chore: add server_ca_mode and dns_name to ConnectionInfo

GoogleCloudPlatform · Aug 30, 2024 · bb80425 · bb80425
1 parent 7d99808
commit bb80425
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 6 deletions.
diff --git a/google/cloud/sql/connector/client.py b/google/cloud/sql/connector/client.py
@@ -141,15 +141,20 @@ async def _get_metadata(
             if "ipAddresses" in ret_dict
             else {}
         )
-        # Remove trailing period from PSC DNS name.
-        psc_dns = ret_dict.get("dnsName")
-        if psc_dns:
-            ip_addresses["PSC"] = psc_dns.rstrip(".")
+        # resolve dnsName into IP address for PSC
+        # Note that we have to check for PSC enablement also because CAS
+        # instances also set the dnsName field.
+        dns_name = ret_dict.get("dnsName", "")
+        if dns_name and ret_dict.get("pscEnabled"):
+            # Remove trailing period from PSC DNS name. Required for SSL in Python
+            ip_addresses["PSC"] = dns_name.rstrip(".")
 
         return {
             "ip_addresses": ip_addresses,
             "server_ca_cert": ret_dict["serverCaCert"]["cert"],
+            "server_ca_mode": ret_dict.get("serverCaMode", ""),
             "database_version": ret_dict["databaseVersion"],
+            "dns_name": dns_name,
         }
 
     async def _get_ephemeral(
@@ -288,9 +293,11 @@ async def get_connection_info(
         return ConnectionInfo(
             ephemeral_cert,
             metadata["server_ca_cert"],
+            metadata["server_ca_mode"],
             priv_key,
             metadata["ip_addresses"],
             metadata["database_version"],
+            metadata["dns_name"],
             expiration,
         )
 

diff --git a/google/cloud/sql/connector/connection_info.py b/google/cloud/sql/connector/connection_info.py
@@ -17,7 +17,7 @@
 from dataclasses import dataclass
 import logging
 import ssl
-from typing import Any, Dict, Optional, TYPE_CHECKING
+from typing import Any, Dict, List, Optional, TYPE_CHECKING
 
 from aiofiles.tempfile import TemporaryDirectory
 
@@ -39,10 +39,14 @@ class ConnectionInfo:
     server-side Proxy running on a Cloud SQL instance."""
 
     client_cert: str
-    server_ca_cert: str
+    server_ca_cert: List[str]
+    server_ca_mode: str
     private_key: bytes
     ip_addrs: Dict[str, Any]
     database_version: str
+    # The DNSName is from the ConnectSettings API.
+    # It is used to validate the server identity for CAS instances.
+    dns_name: str
     expiration: datetime.datetime
     context: Optional[ssl.SSLContext] = None