chore: Resolve DNS TXT record to instance name. Part of DNS Config.

Author: hessjcg

src/dns-lookup.ts

@@ -0,0 +1,50 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import dns from 'node:dns';
+import {CloudSQLConnectorError} from './errors';
+
+export async function resolveTxtRecord(name: string): Promise<string> {
+  return new Promise((resolve, reject) => {
+    dns.resolveTxt(name, (err, addresses) => {
+      if (err) {
+        reject(
+          new CloudSQLConnectorError({
+            code: 'EDOMAINNAMELOOKUPERROR',
+            message: 'Error looking up TXT record for domain ' + name,
+            errors: [err],
+          })
+        );
+        return;
+      }
+
+      if (!addresses || addresses.length === 0) {
+        reject(
+          new CloudSQLConnectorError({
+            code: 'EDOMAINNAMELOOKUPFAILED',
+            message: 'No records returned for domain ' + name,
+          })
+        );
+        return;
+      }
+
+      // Each result may be split into multiple strings. Join the strings.
+      const joinedAddresses = addresses.map(strs => strs.join(''));
+      // Sort the results alphabetically for consistency,
+      joinedAddresses.sort((a, b) => a.localeCompare(b));
+      // Return the first result.
+      resolve(joinedAddresses[0]);
+    });
+  });
+}

src/parse-instance-connection-name.ts

@@ -14,6 +14,29 @@
 
 import {InstanceConnectionInfo} from './instance-connection-info';
 import {CloudSQLConnectorError} from './errors';
+import {resolveTxtRecord} from './dns-lookup';
+
+export async function resolveInstanceName(
+  name: string | undefined
+): Promise<InstanceConnectionInfo> {
+  if (!name) {
+    throw new CloudSQLConnectorError({
+      message:
+        'Missing instance connection name, expected: "PROJECT:REGION:INSTANCE"',
+      code: 'ENOCONNECTIONNAME',
+    });
+  } else if (isInstanceConnectionName(name)) {
+    return parseInstanceConnectionName(name);
+  } else if (isValidDomainName(name)) {
+    return await resolveDomainName(name);
+  } else {
+    throw new CloudSQLConnectorError({
+      message:
+        'Malformed Instance connection name, expected an instance connection name in the form "PROJECT:REGION:INSTANCE" or a valid domain name',
+      code: 'EBADCONNECTIONNAME',
+    });
+  }
+}
 
 const connectionNameRegex =
   /^(?<projectId>[^:]+(:[^:]+)?):(?<regionId>[^:]+):(?<instanceId>[^:]+)$/;
@@ -33,6 +56,26 @@ export function isInstanceConnectionName(name: string): boolean {
   return Boolean(matches);
 }
 
+export async function resolveDomainName(
+  name: string
+): Promise<InstanceConnectionInfo> {
+  const icn = await resolveTxtRecord(name);
+  if (!isInstanceConnectionName(icn)) {
+    throw new CloudSQLConnectorError({
+      message:
+        'Malformed instance connection name returned for domain ' +
+        name +
+        ' : ' +
+        icn,
+      code: 'EBADDOMAINCONNECTIONNAME',
+    });
+  }
+
+  const info = parseInstanceConnectionName(icn);
+  info.domainName = name;
+  return info;
+}
+
 export function parseInstanceConnectionName(
   instanceConnectionName: string | undefined
 ): InstanceConnectionInfo {

test/dns-lookup.ts

@@ -0,0 +1,79 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import t from 'tap';
+
+t.test('lookup dns with mock responses', async t => {
+  const {resolveTxtRecord} = t.mockRequire('../src/dns-lookup.ts', {
+    'node:dns': {
+      resolveTxt: (name, callback) => {
+        switch (name) {
+          case 'db.example.com':
+            callback(null, [['my-project:region-1:instance']]);
+            return;
+          case 'multiple.example.com':
+            callback(null, [
+              ['my-project:region-1:instance'],
+              ['another-project:region-1:instance'],
+            ]);
+            return;
+          case 'split.example.com':
+            callback(null, [['my-project:', 'region-1:instance']]);
+            return;
+          case 'empty.example.com':
+            callback(null, []);
+            return;
+          default:
+            callback(new Error('not found'), null);
+            return;
+        }
+      },
+    },
+  });
+
+  t.same(
+    await resolveTxtRecord('db.example.com'),
+    'my-project:region-1:instance',
+    'valid domain name'
+  );
+  t.same(
+    await resolveTxtRecord('split.example.com'),
+    'my-project:region-1:instance',
+    'valid domain name'
+  );
+  t.same(
+    await resolveTxtRecord('multiple.example.com'),
+    'another-project:region-1:instance',
+    'valid domain name'
+  );
+  t.rejects(
+    async () => await resolveTxtRecord('not-found.example.com'),
+    {code: 'EDOMAINNAMELOOKUPERROR'},
+    'should throw type error if an extra item is provided'
+  );
+  t.rejects(
+    async () => await resolveTxtRecord('empty.example.com'),
+    {code: 'EDOMAINNAMELOOKUPFAILED'},
+    'should throw type error if an extra item is provided'
+  );
+});
+
+t.test('lookup dns with real responses', async t => {
+  const {resolveTxtRecord} = t.mockRequire('../src/dns-lookup.ts', {});
+  t.same(
+    await resolveTxtRecord('valid-san-test.csqlconnectortest.com'),
+    'cloud-sql-connector-testing:us-central1:postgres-customer-cas-test',
+    'valid domain name'
+  );
+});

