feat: Configure connectors with DNS Name.

Author: hessjcg

.github/workflows/tests.yml

@@ -154,13 +154,15 @@ jobs:
             MYSQL_DB:${{ vars.GOOGLE_CLOUD_PROJECT }}/MYSQL_DB
             POSTGRES_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CONNECTION_NAME
             POSTGRES_USER:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_USER
-            POSTGRES_IAM_USER:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_USER_IAM_NODE
+            POSTGRES_USER_IAM_NODE:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_USER_IAM_NODE
             POSTGRES_PASS:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_PASS
             POSTGRES_DB:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_DB
             POSTGRES_CAS_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CAS_CONNECTION_NAME
             POSTGRES_CAS_PASS:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CAS_PASS
             POSTGRES_CUSTOMER_CAS_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CUSTOMER_CAS_CONNECTION_NAME
             POSTGRES_CUSTOMER_CAS_PASS:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CUSTOMER_CAS_PASS
+            POSTGRES_CUSTOMER_CAS_DOMAIN_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CUSTOMER_CAS_DOMAIN_NAME
+            POSTGRES_CUSTOMER_CAS_INVALID_DOMAIN_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CUSTOMER_CAS_INVALID_DOMAIN_NAME
             SQLSERVER_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_CONNECTION_NAME
             SQLSERVER_USER:${{ vars.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_USER
             SQLSERVER_PASS:${{ vars.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_PASS
@@ -181,13 +183,15 @@ jobs:
           MYSQL_DB: "${{ steps.secrets.outputs.MYSQL_DB }}"
           POSTGRES_CONNECTION_NAME: "${{ steps.secrets.outputs.POSTGRES_CONNECTION_NAME }}"
           POSTGRES_USER: "${{ steps.secrets.outputs.POSTGRES_USER }}"
-          POSTGRES_IAM_USER: "${{ steps.secrets.outputs.POSTGRES_IAM_USER }}"
+          POSTGRES_USER_IAM_NODE: "${{ steps.secrets.outputs.POSTGRES_USER_IAM_NODE }}"
           POSTGRES_PASS: "${{ steps.secrets.outputs.POSTGRES_PASS }}"
           POSTGRES_DB: "${{ steps.secrets.outputs.POSTGRES_DB }}"
           POSTGRES_CAS_CONNECTION_NAME: "${{ steps.secrets.outputs.POSTGRES_CAS_CONNECTION_NAME }}"
           POSTGRES_CAS_PASS: "${{ steps.secrets.outputs.POSTGRES_CAS_PASS }}"
           POSTGRES_CUSTOMER_CAS_CONNECTION_NAME: "${{ steps.secrets.outputs.POSTGRES_CUSTOMER_CAS_CONNECTION_NAME }}"
           POSTGRES_CUSTOMER_CAS_PASS: "${{ steps.secrets.outputs.POSTGRES_CUSTOMER_CAS_PASS }}"
+          POSTGRES_CUSTOMER_CAS_DOMAIN_NAME: "${{ steps.secrets.outputs.POSTGRES_CUSTOMER_CAS_DOMAIN_NAME }}"
+          POSTGRES_CUSTOMER_CAS_INVALID_DOMAIN_NAME: "${{ steps.secrets.outputs.POSTGRES_CUSTOMER_CAS_INVALID_DOMAIN_NAME }}"
           SQLSERVER_CONNECTION_NAME: "${{ steps.secrets.outputs.SQLSERVER_CONNECTION_NAME }}"
           SQLSERVER_USER: "${{ steps.secrets.outputs.SQLSERVER_USER }}"
