feat: Support dns name for connector names

hessjcg · hessjcg · commit d8df7c2cad9a · 2025-08-26T10:56:20.000-06:00
Adds test cases to demonstrate that the DNS name may be used for the instance connection name for instances with DNS TXT records. Fixes #683
diff --git a/docs/api.md b/docs/api.md
@@ -157,7 +157,7 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `connectionString` _string_ | ConnectionString is the connection string for the Cloud SQL Instance<br />in the format `project_id:region:instance_name` |  | Pattern: `^([^:]+(:[^:]+)?):([^:]+):([^:]+)$` <br />Required: \{\} <br /> |
+| `connectionString` _string_ | ConnectionString is the connection string for the Cloud SQL Instance.<br />This may be an instance connection name in the format `project_id:region:instance_name`<br />or a DNS name for the instance. |  | Required: \{\} <br /> |
 | `port` _integer_ | Port (optional) sets the tcp port for this instance. If not set, a value will<br />be automatically assigned by the operator and set as an environment variable<br />on all containers in the workload named according to PortEnvName. The operator will choose<br />a port so that it does not conflict with other ports on the workload. |  | Minimum: 1 <br />Optional: \{\} <br /> |
 | `autoIAMAuthN` _boolean_ | AutoIAMAuthN (optional) Enables IAM Authentication for this instance.<br />Default value is false. |  | Optional: \{\} <br /> |
 | `privateIP` _boolean_ | PrivateIP (optional) Enable connection to the Cloud SQL instance's private ip for this instance.<br />Default value is false. |  | Optional: \{\} <br /> |
diff --git a/internal/api/v1/authproxyworkload_test.go b/internal/api/v1/authproxyworkload_test.go
@@ -111,6 +111,30 @@ func TestAuthProxyWorkload_ValidateCreate_InstanceSpec(t *testing.T) {
 			}},
 			wantValid: false,
 		},
+		{
+			desc: "Valid, Instance configured with valid instance name",
+			spec: []cloudsqlapi.InstanceSpec{{
+				ConnectionString: "proj:region:db2",
+				Port:             ptr(int32(5000)),
+			}},
+			wantValid: true,
+		},
+		{
+			desc: "Valid, Instance configured with domain name name",
+			spec: []cloudsqlapi.InstanceSpec{{
+				ConnectionString: "proj:region:db2",
+				Port:             ptr(int32(5000)),
+			}},
+			wantValid: true,
+		},
+		{
+			desc: "Invalid, Instance configured with malformed name",
+			spec: []cloudsqlapi.InstanceSpec{{
+				ConnectionString: "bad name!",
+				Port:             ptr(int32(5000)),
+			}},
+			wantValid: false,
+		},
 	}
 	for _, tc := range data {
 		t.Run(tc.desc, func(t *testing.T) {
diff --git a/internal/api/v1/authproxyworkload_types.go b/internal/api/v1/authproxyworkload_types.go
@@ -341,10 +341,10 @@ type TelemetrySpec struct {
 //	`{ "connectionString":"my-project:us-central1:my-db-server", "port":5000 }`
 type InstanceSpec struct {
 
-	// ConnectionString is the connection string for the Cloud SQL Instance
-	// in the format `project_id:region:instance_name`
+	// ConnectionString is the connection string for the Cloud SQL Instance.
+	// This may be an instance connection name in the format `project_id:region:instance_name`
+	// or a DNS name for the instance.
 	//+kubebuilder:validation:Required
-	//+kubebuilder:validation:Pattern:="^([^:]+(:[^:]+)?):([^:]+):([^:]+)$"
 	ConnectionString string `json:"connectionString,omitempty"`
 
 	// Port (optional) sets the tcp port for this instance. If not set, a value will
diff --git a/internal/api/v1/authproxyworkload_webhook.go b/internal/api/v1/authproxyworkload_webhook.go
@@ -20,6 +20,7 @@ import (
 	"path"
 	"reflect"
 
+	"cloud.google.com/go/cloudsqlconn/instance"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -281,6 +282,7 @@ func validateInstances(spec *[]InstanceSpec, f *field.Path) field.ErrorList {
 	}
 	for i, inst := range *spec {
 		ff := f.Child(fmt.Sprintf("%d", i))
+		errs = append(errs, validateConnectionString(inst, f)...)
 		if inst.Port != nil {
 			for _, s := range apivalidation.IsValidPortNum(int(*inst.Port)) {
 				errs = append(errs, field.Invalid(ff.Child("port"), inst.Port, s))
@@ -311,6 +313,16 @@ func validateInstances(spec *[]InstanceSpec, f *field.Path) field.ErrorList {
 	return errs
 }
 
+func validateConnectionString(inst InstanceSpec, f *field.Path) field.ErrorList {
+	if instance.IsValidDomain(inst.ConnectionString) {
+		return nil
+	}
+	if _, err := instance.ParseConnName(inst.ConnectionString); err != nil {
+		return []*field.Error{field.Invalid(f, inst.ConnectionString, "is not a valid instance connection name or dns name")}
+	}
+	return nil
+}
+
 func validateEnvName(f *field.Path, envName string) field.ErrorList {
 	var errs field.ErrorList
 	if envName != "" {
diff --git a/internal/testintegration/integration_test.go b/internal/testintegration/integration_test.go
@@ -84,6 +84,34 @@ func TestCreateAndDeleteResource(t *testing.T) {
 
