[go: up one dir, main page]
Skip to content

Latest commit

 

History

History

sqlalchemy

Folders and files

NameName
Last commit message
Last commit date

parent directory

..

certs

certs

 
 

templates

templates

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

app.flexible.yaml

app.flexible.yaml

 
 

app.py

app.py

 
 

app.standard.yaml

app.standard.yaml

 
 

connect_connector.py

connect_connector.py

 
 

connect_connector_auto_iam_authn.py

connect_connector_auto_iam_authn.py

 
 

connect_tcp.py

connect_tcp.py

 
 

connect_unix.py

connect_unix.py

 
 

connection_test.py

connection_test.py

 
 

deployment.yaml

deployment.yaml

 
 

main.py

main.py

 
 

requirements-test.txt

requirements-test.txt

 
 

requirements.txt

requirements.txt

 
 

service-account.yaml

service-account.yaml

 
 

service.yaml

service.yaml

 
 

README.md

Connecting to Cloud SQL - Postgres

This demo application can be used to connect to Cloud SQL in two different ways:

  1. The Cloud SQL Python Connector (recommended)

  2. The Cloud SQL Auth Proxy

Using the Cloud SQL Python Connector library is recommended over the Cloud SQL Auth Proxy as it provides all the same functionality and features but as a native Python package. See cloud-sql-python-connector package.

Before you begin

  1. If you haven't already, set up a Python Development Environment by following the python setup guide and create a project.

  2. Create a 2nd Gen Cloud SQL Instance by following these instructions. Note the connection string, database user, and database password that you create.

  3. Create a database for your application by following these instructions. Note the database name.

  4. Create a service account with the 'Cloud SQL Client' permissions by following these instructions. Download a JSON key to use to authenticate your connection.

Cloud SQL Python Connector Usage

Run App Locally

To run the demo application locally using the Cloud SQL Python Connector, set environment variables and install dependencies as shown below.

Note: The INSTANCE_CONNECTION_NAME for your instance can be found on the Overview page for your instance in the Google Cloud console or by running the following command:

gcloud sql instances describe <INSTANCE_NAME> --format='value(connectionName)'

Linux / Mac OS

Use these terminal commands to initialize environment variables:

export GOOGLE_APPLICATION_CREDENTIALS='/path/to/service/account/key.json'
export INSTANCE_CONNECTION_NAME='<PROJECT_ID>:<INSTANCE_REGION>:<INSTANCE_NAME>'
export DB_USER='<YOUR_DB_USER_NAME>'
export DB_PASS='<YOUR_DB_PASSWORD>'
export DB_NAME='<YOUR_DB_NAME>'

Note: Saving credentials in environment variables is convenient, but not secure - consider a more secure solution such as Secret Manager to help keep secrets safe.

Windows/PowerShell

Use these PowerShell commands to initialize environment variables:

$env:GOOGLE_APPLICATION_CREDENTIALS="/path/to/service/account/key.json"
$env:INSTANCE_CONNECTION_NAME="<PROJECT_ID>:<INSTANCE_REGION>:<INSTANCE_NAME>"
$env:DB_USER="<YOUR_DB_USER_NAME>"
$env:DB_PASS="<YOUR_DB_PASSWORD>"
$env:DB_NAME="<YOUR_DB_NAME>"

Note: Saving credentials in environment variables is convenient, but not secure - consider a more secure solution such as Secret Manager to help keep secrets safe.

Install Dependencies

Next, install the requirements into a virtual environment:

virtualenv --python python3 env
source env/bin/activate
pip install -r requirements.txt

Test the Application

Finally, start the application:

python app.py

Navigate towards http://127.0.0.1:8080 to verify your application is running correctly.

Deploy to App Engine Standard

To run on GAE-Standard, create an App Engine project by following the setup with these instructions.

