Add flag to specify IP types to use when connecting (GoogleCloudPlatform#174)

* Add user input flag ip_address_type to choose IP address for a given instance

* Add PUBLIC as an alias for PRIMARY, change the IP address type to be uppercase and fix some grammar issues

* Allow users to input multiple IP address types, and add the field IPAddrTypes in RemoteCertSource struct

* Add user input flag ip_address_type to choose IP address for a given instance

* remove additional ipAddressType in const due to the previous wrong Git operations

* Revert "remove additional ipAddressType in const due to the previous wrong Git operations"

This reverts commit b0c37b5.

* Remove ip_address_type from const part

* Add the default value PRIMARY to IPAddrTypeOpts field in struct RemoteOpts

* Extract clientFromCredentials method from common.go to common_open_source.go

* removed clientFromCredentials from common.go

* Add findIpAddr helper function and improve the code based on comments

* Change findIpAddr() to be part of struct RemoteCertSource and fix some format naming issues

Author: mandyh2018

cmd/cloud_sql_proxy/cloud_sql_proxy.go

@@ -83,6 +83,7 @@ can be removed automatically by this program.`)
 	token     = flag.String("token", "", "When set, the proxy uses this Bearer token for authorization.")
 	tokenFile = flag.String("credential_file", "", `If provided, this json file will be used to retrieve Service Account credentials.
 You may set the GOOGLE_APPLICATION_CREDENTIALS environment variable for the same effect.`)
+	ipAddressTypes = flag.String("ip_address_types", "PRIMARY", "Default to be 'PRIMARY'. Options: a list of strings separated by ',', e.g. 'PRIMARY, PRIVATE' ")
 
 	// Set to non-default value when gcloud execution failed.
 	gcloudStatus gcloudStatusCode
@@ -102,7 +103,7 @@ const (
 
 const (
 	minimumRefreshCfgThrottle = time.Second
-
+  
 	port = 3307
 )
 
@@ -183,7 +184,6 @@ Connection:
     When using Unix sockets (the default for systems which support them), the
     Proxy places the sockets in the directory specified by the -dir parameter.
 
-
 Automatic instance discovery:
    If the Google Cloud SQL is installed on the local machine and no instance
    connection flags are specified, the proxy connects to all instances in the
@@ -412,6 +412,9 @@ func main() {
 		log.SetOutput(ioutil.Discard)
 	}
 
+	// Split the input ipAddressTypes to the slice of string
+	ipAddrTypeOptsInput := strings.Split(*ipAddressTypes, ",")
+
 	if *fdRlimit != 0 {
 		if err := limits.SetupFDLimits(*fdRlimit); err != nil {
 			logging.Infof("failed to setup file descriptor limits: %v", err)
@@ -447,7 +450,6 @@ func main() {
 		log.Fatal(err)
 	}
 	instList = append(instList, ins...)
-
 	cfgs, err := CreateInstanceConfigs(*dir, *useFuse, instList, *instanceSrc, client)
 	if err != nil {
 		log.Fatal(err)
@@ -506,6 +508,7 @@ func main() {
 			APIBasePath:  *host,
 			IgnoreRegion: !*checkRegion,
 			UserAgent:    userAgentFromVersionString(),
+			IPAddrTypeOpts:   ipAddrTypeOptsInput,
 		}),
 		Conns:              connset,
 		RefreshCfgThrottle: refreshCfgThrottle,

proxy/certs/certs.go

@@ -26,6 +26,7 @@ import (
 	"math"
 	mrand "math/rand"
 	"net/http"
+	"strings"
 	"time"
 
 	"github.com/GoogleCloudPlatform/cloudsql-proxy/logging"
@@ -64,6 +65,9 @@ type RemoteOpts struct {
 	// A string for the RemoteCertSource to identify itself when contacting the
 	// sqladmin API.
 	UserAgent string
+
+	// IP address type options
+	IPAddrTypeOpts []string
 }
 
