293c1d6889
This PR introduces a significant update to the Toolbox configuration file format, which is one of the primary **breaking changes** required for the implementation of the Advanced Control Plane. # Summary of Changes The configuration schema has been updated to enforce resource isolation and facilitate atomic, incremental updates. * Resource Isolation: Resource definitions are now separated into individual blocks, using a distinct structure for each resource type (Source, Tool, Toolset, etc.). This improves readability, management, and auditing of configuration files. * Field Name Modification: Internal field names have been modified to align with declarative methodologies. Specifically, the configuration now separates kind (general resource type, e.g., Source) from type (specific implementation, e.g., Postgres). # User Impact Existing tools.yaml configuration files are now in an outdated format. Users must eventually update their files to the new YAML format. # Mitigation & Compatibility Backward compatibility is maintained during this transition to ensure no immediate user action is required for existing files. * Immediate Backward Compatibility: The source code includes a pre-processing layer that automatically detects outdated configuration files (v1 format) and converts them to the new v2 format under the hood. * [COMING SOON] Migration Support: The new toolbox migrate subcommand will be introduced to allow users to automatically convert their old configuration files to the latest format. # Example Example for config file v2: ``` kind: sources name: my-pg-instance type: cloud-sql-postgres project: my-project region: my-region instance: my-instance database: my_db user: my_user password: my_pass --- kind: authServices name: my-google-auth type: google clientId: testing-id --- kind: tools name: example_tool type: postgres-sql source: my-pg-instance description: some description statement: SELECT * FROM SQL_STATEMENT; parameters: - name: country type: string description: some description --- kind: tools name: example_tool_2 type: postgres-sql source: my-pg-instance description: returning the number one statement: SELECT 1; --- kind: toolsets name: example_toolset tools: - example_tool ``` --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: Averi Kitsch <akitsch@google.com>
8.7 KiB
title, linkTitle, type, weight, description
| title | linkTitle | type | weight | description |
|---|---|---|---|---|
| Cloud SQL for PostgreSQL | Cloud SQL (Postgres) | docs | 1 | Cloud SQL for PostgreSQL is a fully-managed database service for Postgres. |
About
Cloud SQL for PostgreSQL is a fully-managed database service that helps you set up, maintain, manage, and administer your PostgreSQL relational databases on Google Cloud Platform.
If you are new to Cloud SQL for PostgreSQL, you can try creating and connecting to a database by following these instructions.
Available Tools
-
postgres-sqlExecute SQL queries as prepared statements in PostgreSQL. -
postgres-execute-sqlRun parameterized SQL statements in PostgreSQL. -
postgres-list-tablesList tables in a PostgreSQL database. -
postgres-list-active-queriesList active queries in a PostgreSQL database. -
postgres-list-available-extensionsList available extensions for installation in a PostgreSQL database. -
postgres-list-installed-extensionsList installed extensions in a PostgreSQL database. -
postgres-list-viewsList views in a PostgreSQL database. -
postgres-list-schemasList schemas in a PostgreSQL database. -
postgres-database-overviewFetches the current state of the PostgreSQL server. -
postgres-list-triggersList triggers in a PostgreSQL database. -
postgres-list-indexesList available user indexes in a PostgreSQL database. -
postgres-list-sequencesList sequences in a PostgreSQL database. -
postgres-long-running-transactionsList long running transactions in a PostgreSQL database. -
postgres-list-locksList lock stats in a PostgreSQL database. -
postgres-replication-statsList replication stats in a PostgreSQL database. -
postgres-list-query-statsList query statistics in a PostgreSQL database. -
postgres-get-column-cardinalityList cardinality of columns in a table in a PostgreSQL database. -
postgres-list-table-statsList statistics of a table in a PostgreSQL database. -
postgres-list-publication-tablesList publication tables in a PostgreSQL database. -
postgres-list-tablespacesList tablespaces in a PostgreSQL database. -
postgres-list-pg-settingsList configuration parameters for the PostgreSQL server. -
postgres-list-database-statsLists the key performance and activity statistics for each database in the postgreSQL instance. -
postgres-list-rolesLists all the user-created roles in PostgreSQL database. -
postgres-list-stored-procedureLists all the stored procedure in PostgreSQL database.
Pre-built Configurations
- Cloud SQL for Postgres using MCP Connect your IDE to Cloud SQL for Postgres using Toolbox.
Requirements
IAM Permissions
By default, this source uses the Cloud SQL Go Connector to authorize and establish mTLS connections to your Cloud SQL instance. The Go connector uses your Application Default Credentials (ADC) to authorize your connection to Cloud SQL.
In addition to setting the ADC for your server, you need to ensure the IAM identity has been given the following IAM roles (or corresponding permissions):
roles/cloudsql.client
{{< notice tip >}} If you are connecting from Compute Engine, make sure your VM also has the proper scope to connect using the Cloud SQL Admin API. {{< /notice >}}
Networking
Cloud SQL supports connecting over both from external networks via the internet (public IP), and internal networks (private IP). For more information on choosing between the two options, see the Cloud SQL page Connection overview.
You can configure the ipType parameter in your source configuration to
public or private to match your cluster's configuration. Regardless of which
you choose, all connections use IAM-based authorization and are encrypted with
mTLS.
Authentication
This source supports both password-based authentication and IAM authentication (using your Application Default Credentials).
Standard Authentication
To connect using user/password, create
a PostgreSQL user and input your credentials in the user and
password fields.
user: ${USER_NAME}
password: ${PASSWORD}
IAM Authentication
To connect using IAM authentication:
-
Prepare your database instance and user following this guide.
-
You could choose one of the two ways to log in:
- Specify your IAM email as the
user. - Leave your
userfield blank. Toolbox will fetch the ADC automatically and log in using the email associated with it.
- Specify your IAM email as the
-
Leave the
passwordfield blank.
Example
kind: sources
name: my-cloud-sql-pg-source
type: cloud-sql-postgres
project: my-project-id
region: us-central1
instance: my-instance
database: my_db
user: ${USER_NAME}
password: ${PASSWORD}
# ipType: "private"
{{< notice tip >}} Use environment variable replacement with the format ${ENV_NAME} instead of hardcoding your secrets into the configuration file. {{< /notice >}}
Reference
| field | type | required | description |
|---|---|---|---|
| type | string | true | Must be "cloud-sql-postgres". |
| project | string | true | Id of the GCP project that the cluster was created in (e.g. "my-project-id"). |
| region | string | true | Name of the GCP region that the cluster was created in (e.g. "us-central1"). |
| instance | string | true | Name of the Cloud SQL instance within the cluster (e.g. "my-instance"). |
| database | string | true | Name of the Postgres database to connect to (e.g. "my_db"). |
| user | string | false | Name of the Postgres user to connect as (e.g. "my-pg-user"). Defaults to IAM auth using ADC email if unspecified. |
| password | string | false | Password of the Postgres user (e.g. "my-password"). Defaults to attempting IAM authentication if unspecified. |
| ipType | string | false | IP Type of the Cloud SQL instance; must be one of public, private, or psc. Default: public. |