test: Integration tests for Customer Certificate Authority support (#900)

Add integration test for instance that uses a private CA.

Author: hessjcg

.github/workflows/tests.yaml

@@ -76,6 +76,8 @@ jobs:
             POSTGRES_DB:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_DB
             POSTGRES_CAS_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CAS_CONNECTION_NAME
             POSTGRES_CAS_PASS:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CAS_PASS
+            POSTGRES_CUSTOMER_CAS_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CUSTOMER_CAS_CONNECTION_NAME
+            POSTGRES_CUSTOMER_CAS_PASS:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CUSTOMER_CAS_PASS
             SQLSERVER_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_CONNECTION_NAME
             SQLSERVER_USER:${{ vars.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_USER
             SQLSERVER_PASS:${{ vars.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_PASS
@@ -96,6 +98,8 @@ jobs:
           POSTGRES_DB: "${{ steps.secrets.outputs.POSTGRES_DB }}"
           POSTGRES_CAS_CONNECTION_NAME: "${{ steps.secrets.outputs.POSTGRES_CAS_CONNECTION_NAME }}"
           POSTGRES_CAS_PASS: "${{ steps.secrets.outputs.POSTGRES_CAS_PASS }}"
+          POSTGRES_CUSTOMER_CAS_CONNECTION_NAME: "${{ steps.secrets.outputs.POSTGRES_CUSTOMER_CAS_CONNECTION_NAME }}"
+          POSTGRES_CUSTOMER_CAS_PASS: "${{ steps.secrets.outputs.POSTGRES_CUSTOMER_CAS_PASS }}"
           SQLSERVER_CONNECTION_NAME: "${{ steps.secrets.outputs.SQLSERVER_CONNECTION_NAME }}"
           SQLSERVER_USER: "${{ steps.secrets.outputs.SQLSERVER_USER }}"
           SQLSERVER_PASS: "${{ steps.secrets.outputs.SQLSERVER_PASS }}"

e2e_postgres_test.go

@@ -38,13 +38,15 @@ import (
 )
 
 var (
-	postgresConnName    = os.Getenv("POSTGRES_CONNECTION_NAME")     // "Cloud SQL Postgres instance connection name, in the form of 'project:region:instance'.
-	postgresCASConnName = os.Getenv("POSTGRES_CAS_CONNECTION_NAME") // "Cloud SQL Postgres CAS instance connection name, in the form of 'project:region:instance'.
-	postgresUser        = os.Getenv("POSTGRES_USER")                // Name of database user.
-	postgresPass        = os.Getenv("POSTGRES_PASS")                // Password for the database user; be careful when entering a password on the command line (it may go into your terminal's history).
-	postgresCASPass     = os.Getenv("POSTGRES_CAS_PASS")            // Password for the database user for CAS instances; be careful when entering a password on the command line (it may go into your terminal's history).
-	postgresDB          = os.Getenv("POSTGRES_DB")                  // Name of the database to connect to.
-	postgresUserIAM     = os.Getenv("POSTGRES_USER_IAM")            // Name of database IAM user.
+	postgresConnName            = os.Getenv("POSTGRES_CONNECTION_NAME")              // "Cloud SQL Postgres instance connection name, in the form of 'project:region:instance'.
+	postgresCASConnName         = os.Getenv("POSTGRES_CAS_CONNECTION_NAME")          // "Cloud SQL Postgres CAS instance connection name, in the form of 'project:region:instance'.
+	postgresCustomerCASConnName = os.Getenv("POSTGRES_CUSTOMER_CAS_CONNECTION_NAME") // "Cloud SQL Postgres Customer CAS instance connection name, in the form of 'project:region:instance'.
+	postgresUser                = os.Getenv("POSTGRES_USER")                         // Name of database user.
+	postgresPass                = os.Getenv("POSTGRES_PASS")                         // Password for the database user; be careful when entering a password on the command line (it may go into your terminal's history).
+	postgresCASPass             = os.Getenv("POSTGRES_CAS_PASS")                     // Password for the database user for CAS instances; be careful when entering a password on the command line (it may go into your terminal's history).
+	postgresCustomerCASPass     = os.Getenv("POSTGRES_CUSTOMER_CAS_PASS")            // Password for the database user for customer CAS instances; be careful when entering a password on the command line (it may go into your terminal's history).
+	postgresDB                  = os.Getenv("POSTGRES_DB")                           // Name of the database to connect to.
+	postgresUserIAM             = os.Getenv("POSTGRES_USER_IAM")                     // Name of database IAM user.
 )
 
 func requirePostgresVars(t *testing.T) {
@@ -53,12 +55,16 @@ func requirePostgresVars(t *testing.T) {
 		t.Fatal("'POSTGRES_CONNECTION_NAME' env var not set")
 	case postgresCASConnName:
 		t.Fatal("'POSTGRES_CAS_CONNECTION_NAME' env var not set")
+	case postgresCustomerCASConnName:
+		t.Fatal("'POSTGRES_CUSTOMER_CAS_CONNECTION_NAME' env var not set")
 	case postgresUser:
 		t.Fatal("'POSTGRES_USER' env var not set")
 	case postgresPass:
 		t.Fatal("'POSTGRES_PASS' env var not set")
 	case postgresCASPass:
 		t.Fatal("'POSTGRES_CAS_PASS' env var not set")
+	case postgresCustomerCASPass:
+		t.Fatal("'POSTGRES_CUSTOMER_CAS_PASS' env var not set")
 	case postgresDB:
 		t.Fatal("'POSTGRES_DB' env var not set")
 	case postgresUserIAM:
@@ -162,6 +168,54 @@ func TestPostgresCASConnect(t *testing.T) {
 	t.Log(now)
 }
 
+func TestPostgresCustomerCASConnect(t *testing.T) {
+	if testing.Short() {
+		t.Skip("skipping Postgres integration tests")
+	}
+	requirePostgresVars(t)
+
+	ctx := context.Background()
+
+	// Configure the driver to connect to the database
+	dsn := fmt.Sprintf("user=%s password=%s dbname=%s sslmode=disable", postgresUser, postgresCustomerCASPass, postgresDB)
+	config, err := pgxpool.ParseConfig(dsn)
+	if err != nil {
+		t.Fatalf("failed to parse pgx config: %v", err)
+	}
+
+	// Create a new dialer with any options
+	d, err := cloudsqlconn.NewDialer(ctx)
+	if err != nil {
+		t.Fatalf("failed to init Dialer: %v", err)
+	}
+
+	// call cleanup when you're done with the database connection to close dialer
+	cleanup := func() error { return d.Close() }
+
+	// Tell the driver to use the Cloud SQL Go Connector to create connections
+	// postgresConnName takes the form of 'project:region:instance'.
+	config.ConnConfig.DialFunc = func(ctx context.Context, _ string, _ string) (net.Conn, error) {
+		return d.Dial(ctx, postgresCustomerCASConnName)
+	}
+
+	// Interact with the driver directly as you normally would
+	pool, err := pgxpool.NewWithConfig(ctx, config)
+	if err != nil {
+		t.Fatalf("failed to create pool: %s", err)
+	}
+	// ... etc
+
+	defer cleanup()
+	defer pool.Close()
+
+	var now time.Time
+	err = pool.QueryRow(context.Background(), "SELECT NOW()").Scan(&now)
+	if err != nil {
+		t.Fatalf("QueryRow failed: %s", err)
+	}
+	t.Log(now)
+}
+
 type pgMockResolver struct {
 }