Agent Tools
Back to MCP servers

com.googleapis.sqladmin/mcp

https://sqladmin.googleapis.com/mcp
● healthy

skills: {'id': 'list_instances', 'name': 'list_instances', 'description': 'List all Cloud SQL instances in the project.', 'tags': [], 'examples': None, 'input_modes': None, 'output_modes': None}, {'id': 'get_instance', 'name': 'get_instance', 'description': 'Get the details of a Cloud SQL instance.', 'tags': [], 'examples': None, 'input_modes': None, 'output_modes': None}, {'id': 'create_instance', 'name': 'create_instance', 'description': 'Initiates the creation of a Cloud SQL instance.\n\n* The tool returns a long-running operation. Use the `get_operation` tool to poll its status\n until the operation completes.\n* The instance creation operation can take several minutes. Use a command line tool to pause\n for 30 seconds before rechecking the status.\n* After you use the `create_instance` tool to create an instance,\n you can use the `create_user` tool to create an\n IAM user account for the user currently logged in to the project.\n* IMPORTANT: Set `ipv4_enabled` to \'false\' if creating a Private Service Connect\n or a Private Service Access instance.\n\n* The value of `data_api_access` is set to `ALLOW_DATA_API` by default. This setting\n lets you execute SQL statements using the `execute_sql` tool and the `executeSql` API.\n\n Unless otherwise specified, a newly created instance uses the default\n instance configuration of a development environment.\n\n The following is the default configuration for an instance in a\n development environment:\n\n```\n{\n "tier": "db-perf-optimized-N-2",\n "data_disk_size_gb": 100,\n "region": "us-central1",\n "database_version": "POSTGRES_18",\n "edition": "ENTERPRISE_PLUS",\n "availability_type": "ZONAL",\n "tags": [{"environment": "dev"}]\n}\n```\n\nThe following configuration is recommended for an instance in a\nproduction environment:\n\n```\n{\n "tier": "db-perf-optimized-N-8",\n "data_disk_size_gb": 250,\n "region": "us-central1",\n "database_version": "POSTGRES_18",\n "edition": "ENTERPRISE_PLUS",\n "availability_type": "REGIONAL",\n "tags": [{"environment": "prod"}]\n}\n```\n\nThe following instance configuration is recommended for SQL Server:\n\n```\n{\n "tier": "db-perf-optimized-N-8",\n "data_disk_size_gb": 250,\n "region": "us-central1",\n "database_version": "SQLSERVER_2022_STANDARD",\n "edition": "ENTERPRISE",\n "availability_type": "REGIONAL",\n "tags": [{"environment": "prod"}]\n}\n```\n', 'tags': [], 'examples': None, 'input_modes': None, 'output_modes': None}, {'id': 'execute_sql', 'name': 'execute_sql', 'description': 'Execute any valid SQL statement, including data definition language (DDL),\ndata control language (DCL), data query language (DQL), or\ndata manipulation language (DML) statements, on a Cloud SQL instance.\n\nTo support the `execute_sql` tool, a Cloud SQL instance must meet\nthe following requirements:\n\n* The value of `data_api_access` must be set to `ALLOW_DATA_API`.\n* For built_in users password_secret_version must be set.\n* Otherwise, for IAM users, for a MySQL instance, the database flag\n `cloudsql_iam_authentication` must be set to `on`.\n For a PostgreSQL instance, the database flag `cloudsql.iam_authentication` must be set\n to `on`.\n* After you use the `create_instance` tool to create an instance,\n you can use the `create_user` tool to create an\n IAM user account for the user currently logged in to the project.\n\n The `execute_sql` tool has the following limitations:\n\n* If a SQL statement returns a response larger than 10 MB,\n then the response will be truncated.\n* The `execute_sql` tool has a default timeout of 30 seconds.\n If a query runs longer than 30 seconds, then the tool returns a\n `DEADLINE_EXCEEDED` error.\n* The `execute_sql` tool isn\'t supported for SQL Server.\n\n If you receive errors similar to "IAM authentication is not enabled for the instance",\n then you can use the `get_instance` tool to check the value of the IAM\n database authentication flag for the instance.