           SQLSERVER_PASS: "${{ steps.secrets.outputs.SQLSERVER_PASS }}"
@@ -275,9 +279,15 @@ jobs:
             MYSQL_DB:${{ vars.GOOGLE_CLOUD_PROJECT }}/MYSQL_DB
             POSTGRES_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CONNECTION_NAME
             POSTGRES_USER:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_USER
-            POSTGRES_IAM_USER:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_USER_IAM_NODE
+            POSTGRES_USER_IAM_NODE:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_USER_IAM_NODE
             POSTGRES_PASS:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_PASS
             POSTGRES_DB:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_DB
+            POSTGRES_CAS_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CAS_CONNECTION_NAME
+            POSTGRES_CAS_PASS:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CAS_PASS
+            POSTGRES_CUSTOMER_CAS_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CUSTOMER_CAS_CONNECTION_NAME
+            POSTGRES_CUSTOMER_CAS_PASS:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CUSTOMER_CAS_PASS
+            POSTGRES_CUSTOMER_CAS_DOMAIN_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CUSTOMER_CAS_DOMAIN_NAME
+            POSTGRES_CUSTOMER_CAS_INVALID_DOMAIN_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CUSTOMER_CAS_INVALID_DOMAIN_NAME
             SQLSERVER_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_CONNECTION_NAME
             SQLSERVER_USER:${{ vars.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_USER
             SQLSERVER_PASS:${{ vars.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_PASS
@@ -292,9 +302,15 @@ jobs:
           MYSQL_DB: "${{ steps.secrets.outputs.MYSQL_DB }}"
           POSTGRES_CONNECTION_NAME: "${{ steps.secrets.outputs.POSTGRES_CONNECTION_NAME }}"
           POSTGRES_USER: "${{ steps.secrets.outputs.POSTGRES_USER }}"
-          POSTGRES_IAM_USER: "${{ steps.secrets.outputs.POSTGRES_IAM_USER }}"
+          POSTGRES_IAM_USER: "${{ steps.secrets.outputs.POSTGRES_USER_IAM_NODE }}"
           POSTGRES_PASS: "${{ steps.secrets.outputs.POSTGRES_PASS }}"
           POSTGRES_DB: "${{ steps.secrets.outputs.POSTGRES_DB }}"
+          POSTGRES_CAS_CONNECTION_NAME: "${{ steps.secrets.outputs.POSTGRES_CAS_CONNECTION_NAME }}"
+          POSTGRES_CAS_PASS: "${{ steps.secrets.outputs.POSTGRES_CAS_PASS }}"
+          POSTGRES_CUSTOMER_CAS_CONNECTION_NAME: "${{ steps.secrets.outputs.POSTGRES_CUSTOMER_CAS_CONNECTION_NAME }}"
+          POSTGRES_CUSTOMER_CAS_PASS: "${{ steps.secrets.outputs.POSTGRES_CUSTOMER_CAS_PASS }}"
+          POSTGRES_CUSTOMER_CAS_DOMAIN_NAME: "${{ steps.secrets.outputs.POSTGRES_CUSTOMER_CAS_DOMAIN_NAME }}"
+          POSTGRES_CUSTOMER_CAS_INVALID_DOMAIN_NAME: "${{ steps.secrets.outputs.POSTGRES_CUSTOMER_CAS_INVALID_DOMAIN_NAME }}"
           SQLSERVER_CONNECTION_NAME: "${{ steps.secrets.outputs.SQLSERVER_CONNECTION_NAME }}"
           SQLSERVER_USER: "${{ steps.secrets.outputs.SQLSERVER_USER }}"
           SQLSERVER_PASS: "${{ steps.secrets.outputs.SQLSERVER_PASS }}"

