feat: add support for token-based auth (#1149)

Author: enocom

cmd/root.go

@@ -76,6 +76,11 @@ any client SSL certificates.`,
 		},
 	}
 
+	// Global-only flags
+	cmd.PersistentFlags().StringVarP(&c.conf.Token, "token", "t", "",
+		"Bearer token used for authorization.")
+
+	// Global and per instance flags
 	cmd.PersistentFlags().StringVarP(&c.conf.Addr, "address", "a", "127.0.0.1",
 		"Address on which to bind Cloud SQL instance listeners.")
 	cmd.PersistentFlags().IntVarP(&c.conf.Port, "port", "p", 0,
@@ -173,7 +178,7 @@ func runSignalWrapper(cmd *Command) error {
 	startCh := make(chan *proxy.Client)
 	go func() {
 		defer close(startCh)
-		d, err := cloudsqlconn.NewDialer(ctx)
+		d, err := cloudsqlconn.NewDialer(ctx, cmd.conf.DialerOpts()...)
 		if err != nil {
 			shutdownCh <- fmt.Errorf("error initializing dialer: %v", err)
 			return

cmd/root_test.go

@@ -98,6 +98,20 @@ func TestNewCommandArguments(t *testing.T) {
 				}},
 			}),
 		},
+		{
+			desc: "using the token flag",
+			args: []string{"--token", "MYCOOLTOKEN", "proj:region:inst"},
+			want: withDefaults(&proxy.Config{
+				Token: "MYCOOLTOKEN",
+			}),
+		},
+		{
+			desc: "using the token (short) flag",
+			args: []string{"-t", "MYCOOLTOKEN", "proj:region:inst"},
+			want: withDefaults(&proxy.Config{
+				Token: "MYCOOLTOKEN",
+			}),
+		},
 	}
 
 	for _, tc := range tcs {

internal/proxy/proxy.go

@@ -25,6 +25,7 @@ import (
 
 	"cloud.google.com/go/cloudsqlconn"
 	"github.com/spf13/cobra"
+	"golang.org/x/oauth2"
 )
 
 // InstanceConnConfig holds the configuration for an individual instance
@@ -40,6 +41,9 @@ type InstanceConnConfig struct {
 
 // Config contains all the configuration provided by the caller.
 type Config struct {
+	// Token is the Bearer token used for authorization.
+	Token string
+
 	// Addr is the address on which to bind all instances.
 	Addr string
 
@@ -52,6 +56,16 @@ type Config struct {
 	Instances []InstanceConnConfig
 }
 
+func (c Config) DialerOpts() []cloudsqlconn.Option {
+	var opts []cloudsqlconn.Option
+	if c.Token != "" {
+		opts = append(opts, cloudsqlconn.WithTokenSource(
+			oauth2.StaticTokenSource(&oauth2.Token{AccessToken: c.Token}),
+		))
+	}
+	return opts
+}
+
 // Client represents the state of the current instantiation of the proxy.
 type Client struct {
 	cmd    *cobra.Command

internal/proxy/proxy_test.go

@@ -179,3 +179,30 @@ func TestClientInitialization(t *testing.T) {
 		})
 	}
 }
+
+func TestConfigDialerOpts(t *testing.T) {
+	tcs := []struct {
+		desc    string
+		config  proxy.Config
+		wantLen int
+	}{
+		{
+			desc:    "when there are no options",
+			config:  proxy.Config{},
+			wantLen: 0,
+		},
+		{
+			desc:    "when a token is present",
+			config:  proxy.Config{Token: "my-token"},
+			wantLen: 1,
+		},
+	}
+
+	for _, tc := range tcs {
+		t.Run(tc.desc, func(t *testing.T) {
+			if got := tc.config.DialerOpts(); tc.wantLen != len(got) {
+				t.Errorf("want len = %v, got = %v", tc.wantLen, len(got))
+			}
+		})
+	}
+}