feat: support Cloud SQL CAS instances. #850
Conversation
|
FYI, manually tested the auth proxy client with this PR against the CAS and non-CAS instances. It works well. |
|
Thanks @feng-zhe I'll take a deep look at this early next week 😄 |
Also renamed gotDNS to gotPSCDNS to make it clear that the DNS from PSC address.
There was a problem hiding this comment.
Could we add an e2e test for this feature as well? I assume we'd need a new Cloud SQL Instance with this CA mode configured correctly. @jackwotherspoon can you help with that?
internal/cloudsql/instance.go
Outdated
| DBVersion string | ||
| DNSName string // Only set for CAS instances. |
There was a problem hiding this comment.
I am not sure about this. Because this DNSName is directly from the dnsName of the ConnectSettings API here.
There was a problem hiding this comment.
Probably better to stick with the wording from the ConnectSettings API. We could add a godoc comment explaining what this is used for though.
|
You may also want to incorporate the changes from #843. This will allow customers to configure the connector using a DNS name. |
Unfortunately, for CAS instances, there will be no DNS records for it. The only change would be the server CA certificates , the DNS name, and how we verify it. I feel #843 is a separate feature where we do have SRV records set up. WDYT? Thanks. |
Thanks. Jack helped me and I have added some e2e tests for it. However, the testing PR #854 failed due to some password issue. Debugging it now. Thanks. |
|
@enocom Hi Eno, FYI, with @jackwotherspoon's help, the added e2e test has passed in #854. Thanks. |
The CAS instances will have a different way to verify the server identity. This CL supports that.