Update app.standard.yaml with the correct values to pass the environment variables into the runtime. Your app.standard.yaml file should look like this:

Note: If you want to connect to Cloud SQL over Private IP, add the additional env variable PRIVATE_IP: True below.

runtime: python310
entrypoint: gunicorn -b :$PORT app:app

env_variables:
  INSTANCE_CONNECTION_NAME: <PROJECT_ID>:<INSTANCE_REGION>:<INSTANCE_NAME>
  DB_USER: <YOUR_DB_USER_NAME>
  DB_PASS: <YOUR_DB_PASSWORD>
  DB_NAME: <YOUR_DB_NAME>

Note: Saving credentials in environment variables is convenient, but not secure - consider a more secure solution such as Secret Manager to help keep secrets safe.

Next, the following command will deploy the application to your Google Cloud project:

gcloud app deploy app.standard.yaml

Deploy to App Engine Flexible

To run on GAE-Flexible, create an App Engine project by following the setup for these instructions.

First, update app.flexible.yaml with the correct values to pass the environment variables into the runtime. Your app.flexible.yaml file should look like this:

Note: If you want to connect to Cloud SQL over Private IP, add the additional env variable PRIVATE_IP: True below.

runtime: custom
env: flex
entrypoint: gunicorn -b :$PORT app:app

env_variables:
  INSTANCE_CONNECTION_NAME: <PROJECT_ID>:<INSTANCE_REGION>:<INSTANCE_NAME>
  DB_USER: <YOUR_DB_USER_NAME>
  DB_PASS: <YOUR_DB_PASSWORD>
  DB_NAME: <YOUR_DB_NAME>

Note: Saving credentials in environment variables is convenient, but not secure - consider a more secure solution such as Secret Manager to help keep secrets safe.

Next, the following command will deploy the application to your Google Cloud project:

gcloud app deploy app.flexible.yaml

Deploy to Cloud Run

See the Cloud Run documentation for more details on connecting a Cloud Run service to Cloud SQL.

Note: If you want to connect to Cloud SQL over Private IP, add the additional env variable --set-env-vars PRIVATE_IP=True and flag --vpc-connector <YOUR_VPC_CONNECTOR> below.

gcloud run deploy cloud-sql-demo \
  --allow-unauthenticated \
  --set-env-vars INSTANCE_CONNECTION_NAME='<PROJECT_ID>:<INSTANCE_REGION>:<INSTANCE_NAME>' \
  --set-env-vars DB_USER='<YOUR_DB_USER_NAME>' \
  --set-env-vars DB_PASS='<YOUR_DB_PASSWORD>' \
  --set-env-vars DB_NAME='<YOUR_DB_NAME>'

Navigate your browser to the URL output at the end of the deployment process to view the demo app!

It is recommended to use the Secret Manager integration for Cloud Run instead of using environment variables for the SQL configuration. The service injects the SQL credentials from Secret Manager at runtime via an environment variable.

Create secrets via the command line:

echo -n $INSTANCE_CONNECTION_NAME | \
    gcloud secrets create [INSTANCE_CONNECTION_NAME_SECRET] --data-file=-

Deploy the service to Cloud Run specifying the env var name and secret name:

gcloud run deploy cloud-sql-demo \
  --allow-unauthenticated \
  --update-secrets INSTANCE_CONNECTION_NAME=[INSTANCE_CONNECTION_NAME_SECRET]:latest,\
    DB_USER=[DB_USER_SECRET]:latest, \
    DB_PASS=[DB_PASS_SECRET]:latest, \
    DB_NAME=[DB_NAME_SECRET]:latest

Deploy to Cloud Functions

To deploy the service to Cloud Functions run the following command:

Note: If you want to connect to Cloud SQL over Private IP, add the additional env variable --set-env-vars PRIVATE_IP=True and flag --vpc-connector <YOUR_VPC_CONNECTOR> below.

gcloud functions deploy votes --gen2 --runtime python310 --trigger-http \
  --allow-unauthenticated \
  --entry-point votes \
  --region <INSTANCE_REGION> \
  --set-env-vars INSTANCE_CONNECTION_NAME=<PROJECT_ID>:<INSTANCE_REGION>:<INSTANCE_NAME> \
  --set-env-vars DB_USER=$DB_USER \
  --set-env-vars DB_PASS=$DB_PASS \
  --set-env-vars DB_NAME=$DB_NAME

Take note of the URL output at the end of the deployment process to view your function!