src/cloud-sql-instance.ts

@@ -14,7 +14,7 @@
 
 import {IpAddressTypes, selectIpAddress} from './ip-addresses';
 import {InstanceConnectionInfo} from './instance-connection-info';
-import {parseInstanceConnectionName} from './parse-instance-connection-name';
+import {resolveInstanceName} from './parse-instance-connection-name';
 import {InstanceMetadata} from './sqladmin-fetcher';
 import {generateKeys} from './crypto';
 import {RSAKeys} from './rsa-keys';
@@ -54,7 +54,10 @@ export class CloudSQLInstance {
   static async getCloudSQLInstance(
     options: CloudSQLInstanceOptions
   ): Promise<CloudSQLInstance> {
-    const instance = new CloudSQLInstance(options);
+    const instance = new CloudSQLInstance({
+      options: options,
+      instanceInfo: await resolveInstanceName(options.instanceConnectionName),
+    });
     await instance.refresh();
     return instance;
   }
@@ -80,17 +83,17 @@ export class CloudSQLInstance {
   public dnsName = '';
 
   constructor({
-    ipType,
-    authType,
-    instanceConnectionName,
-    sqlAdminFetcher,
-    limitRateInterval = 30 * 1000, // 30s default
-  }: CloudSQLInstanceOptions) {
-    this.authType = authType;
-    this.instanceInfo = parseInstanceConnectionName(instanceConnectionName);
-    this.ipType = ipType;
-    this.limitRateInterval = limitRateInterval;
-    this.sqlAdminFetcher = sqlAdminFetcher;
+    options,
+    instanceInfo,
+  }: {
+    options: CloudSQLInstanceOptions;
+    instanceInfo: InstanceConnectionInfo;
+  }) {
+    this.instanceInfo = instanceInfo;
+    this.authType = options.authType || AuthTypes.PASSWORD;
+    this.ipType = options.ipType || IpAddressTypes.PUBLIC;
+    this.limitRateInterval = options.limitRateInterval || 30 * 1000; // 30 seconds
+    this.sqlAdminFetcher = options.sqlAdminFetcher;
   }
 
   // p-throttle library has to be initialized in an async scope in order to
@@ -284,6 +287,7 @@ export class CloudSQLInstance {
   }
 
   cancelRefresh(): void {
+    // If refresh has not yet started, then cancel the setTimeout
     if (this.scheduledRefreshID) {
       clearTimeout(this.scheduledRefreshID);
     }

src/connector.ts

@@ -229,7 +229,7 @@ export class Connector {
             privateKey,
             serverCaCert,
             serverCaMode,
-            dnsName,
+            dnsName: instanceInfo.domainName || dnsName, // use the configured domain name, or the instance dnsName.
           });
           tlsSocket.once('error', () => {
             cloudSqlInstance.forceRefresh();

system-test/pg-connect.cjs

@@ -20,77 +20,88 @@ const {Client} = pg;
 t.test('open connection and retrieves standard pg tables', async t => {
   const connector = new Connector();
   const clientOpts = await connector.getOptions({
-    instanceConnectionName: process.env.POSTGRES_CONNECTION_NAME,
-    ipType: 'PUBLIC',
-    authType: 'PASSWORD',
+    instanceConnectionName: String(process.env.POSTGRES_CONNECTION_NAME),
   });
   const client = new Client({
     ...clientOpts,
-    user: process.env.POSTGRES_USER,
-    password: process.env.POSTGRES_PASS,
-    database: process.env.POSTGRES_DB,
+    user: String(process.env.POSTGRES_USER),
+    password: String(process.env.POSTGRES_PASS),
+    database: String(process.env.POSTGRES_DB),
   });
-  client.connect();
+  t.after(async ()=>{
+    try {
+      await client.end();
+    } catch (e){}
+    connector.close();
+  })
+
+  await client.connect();
 
   const {
     rows: [result],
   } = await client.query('SELECT NOW();');
   const returnedDate = result['now'];
   t.ok(returnedDate.getTime(), 'should have valid returned date object');
 
-  await client.end();
-  connector.close();
 });
 
 t.test('open IAM connection and retrieves standard pg tables', async t => {
   const connector = new Connector();
   const clientOpts = await connector.getOptions({
-    instanceConnectionName: process.env.POSTGRES_CONNECTION_NAME,
-    ipType: 'PUBLIC',
-    authType: 'IAM',
+    instanceConnectionName: String(process.env.POSTGRES_CONNECTION_NAME),
+    ipType: "PUBLIC",
+    authType: "IAM",
   });
   const client = new Client({
     ...clientOpts,
-    user: process.env.POSTGRES_IAM_USER,
-    database: process.env.POSTGRES_DB,
+    user: String(process.env.POSTGRES_USER_IAM_NODE),
+    database: String(process.env.POSTGRES_DB),
   });
-  client.connect();
+  t.after(async ()=>{
+    try {
+      await client.end();
+    } catch (e){}
+    connector.close();
+  })
+  await client.connect();
 
   const {
     rows: [result],
   } = await client.query('SELECT NOW();');
   const returnedDate = result['now'];
   t.ok(returnedDate.getTime(), 'should have valid returned date object');
 
