.github/blunderbuss.yml

@@ -13,9 +13,9 @@
 # limitations under the License.
 
 assign_issues:
-  - hessjc
+  - hessjcg
   - jackwotherspoon
 
 assign_prs:
-  - hessjc
+  - hessjcg
   - jackwotherspoon

.github/workflows/codeql.yml

@@ -48,24 +48,24 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+      uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       with:
         ref: ${{ github.event.pull_request.head.sha }}
         repository: ${{ github.event.pull_request.head.repo.full_name }}
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
+      uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
       with:
         languages: ${{ matrix.language }}
 
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
     # If this step fails, then you should remove it and run the build manually
     - name: Autobuild
-      uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
+      uses: github/codeql-action/autobuild@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
+      uses: github/codeql-action/analyze@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/labels.yaml

@@ -28,7 +28,7 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - uses: micnncim/action-label-syncer@3abd5ab72fda571e69fffd97bd4e0033dd5f495c # v1.3.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/lint.yaml

@@ -47,7 +47,7 @@ jobs:
               console.log('Failed to remove label. Another job may have already removed it!');
             }
       - name: Checkout code
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Set up JDK 17
         uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
         with:

.github/workflows/scorecard.yml

@@ -35,7 +35,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           persist-credentials: false
 
@@ -65,6 +65,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         with:
           sarif_file: resultsFiltered.sarif

.github/workflows/tests.yml

@@ -60,7 +60,7 @@ jobs:
             console.log('Failed to remove label. Another job may have already removed it!');
           }
     - name: Checkout code
-      uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+      uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       with:
         ref: ${{ github.event.pull_request.head.sha }}
         repository: ${{ github.event.pull_request.head.repo.full_name }}
@@ -73,15 +73,15 @@ jobs:
 
     - id: 'auth'
       name: Authenticate to Google Cloud
-      uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+      uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
       with:
         workload_identity_provider: ${{ secrets.PROVIDER_NAME }}
         service_account: ${{ secrets.SERVICE_ACCOUNT }}
         access_token_lifetime: 600s
 
     - id: 'secrets'
       name: Get secrets
-      uses: google-github-actions/get-secretmanager-secrets@b655b87fa10e527c5c5a3abfd795c6f46e0399b1 # v2.1.1
+      uses: google-github-actions/get-secretmanager-secrets@dc4a1392bad0fd60aee00bb2097e30ef07a1caae # v2.1.3
       with:
         secrets: |-
           MYSQL_CONNECTION_NAME:${{ secrets.GOOGLE_CLOUD_PROJECT }}/MYSQL_CONNECTION_NAME
@@ -181,7 +181,7 @@ jobs:
             console.log('Failed to remove label. Another job may have already removed it!');
           }
     - name: Checkout code
-      uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+      uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       with:
         ref: ${{ github.event.pull_request.head.sha }}
         repository: ${{ github.event.pull_request.head.repo.full_name }}
@@ -194,15 +194,15 @@ jobs:
 
     - id: 'auth'
       name: Authenticate to Google Cloud
-      uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+      uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
       with:
         workload_identity_provider: ${{ secrets.PROVIDER_NAME }}
         service_account: ${{ secrets.SERVICE_ACCOUNT }}
         access_token_lifetime: 600s
 
     - id: 'secrets'
       name: Get secrets
-      uses: google-github-actions/get-secretmanager-secrets@b655b87fa10e527c5c5a3abfd795c6f46e0399b1 # v2.1.1
+      uses: google-github-actions/get-secretmanager-secrets@dc4a1392bad0fd60aee00bb2097e30ef07a1caae # v2.1.3
       with:
         secrets: |-
           MYSQL_CONNECTION_NAME:${{ secrets.GOOGLE_CLOUD_PROJECT }}/MYSQL_CONNECTION_NAME
@@ -297,7 +297,7 @@ jobs:
             console.log('Failed to remove label. Another job may have already removed it!');
           }
     - name: Checkout code
-      uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+      uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       with:
         ref: ${{ github.event.pull_request.head.sha }}
         repository: ${{ github.event.pull_request.head.repo.full_name }}
@@ -312,15 +312,15 @@ jobs:
 
     - id: 'auth'
       name: Authenticate to Google Cloud
-      uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+      uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
       with:
         workload_identity_provider: ${{ secrets.PROVIDER_NAME }}
         service_account: ${{ secrets.SERVICE_ACCOUNT }}
         access_token_lifetime: 600s
 