Cloud SQL Auth Proxy Usage

Running locally

To run this application locally, download and install the cloud-sql-proxy by following the instructions here.

Instructions are provided below for using the proxy with a TCP connection or a Unix Domain Socket. On Linux or Mac OS you can use either option, but on Windows the proxy currently requires a TCP connection.

Launch proxy with TCP

To run the sample locally with a TCP connection, set environment variables and launch the proxy as shown below.

Linux / Mac OS

Use these terminal commands to initialize environment variables:

export GOOGLE_APPLICATION_CREDENTIALS='/path/to/service/account/key.json'
export INSTANCE_HOST='127.0.0.1'
export DB_PORT='5432'
export DB_USER='<YOUR_DB_USER_NAME>'
export DB_PASS='<YOUR_DB_PASSWORD>'
export DB_NAME='<YOUR_DB_NAME>'

Note: Saving credentials in environment variables is convenient, but not secure - consider a more secure solution such as Secret Manager to help keep secrets safe.

Then use this command to launch the proxy in the background:

./cloud-sql-proxy <PROJECT_ID>:<INSTANCE_REGION>:<INSTANCE_NAME> &
Windows/PowerShell

Use these PowerShell commands to initialize environment variables:

$env:GOOGLE_APPLICATION_CREDENTIALS="/path/to/service/account/key.json"
$env:INSTANCE_HOST="127.0.0.1"
$env:DB_PORT="5432"
$env:DB_USER="<YOUR_DB_USER_NAME>"
$env:DB_PASS="<YOUR_DB_PASSWORD>"
$env:DB_NAME="<YOUR_DB_NAME>"

Note: Saving credentials in environment variables is convenient, but not secure - consider a more secure solution such as Secret Manager to help keep secrets safe.

Then use this command to launch the proxy in a separate PowerShell session:

Start-Process -filepath "C:\<path to proxy exe>" -ArgumentList "<PROJECT_ID>:<INSTANCE_REGION>:<INSTANCE_NAME>"

Launch proxy with Unix Domain Socket

NOTE: this option is currently only supported on Linux and Mac OS. Windows users should use the Launch proxy with TCP option.

To use a Unix socket, you'll need to create a directory and give write access to the user running the proxy. For example:

sudo mkdir /cloudsql
sudo chown -R $USER /cloudsql

Use these terminal commands to initialize other environment variables as well:

export GOOGLE_APPLICATION_CREDENTIALS='/path/to/service/account/key.json'
export INSTANCE_UNIX_SOCKET='/cloudsql/<PROJECT_ID>:<INSTANCE_REGION>:<INSTANCE_NAME>'
export DB_USER='<YOUR_DB_USER_NAME>'
export DB_PASS='<YOUR_DB_PASSWORD>'
export DB_NAME='<YOUR_DB_NAME>'

Note: Saving credentials in environment variables is convenient, but not secure - consider a more secure solution such as Secret Manager to help keep secrets safe.

Then use this command to launch the proxy in the background:

./cloud-sql-proxy --unix-socket /cloudsql <PROJECT_ID>:<INSTANCE_REGION>:<INSTANCE_NAME> &

Testing the application

Next, setup install the requirements into a virtual environment:

virtualenv --python python3 env
source env/bin/activate
pip install -r requirements.txt

Finally, start the application:

python app.py

Navigate towards http://127.0.0.1:8080 to verify your application is running correctly.

Deploy to App Engine Standard

To run on GAE-Standard, create an App Engine project by following the setup for these instructions.