test/parse-instance-connection-name.ts

@@ -18,6 +18,7 @@ import {
   isValidDomainName,
   isInstanceConnectionName,
 } from '../src/parse-instance-connection-name';
+import {CloudSQLConnectorError} from '../src/errors';
 
 t.throws(
   () => parseInstanceConnectionName(undefined),
@@ -92,6 +93,7 @@ t.same(
 );
 
 t.same(isValidDomainName('project.example.com'), true, 'valid domain name');
+t.same(isValidDomainName('project.example.com.'), true, 'valid domain name');
 
 t.same(isValidDomainName('google.com:PROJECT'), false, 'invalid domain name');
 
@@ -106,3 +108,121 @@ t.same(
   false,
   'should validate domain name'
 );
+
+t.test('resolveDomainName Mock DNS', async () => {
+  // mocks crypto module so that it can return a deterministic result
+  // and set a standard, fast static value for cert refresh interval
+  const {resolveDomainName} = t.mockRequire(
+    '../src/parse-instance-connection-name',
+    {
+      '../src/dns-lookup': {
+        resolveTxtRecord: async name => {
+          switch (name) {
+            case 'db.example.com':
+              return 'my-project:region-1:my-instance';
+            case 'bad.example.com':
+              return 'bad-instance-name';
+            default:
+              throw new CloudSQLConnectorError({
+                code: 'EDOMAINNAMELOOKUPERROR',
+                message: 'Error looking up TXT record for domain ' + name,
+              });
+          }
+        },
+      },
+    }
+  );
+
+  t.same(
+    await resolveDomainName('db.example.com'),
+    {
+      projectId: 'my-project',
+      regionId: 'region-1',
+      instanceId: 'my-instance',
+      domainName: 'db.example.com',
+    },
+    'should validate domain name'
+  );
+
+  t.rejects(
+    async () => await resolveDomainName('bad.example.com'),
+    {code: 'EBADDOMAINCONNECTIONNAME'},
+    'should throw type error if an extra item is provided'
+  );
+
+  t.rejects(
+    async () => await resolveDomainName('no-record.example.com'),
+    {code: 'EDOMAINNAMELOOKUPERROR'},
+    'should throw type error if an extra item is provided'
+  );
+});
+
+t.test('resolveInstanceName Mock DNS', async () => {
+  // mocks crypto module so that it can return a deterministic result
+  // and set a standard, fast static value for cert refresh interval
+  const {resolveInstanceName} = t.mockRequire(
+    '../src/parse-instance-connection-name',
+    {
+      '../src/dns-lookup': {
+        resolveTxtRecord: async name => {
+          switch (name) {
+            case 'db.example.com':
+              return 'my-project:region-1:my-instance';
+            case 'bad.example.com':
+              return 'bad-instance-name';
+            default:
+              throw new CloudSQLConnectorError({
+                code: 'EDOMAINNAMELOOKUPERROR',
+                message: 'Error looking up TXT record for domain ' + name,
+              });
+          }
+        },
+      },
+    }
+  );
+
+  t.same(
+    await resolveInstanceName('db.example.com'),
+    {
+      projectId: 'my-project',
+      regionId: 'region-1',
+      instanceId: 'my-instance',
+      domainName: 'db.example.com',
+    },
+    'should use domain name'
+  );
+
+  t.same(
+    await resolveInstanceName('my-project:region-1:my-instance'),
+    {
+      projectId: 'my-project',
+      regionId: 'region-1',
+      instanceId: 'my-instance',
+      domainName: undefined,
+    },
+    'should use instance name'
+  );
+
+  t.rejects(
+    async () => await resolveInstanceName('bad.example.com'),
+    {code: 'EBADDOMAINCONNECTIONNAME'},
+    'should throw type error if an extra item is provided'
+  );
+
+  t.rejects(
+    async () => await resolveInstanceName('no-record.example.com'),
+    {code: 'EDOMAINNAMELOOKUPERROR'},
+    'should throw type error if an extra item is provided'
+  );
+
+  t.rejects(
+    async () => await resolveInstanceName(''),
+    {code: 'ENOCONNECTIONNAME'},
+    'should throw type error if the connection name is empty'
+  );
+  t.rejects(
+    async () => await resolveInstanceName('bad-name'),
+    {code: 'EBADCONNECTIONNAME'},
+    'should throw type error if the connection name is empty'
+  );
+});