     - id: 'secrets'
       name: Get secrets
-      uses: google-github-actions/get-secretmanager-secrets@b655b87fa10e527c5c5a3abfd795c6f46e0399b1 # v2.1.1
+      uses: google-github-actions/get-secretmanager-secrets@dc4a1392bad0fd60aee00bb2097e30ef07a1caae # v2.1.3
       with:
         secrets: |-
           MYSQL_CONNECTION_NAME:${{ secrets.GOOGLE_CLOUD_PROJECT }}/MYSQL_CONNECTION_NAME

.kokoro/requirements.txt

@@ -337,9 +337,9 @@ jeepney==0.8.0 \
     # via
     #   keyring
     #   secretstorage
-jinja2==3.1.3 \
-    --hash=sha256:7d6d50dd97d52cbc355597bd845fabfbac3f551e1f99619e39a35ce8c370b5fa \
-    --hash=sha256:ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90
+jinja2==3.1.4 \
+    --hash=sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369 \
+    --hash=sha256:bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d
     # via gcp-releasetool
 keyring==24.3.0 \
     --hash=sha256:4446d35d636e6a10b8bce7caa66913dd9eca5fd222ca03a3d42c38608ac30836 \
@@ -468,9 +468,9 @@ python-dateutil==2.8.2 \
     --hash=sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86 \
     --hash=sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9
     # via gcp-releasetool
-requests==2.31.0 \
-    --hash=sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f \
-    --hash=sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1
+requests==2.32.0 \
+    --hash=sha256:f2c3881dddb70d056c5bd7600a4fae312b2a300e39be6a118d30b90bd27262b5 \
+    --hash=sha256:fa5490319474c82ef1d2c9bc459d3652e3ae4ef4c4ebdd18a21145a47ca4b6b8
     # via
     #   gcp-releasetool
     #   google-api-core

.mvn/wrapper/maven-wrapper.properties

@@ -15,4 +15,4 @@
 # specific language governing permissions and limitations
 # under the License.
 wrapperVersion=3.3.1
-distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.6/apache-maven-3.9.6-bin.zip
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.7/apache-maven-3.9.7-bin.zip

CHANGELOG.md

@@ -1,5 +1,45 @@
 # Changelog
 
+## [1.19.0](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/compare/v1.18.1...v1.19.0) (2024-06-11)
+
+
+### Features
+
+* Add lazy refresh strategy to the connector. Fixes [#992](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/issues/992). ([d84d082](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/d84d0827cbfe733f33309579d8ac8728ef7d63d1))
+* Configure java connector to check CN instance name. Fixes [#1995](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/issues/1995) ([#1996](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/issues/1996)) ([9346117](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/93461176c2426e6a62c15d4b2e101f4283e1e92b))
+
+
+### Bug Fixes
+
+* Add TrustManagerFactory workaround for Conscrypt bug, Fixes [#1983](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/issues/1983). ([#1993](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/issues/1993)) ([0735a91](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/0735a916df2d89250f844b3c617e90564c3a950e))
+* Remove native image flag that breaks GraalVM CE builds, Fixes [#1979](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/issues/1979). ([#1991](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/issues/1991)) ([d14892f](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/d14892fb5dffd872c4ad3a3fe0560a8887fae0fd))
+
+
+### Dependencies
+
+* Update com.google.http-client dependencies to v1.44.2 ([f1b1434](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/f1b1434f60dbeca064380097c3856c2506010872))
+* Update dependency com.google.api-client:google-api-client to v2.5.1 ([fcb20e5](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/fcb20e554166a62cf7c02bedafe4d77ac6a722af))
+* Update dependency com.google.api-client:google-api-client to v2.6.0 ([ab3973c](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/ab3973ce5f50ac1367434aa146feb4c5d842f97d))
+* Update dependency com.google.api:gax to v2.48.1 ([20ea693](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/20ea693a80a7a319f983027fc658a2419efdc6d2))
+* Update dependency com.google.api:gax to v2.49.0 ([f7a4d70](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/f7a4d700502b5438e2b035d1f12226ecebedc4c8))
+* Update dependency com.google.apis:google-api-services-sqladmin to v1beta4-rev20240521-2.0.0 ([33ebcf8](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/33ebcf8a21dc31a542d1cd0c3ca876702866ebd4))
+* Update dependency com.google.auto.value:auto-value-annotations to v1.11.0 ([0d73283](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/0d73283ec9b4fd1482100b6dddc0c867199fd822))
+* Update dependency com.google.cloud:google-cloud-shared-config to v1.8.0 ([e3b7b19](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/e3b7b196f1655ba2606e9a9bdd70f76c7dfd92cf))
+* Update dependency com.google.errorprone:error_prone_annotations to v2.28.0 ([7e94182](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/7e941820b6a3bc87d06572d29bc779ace2cbec96))
+* Update dependency com.google.guava:guava to v33.2.1-android ([712ca24](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/712ca2442c39f090c06e3322a5b3605c6fb7f798))
+* Update dependency com.microsoft.sqlserver:mssql-jdbc to v12.6.2.jre8 ([d1b0f77](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/d1b0f77ba6322ddb66ada356c994b9845a1c25d4))
+* Update dependency kr.motd.maven:os-maven-plugin to v1.7.1 ([94f8436](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/94f843690a0fbbfc3fa59eb576b9316e9ef4eb42))
+* Update dependency maven to v3.9.7 ([81f1b2e](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/81f1b2e9346f4ea54ab84c32eae87a39dd7c043a))
+* Update dependency org.apache.maven.plugins:maven-checkstyle-plugin to v3.4.0 ([3e0cec3](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/3e0cec380bc2f1a71dc7af9250e106af03d35061))
+* Update dependency org.apache.maven.plugins:maven-enforcer-plugin to v3.5.0 ([e790e74](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/e790e7441760d4a859bc2fe0df3068bf9e8b2687))
+* Update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.7.0 ([27389b6](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/27389b674ec0f00821015eb45edf47779be0cab7))
+* Update dependency org.checkerframework:checker-qual to v3.43.0 ([5c37897](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/5c378970b254419bcd4e5af063eb3a000bd9ab39))
+* Update dependency org.checkerframework:checker-qual to v3.44.0 ([69a2f39](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/69a2f3927d8ee9ca2f90a212c34cab63b0706929))
+* Update dependency org.mariadb.jdbc:mariadb-java-client to v3.4.0 ([3796a7c](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/3796a7c6f5bd70b554515122204f5fbc771c6db1))
+* Update dependency org.sonatype.plugins:nexus-staging-maven-plugin to v1.7.0 ([225454c](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/225454c877569b68e3e9a2e76c1e59244dc45ad0))
+* Update native-image.version to v0.10.2 ([dbffbf4](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/dbffbf48c38b25f47b85fa50e4b938ebf88f9357))
+* Update netty and r2dbc dependencies to v4.1.110.Final ([3486e1c](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/commit/3486e1ccfe026e8fddab821b14ced003a0b8f2ac))
+
 ## [1.18.1](https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/compare/v1.18.0...v1.18.1) (2024-05-14)
 
