feat: Custom SAN Support (#902)

The DNS Resolver should return a ConnName with the resolved instance name and the DNS name.
This will ensure that the cache key is correct, and it will allow the TLS connections to use the
domain name to validate the TLS server certificate.

Author: hessjcg

internal/cloudsql/resolver.go

@@ -105,7 +105,7 @@ func (r *DNSInstanceConnectionNameResolver) queryDNS(ctx context.Context, domain
 	// Attempt to parse records, returning the first valid record.
 	for _, record := range records {
 		// Parse the target as a CN
-		cn, parseErr := instance.ParseConnName(record)
+		cn, parseErr := instance.ParseConnNameWithDomainName(record, domainName)
 		if parseErr != nil {
 			perr = fmt.Errorf("unable to parse TXT for %q -> %q : %v", domainName, record, parseErr)
 			continue

internal/cloudsql/resolver_test.go

@@ -36,7 +36,7 @@ func (r *fakeResolver) LookupTXT(_ context.Context, name string) (addrs []string
 }
 
 func TestDNSInstanceNameResolver_Lookup_Success_TxtRecord(t *testing.T) {
-	want, _ := instance.ParseConnName("my-project:my-region:my-instance")
+	want, _ := instance.ParseConnNameWithDomainName("my-project:my-region:my-instance", "db.example.com")
 
 	r := DNSInstanceConnectionNameResolver{
 		dnsResolver: &fakeResolver{