feat: Add support for PSC network connections (#1347)

Adds new value for `ipTypes` jdbc connection parameter: `PSC`. When ipTypes=PSC, the connector will
connect to the database instance using Private Service Connect instead of the instance's public or private
IP address.

Author: hessjcg

core/src/main/java/com/google/cloud/sql/core/CoreSocketFactory.java

@@ -303,7 +303,7 @@ public static void setApplicationName(String applicationName) {
    * Creates a secure socket representing a connection to a Cloud SQL instance.
    *
    * @param instanceName Name of the Cloud SQL instance.
-   * @param ipTypes Preferred type of IP to use ("PRIVATE", "PUBLIC")
+   * @param ipTypes Preferred type of IP to use ("PRIVATE", "PUBLIC", "PSC")
    * @return the newly created Socket.
    * @throws IOException if error occurs during socket creation.
    */

core/src/main/java/com/google/cloud/sql/core/SqlAdminApiFetcher.java

@@ -193,19 +193,27 @@ private Metadata fetchMetadata(CloudSqlInstanceName instanceName, AuthType authT
 
       checkDatabaseCompatibility(instanceMetadata, authType, instanceName.getConnectionName());
 
+      Map<String, String> ipAddrs = new HashMap<>();
+      if (instanceMetadata.getIpAddresses() != null) {
+        // Update the IP addresses and types need to connect with the instance.
+        for (IpMapping addr : instanceMetadata.getIpAddresses()) {
+          ipAddrs.put(addr.getType(), addr.getIpAddress());
+        }
+      }
+
+      // resolve DnsName into IP address for PSC
+      if (instanceMetadata.getDnsName() != null && !instanceMetadata.getDnsName().isEmpty()) {
+        ipAddrs.put("PSC", instanceMetadata.getDnsName());
+      }
+
       // Verify the instance has at least one IP type assigned that can be used to connect.
-      if (instanceMetadata.getIpAddresses().isEmpty()) {
+      if (ipAddrs.isEmpty()) {
         throw new IllegalStateException(
             String.format(
                 "[%s] Unable to connect to Cloud SQL instance: instance does not have an assigned "
                     + "IP address.",
                 instanceName.getConnectionName()));
       }
-      // Update the IP addresses and types need to connect with the instance.
-      Map<String, String> ipAddrs = new HashMap<>();
-      for (IpMapping addr : instanceMetadata.getIpAddresses()) {
-        ipAddrs.put(addr.getType(), addr.getIpAddress());
-      }
 
       // Update the Server CA certificate used to create the SSL connection with the instance.
       try {

core/src/test/java/com/google/cloud/sql/core/CloudSqlInstanceTest.java

@@ -149,7 +149,8 @@ public void testGetPreferredIpTypes() throws Exception {
             new Metadata(
                 ImmutableMap.of(
                     "PUBLIC", "10.1.2.3",
-                    "PRIVATE", "10.10.10.10"),
+                    "PRIVATE", "10.10.10.10",
+                    "PSC", "abcde.12345.us-central1.sql.goog"),
                 null),
             sslData,
             Date.from(Instant.now().plus(1, ChronoUnit.HOURS)));
@@ -177,6 +178,8 @@ public void testGetPreferredIpTypes() throws Exception {
     assertThat(instance.getPreferredIp(Arrays.asList("PRIVATE", "PUBLIC")))
         .isEqualTo("10.10.10.10");
     assertThat(instance.getPreferredIp(Arrays.asList("PRIVATE"))).isEqualTo("10.10.10.10");
+    assertThat(instance.getPreferredIp(Arrays.asList("PSC")))
+        .isEqualTo("abcde.12345.us-central1.sql.goog");
   }
 
   @Test

core/src/test/java/com/google/cloud/sql/core/MockAdminApi.java

@@ -113,23 +113,30 @@ public OAuth2RefreshHandler getRefreshHandler(String refreshToken, Date expirati
   }
 
   public void addConnectSettingsResponse(
-      String instanceConnectionName, String publicIp, String privateIp, String databaseVersion) {
+      String instanceConnectionName,
+      String publicIp,
+      String privateIp,
+      String databaseVersion,
+      String pscHostname) {
     CloudSqlInstanceName cloudSqlInstanceName = new CloudSqlInstanceName(instanceConnectionName);
 