First, update app.standard.yaml with the correct values to pass the environment variables into the runtime. Your app.standard.yaml file should look like this:

runtime: python37
entrypoint: gunicorn -b :$PORT app:app

env_variables:
  INSTANCE_UNIX_SOCKET: /cloudsql/<PROJECT_ID>:<INSTANCE_REGION>:<INSTANCE_NAME>
  DB_USER: <YOUR_DB_USER_NAME>
  DB_PASS: <YOUR_DB_PASSWORD>
  DB_NAME: <YOUR_DB_NAME>

Note: Saving credentials in environment variables is convenient, but not secure - consider a more secure solution such as Secret Manager to help keep secrets safe.

Next, the following command will deploy the application to your Google Cloud project:

gcloud app deploy app.standard.yaml

Deploy to App Engine Flexible

To run on GAE-Flexible, create an App Engine project by following the setup for these instructions.

First, update app.flexible.yaml with the correct values to pass the environment variables into the runtime. Your app.flexible.yaml file should look like this:

runtime: custom
env: flex
entrypoint: gunicorn -b :$PORT app:app

env_variables:
  INSTANCE_UNIX_SOCKET: /cloudsql/<PROJECT_ID>:<INSTANCE_REGION>:<INSTANCE_NAME>
  DB_USER: <YOUR_DB_USER_NAME>
  DB_PASS: <YOUR_DB_PASSWORD>
  DB_NAME: <YOUR_DB_NAME>

beta_settings:
  cloud_sql_instances: <PROJECT_ID>:<INSTANCE_REGION>:<INSTANCE_NAME>

Note: Saving credentials in environment variables is convenient, but not secure - consider a more secure solution such as Secret Manager to help keep secrets safe.

Next, the following command will deploy the application to your Google Cloud project:

gcloud app deploy app.flexible.yaml

Deploy to Cloud Run

See the Cloud Run documentation for more details on connecting a Cloud Run service to Cloud SQL.

gcloud run deploy cloud-sql-demo \
  --add-cloudsql-instances '<PROJECT_ID>:<INSTANCE_REGION>:<INSTANCE_NAME>' \
  --set-env-vars INSTANCE_UNIX_SOCKET='/cloudsql/<PROJECT_ID>:<INSTANCE_REGION>:<INSTANCE_NAME>' \
  --set-env-vars DB_USER='<YOUR_DB_USER_NAME>' \
  --set-env-vars DB_PASS='<YOUR_DB_PASSWORD>' \
  --set-env-vars DB_NAME='<YOUR_DB_NAME>'

Navigate your browser to the URL output at the end of the deployment process to view the demo app!

It is recommended to use the Secret Manager integration for Cloud Run instead of using environment variables for the SQL configuration. The service injects the SQL credentials from Secret Manager at runtime via an environment variable.

Create secrets via the command line:

echo -n $INSTANCE_UNIX_SOCKET | \
    gcloud secrets create [INSTANCE_UNIX_SOCKET_SECRET] --data-file=-

Deploy the service to Cloud Run specifying the env var name and secret name:

gcloud run deploy cloud-sql-demo \
  --add-cloudsql-instances <PROJECT_ID>:<INSTANCE_REGION>:<INSTANCE_NAME> \
  --update-secrets INSTANCE_UNIX_SOCKET=[INSTANCE_UNIX_SOCKET_SECRET]:latest,\
    DB_USER=[DB_USER_SECRET]:latest, \
    DB_PASS=[DB_PASS_SECRET]:latest, \
    DB_NAME=[DB_NAME_SECRET]:latest

Deploy to Cloud Functions

To deploy the service to Cloud Functions run the following command:

gcloud functions deploy votes --gen2 --runtime python310 --trigger-http \
  --allow-unauthenticated \
  --entry-point votes \
  --region <INSTANCE-REGION> \
  --set-env-vars INSTANCE_UNIX_SOCKET=/cloudsql/<PROJECT_ID>:<INSTANCE_REGION>:<INSTANCE_NAME> \
  --set-env-vars DB_USER=$DB_USER \
  --set-env-vars DB_PASS=$DB_PASS \
  --set-env-vars DB_NAME=$DB_NAME

Take note of the URL output at the end of the deployment process to view your function!