CloudSQL execute_sql_readonly fails with IAM-authenticated service accounts (missing auto_iam_authn)

[erans]

Summary

The execute_sql_readonly tool in the CloudSQL MCP server fails with "Internal error encountered" when used with an IAM-authenticated service account. The root cause is that the MCP server does not pass auto_iam_authn: true to the underlying Cloud SQL Data API (sql/v1beta4/.../executeSql).

Environment

• Cloud SQL Instance: PostgreSQL 15, us-central1
• Authentication: Service account key file with IAM database authentication (Cloud IAM user, not built-in password)
• MCP Server URL: https://sqladmin.googleapis.com/mcp
• IAM Roles on SA: roles/cloudsql.client, roles/cloudsql.instanceUser, roles/serviceusage.serviceUsageConsumer
• Instance config: database/flag/cloudsql.iam_authentication = on, Data API enabled

Steps to Reproduce

1. Create a service account with IAM database authentication (Cloud SQL IAM user, not password-based)
2. Configure .mcp.json to use the CloudSQL MCP server with a headersHelper that generates a Bearer token from the SA key file
3. Call execute_sql_readonly with a simple query like SELECT 1

Expected Behavior

The query executes successfully using IAM authentication.

Actual Behavior

The tool returns: "Internal error encountered"

No errors appear in Cloud SQL PostgreSQL logs or Cloud Audit logs, indicating the failure happens at the Data API layer before reaching the database.

Root Cause Analysis

Direct calls to the underlying Data API confirm the issue:

# This WORKS - explicitly setting auto_iam_authn: true
curl -X POST \
  "https://sqladmin.googleapis.com/sql/v1beta4/projects/PROJECT/instances/INSTANCE/executeSql" \
  -H "Authorization: Bearer $TOKEN" \
  -H "x-goog-user-project: PROJECT" \
  -H "Content-Type: application/json" \
  -d '{"sqlStatement":"SELECT 1","database":"mydb","auto_iam_authn":true}'
# Returns: {"rows":["1"],"columns":["?column?"]}

# This FAILS - without auto_iam_authn (what the MCP server does)
curl -X POST \
  "https://sqladmin.googleapis.com/sql/v1beta4/projects/PROJECT/instances/INSTANCE/executeSql" \
  -H "Authorization: Bearer $TOKEN" \
  -H "x-goog-user-project: PROJECT" \
  -H "Content-Type: application/json" \
  -d '{"sqlStatement":"SELECT 1","database":"mydb"}'
# Returns: {"error":{"code":400,"message":"One of password or secret must be provided when auto_iam_authn is false"}}

The MCP server's execute_sql_readonly tool does not set auto_iam_authn: true in the Data API request body, causing it to default to false. This makes it impossible to use the tool with IAM-authenticated service accounts.

Suggested Fix

When the MCP server calls the executeSql Data API endpoint, it should either:

1. Always set auto_iam_authn: true when no password/secret is provided (since the caller authenticated via Bearer token), or
2. Expose an auto_iam_authn parameter on the execute_sql_readonly tool so callers can opt in

Option 1 seems more appropriate since the execute_sql_readonly tool is specifically designed for IAM-authenticated access.

Workaround

Currently there is no workaround using the MCP server. Users must call the Data API directly with auto_iam_authn: true in the request body.