My client's controlled environment may be something missing? Application details - GO Lang, Deployed to Cloud Run trying to connect to AlloyDB. Cloud Run configuration
NETWORKING "Send traffic directly to VPC" with network and subnet specified. Traffic routing - "Route only requests to private IPs to the VPC"
SECURITY Service Account has the following permissions specified - Cloud AlloyDB Client, Cloud AlloyDB Database User, Service Account User, Service Usage Consumer
When the GO lang application is being deployed it tries to initiate the connection to AlloyDB and gets the following error message "failed to set up database connection: failed to connect to host=/tmp user=cicd-***@labs-****-****-****.iam database=postgres: dial error (IAM check failed, caller does not have required permissions)"
Trying to connect the AlloyDB using psql client -
user@gce-instance:~$ PGPASSWORD=$(gcloud auth print-access-token) psql -h *.*.*.* -U cicd-***@labs-****-****-****.iam -d postgres psql: error: FATAL: AlloyDB IAM user authentication failed for user "cicd-***@labs-****-****-****.iam" FATAL: pg_hba.conf rejects connection for host "*.*.*.*", user "cicd-***@labs-****-****-****.iam", database "cicd-***@labs-****-****-****.iam", no encryption
I was able to connect AlloyDB in my personal account GCP following the following guides - https://cloud.google.com/alloydb/docs/manage-iam-authn https://cloud.google.com/alloydb/docs/connect-iam
I was able to resolve the issue.
The resolution for this was a change to the GO application code by changing the Dialer as suggested here - https://github.com/GoogleCloudPlatform/alloydb-go-connector?tab=readme-ov-file#automatic-iam-database-authentication