggers specifically for stdout and stderr * protect logging to stdout with a CLI flag defaulted to false * add new LogVerboseToNowhere method to discard verbose messages
Two fixes in GcloudConfig for usability Print out the error message from Gcloud when it can't print out its config Fix the error message printed out when reading config for reasons other than figuring out the gcloud project.
…nary. (#217) For example, gcloud's credential files will have either type authorized_user or service_account. JWTConfigFromJSON only supports service accounts, while CredentialsFromJSON supports both service accounts and authorized users. This was tested with a regular gmail account and a service account using the legacy JSON auth files created by gcloud in .config/gcloud/legacy_credentials/*/adc.json
Add a -term_timeout flag, when receiving the TERM singal proxy will wait up to `term_timeout` for existing connections to close.
refresh SSL certs early
When running cloud_sql_proxy in GCE instance that is configured with gcloud, cloud_sql_proxy fails saying: the default Compute Engine service account is not configured with sufficient permissions to access the Cloud SQL API from this VM. Please create a new VM with Cloud SQL access (scope) enabled under "Identity and API access". Alternatively, create a new "service account key" and specify it using the -credential_file parameter This happens because the auth check function doesn't check if gcloud auth is available. Fix: Add additional gcloud check before checking for GCE metadata scopes.
…ble (#226) Remove onGCE() helper from cloud_sql_proxy.go. Use metadata.OnGCE() instead, which has since been optimized to be less slow.
1. `credential_file` flag 2. `token` flag 3. Service account key at path stored in `GOOGLE_APPLICATION_CREDENTIALS` 4. gcloud _user_ credentials (set from `gcloud auth login`) 5. Default Application Credentials via goauth: 1. `GOOGLE_APPLICATION_CREDENTIALS` (again) 2. gcloud _application default_ credentials (set from ` gcloud auth application-default login`) 3. appengine.AccessToken (for App Engine Go < =1.9) 4. GCE/GAE metadata credentials We should probably update the README with this list as well.
… the test VM has a public IP or not. If the instance does not have a public IP, then the private IP will be used when SSHing (#268)
First generation instances are not supported by the proxy, so this causes them to fail slightly faster.
FreeBSD uses int64 for rlimit, the code here currently assumes uint64. This creates a file for FreeBSD builds so that unint64 & int64 are converted back & forth so there is no mismatch.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.