The Cloud SQL Python Connector is a library that can be used alongside a database driver to allow users with sufficient permissions to connect to a Cloud SQL database without having to manually allowlist IPs or manage SSL certificates.
Project description
Cloud SQL Connector for Python Drivers
Warning: This project is currently in alpha, and releases may contain breaking API changes.
The Cloud SQL Python Connector is a library that can be used alongside a database driver to allow users with sufficient permissions to connect to a Cloud SQL database without having to manually allowlist IPs or manage SSL certificates.
Currently supported drivers are
Supported Python Versions
Currently Python versions >= 3.6 are supported.
Authentication
This library uses the Application Default Credentials to authenticate the connection to the Cloud SQL server. For more details, see the previously mentioned link.
To activate credentials locally, use the following gcloud command:
gcloud auth application-default login
How to install this connector
Install latest release from PyPI
Upgrade to the latest version of pip, then run the following command, replacing driver with one of the driver names listed above.
pip install cloud-sql-python-connector[driver]
For example, to use the Python connector with pymysql, run pip install cloud-sql-python-connector[pymysql]
Install dev version
Clone this repo, cd into the cloud-sql-python-connector directory then run the following command to install the package:
pip install .
Conversely, install straight from Github using pip:
pip install git+https://github.com/GoogleCloudPlatform/cloud-sql-python-connector
How to use this connector
To use the connector: import the connector by including the following statement at the top of your Python file:
from google.cloud.sql.connector import connector
Use the connector to create a connection object by calling the connect method. Input your connection string as the first positional argument and the name of the database driver for the second positional argument. Insert the rest of your connection keyword arguments like user, password and database. You can also set the optional timeout or ip_type keyword arguments.
conn = connector.connect(
"project:region:instance",
"pymysql",
user="root",
password="shhh",
db="your-db-name"
... insert other kwargs ...
)
The returned DB-API 2.0 compliant connection object can then be used to query and modify the database:
# Execute a query
cursor = conn.cursor()
cursor.execute("SELECT * from my_table")
# Fetch the results
result = cursor.fetchall()
# Do something with the results
for row in result:
print(row)
To use this connector with SQLAlchemy, use the creator argument for sqlalchemy.create_engine:
def getconn() -> pymysql.connections.Connection:
conn: pymysql.connections.Connection = connector.connect(
"project:region:instance",
"pymysql",
user="root",
password="shhh",
db="your-db-name"
)
return conn
engine = sqlalchemy.create_engine(
"mysql+pymysql://",
creator=getconn,
)
Note for SQL Server users: If your SQL Server instance requires SSL, you need to download the CA certificate for your instance and include cafile={path to downloaded certificate} and validate_host=False. This is a workaround for a known issue.
Specifying Public or Private IP
The Cloud SQL Connector for Python can be used to connect to Cloud SQL instances using both public and private IP addresses. To specify which IP address to use to connect, set the ip_type keyword argument Possible values are IPTypes.PUBLIC and IPTypes.PRIVATE.
Example:
connector.connect(
"project:region:instance",
"pymysql",
ip_types=IPTypes.PRIVATE # Prefer private IP
... insert other kwargs ...
)
Note: If specifying Private IP, your application must already be in the same VPC network as your Cloud SQL Instance.
IAM Authentication
Connections using IAM database authentication are supported when using the Postgres driver.
This feature is unsupported for other drivers.
First, make sure to configure your Cloud SQL Instance to allow IAM authentication and add an IAM database user.
Now, you can connect using user or service account credentials instead of a password.
In the call to connect, set the enable_iam_auth keyword argument to true and user to the email address associated with your IAM user.
Example:
connector.connect(
"project:region:instance",
"pg8000",
user="postgres-iam-user@gmail.com",
db="my_database",
enable_iam_auth=True,
)
SQL Server Active Directory Authentication
Active Directory authentication for SQL Server instances is currently only supported on Windows. First, make sure to follow these steps to set up a Managed AD domain and join your Cloud SQL instance to the domain. See here for more info on Cloud SQL Active Directory integration.
Once you have followed the steps linked above, you can run the following code to return a connection object:
connector.connect(
"project:region:instance",
"pytds",
db="my_database",
active_directory_auth=True,
server_name="public.[instance].[location].[project].cloudsql.[domain]",
)
Or, if using Private IP:
connector.connect(
"project:region:instance",
"pytds",
db="my_database",
active_directory_auth=True,
server_name="private.[instance].[location].[project].cloudsql.[domain]",
ip_types=IPTypes.PRIVATE
)
Setup for development
Tests can be run with nox. Change directory into the cloud-sql-python-connector and just run nox to run the tests.
- Create a MySQL instance on Google Cloud SQL. Make sure to note your root password when creating the MySQL instance.
- When the MySQL instance has finished creating, go to the overview page and set the instance’s connection string to the environment variable MYSQL_CONNECTION_NAME using the following command:
export MYSQL_CONNECTION_NAME=your:connection:string
- Enable SSL for your Cloud SQL instance by following these instructions.
- Create a service account with Cloud SQL Admin and Cloud SQL Client roles, then download the key and save it in a safe location. Set the path to the json file to the environment variable GOOGLE_APPLICATION_CREDENTIALS using the following command:
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/auth/./json
- Enable the SQL Admin API.
- Clone the repository.
- Create a virtual environment and change directory into the
cloud-sql-python-connectorfolder. - Install the package by running the following command:
pip install .
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for cloud-sql-python-connector-0.3.0.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | e06250dc2d23a15c3bb964db4106e9fc23f3f52c72db8dcfd4dab60849053e7e |
|
| MD5 | ff4648fd66ef35537939a143098c1515 |
|
| BLAKE2b-256 | f3009782f21183c5b92683ae14bcd7a13dbcabe7c59ef87fc246aafd23f47618 |
Hashes for cloud_sql_python_connector-0.3.0-py2.py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8610bd98bc833f81c851fca1b82af1751a8731103c8a1c062387d412b59a50ad |
|
| MD5 | 2d658378e3f276df60cc4062191e7552 |
|
| BLAKE2b-256 | 75f65e0893120dd45c8445531ffbd511552423c6b2d21c522cd4d195324506dd |