\n\n If you receive errors like "The instance doesn\'t allow using executeSql to access this\n instance", then you can use `get_instance` tool to check the `data_api_access` setting.\n\n When you receive authentication errors:\n\n 1. Check if the currently logged-in user account exists as an IAM user on the\n instance using the `list_users` tool.\n 2. If the IAM user account doesn\'t exist, then use the `create_user` tool to\n create the IAM user account for the logged-in user.\n 3. If the currently logged in user doesn\'t have the proper database user roles, then\n you can use `update_user` tool to grant database roles to the user. For example,\n `cloudsqlsuperuser` role can provide an IAM user with many required permissions.\n 4. Check if the currently logged in user has the correct IAM permissions assigned for\n the project. You can use `gcloud projects get-iam-policy [PROJECT_ID]` command to\n check if the user has the proper IAM roles or permissions assigned for the project.\n\n * The user must have `cloudsql.instance.login` permission to do automatic IAM database\n authentication.\n * The user must have `cloudsql.instances.executeSql` permission to execute SQL statements\n using the `execute_sql` tool or `executeSql` API.\n * Common IAM roles that contain the required permissions: Cloud SQL Instance User\n (`roles/cloudsql.instanceUser`) or Cloud SQL Admin (`roles/cloudsql.admin`)\n\nWhen receiving an `ExecuteSqlResponse`, always check the `message` and `status` fields\nwithin the response body. A successful HTTP status code doesn\'t guarantee full success of\nall SQL statements.\nThe `message` and `status` fields will indicate if there were any partial errors or\nwarnings during SQL statement execution.\n', 'tags': [], 'examples': None, 'input_modes': None, 'output_modes': None}, {'id': 'execute_sql_readonly', 'name': 'execute_sql_readonly', 'description': 'Execute any valid read only SQL statement on a Cloud SQL instance.\n\nTo support the `execute_sql_readonly` tool, a Cloud SQL instance must meet\nthe following requirements:\n\n* The value of `data_api_access` must be set to `ALLOW_DATA_API`.\n* For a MySQL instance, the database flag `cloudsql_iam_authentication` must be set to `on`.\n For a PostgreSQL instance, the database flag `cloudsql.iam_authentication` must be set\n to `on`.\n* An IAM user account or IAM service account (`CLOUD_IAM_USER` or `CLOUD_IAM_SERVICE_ACCOUNT`)\n is required to call the `execute_sql_readonly` tool.\n The tool executes the SQL statements using the privileges of the database user\n logged with IAM database authentication.\n\n After you use the `create_instance` tool to create an instance,\n you can use the `create_user` tool to create an\n IAM user account for the user currently logged in to the project.\n\n The `execute_sql_readonly` tool has the following limitations:\n\n* If a SQL statement returns a response larger than 10 MB,\n then the response will be truncated.\n* The tool has a default timeout of 30 seconds.\n If a query runs longer than 30 seconds, then the tool returns a\n `DEADLINE_EXCEEDED` error.\n* The tool isn\'t supported for SQL Server.\n\n If you receive errors similar to "IAM authentication is not enabled for the instance",\n then you can use the `get_instance` tool to check the value of the IAM\n database authentication flag for the instance.\n\n If you receive errors like "The instance doesn\'t allow using executeSql to access this\n instance", then you can use `get_instance` tool to check the `data_api_access` setting.\n\n When you receive authentication errors:\n\n 1. Check if the currently logged-in user account exists as an IAM user on the\n instance using the `list_users` tool.\n 2. If the IAM user account doesn\'t exist, then use the `create_user` tool to\n create the IAM user account for the logged-in user.\n 3. If the currently logged in user doesn\'t have the proper database user roles, then\n you can use `update_user` tool to grant database roles to the user. For example,\n `cloudsqlsuperuser` role can provide an IAM user with many required permissions.