feat: Configure the connector with Google Auth Credentials. (#997)

Author: hessjcg

.gitignore

@@ -1,6 +1,7 @@
 # IDEs
 .vscode/
 .idea/
+*.iml
 
 # direnv
 .envrc

dialer_test.go

@@ -29,10 +29,12 @@ import (
 	"testing"
 	"time"
 
+	"cloud.google.com/go/auth"
 	"cloud.google.com/go/cloudsqlconn/errtype"
 	"cloud.google.com/go/cloudsqlconn/instance"
 	"cloud.google.com/go/cloudsqlconn/internal/cloudsql"
 	"cloud.google.com/go/cloudsqlconn/internal/mock"
+
 	"golang.org/x/oauth2"
 )
 
@@ -674,6 +676,40 @@ func TestTokenSourceWithIAMAuthN(t *testing.T) {
 	}
 }
 
+func TestCredentialsWithIAMAuthN(t *testing.T) {
+	ts := &auth.Credentials{}
+	tcs := []struct {
+		desc    string
+		opts    []Option
+		wantErr bool
+	}{
+		{
+			desc:    "when token source is set with IAM AuthN",
+			opts:    []Option{WithCredentials(ts), WithIAMAuthN()},
+			wantErr: true,
+		},
+		{
+			desc:    "when IAM AuthN token source is set without IAM AuthN",
+			opts:    []Option{WithIAMAuthNCredentials(ts, ts)},
+			wantErr: true,
+		},
+		{
+			desc:    "when IAM AuthN token source is set with IAM AuthN",
+			opts:    []Option{WithIAMAuthNCredentials(ts, ts), WithIAMAuthN()},
+			wantErr: false,
+		},
+	}
+	for _, tc := range tcs {
+		t.Run(tc.desc, func(t *testing.T) {
+			_, err := NewDialer(context.Background(), tc.opts...)
+			gotErr := err != nil
+			if tc.wantErr != gotErr {
+				t.Fatalf("err: want = %v, got = %v", tc.wantErr, gotErr)
+			}
+		})
+	}
+}
+
 func TestDialerRemovesInvalidInstancesFromCache(t *testing.T) {
 	// When a dialer attempts to retrieve connection info for a
 	// non-existent instance, it should delete the instance from

e2e_postgres_test.go

@@ -27,6 +27,8 @@ import (
 	"testing"
 	"time"
 
+	"cloud.google.com/go/auth"
+	"cloud.google.com/go/auth/credentials"
 	"cloud.google.com/go/cloudsqlconn"
 	"github.com/jackc/pgx/v5/pgxpool"
 	"golang.org/x/oauth2"
@@ -749,19 +751,25 @@ func TestPostgresV4Hook(t *testing.T) {
 // removeAuthEnvVar retrieves an OAuth2 token and a path to a service account key
 // and then unsets GOOGLE_APPLICATION_CREDENTIALS. It returns a cleanup function
 // that restores the original setup.
-func removeAuthEnvVar(t *testing.T) (*oauth2.Token, string, func()) {
+func removeAuthEnvVar(t *testing.T) (*oauth2.Token, *auth.Credentials, string, func()) {
 	ts, err := google.DefaultTokenSource(context.Background(),
 		"https://www.googleapis.com/auth/cloud-platform",
 	)
 	if err != nil {
 		t.Errorf("failed to resolve token source: %v", err)
 	}
+
+	creds, err := credentials.DetectDefault(&credentials.DetectOptions{Scopes: []string{"https://www.googleapis.com/auth/cloud-platform"}})
+	if err != nil {
+		t.Errorf("failed to resolve auth credentials: %v", err)
+	}
+
 	tok, err := ts.Token()
 	if err != nil {
 		t.Errorf("failed to get token: %v", err)
 	}
 	if ipType == "private" {
-		return tok, "", func() {}
+		return tok, creds, "", func() {}
 	}
 	path, ok := os.LookupEnv("GOOGLE_APPLICATION_CREDENTIALS")
 	if !ok {
@@ -770,7 +778,7 @@ func removeAuthEnvVar(t *testing.T) (*oauth2.Token, string, func()) {
 	if err := os.Unsetenv("GOOGLE_APPLICATION_CREDENTIALS"); err != nil {
 		t.Fatalf("failed to unset GOOGLE_APPLICATION_CREDENTIALS")
 	}
-	return tok, path, func() {
+	return tok, creds, path, func() {
 		os.Setenv("GOOGLE_APPLICATION_CREDENTIALS", path)
 	}
 }
@@ -798,7 +806,7 @@ func TestPostgresAuthentication(t *testing.T) {
 		creds = keyfile(t)
 	}
 	opts = addIPTypeOptions(opts)
-	tok, path, cleanup := removeAuthEnvVar(t)
+	tok, authCreds, path, cleanup := removeAuthEnvVar(t)
 	defer cleanup()
 