     ArrayList<IpMapping> ipMappings = new ArrayList<>();
-    if (!publicIp.isEmpty()) {
+    if (publicIp != null && !publicIp.isEmpty()) {
       ipMappings.add(new IpMapping().setIpAddress(publicIp).setType("PRIMARY"));
     }
-    if (!privateIp.isEmpty()) {
+    if (privateIp != null && !privateIp.isEmpty()) {
       ipMappings.add(new IpMapping().setIpAddress(privateIp).setType("PRIVATE"));
     }
-
+    if (ipMappings.isEmpty()) {
+      ipMappings = null;
+    }
     ConnectSettings settings =
         new ConnectSettings()
             .setBackendType("SECOND_GEN")
             .setIpAddresses(ipMappings)
             .setServerCaCert(new SslCert().setCert(TestKeys.SERVER_CA_CERT))
             .setDatabaseVersion(databaseVersion)
+            .setDnsName(pscHostname)
             .setRegion(cloudSqlInstanceName.getRegionId());
     settings.setFactory(GsonFactory.getDefaultInstance());
 

core/src/test/java/com/google/cloud/sql/core/SqlAdminApiFetcherTest.java

@@ -39,6 +39,8 @@ public class SqlAdminApiFetcherTest {
 
   public static final String SAMPLE_PUBLIC_IP = "34.1.2.3";
   public static final String SAMPLE_PRIVATE_IP = "10.0.0.1";
+  public static final String SAMPLE_PSC_IP = "10.0.0.2";
+  public static final String SAMPLE_PCS_DNS_NAME = "abcde.12345.us-central1.sql.goog";
   public static final String INSTANCE_CONNECTION_NAME = "p:r:i";
   public static final String DATABASE_VERSION = "POSTGRES14";
 
@@ -63,6 +65,35 @@ public void testFetchInstanceData_returnsIpAddresses()
     Map<String, String> ipAddrs = instanceData.getIpAddrs();
     assertThat(ipAddrs.get("PRIMARY")).isEqualTo(SAMPLE_PUBLIC_IP);
     assertThat(ipAddrs.get("PRIVATE")).isEqualTo(SAMPLE_PRIVATE_IP);
+    assertThat(ipAddrs.get("PSC")).isEqualTo(SAMPLE_PCS_DNS_NAME);
+  }
+
+  @Test
+  public void testFetchInstanceData_returnsPscForNonIpDatabase()
+      throws ExecutionException, InterruptedException, GeneralSecurityException,
+          OperatorCreationException {
+
+    MockAdminApi mockAdminApi = new MockAdminApi();
+    mockAdminApi.addConnectSettingsResponse(
+        INSTANCE_CONNECTION_NAME, null, null, DATABASE_VERSION, SAMPLE_PCS_DNS_NAME);
+    mockAdminApi.addGenerateEphemeralCertResponse(INSTANCE_CONNECTION_NAME, Duration.ofHours(1));
+
+    SqlAdminApiFetcher fetcher =
+        new StubApiFetcherFactory(mockAdminApi.getHttpTransport())
+            .create(new StubCredentialFactory().create());
+
+    InstanceData instanceData =
+        fetcher.getInstanceData(
+            new CloudSqlInstanceName(INSTANCE_CONNECTION_NAME),
+            () -> Optional.empty(),
+            AuthType.PASSWORD,
+            newTestExecutor(),
+            Futures.immediateFuture(mockAdminApi.getClientKeyPair()));
+    assertThat(instanceData.getSslContext()).isInstanceOf(SSLContext.class);
+
+    Map<String, String> ipAddrs = instanceData.getIpAddrs();
+    assertThat(ipAddrs.get("PSC")).isEqualTo(SAMPLE_PCS_DNS_NAME);
+    assertThat(ipAddrs.size()).isEqualTo(1);
   }
 
   private ListeningScheduledExecutorService newTestExecutor() {
@@ -129,7 +160,11 @@ private MockAdminApi buildMockAdminApi(String instanceConnectionName, String dat
       throws GeneralSecurityException, OperatorCreationException {
     MockAdminApi mockAdminApi = new MockAdminApi();
     mockAdminApi.addConnectSettingsResponse(
-        instanceConnectionName, SAMPLE_PUBLIC_IP, SAMPLE_PRIVATE_IP, databaseVersion);
+        instanceConnectionName,
+        SAMPLE_PUBLIC_IP,
+        SAMPLE_PRIVATE_IP,
+        databaseVersion,
+        SAMPLE_PCS_DNS_NAME);
     mockAdminApi.addGenerateEphemeralCertResponse(instanceConnectionName, Duration.ofHours(1));
     return mockAdminApi;
   }

docs/jdbc-mariadb.md

@@ -47,7 +47,13 @@ Note: The host portion of the JDBC URL is currently unused, and has no effect on
 
 ### Specifying IP Types
 
-"The `ipTypes` argument is used to specify a preferred order of IP types used to connect via a comma delimited list. For example, `ipTypes=PUBLIC,PRIVATE` will use the instance's Public IP if it exists, otherwise private. The value `ipTypes=PRIVATE` will force the Cloud SQL instance to connect via it's private IP. If not specified, the default used is `ipTypes=PUBLIC,PRIVATE`.
+"The `ipTypes` argument is used to specify a preferred order of IP types used 
+to connect via a comma delimited list. For example, `ipTypes=PUBLIC,PRIVATE` 
+will use the instance's Public IP if it exists, otherwise private. The 
+value `ipTypes=PRIVATE` will force the Cloud SQL instance to connect via 
+it's private IP. The value `ipTypes=PSC` will force the Cloud SQL instance to 
+connect to the database via [Private Service Connect](https://cloud.google.com/vpc/docs/private-service-connect). 
+If not specified, the default used is `ipTypes=PUBLIC,PRIVATE`.
 
