* db: support gcloud postgres IAM auth

Signed-off-by: neo <1100909+neowu@users.noreply.github.com>

Author: neowu

CHANGELOG.md

@@ -9,6 +9,7 @@
 * db: better support PostgreSQL
   > support UUID type
   > support JSONB type, use "?::jsonb" instead of "?" for jsonb query
+  > support gcloud IAM auth
 
 ### 9.2.1 (4/24/2025 - 5/19/2025) !!! only support java 24
 

core-ng/src/main/java/core/framework/db/CloudAuthProvider.java

@@ -1,10 +1,12 @@
 package core.framework.db;
 
+import core.framework.internal.db.Dialect;
+
 /**
  * @author neo
  */
 public interface CloudAuthProvider {
-    String user();
+    String user(Dialect dialect);
 
     String accessToken();
 

core-ng/src/main/java/core/framework/internal/db/DatabaseImpl.java

@@ -90,7 +90,7 @@ private Connection createConnection() {
         }
         if (authProvider != null) {
             // properties are thread safe, it's ok to set user/password with multiple threads
-            driverProperties.setProperty("user", authProvider.user());
+            driverProperties.setProperty("user", authProvider.user(operation.dialect));
             driverProperties.setProperty("password", authProvider.accessToken());
         }
         Connection connection = null;

core-ng/src/main/java/core/framework/internal/db/DatabaseOperation.java

@@ -179,8 +179,11 @@ private <T> List<T> fetch(PreparedStatement statement, RowMapper<T> mapper) thro
         }
     }
 
-    // the LAST_INSERT_ID() function of mysql returns BIGINT, so here it uses Long
+    // MySQL:
+    // the LAST_INSERT_ID() function returns BIGINT, so here it uses Long
     // http://dev.mysql.com/doc/refman/5.7/en/information-functions.html
+    // PostgreSQL:
+    // SERIAL type maps to int type, BIGSERIAL maps to Long
     private OptionalLong fetchGeneratedKey(PreparedStatement statement) throws SQLException {
         try (ResultSet keys = statement.getGeneratedKeys()) {
             if (keys != null && keys.next()) {

core-ng/src/main/java/core/framework/internal/db/cloud/AzureAuthProvider.java

@@ -5,6 +5,7 @@
 import core.framework.http.HTTPMethod;
 import core.framework.http.HTTPRequest;
 import core.framework.http.HTTPResponse;
+import core.framework.internal.db.Dialect;
 import core.framework.util.Files;
 import core.framework.util.Strings;
 
@@ -43,7 +44,7 @@ public AzureAuthProvider(String user) {
     }
 
     @Override
-    public String user() {
+    public String user(Dialect dialect) {
         return user;
     }
 

core-ng/src/main/java/core/framework/internal/db/cloud/GCloudAuthProvider.java

@@ -5,6 +5,8 @@
 import core.framework.http.HTTPMethod;
 import core.framework.http.HTTPRequest;
 import core.framework.http.HTTPResponse;
+import core.framework.internal.db.Dialect;
+import core.framework.util.Strings;
 
 import java.time.Duration;
 
@@ -25,10 +27,10 @@ public final class GCloudAuthProvider implements CloudAuthProvider {
     long expirationTime;
 
     @Override
-    public String user() {
+    public String user(Dialect dialect) {
         // email won't change once pod created
         if (user == null) {
-            user = parseUser(metadata("email"));
+            user = parseUser(dialect, metadata("email"));
         }
         return user;
     }
@@ -48,9 +50,16 @@ public String accessToken() {
         return accessToken;
     }
 
-    private String parseUser(String email) {
-        int index = email.indexOf('@');
-        return email.substring(0, index);
+    // MySQL: strip entire domain
+    // PostgreSQL: strip ".gserviceaccount.com", refer to https://cloud.google.com/sql/docs/postgres/add-manage-iam-users
+    private String parseUser(Dialect dialect, String email) {
+        if (dialect == Dialect.MYSQL) {
+            int index = email.indexOf('@');
+            return email.substring(0, index);
+        } else if (dialect == Dialect.POSTGRESQL && email.endsWith(".gserviceaccount.com")) {
+            return email.substring(0, email.length() - 20);  // remove ".gserviceaccount.com"
+        }
+        throw new Error(Strings.format("unsupported gcloud iam user, dialect={}, email={}", dialect, email));
     }
 
     private String parseAccessToken(String tokenJSON) {

core-ng/src/test/java/core/framework/internal/db/cloud/AzureAuthProviderTest.java

@@ -1,6 +1,7 @@
 package core.framework.internal.db.cloud;
 
 import core.framework.http.HTTPRequest;
+import core.framework.internal.db.Dialect;
 import core.framework.util.Strings;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -24,7 +25,7 @@ void createAzureAuthProvider() {
 
     @Test
     void user() {
-        assertThat(provider.user())
+        assertThat(provider.user(Dialect.MYSQL))
             .isEqualTo("some-service");
     }
 

core-ng/src/test/java/core/framework/internal/db/cloud/GCloudAuthProviderTest.java

@@ -1,5 +1,6 @@
 package core.framework.internal.db.cloud;
 
+import core.framework.internal.db.Dialect;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
@@ -27,11 +28,18 @@ void createCloudAuthProvider() {
 
     @Test
     void user() {
-        assertThat(provider.user())
+        assertThat(provider.user(Dialect.MYSQL))
             .isEqualTo("lab-customer-service")
             .isEqualTo(provider.user);
     }
 
+    @Test
+    void userWithPosgreSQL() {
+        assertThat(provider.user(Dialect.POSTGRESQL))
+            .isEqualTo("lab-customer-service@lab.iam")
+            .isEqualTo(provider.user);
+    }
+
     @Test
     void accessToken() {
         assertThat(provider.accessToken())

core-ng/src/test/java/core/framework/module/DBConfigTest.java

@@ -1,5 +1,6 @@
 package core.framework.module;
 
+import core.framework.internal.db.Dialect;
 import core.framework.internal.db.cloud.AzureAuthProvider;
 import core.framework.internal.db.cloud.GCloudAuthProvider;
 import core.framework.internal.module.ModuleContext;
@@ -35,7 +36,7 @@ void validate() {
     void provider() {
         assertThat(config.provider("iam/azure/some-service"))
             .isInstanceOf(AzureAuthProvider.class)
-            .satisfies(provider -> assertThat(provider.user()).isEqualTo("some-service"));
+            .satisfies(provider -> assertThat(provider.user(Dialect.MYSQL)).isEqualTo("some-service"));
         assertThatThrownBy(() -> config.provider("iam/azure/")).hasMessageStartingWith("invalid azure iam user");
 
         assertThat(config.provider("iam/gcloud")).isInstanceOf(GCloudAuthProvider.class);