 	tcs := []struct {
@@ -811,6 +819,10 @@ func TestPostgresAuthentication(t *testing.T) {
 				oauth2.StaticTokenSource(tok),
 			)),
 		},
+		{
+			desc: "with auth credentials",
+			opts: append(opts, cloudsqlconn.WithCredentials(authCreds)),
+		},
 	}
 
 	if ipType != "private" {

go.mod

@@ -3,51 +3,51 @@ module cloud.google.com/go/cloudsqlconn
 go 1.23.0
 
 require (
-	cloud.google.com/go/auth v0.16.2
+	cloud.google.com/go/auth v0.16.4
 	cloud.google.com/go/auth/oauth2adapt v0.2.8
 	github.com/go-sql-driver/mysql v1.9.3
 	github.com/google/uuid v1.6.0
 	github.com/jackc/pgx/v4 v4.18.3
 	github.com/jackc/pgx/v5 v5.7.5
 	github.com/microsoft/go-mssqldb v1.9.2
 	go.opencensus.io v0.24.0
-	golang.org/x/net v0.42.0
+	golang.org/x/net v0.43.0
 	golang.org/x/oauth2 v0.30.0
 	golang.org/x/time v0.12.0
-	google.golang.org/api v0.241.0
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7
-	google.golang.org/grpc v1.73.0
+	google.golang.org/api v0.246.0
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b
+	google.golang.org/grpc v1.74.2
 )
 
 require (
-	cloud.google.com/go/compute/metadata v0.7.0 // indirect
+	cloud.google.com/go/compute/metadata v0.8.0 // indirect
 	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 // indirect
 	github.com/golang-sql/sqlexp v0.1.0 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/google/s2a-go v0.1.9 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
-	github.com/googleapis/gax-go/v2 v2.14.2 // indirect
+	github.com/googleapis/gax-go/v2 v2.15.0 // indirect
 	github.com/jackc/chunkreader/v2 v2.0.1 // indirect
 	github.com/jackc/pgconn v1.14.3 // indirect
 	github.com/jackc/pgio v1.0.0 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgproto3/v2 v2.3.3 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
-	github.com/jackc/pgtype v1.14.0 // indirect
+	github.com/jackc/pgtype v1.14.4 // indirect
 	github.com/jackc/puddle/v2 v2.2.2 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
-	go.opentelemetry.io/otel v1.36.0 // indirect
-	go.opentelemetry.io/otel/metric v1.36.0 // indirect
-	go.opentelemetry.io/otel/trace v1.36.0 // indirect
-	golang.org/x/crypto v0.40.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0 // indirect
+	go.opentelemetry.io/otel v1.37.0 // indirect
+	go.opentelemetry.io/otel/metric v1.37.0 // indirect
+	go.opentelemetry.io/otel/trace v1.37.0 // indirect
+	golang.org/x/crypto v0.41.0 // indirect
 	golang.org/x/sync v0.16.0 // indirect
-	golang.org/x/sys v0.34.0 // indirect
-	golang.org/x/text v0.27.0 // indirect
-	google.golang.org/protobuf v1.36.6 // indirect
+	golang.org/x/sys v0.35.0 // indirect
+	golang.org/x/text v0.28.0 // indirect
+	google.golang.org/protobuf v1.36.7 // indirect
 )