\n 4. Check if the currently logged in user has the correct IAM permissions assigned for\n the project. You can use `gcloud projects get-iam-policy [PROJECT_ID]` command to\n check if the user has the proper IAM roles or permissions assigned for the project.\n\n * The user must have `cloudsql.instance.login` permission to do automatic IAM database\n authentication.\n * The user must have `cloudsql.instances.executeSql` permission to execute SQL statements\n using the `execute_sql_readonly` tool or `executeSql` API.\n * Common IAM roles that contain the required permissions: Cloud SQL Instance User\n (`roles/cloudsql.instanceUser`) or Cloud SQL Admin (`roles/cloudsql.admin`)\n\nWhen receiving an `ExecuteSqlResponse`, always check the `message` and `status` fields\nwithin the response body. A successful HTTP status code doesn\'t guarantee full success of\nall SQL statements.\nThe `message` and `status` fields will indicate if there were any partial errors or\nwarnings during SQL statement execution.\n', 'tags': [], 'examples': None, 'input_modes': None, 'output_modes': None}, {'id': 'get_operation', 'name': 'get_operation', 'description': 'Get the status of a long-running operation. A long-running operation can take several\nminutes to complete. If an operation takes an extended amount of time, then use a command\nline tool to pause for 30 seconds before rechecking the status of the operation.\n', 'tags': [], 'examples': None, 'input_modes': None, 'output_modes': None}, {'id': 'create_user', 'name': 'create_user', 'description': 'Create a database user for a Cloud SQL instance.\n\n* This tool returns a long-running operation. Use the `get_operation` tool to poll\n its status until the operation completes.\n* When you use the `create_user` tool, specify the type of user:\n `CLOUD_IAM_USER`, `CLOUD_IAM_SERVICE_ACCOUNT`, or `BUILT_IN`.\n* By default the newly created user is assigned the `cloudsqlsuperuser` role, unless\n you specify other database roles explicitly in the request.\n* You can use a newly created user with the `execute_sql` tool if the user is a\n currently logged in IAM user. The `execute_sql` tool executes the SQL statements\n using the privileges of the database user logged in using IAM database\n authentication.\n\nThe `create_user` tool has the following limitations:\n\n* To create a built-in user with password, use the `password_secret_version` field to provide password using the\n Google Cloud Secret Manager. The value of `password_secret_version` should be the resource name of\n the secret version, like `projects/12345/locations/us-central1/secrets/my-password-secret/versions/1` or\n `projects/12345/locations/us-central1/secrets/my-password-secret/versions/latest`. The caller needs to have\n `secretmanager.secretVersions.access` permission on the secret version.\n* The `create_user` tool doesn\'t support creating a user for SQL Server.\n\nTo create an IAM user in PostgreSQL:\n\n* The database username must be the IAM user\'s email address and all lowercase.\n For example, to create user for PostgreSQL IAM user `[email protected]`,\n you can use the following request:\n\n```\n{\n "name": "[email protected]",\n "type": "CLOUD_IAM_USER",\n "instance":"test-instance",\n "project": "test-project"\n}\n```\n\nThe created database username for the IAM user is `[email protected]`.\n\nTo create an IAM service account in PostgreSQL:\n\n* The database username must be created without the `.gserviceaccount.com` suffix even though\n the full email address for the account is`[email protected]`.\n For example, to create an IAM service account for PostgreSQL you can use the following request\n format:\n\n```\n{\n "name": "[email protected]",\n "type": "CLOUD_IAM_SERVICE_ACCOUNT",\n "instance": "test-instance",\n "project": "test-project"\n}\n```\n\nThe created database username for the IAM service account is `[email protected]`.\n\nTo create an IAM user or IAM service account in MySQL:\n\n* When Cloud SQL for MySQL stores a username, it truncates the @ and the domain name from\n the user or service account\'s email address.