Class: CloudSQLRubyConnector::SQLAdminFetcher

Inherits:

Object

• Object
• CloudSQLRubyConnector::SQLAdminFetcher

Defined in:

lib/cloud_sql_ruby_connector/sqladmin_fetcher.rb

Overview

Fetches instance metadata and ephemeral certificates from Cloud SQL Admin API

Constant Summary

API_VERSION =

"v1beta4"

DEFAULT_ENDPOINT =

"https://sqladmin.googleapis.com"

HTTP_TIMEOUT =

seconds

30

Instance Method Summary

• #fetch_ephemeral_cert(project:, instance:, public_key:, auth_type:) ⇒ Hash

  Fetch an ephemeral certificate for client authentication.

• #fetch_metadata(project:, region:, instance:) ⇒ Hash

  Fetch instance metadata including IP addresses and server CA certificate.

• #initialize(credentials:, api_endpoint: nil) ⇒ SQLAdminFetcher constructor

  A new instance of SQLAdminFetcher.

Constructor Details

#initialize(credentials:, api_endpoint: nil) ⇒ SQLAdminFetcher

Returns a new instance of SQLAdminFetcher.

# File 'lib/cloud_sql_ruby_connector/sqladmin_fetcher.rb', line 28

def initialize(credentials:, api_endpoint: nil)
  @credentials = credentials
  @api_endpoint = api_endpoint || DEFAULT_ENDPOINT
end

Instance Method Details

#fetch_ephemeral_cert(project:, instance:, public_key:, auth_type:) ⇒ Hash

Fetch an ephemeral certificate for client authentication

Parameters:

• project (String) —

  Google Cloud project ID

• instance (String) —

  Cloud SQL instance name

• public_key (String) —

  RSA public key in PEM format

• auth_type (String) —

  Authentication type (PASSWORD or IAM)

Returns:

• (Hash) —

  certificate data with :cert and :expiration

Raises:

• (ConnectionError)

# File 'lib/cloud_sql_ruby_connector/sqladmin_fetcher.rb', line 71

def fetch_ephemeral_cert(project:, instance:, public_key:, auth_type:)
  token = @credentials.access_token(scope: :admin)
  uri = URI("#{@api_endpoint}/sql/#{API_VERSION}/projects/#{project}/instances/#{instance}:generateEphemeralCert")

  body = { "public_key" => public_key }

  # For IAM auth, include the login token
  if auth_type == AuthTypes::IAM
    login_token = @credentials.access_token(scope: :login)
    body["access_token"] = login_token
  end

  response = http_post(uri, token, body)
  data = parse_response(response)

  cert_pem = data.dig("ephemeralCert", "cert")
  raise ConnectionError, "Failed to retrieve ephemeral certificate" if cert_pem.nil?

  cert = OpenSSL::X509::Certificate.new(cert_pem)

  {
    cert: cert_pem,
    expiration: cert.not_after
  }
end

#fetch_metadata(project:, region:, instance:) ⇒ Hash

Fetch instance metadata including IP addresses and server CA certificate

Parameters:

• project (String) —

  Google Cloud project ID

• region (String) —

  Cloud SQL instance region

• instance (String) —

  Cloud SQL instance name

Returns:

• (Hash) —

  instance metadata

Raises:

• (ConfigurationError)

# File 'lib/cloud_sql_ruby_connector/sqladmin_fetcher.rb', line 38

def fetch_metadata(project:, region:, instance:)
  token = @credentials.access_token(scope: :admin)
  uri = URI("#{@api_endpoint}/sql/#{API_VERSION}/projects/#{project}/instances/#{instance}/connectSettings")

  response = http_get(uri, token)
  data = parse_response(response)

  raise ConfigurationError, "Region mismatch: expected #{region}, got #{data["region"]}" if data["region"] != region

  ip_addresses = parse_ip_addresses(
    data["ipAddresses"],
    data["dnsName"],
    data["dnsNames"],
    data["pscEnabled"]
  )

  server_ca_cert = data.dig("serverCaCert", "cert")
  raise ConnectionError, "No valid CA certificate found for instance" if server_ca_cert.nil?

  {
    ip_addresses: ip_addresses,
    server_ca_cert: server_ca_cert,
    database_version: data["databaseVersion"],
    dns_name: data["dnsName"]
  }
end