 // NewCertSourceOpts returns a CertSource configured with the provided Opts.
@@ -88,7 +92,20 @@ func NewCertSourceOpts(c *http.Client, opts RemoteOpts) *RemoteCertSource {
 		ua = defaultUserAgent
 	}
 	serv.UserAgent = ua
-	return &RemoteCertSource{pkey, serv, !opts.IgnoreRegion}
+
+	// Set default value to be PRIMARY if input opts.IPAddrTypeOpts is empty
+	if len(opts.IPAddrTypeOpts) < 1 {
+		opts.IPAddrTypeOpts = append(opts.IPAddrTypeOpts, "PRIMARY")
+	} else {
+		// Add "PUBLIC" as an alias for "PRIMARY"
+		for index, ipAddressType := range opts.IPAddrTypeOpts {
+			if strings.ToUpper(ipAddressType) == "PUBLIC" {
+				opts.IPAddrTypeOpts[index] = "PRIMARY"
+			}
+		}
+	}
+
+	return &RemoteCertSource{pkey, serv, !opts.IgnoreRegion, opts.IPAddrTypeOpts}
 }
 
 // RemoteCertSource implements a CertSource, using Cloud SQL APIs to
@@ -104,6 +121,8 @@ type RemoteCertSource struct {
 	// treated as an error. This is to provide the same functionality that will
 	// occur when API calls require the region.
 	checkRegion bool
+	// a list of ip address types that users select
+	IPAddrTypes []string
 }
 
 // Constants for backoffAPIRetry. These cause the retry logic to scale the
@@ -185,6 +204,27 @@ func parseCert(pemCert string) (*x509.Certificate, error) {
 	return x509.ParseCertificate(bl.Bytes)
 }
 
+// Find the first matching IP address by user input IP address types
+func (s *RemoteCertSource) findIPAddr(data *sqladmin.DatabaseInstance, instance string) (ipAddrInUse string, err error) {
+	for _, eachIPAddrTypeByUser := range s.IPAddrTypes {
+		for _, eachIPAddrTypeOfInstance := range data.IpAddresses {
+			if strings.ToUpper(eachIPAddrTypeOfInstance.Type) == strings.ToUpper(eachIPAddrTypeByUser) {
+				ipAddrInUse = eachIPAddrTypeOfInstance.IpAddress
+				return ipAddrInUse, nil
+			}
+		}
+	}
+
+	ipAddrTypesOfInstance := ""
+	for _, eachIPAddrTypeOfInstance := range data.IpAddresses {
+		ipAddrTypesOfInstance += fmt.Sprintf("(TYPE=%v, IP_ADDR=%v)", eachIPAddrTypeOfInstance.Type, eachIPAddrTypeOfInstance.IpAddress)
+	}
+
+	ipAddrTypeOfUser := fmt.Sprintf("%v", s.IPAddrTypes)
+
+	return "", fmt.Errorf("User input IP address type %v does not match the instance %v, the instance's IP addresses are %v ", ipAddrTypeOfUser, instance, ipAddrTypesOfInstance)
+}
+
 // Remote returns the specified instance's CA certificate, address, and name.
 func (s *RemoteCertSource) Remote(instance string) (cert *x509.Certificate, addr, name string, err error) {
 	p, region, n := util.SplitName(instance)
@@ -215,9 +255,19 @@ func (s *RemoteCertSource) Remote(instance string) (cert *x509.Certificate, addr
 		logging.Errorf("%v", err)
 		logging.Errorf("WARNING: specifying the correct region in an instance string will become required in a future version!")
 	}
-	if len(data.IpAddresses) == 0 || data.IpAddresses[0].IpAddress == "" {
+
+	if len(data.IpAddresses) == 0 {
 		return nil, "", "", fmt.Errorf("no IP address found for %v", instance)
 	}
+
+	// Find the first matching IP address by user input IP address types
+	ipAddrInUse := ""
+	ipAddrInUse, err = s.findIPAddr(data, instance)
+	if err != nil {
+		return nil, "", "", err
+	}
+
 	c, err := parseCert(data.ServerCaCert.Cert)
-	return c, data.IpAddresses[0].IpAddress, p + ":" + n, err
+
+	return c, ipAddrInUse, p + ":" + n, err
 }