Thank you for your help!
- Check MySQL User Grants:
When I run
SELECT User, Host FROM mysql.user WHERE User = 'root';
I get the default values as I didn’t touch the root user :
User, Host
root, %
root, 127.0.0.1
root, ::1
root, localhost
- Modify the root User to Allow Connections from the Proxy:
ad A)+B) I tried this with a new user as my root user already had % (see 3).
- Create a Dedicated User for Proxy Connections (Recommended)
My new user with allowed host
cloudsqlproxy~%
also faces the same issue.
4.Ensure the Authentication Plugin is Compatible:
-
My mysql tool of choice supports caching_sha2_password as it always works when I allow per IP connection.
-
MySQL 8.4 doesn’t have mysql_native_password anymore so I can’t change the identification plugin
- Update Your Connection Settings
I did, as said above facing the same issue
- Verify the Cloud SQL Auth Proxy Connection:
The newest version of cloudsqlproxy installed via brew doesn’t have the flag -verbose, but --debug-logs instead, which I set.
The logs state Dialing mypublicip:3307 which, as you described, seems to be the actual problem. The proxy should use the cloud sql admin api instead.
- Check Cloud SQL Auth Proxy Connection Method:
-
The CloudSQL Aadmin API is enabled in my project
-
There is a flag in the cloudsqlproxy
--sqladmin-api-endpointwhich points to https://sqladmin.googleapis.com per default - I tried to set it to some invalid url and then manually to the default to check if it is used and it seems it is used.
My logs still show Dialing <mypublicip:3307>. They also show Authorizing with gcloud user credentials → this confirms that this is the used method.
Summary:
The issue is still not resolved by trying what you suggested, but with your answer I at least found out that it seems like the cloudsqlproxy tries to connect via public IP in some step which probably leads to the issue at hand.