Cloud sql connection support

[etabacchi]

Hi, we have a cloud sql instance with some iam users that can access to our postgres dbs, in order to access it right now we start a cloud sql proxy on a bastion-vm with the iam token of the user, we do it on the moment because the token changes based on the user and we cant have multiple proxies always running for each one.

For clarity the command we run right now to connect looks something like this gcloud compute ssh $BASTION_VM --project=$PROJECT_ID --zone=$ZONE --tunnel-through-iap --ssh-flag="-L $LOCAL_PORT:$SOCKET_FOLDER/.s.PGSQL.5432" -- /cloud_sql_proxy --private-ip --auto-iam-authn --token.

I'm aware that the documentation says that the connection to cloud sql is not possible yet but are there plans for adding support for it in future releases? Could that cover also cases like ours? I think it could be very handy

[jpassing]

I agree that the lack of Cloud SQL support isn't ideal. But the limiting factor here isn't IAP Desktop, but IAP itself: It's currently not possible to establish IAP-TCP tunnels to Cloud SQL instances -- you always need a VM in between. Until that changes, I'm not sure if there's much we can do in IAP Desktop to improve the user experience for Cloud SQL.

[etabacchi]

A solution could be that when connecting to a vm IAP Desktop could give us the option to launch a post-command on it, in the case of my example it would be /cloud_sql_proxy --private-ip --auto-iam-authn --token but of course that could be configurable (maybe from the IAPC file?).

In this way we could spin up the proxy automatically and it should solve our problem, what do you think?