using mysql socket failes within google cloud run. 1: is this dsn allowed? / are socket connections are supported by cerbos "${DATABASE_USER}:${DATABASE_PASSWORD}@tcp(localhost:3307)/${DATABASE_NAME}?socket=${DATABASE_SOCKET}" 2: i had to escape the socket-path as %2Fcloudsql%2F<sql-connection-name> instead of /cloudsql/<sql-connection-name> Is this the right escape-method? what should be used here? i also tried $2F and //

Yeah, it's a URL so special characters like

/

have to be percent encoded

instead of the app-engine custom cloud sql port 3307 the default port 3306 is used. i changes that, but still get: cerbos: error: failed to create store: failed to connect to database: dial tcp 127.0.0.1:3306: connect: connection refused

According to https://cloud.google.com/sql/docs/mysql/connect-run#go, the URL to connect with a socket is:

${DATABASE_USER}:${DATABASE_PASSWORD}@unix(${DATABASE_SOCKET})/${DATABASE_NAME}

that worked, ver much thank you

Will add an example of connecting with a Unix socket 🙂

do i have to create the database definition myself? the database is after use still empty and I get the following error while quering the admin api: could not get policy ids

Yes, you have to create the schema yourself. Otherwise Cerbos would have to run with admin privileges, which is not good for security.

maybe a console hint => the schema does not exists => create it manualy, which link to the docs could help here for future setups 🙂 hope noone feels bothered by my suggestions😅

The documentation does say that you have to create the schema manually 🙂 We do have an open task to detect and warn about the schema not being there.

perfect. thank you for your time