From 869a20e55e50cfdd4509db7bad04d7aa8716acc4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gast=C3=B3n=20Rial=20Saibene?=
 <19420029+rialg@users.noreply.github.com>
Date: Mon, 29 Jan 2024 19:53:44 +0100
Subject: [PATCH] Adding options to enable IAM database AuthN in Cloud SQL
 (#107)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Gastón Rial Saibene <gars@boozt.com>
---
 mysql/provider.go | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/mysql/provider.go b/mysql/provider.go
index f9755ab8..9edc9cff 100644
--- a/mysql/provider.go
+++ b/mysql/provider.go
@@ -24,6 +24,7 @@ import (
 
 	"golang.org/x/net/proxy"
 
+	cloudsqlconn "cloud.google.com/go/cloudsqlconn"
 	cloudsql "cloud.google.com/go/cloudsqlconn/mysql/mysql"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	azidentity "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
@@ -137,6 +138,12 @@ func Provider() *schema.Provider {
 				Optional: true,
 				Default:  300,
 			},
+
+			"iam_database_authentication": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
+			},
 		},
 
 		DataSourcesMap: map[string]*schema.Resource{
@@ -166,6 +173,7 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}
 	var allowClearTextPasswords = authPlugin == cleartextPasswords
 	var allowNativePasswords = authPlugin == nativePasswords
 	var password = d.Get("password").(string)
+	var iam_auth = d.Get("iam_database_authentication").(bool)
 
 	proto := "tcp"
 	if len(endpoint) > 0 && endpoint[0] == '/' {
@@ -173,10 +181,16 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}
 	} else if strings.HasPrefix(endpoint, "cloudsql://") {
 		proto = "cloudsql"
 		endpoint = strings.ReplaceAll(endpoint, "cloudsql://", "")
-		_, err := cloudsql.RegisterDriver("cloudsql")
+		var err error
+		if iam_auth {
+			_, err = cloudsql.RegisterDriver("cloudsql", cloudsqlconn.WithIAMAuthN())
+		} else {
+			_, err = cloudsql.RegisterDriver("cloudsql")
+		}
 		if err != nil {
 			return nil, diag.Errorf("failed to register driver %v", err)
 		}
+
 	} else if strings.HasPrefix(endpoint, "azure://") {
 		// Azure AD does not support native password authentication but go-sql-driver/mysql
 		// has to be configured only with ?allowClearTextPasswords=true not with allowNativePasswords=false in this case