Giving friendly names to authorised networks via gcloud command

Question

I'm authorising instances access to PostgreSQL via the gcloud command:

gcloud sql instances patch blah-sql-dev --authorized-networks 10.1.1.2/32,10.1.1.3/32,.....

What I'm seeing under Cloud SQL's Authorised Networks is just the IP addresses instead of a friendly name that actually tells me what the IP address is for.

Is there a way to include a friendly name when whitelisting IP addresses using Gcloud?

When I execute the above command, I see the following message:

The following message will be used for the patch API method.
{"project": "my-project", "name": "blah-sql-dev", "settings": {"ipConfiguration": {"authorizedNetworks": [{"value": "10.1.1.2/32"}, {"value": "10.1.1.3/32"}, ......]}}}

So it appears there must be some way to pass in a friendly name via the "value" field, but how is that done via the gcloud command?

mrdotb · Accepted Answer · 2018-08-10T15:56:11.793

I wanted to do the same thing but I didn't find a way to do it with the gcloud command. You can do it with the api. I ended up doing a nodejs script cause it's easier to deal with json. My use case is to keep whitelisting the hq ip which change everyday on our multiple gcloud projects.

const got = require('got')

const token = process.env.ACCESS_TOKEN
const headers = { Authorization: `Bearer ${token}`}


if (!token) {
  console.error(`Missing env $ACCESS_TOKEN value is ${token}`)
  return (1)
}

const projects = [
  {id: 'pandascore-id', instance: 'panda-env'},
  // other projects
]

;(async() => {
  try {
    const url = `https://www.googleapis.com/sql/v1beta4/projects/${projects[0].id}/instances/${projects[0].instance}`

    let response1 = await got('https://ipinfo.io', { json: true})
    const hqIp = response1.body.ip

    let response2 = await got(url + '?fields=settings', {
      headers,
      json: true
    })
    const currentIps = response2.body.settings.ipConfiguration.authorizedNetworks
    //console.log(currentIps)

    if (!currentIps.some(ip => ip.value === hqIp)) {
      // hq ip change
      const newIps = [
        ...currentIps.filter(a => a.value !== 'HQ'),
        {kind: 'sql#aclEntry', value: hqIp, name: 'HQ'}
      ]

      let response3 = await got.patch(url, {
        headers,
        json: true,
        body: {
          settings: {ipConfiguration: {
            authorizedNetworks: newIps
          }}}
      })
      console.log(response3.body)
    } else {
      console.log('hq ip is already whitelisted')
    }
  } catch (err) {
    console.log(err)
  }
})()

using a POST request to their API sounds like a reasonable solution, even more platform independent than the gcloud command. — Jan Vladimir Mostert, Oct 13 '18 at 18:46

score 0 · Answer 2 · answered Oct 12 '18 at 22:27

Do you want to assign a friendly-name to your authorized network(s) for Cloud SQL?

If this is the case, you can assign an optional name for each authorized network using the Cloud Console: go to your Products and Services menu > Cloud SQL > [select your instance] > Connections > Authorized networks.

Using the Update API [1] could be another option, since there is a property called "name" for its parent authorizedNetworks property. Nevertheless, you have to keep in mind that this is specified in the Update API, rather than in the Patch API.

Take a look at the Caution described [1]: This is not a partial update, so you must include values for all the settings that you want to retain. For partial updates, use patch.

Links:

[1] https://cloud.google.com/sql/docs/postgres/admin-api/v1beta4/instances/update#request-body

Manually editing dozens of dynamic IP that change every ±15 minutes is definitely not and option. — Jan Vladimir Mostert, Oct 13 '18 at 18:47
I understand that it would be not possible for you to manually set them. Nevertheless, you may try using the API, so that it could be done by program. — Fabián García, Oct 20 '18 at 02:21

Giving friendly names to authorised networks via gcloud command

2 Answers2