refactor: Use new ConnectSettings.DnsNames field to validate the server TLS certificate.

Author: hessjcg

.idea/.gitignore

@@ -157,8 +157,17 @@ async def _get_metadata(
         # Note that we have to check for PSC enablement also because CAS
         # instances also set the dnsName field.
         # Remove trailing period from DNS name. Required for SSL in Python
-        dns_name = ret_dict.get("dnsName", "").rstrip(".")
-        if dns_name and ret_dict.get("pscEnabled"):
+        if ret_dict.get("pscEnabled"):
+            psc_dns_names = [
+                d["name"]
+                for d in ret_dict.get("dnsNames", [])
+                if d["connectionType"] == "PRIVATE_SERVICE_CONNECT" and d["dnsScope"] == "INSTANCE"]
+
+            dns_name = psc_dns_names[0] if psc_dns_names else None
+
+            if dns_name is None:
+                dns_name = ret_dict.get("dnsName", "").rstrip(".")
+
             ip_addresses["PSC"] = dns_name
 
         return {

.idea/google-java-format.xml

@@ -256,6 +256,11 @@ async def connect_settings(self, request: Any) -> web.Response:
                 "expirationTime": str(self.cert_expiration),
             },
             "dnsName": "abcde.12345.us-central1.sql.goog",
+            "dnsNames":[{
+                "name":"abcde.12345.us-central1.sql.goog",
+                "connectionType":"PRIVATE_SERVICE_CONNECT",
+                "dnsScope":"INSTANCE",
+            }],
             "pscEnabled": self.psc_enabled,
             "ipAddresses": ip_addrs,
             "region": self.region,