 }
 
+// newTestCaseClient Creates a new TestCaseClient providing unique namespace and
+// other default values.
+func newDomainNameTestCaseClient(name string, c client.Client) *testhelpers.TestCaseClient {
+	return &testhelpers.TestCaseClient{
+		Client:           c,
+		Namespace:        testhelpers.NewNamespaceName(name),
+		ConnectionString: "db.example.com",
+	}
+}
+
+func TestCreateAndDeleteDomainNameResource(t *testing.T) {
+	ctx := testintegration.TestContext()
+	tcc := newDomainNameTestCaseClient("create", defaultClient)
+	res, err := tcc.CreateResource(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = tcc.WaitForFinalizerOnResource(ctx, res)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = tcc.DeleteResourceAndWait(ctx, res)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+}
+
 func TestModifiesNewDeployment(t *testing.T) {
 	ctx := testintegration.TestContext()
 	tcc := newTestCaseClient("modifynew", defaultClient)
diff --git a/internal/workload/podspec_updates_test.go b/internal/workload/podspec_updates_test.go
@@ -135,52 +135,69 @@ func configureProxies(u *workload.Updater, wl *workload.PodWorkload, proxies []*
 }
 
 func TestUpdatePodWorkload(t *testing.T) {
-	var (
-		wantsName               = "instance1"
-		wantsPort         int32 = 8080
-		wantContainerName       = "csql-default-" + wantsName
-		wantsInstanceName       = "project:server:db"
-		wantsInstanceArg        = fmt.Sprintf("%s?port=%d", wantsInstanceName, wantsPort)
-		u                       = workload.NewUpdater("cloud-sql-proxy-operator/dev", workload.DefaultProxyImage, false)
-	)
-	var err error
+	tcs := []struct {
+		name              string
+		wantsName         string
+		wantsPort         int32
+		wantsInstanceName string
+	}{{
+		name:              "WithInstanceConnectionString",
+		wantsName:         "instance1",
+		wantsPort:         int32(8080),
+		wantsInstanceName: "project:server:db",
+	}, {
+		name:              "WithDnsNameString",
+		wantsName:         "instance1",
+		wantsPort:         int32(8080),
+		wantsInstanceName: "db.example.com",
+	},
+	}
+	for _, tc := range tcs {
+		t.Run(tc.name, func(t *testing.T) {
+			u := workload.NewUpdater("cloud-sql-proxy-operator/dev", workload.DefaultProxyImage, false)
+			wantsContainerName := "csql-default-" + tc.wantsName
+			wantsInstanceArg := fmt.Sprintf("%s?port=%d", tc.wantsInstanceName, tc.wantsPort)
 
-	// Create a pod
-	wl := podWorkload()
+			var err error
 
-	// ensure that the deployment only has one container before
-	// updating the deployment.
-	if len(wl.Pod.Spec.Containers) != 1 {
-		t.Fatalf("got %v, wants 1. deployment containers length", len(wl.Pod.Spec.Containers))
-	}
+			// Create a pod
+			wl := podWorkload()
 
-	// Create a AuthProxyWorkload that matches the deployment
-	proxy := simpleAuthProxy(wantsName, wantsInstanceName)
-	proxy.Spec.Instances[0].Port = ptr(wantsPort)
+			// ensure that the deployment only has one container before
+			// updating the deployment.
+			if len(wl.Pod.Spec.Containers) != 1 {
+				t.Fatalf("got %v, wants 1. deployment containers length", len(wl.Pod.Spec.Containers))
+			}
 
-	// Update the container with new markWorkloadNeedsUpdate
-	err = configureProxies(u, wl, []*cloudsqlapi.AuthProxyWorkload{proxy})
-	if err != nil {
-		t.Fatal(err)
-	}
+			// Create a AuthProxyWorkload that matches the deployment
+			proxy := simpleAuthProxy(tc.wantsName, tc.wantsInstanceName)
+			proxy.Spec.Instances[0].Port = ptr(tc.wantsPort)
 
-	// test that there are now 2 containers
-	if want, got := 2, len(wl.Pod.Spec.Containers); want != got {
-		t.Fatalf("got %v want %v, number of deployment containers", got, want)
-	}
+			// Update the container with new markWorkloadNeedsUpdate
+			err = configureProxies(u, wl, []*cloudsqlapi.AuthProxyWorkload{proxy})
+			if err != nil {
+				t.Fatal(err)
+			}
 
-	t.Logf("Containers: {%v}", wl.Pod.Spec.Containers)
+			// test that there are now 2 containers
+			if want, got := 2, len(wl.Pod.Spec.Containers); want != got {
+				t.Fatalf("got %v want %v, number of deployment containers", got, want)
+			}
 
-	// test that the container has the proper name following the conventions
-	foundContainer, err := findContainer(wl, wantContainerName)
-	if err != nil {
-		t.Fatal(err)
-	}
+			t.Logf("Containers: {%v}", wl.Pod.Spec.Containers)
 
-	// test that the container args have the expected args
-	if gotArg, err := hasArg(wl, wantContainerName, wantsInstanceArg); err != nil || !gotArg {
-		t.Errorf("wants connection string arg %v but it was not present in proxy container args %v",
-			wantsInstanceArg, foundContainer.Args)
+			// test that the container has the proper name following the conventions
+			foundContainer, err := findContainer(wl, wantsContainerName)
+			if err != nil {
+				t.Fatal(err)
+			}
+
+			// test that the container args have the expected args
+			if gotArg, err := hasArg(wl, wantsContainerName, wantsInstanceArg); err != nil || !gotArg {
+				t.Errorf("wants connection string arg %v but it was not present in proxy container args %v",
+					wantsInstanceArg, foundContainer.Args)
+			}
+		})
 	}
 
 }
