I trying to import a database stored in the Cloud Storage using the command:
gcloud sql instances import instance-name gs://connect-to-the-cloud-sql.appspot.com/my-cloud-sql-instance-backup
But, I am getting error:
ERROR: (gcloud.sql.instances.import) HTTPError 403: The client is not authorized to make this request.
I've already logged in using:
gcloud auth login
Make sure the instance-name is correct. I had the same error, it went away as soon as I corrected the instance-name.
gcloud sql users list with the --instance=project:zone:instance-name, and go this same error, when I tried just --instance=instance-name it worked –
Bollix I had this problem, my instance name was correct. Turns out I was in the wrong GCP project. Make sure you switch to the correct [target] project or use the project argument:
gcloud sql instances export my-cloud-sql-instance gs://connect-to-the-cloud-sql.appspot.com/my-cloud-sql-instance-backup --project=<your target project>
In my case it was because the cloud sql instance service account didn't have the correct permissions on the storage bucket I was trying to import from.
Describe the instance you are importing to:
gcloud sql instances describe [INSTANCE_NAME]
Copy the serviceAccountEmailAddress field.
Use gsutil iam to grant the legacyBucketWriter and objectViewer Cloud IAM roles to the service account for the bucket.
Import the database:
gcloud sql import sql [INSTANCE_NAME] gs://[BUCKET_NAME]/[IMPORT_FILE_NAME] \
--database=[DATABASE_NAME]
It might sound too obvious, but your service account really may be missing access rights for importing data. Check that it has correct cloudsql.instances.import policy installed on IAM&Admin page.
I had the correct instance name but had to ensure that the correct project is passed using --project project_id at the end. That fixed this.
New step by step:
gcloud sql instances describe name-instance | grep serviceAccountEmailAddress
# output: serviceAccount:[email protected]
gsutil iam ch serviceAccount:[email protected]:roles/storage.legacyBucketWriter gs://bucket-destino
gsutil iam ch serviceAccount:[email protected]:roles/storage.objectViewer gs://bucket-destino
# -----------en vm linux--gcp------------------------------------------------------------------------------------
gcloud init (id-project-bucket-destino hacer default en vm proyecto de bucket donde se guardara info)
gcloud config set project id-project-bucket-destino
gcloud sql export sql --project=id-project-instance name-instance gs://bucket-destino/sqldump.sql \
--database=name-database \
--offload
# ----------cron job in linux------------------------------------------------------------------------------------
#!/bin/sh
#make directory in Cloud storage
datedirect=$(date '+%d-%m-%Y')
echo $datedirect
touch file5
gsutil cp -r ./file5 gs://bucket-destino/$datedirect/
gcloud config set project id-project-bucket-destino
gcloud sql export sql --project=id-project-instance name-instance gs://bucket-destino/sqldump.sql \
--database=name-database \
--offload
In Cloud Console go to IAM & Admin > IAM, find the service account you're using, and edit its roles to add Cloud SQL Client and Cloud SQL Admin. If you can't find the service account, then use Grant Access to create it, with the aforementioned roles.
@inostia in another answer mentions using gcloud sql instances describe [INSTANCE_NAME] to get the service account from serviceAccountEmailAddress. That might work for you but if you're impersonating, e.g.
gcloud auth application-default login --impersonate-service-account [email protected]
then you want to use the impersonating service account.
© 2022 - 2024 — McMap. All rights reserved.
gcloud sql instances export my-cloud-sql-instance gs://connect-to-the-cloud-sql.appspot.com/my-cloud-sql-instance-backup– Cianca