go-cloud icon indicating copy to clipboard operation
go-cloud copied to clipboard

Published 20 hours ago verified publisher icon google

postgres/gcppostgres: SIGSEGV Trying to Connect to CloudSQL PostgreSQL Instance from Cloud Run

Open SUSTAPLE117 opened this issue 3 years ago • 4 comments
trafficstars

Describe the bug

Trying to connect to a CloudSQL PostgreSQL Instance in Cloud Run using v0.26.0 causes a SIGSEGV:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0xc93612]

goroutine 47 [running]:
github.com/GoogleCloudPlatform/cloudsql-proxy/proxy/certs.(*RemoteCertSource).Local(0xc000723b60, {0xc0007381e0, 0x2a})
	/go/pkg/mod/github.com/!google!cloud!platform/[email protected]/proxy/certs/certs.go:225 +0x252
github.com/GoogleCloudPlatform/cloudsql-proxy/proxy/proxy.(*Client).refreshCfg(0xc00014b080, {0xc0007381e0, 0x2a})
	/go/pkg/mod/github.com/!google!cloud!platform/[email protected]/proxy/proxy/client.go:205 +0x1bb
github.com/GoogleCloudPlatform/cloudsql-proxy/proxy/proxy.(*Client).startRefresh.func1()
	/go/pkg/mod/github.com/!google!cloud!platform/[email protected]/proxy/proxy/client.go:284 +0xad
created by github.com/GoogleCloudPlatform/cloudsql-proxy/proxy/proxy.(*Client).startRefresh
	/go/pkg/mod/github.com/!google!cloud!platform/[email protected]/proxy/proxy/client.go:282 +0xcc

Switching back to v0.25.0 solves the issue

To Reproduce

Trying to connect to a CloudSQL PostgreSQL Instance from a Cloud Run Instance with v0.26.0:

package main

import (
	"fmt"
	"gocloud.dev/postgres"
	_ "gocloud.dev/postgres/gcppostgres"
	"context"
)

func main(){
	db, err := postgres.Open(context.Background(), "gcppostgres://postgres:postgres@my-project/us-east4/cloudsqlinstance/postgres")
	if err != nil {
		panic(err)
	}

	err = db.Ping()
	if err != nil {
		panic(err)
	}

	fmt.Println("Database successfully pinged.")
}

Expected behavior

Connecting without SIGSEGV

Version

v0.26.0

Additional context

I suspect this is related: https://github.com/google/go-cloud/pull/3122 but I doubled checked and my CloudSQL instance has the cloudsql.iam_authentication turned on.

Before the SIGSEGV the following was logged:

2022/09/14 02:38:19 refreshing ephemeral certificate for instance my-project:us-east4:cloudsqlinstance
2022/09/14 02:38:19 Generated RSA key in 250.263502ms

SUSTAPLE117 avatar Sep 14 '22 03:09 SUSTAPLE117

Problem is https://github.com/google/go-cloud/pull/3122 Enables IAM but doesn't provide the oauth2 tokensource required -> nil pointer

brend-n avatar Sep 14 '22 06:09 brend-n

@brend-n Indeed that seems to be the origin of the issue when looking at cloudsql proxy code.

SUSTAPLE117 avatar Sep 14 '22 14:09 SUSTAPLE117

@aebrahim FYI

vangent avatar Sep 16 '22 19:09 vangent

TBH I'm not sure what the right fix is here, suggestions welcome.

vangent avatar Sep 16 '22 19:09 vangent

This is blocking me from upgrading gocloud.dev past 0.25

simonjpartridge avatar Oct 13 '22 14:10 simonjpartridge

I rolled back the problematic PR.

vangent avatar Oct 13 '22 15:10 vangent

Rolled forward IAM support with a fix, if somebody could give it a try and make sure that it doesn't crash like before that would be awesome.

vangent avatar Oct 17 '22 20:10 vangent

I had the problem with "gocloud.dev/mysql/gcpmysql" and can confirm that it works at a58f35a0630. I don't have a postgres to test.

daveilers avatar Nov 04 '22 21:11 daveilers

Sorry for the late reply but I can confirm this is solved with postgres using https://github.com/google/go-cloud/commit/a58f35a063055b6ff30ee60c8bf8cd867a99de06

SUSTAPLE117 avatar Dec 10 '22 04:12 SUSTAPLE117