 For more info on connecting using a private IP address, see [Requirements for Private IP](https://cloud.google.com/sql/docs/mysql/private-ip#requirements_for_private_ip).
 

docs/jdbc-mysql.md

@@ -49,8 +49,14 @@ jdbc:mysql:///<DATABASE_NAME>?cloudSqlInstance=<INSTANCE_CONNECTION_NAME>&socket
 Note: The host portion of the JDBC URL is currently unused, and has no effect on the connection process. The SocketFactory will get your instances IP address based on the provided `cloudSqlInstance` arg. 
 
 ### Specifying IP Types
- 
-"The `ipTypes` argument is used to specify a preferred order of IP types used to connect via a comma delimited list. For example, `ipTypes=PUBLIC,PRIVATE` will use the instance's Public IP if it exists, otherwise private. The value `ipTypes=PRIVATE` will force the Cloud SQL instance to connect via it's private IP. If not specified, the default used is `ipTypes=PUBLIC,PRIVATE`. 
+
+"The `ipTypes` argument is used to specify a preferred order of IP types used
+to connect via a comma delimited list. For example, `ipTypes=PUBLIC,PRIVATE`
+will use the instance's Public IP if it exists, otherwise private. The
+value `ipTypes=PRIVATE` will force the Cloud SQL instance to connect via
+it's private IP. The value `ipTypes=PSC` will force the Cloud SQL instance to
+connect to the database via [Private Service Connect](https://cloud.google.com/vpc/docs/private-service-connect).
+If not specified, the default used is `ipTypes=PUBLIC,PRIVATE`.
 
 For more info on connecting using a private IP address, see [Requirements for Private IP](https://cloud.google.com/sql/docs/mysql/private-ip#requirements_for_private_ip).
 

docs/jdbc-postgres.md

@@ -41,8 +41,14 @@ jdbc:postgresql:///<DATABASE_NAME>?cloudSqlInstance=<INSTANCE_CONNECTION_NAME>&s
 Note: The host portion of the JDBC URL is currently unused, and has no effect on the connection process. The SocketFactory will get your instances IP address based on the provided `cloudSqlInstance` arg. 
 
 ### Specifying IP Types
- 
-"The `ipTypes` argument is used to specify a preferred order of IP types used to connect via a comma delimited list. For example, `ipTypes=PUBLIC,PRIVATE` will use the instance's Public IP if it exists, otherwise private. The value `ipTypes=PRIVATE` will force the Cloud SQL instance to connect via it's private IP. If not specified, the default used is `ipTypes=PUBLIC,PRIVATE`. 
+
+"The `ipTypes` argument is used to specify a preferred order of IP types used
+to connect via a comma delimited list. For example, `ipTypes=PUBLIC,PRIVATE`
+will use the instance's Public IP if it exists, otherwise private. The
+value `ipTypes=PRIVATE` will force the Cloud SQL instance to connect via
+it's private IP. The value `ipTypes=PSC` will force the Cloud SQL instance to
+connect to the database via [Private Service Connect](https://cloud.google.com/vpc/docs/private-service-connect).
+If not specified, the default used is `ipTypes=PUBLIC,PRIVATE`.
 
 For more info on connecting using a private IP address, see [Requirements for Private IP](https://cloud.google.com/sql/docs/mysql/private-ip#requirements_for_private_ip).
 

docs/jdbc-sqlserver.md

@@ -43,8 +43,14 @@ jdbc:sqlserver://localhost;databaseName=<DATABASE_NAME>;socketFactoryClass=com.g
 Note: The host portion of the JDBC URL is currently unused, and has no effect on the connection process. The SocketFactory will get your instances IP address based on the provided `socketFactoryConstructorArg` arg. 
 
 ### Specifying IP Types
- 
-"The `ipTypes` argument is used to specify a preferred order of IP types used to connect via a comma delimited list. For example, `ipTypes=PUBLIC,PRIVATE` will use the instance's Public IP if it exists, otherwise private. The value `ipTypes=PRIVATE` will force the Cloud SQL instance to connect via it's private IP. If not specified, the default used is `ipTypes=PUBLIC,PRIVATE`. 
+
+"The `ipTypes` argument is used to specify a preferred order of IP types used
+to connect via a comma delimited list. For example, `ipTypes=PUBLIC,PRIVATE`
+will use the instance's Public IP if it exists, otherwise private. The
+value `ipTypes=PRIVATE` will force the Cloud SQL instance to connect via
+it's private IP. The value `ipTypes=PSC` will force the Cloud SQL instance to
+connect to the database via [Private Service Connect](https://cloud.google.com/vpc/docs/private-service-connect).
+If not specified, the default used is `ipTypes=PUBLIC,PRIVATE`.
 
 IP types can be specified by appending the ipTypes argument to `socketFactoryConstructorArg` using query syntax, such as: