Add a Cloud SQL Instance

Opal lets your developers find and request access to GCP Cloud SQL instances. Use the following steps to add SQL instances to your Opal dashboard.

1. Enable the Cloud SQL Admin API

Opal requires the Cloud SQL Admin API to list and manage Cloud SQL instances.
You must enable this API in both:

The project where the Opal service account lives
Every project that contains Cloud SQL instances you want to manage

To enable the API:

Visit the Cloud SQL Admin API page.
Use the project selector in the top navigation bar to select the correct project.
Click Enable.
Repeat these steps for every project that has Cloud SQL instances you want to surface in Opal.

2. Go to SQL in GCP

Access the SQL browser using this link or find it by navigating to SQL in the search bar.

3. Configure your SQL instance

Select your instance and click Edit.

Under Customize your instance, click Flags.
Click Add Flag.
Select cloudsql.iam_authentication.
Click Done.

Opal only adds resources for SQL instances that you label with opal.

Scroll down to Labels and add the opal label.
Click Done.
Click Save

Access a SQL instance in Opal

If you successfully labeled your SQL instance in GCP, the new SQL resource shows in the Resources tab.

Access to this instance is granted to the GCP user that matches your email address.

Opal adds IAM users to the Cloud SQL instance, so users can log in, but by default accounts do not have any database privileges. Use the Google guide to learn how to grant users database privileges.