\n For example, `[email protected]` becomes `example-user`.\n* For this reason, you can\'t add two IAM users or service accounts\n with the same username but different domain names to the same Cloud SQL instance.\n* For example, to create user for the MySQL IAM user `[email protected]`,\n use the following request:\n\n```\n{\n "name": "[email protected]",\n "type": "CLOUD_IAM_USER",\n "instance": "test-instance",\n "project": "test-project"\n}\n```\n\nThe created database username for the IAM user is `example-user`.\n\n* For example, to create the MySQL IAM service account\n`[email protected]`, use the\nfollowing request:\n\n```\n{\n "name": "[email protected]",\n "type": "CLOUD_IAM_SERVICE_ACCOUNT",\n "instance": "test-instance",\n "project": "test-project"\n}\n```\n\nThe created database username for the IAM service account is\n`service-account-name`.\n', 'tags': [], 'examples': None, 'input_modes': None, 'output_modes': None}, {'id': 'update_user', 'name': 'update_user', 'description': "Update a database user for a Cloud SQL instance. A common use case for\nthe `update_user` is to grant a user the `cloudsqlsuperuser` role,\nwhich can provide a user with many required permissions.\n\nThis tool only supports updating users to assign database roles.\n\n* This tool returns a long-running operation. Use the `get_operation` tool to poll its status\n until the operation completes.\n* Before calling the `update_user` tool, always check the existing configuration of the user\n such as the user type with `list_users` tool.\n* As a special case for MySQL, if the `list_users` tool returns a full email address for\n the `iamEmail` field, for example `{name=test-account,\n [email protected]}`, then in your `update_user`\n request, use the full email address in the `iamEmail` field in the `name` field of your\n toolrequest. For example, `[email protected]`.\n\nKey parameters for updating user roles:\n\n* `database_roles`: A list of database roles to be assigned to the user.\n* `revokeExistingRoles`: A boolean field (default: false) that controls how existing roles\n are handled.\n\nHow role updates work:\n\n1. **If `revokeExistingRoles` is true:**\n\n * Any existing roles granted to the user but NOT in the provided `database_roles` list\n will be REVOKED.\n * Revoking only applies to non-system roles. System roles like `cloudsqliamuser` etc won't be revoked.\n * Any roles in the `database_roles` list that the user does NOT already have will be GRANTED.\n * If `database_roles` is empty, then ALL existing non-system roles are revoked.\n\n2. **If `revokeExistingRoles` is false (default):**\n\n * Any roles in the `database_roles` list that the user does NOT already have will be GRANTED.\n * Existing roles NOT in the `database_roles` list are KEPT.\n * If `database_roles` is empty, then there is no change to the user's roles.\n\nExamples:\n\n* Existing Roles: `[roleA, roleB]`\n\n * Request: `database_roles: [roleB, roleC], revokeExistingRoles: true`\n * Result: Revokes `roleA`, Grants `roleC`. User roles become `[roleB, roleC]`.\n\n * Request: `database_roles: [roleB, roleC], revokeExistingRoles: false`\n * Result: Grants `roleC`. User roles become `[roleA, roleB, roleC]`.\n\n * Request: `database_roles: [], revokeExistingRoles: true`\n * Result: Revokes `roleA`, Revokes `roleB`. User roles become `[]`.\n\n * Request: `database_roles: [], revokeExistingRoles: false`\n * Result: No change. User roles remain `[roleA, roleB]`.\n", 'tags': [], 'examples': None, 'input_modes': None, 'output_modes': None}; uptime_30d 1.0%; p95 92.6ms; conformance: pass

Transport
streamable-http
Auth
Cost

How to connect

MCP endpoint (streamable-http)
https://sqladmin.googleapis.com/mcp
JSON-RPC initialize probe
curl -X POST https://sqladmin.googleapis.com/mcp \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json, text/event-stream' \
  -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{}}'
Homepage
https://sqladmin.googleapis.com/mcp
Listed at (chiark)
https://chiark.ai/agents/bbfb4d3a-7587-4dd9-afe1-800129694cf8