-  await client.end();
-  connector.close();
 });
 
 t.test(
   'open connection to CAS-based CA instance and retrieves standard pg tables',
   async t => {
     const connector = new Connector();
     const clientOpts = await connector.getOptions({
-      instanceConnectionName: process.env.POSTGRES_CAS_CONNECTION_NAME,
-      ipType: 'PUBLIC',
-      authType: 'PASSWORD',
+      instanceConnectionName: String(process.env.POSTGRES_CAS_CONNECTION_NAME),
     });
     const client = new Client({
       ...clientOpts,
-      user: process.env.POSTGRES_USER,
-      password: process.env.POSTGRES_CAS_PASS,
-      database: process.env.POSTGRES_DB,
+      user: String(process.env.POSTGRES_USER),
+      password: String(process.env.POSTGRES_CAS_PASS),
+      database: String(process.env.POSTGRES_DB),
     });
-    client.connect();
+    t.after(async ()=>{
+      try {
+        await client.end();
+      } catch (e){}
+      connector.close();
+    })
+
+    await client.connect();
 
     const {
       rows: [result],
     } = await client.query('SELECT NOW();');
     const returnedDate = result['now'];
     t.ok(returnedDate.getTime(), 'should have valid returned date object');
 
-    await client.end();
-    connector.close();
+
   }
 );
 
@@ -109,13 +120,86 @@ t.test(
       password: String(process.env.POSTGRES_CUSTOMER_CAS_PASS),
       database: String(process.env.POSTGRES_DB),
     });
-    client.connect();
+    t.after(async ()=>{
+      try {
+        await client.end();
+      } catch (e){}
+      connector.close();
+    })
+
+    await client.connect();
     const {
       rows: [result],
     } = await client.query('SELECT NOW();');
     const returnedDate = result['now'];
     t.ok(returnedDate.getTime(), 'should have valid returned date object');
-    await client.end();
-    connector.close();
+
+  }
+);
+
+t.test(
+  'open connection to Domain Name instance retrieves standard pg tables',
+  async t => {
+    const connector = new Connector();
+    const clientOpts = await connector.getOptions({
+      instanceConnectionName: String(
+        process.env.POSTGRES_CUSTOMER_CAS_DOMAIN_NAME
+      ),
+    });
+    const client = new Client({
+      ...clientOpts,
+      user: String(process.env.POSTGRES_USER),
+      password: String(process.env.POSTGRES_CUSTOMER_CAS_PASS),
+      database: String(process.env.POSTGRES_DB),
+    });
+    t.after(async ()=>{
+      try {
+        await client.end();
+      } catch (e){}
+      connector.close();
+    })
+
+    await client.connect();
+    const {
+      rows: [result],
+    } = await client.query('SELECT NOW();');
+    const returnedDate = result['now'];
+    t.ok(returnedDate.getTime(), 'should have valid returned date object');
+
+  }
+);
+
+t.test(
+  'open connection to Domain Name invalid domain name rejects connection',
+  async t => {
+    const connector = new Connector();
+    const clientOpts = await connector.getOptions({
+      instanceConnectionName: String(
+        process.env.POSTGRES_CUSTOMER_CAS_INVALID_DOMAIN_NAME
+      ),
+    });
+    const client = new Client({
+      ...clientOpts,
+      user: String(process.env.POSTGRES_USER),
+      password: String(process.env.POSTGRES_CUSTOMER_CAS_PASS),
+      database: String(process.env.POSTGRES_DB),
+    });
+    t.after(async ()=>{
+      console.log("Ending...")
+      try {
+        await client.end();
+      } catch (e){}
+      connector.close();
+      console.log("Ended...")
+
+    })
+    try{
+      await client.connect()
+      t.fail("Should throw exception")
+    } catch (e){
+      t.same(e.code, 'ERR_TLS_CERT_ALTNAME_INVALID')
+    } finally {
+      t.end()
+    }
   }
 );