We're in the process of setting up self-hosted Metabase. We try to favour using IAM Authentication for GCP CloudSQL over standard password based Authentication.
We find that Metabase isn't able to use this method as it seems to be unable to handle connection strings that don't contain a password, and still passes a password field (although blank) to the Postgres Server.
Caused by: org.postgresql.util.PSQLException: The server requested password-based authentication, but no password was provided by plugin null
The Connection String we pass is in the following format postgres://data-metabase%40{gcp_project}@localhost:5432/data-metabase?ssl=true&sslmode=prefer
Note the lack of password on the string, as authentication is handled by IAM via the CloudSQL Auth Proxy. This is something we do already across the board for all other services we run, but it seems Metabase doesn't support it.
Is this known? Is there a solution, or should I open a feature request?
Those tickets you linked are different to this issue we're seeing. CloudSQL IAM Authentication is where you allow a CloudSQL Connector (in our case, CloudSQL Proxy Auth) to automatically handle the authentication between the application and CloudSQL. Log in using IAM database authentication | Cloud SQL for PostgreSQL | Google Cloud
When using this, you explicitly don't set a password in the connection string (or as a parameter), like my example. But it seems Metabase always expects a password to be set. If we don't set a password, the server is still sent a blank password parameter from Metabase, resulting in authentication failing.
