Google Cloud Setup

Overview

Wedissimo API uses Google Cloud services for:

• Cloud SQL - Production WordPress legacy data via MySQL
• Cloud Storage - File storage and backups
• IAM Authentication - Secure database access without passwords

Prerequisites

• Google Cloud account with project access
• Access to wedissimo-wordpress-dedicated project
• Docker Desktop installed and running

Installation

macOS (Homebrew)

brew install --cask google-cloud-sdk

Manual Installation

Download from: https://cloud.google.com/sdk/docs/install

Initial Setup

1. Authenticate with Google Cloud

# Login to Google Cloud
gcloud auth login

# Set the correct project
gcloud config set project wedissimo-wordpress-dedicated

# Verify project
gcloud config get-value project

2. Set Up Application Default Credentials

Required for Cloud SQL proxy IAM authentication:

gcloud auth application-default login

This creates credentials at: ~/.config/gcloud/application_default_credentials.json

3. Enable Required APIs

# Enable Cloud SQL Admin API
gcloud services enable sqladmin.googleapis.com

# Verify API is enabled
gcloud services list --enabled | grep sqladmin

Cloud SQL Configuration

Environment Variables

Add to your .env file:

# MySQL Legacy Database Source
MYSQL_LEGACY_SOURCE=cloud  # or 'local' for Docker MySQL

# Cloud SQL Configuration
MYSQL_CLOUD_INSTANCE_CONNECTION_NAME=wedissimo-wordpress-dedicated:europe-west2:tutorial-sql-instance
MYSQL_CLOUD_HOST=22.22.1.5
MYSQL_CLOUD_INSTANCE_PORT=3307
MYSQL_CLOUD_DATABASE=i8889252_wp_staging
MYSQL_CLOUD_USERNAME=your-iam-username  # Your Google Cloud email prefix

# Application Default Credentials path
GOOGLE_APPLICATION_CREDENTIALS_PATH=${HOME}/.config/gcloud/application_default_credentials.json

IAM Username Format

Your MYSQL_CLOUD_USERNAME should be your Google email prefix:

• Email: john.doe@example.com → Username: john.doe
• Email: jane@gmail.com → Username: jane

Start Cloud SQL Proxy

The proxy runs automatically via Docker Compose:

# Start all services including Cloud SQL proxy
docker compose up -d

# Check proxy status
docker compose ps wedissimo-cloud-sql-proxy

# View proxy logs
docker compose logs wedissimo-cloud-sql-proxy -f

Switching Between Local and Cloud MySQL

Use Local MySQL (Docker)

MYSQL_LEGACY_SOURCE=local

docker compose restart wedissimo-api

Use Cloud SQL

MYSQL_LEGACY_SOURCE=cloud

docker compose restart wedissimo-api

Testing the Connection

Run the WordPress connection test command:

docker-compose exec -T wedissimo-api php artisan wp:test-connection

Expected output:

Testing WordPress Database Connection...

Connection: mysql_legacy
Source: CLOUD (Cloud SQL via IAM)
Host: 22.22.1.5
Port: 3307
Database: i8889252_wp_staging
Username: your-username

Connection successful!
...

Troubleshooting

Error: "MySQL server has gone away"

Cause: Cloud SQL proxy not running or credentials not set up.

Solution:

# Check proxy is running
docker compose ps wedissimo-cloud-sql-proxy

# Check proxy logs for errors
docker compose logs wedissimo-cloud-sql-proxy

# Restart proxy
docker compose restart wedissimo-cloud-sql-proxy

Error: "Cloud SQL Admin API has not been used"

Cause: Wrong project or API not enabled.

Solution:

# Verify you're in the correct project
gcloud config get-value project

# Should output: wedissimo-wordpress-dedicated

# If wrong project, switch:
gcloud config set project wedissimo-wordpress-dedicated

# Re-authenticate
gcloud auth application-default login

# Enable API
gcloud services enable sqladmin.googleapis.com

Error: "unauthorized: incorrect username or password"

Cause: Docker Hub authentication issue (unrelated to gcloud).

Solution:

# Clear Docker credentials
docker logout

# Pull images again
docker compose pull

Error: "Is a directory: application_default_credentials.json"

Cause: Credentials path exists as directory instead of file.

Solution:

# Remove the directory
rm -rf ~/.config/gcloud/application_default_credentials.json

# Re-authenticate
gcloud auth application-default login

Verify Connection Details

# Check what database config is active
docker-compose exec -T wedissimo-api php artisan tinker
>>> config('database.connections.mysql_legacy.host');
>>> config('database.connections.mysql_legacy.port');
>>> config('database.connections.mysql_legacy.database');

List Available Cloud SQL Instances

gcloud sql instances list --project=wedissimo-wordpress-dedicated

Check IAM Permissions

Ensure your Google Cloud account has these roles:

• Cloud SQL Client - Connect to Cloud SQL instances
• Cloud SQL Instance User - IAM database authentication

# Check your permissions
gcloud projects get-iam-policy wedissimo-wordpress-dedicated \
  --flatten="bindings[].members" \
  --filter="bindings.members:user:YOUR_EMAIL@example.com"

Common Commands

# View current project
gcloud config get-value project

# List all projects
gcloud projects list

# Switch project
gcloud config set project PROJECT_ID

# View auth status
gcloud auth list

# Refresh credentials
gcloud auth application-default login

# View Cloud SQL instances
gcloud sql instances list

# Describe specific instance
gcloud sql instances describe tutorial-sql-instance \
  --project=wedissimo-wordpress-dedicated

# Test database connection from proxy
docker compose exec wedissimo-cloud-sql-proxy /cloud-sql-proxy --version

Security Best Practices

1. Never commit credentials - .env file is gitignored
2. Use IAM authentication - No passwords in config for cloud
3. Rotate credentials regularly - Re-run gcloud auth application-default login
4. Limit IAM permissions - Only grant necessary roles
5. Use separate projects - Dev, staging, and production isolation

Additional Resources

• Cloud SQL Proxy Documentation
• IAM Database Authentication
• gcloud CLI Reference
• Application Default Credentials

Next Steps

After setting up gcloud:

1. Configure your .env with correct Cloud SQL details
2. Test connection with php artisan wp:test-connection
3. Run WordPress data migrations (see Migration Guide)
4. Set up Cloud Storage for media files