 

core/pom.xml

@@ -23,10 +23,10 @@
   <parent>
     <groupId>com.google.cloud.sql</groupId>
     <artifactId>jdbc-socket-factory-parent</artifactId>
-    <version>1.18.1</version><!-- {x-version-update:jdbc-socket-factory-parent:current} -->
+    <version>1.19.0</version><!-- {x-version-update:jdbc-socket-factory-parent:current} -->
   </parent>
   <artifactId>jdbc-socket-factory-core</artifactId>
-  <version>1.18.1</version><!-- {x-version-update:jdbc-socket-factory-core:current} -->
+  <version>1.19.0</version><!-- {x-version-update:jdbc-socket-factory-core:current} -->
   <packaging>jar</packaging>
 
   <name>Cloud SQL Core Socket Factory (Core Library, don't depend on this directly)</name>
@@ -190,6 +190,11 @@
       <artifactId>bcpkix-jdk15on</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcprov-jdk15on</artifactId>
+      <scope>test</scope>
+    </dependency>
     <!-- Logging -->
     <dependency> 
       <groupId>org.slf4j</groupId>
@@ -229,5 +234,23 @@
       </plugin>
     </plugins>
   </build>
+  <profiles>
+    <profile>
+      <id>google-conscript</id>
+      <dependencies>
+        <dependency>
+          <groupId>org.conscrypt</groupId>
+          <artifactId>conscrypt-openjdk-uber</artifactId>
+          <version>2.5.2</version>
+        </dependency>
+        <dependency>
+          <groupId>org.bouncycastle</groupId>
+          <artifactId>bcpkix-jdk15on</artifactId>
+          <version>1.70</version>
+          <scope>provided</scope>
+        </dependency>
+      </dependencies>
+    </profile>
+  </profiles>
 
 </project>

core/src/main/java/com/google/cloud/sql/core/ConnectionInfo.java

@@ -19,6 +19,7 @@
 import com.google.cloud.sql.IpType;
 import java.time.Instant;
 import java.util.Map;
+import java.util.stream.Collectors;
 import javax.net.ssl.SSLContext;
 
 /** Represents the results of a certificate and metadata refresh operation. */
@@ -51,4 +52,29 @@ Map<IpType, String> getIpAddrs() {
   SslData getSslData() {
     return sslData;
   }
+
+  ConnectionMetadata toConnectionMetadata(
+      ConnectionConfig config, CloudSqlInstanceName instanceName) {
+    String preferredIp = null;
+
+    for (IpType ipType : config.getIpTypes()) {
+      preferredIp = getIpAddrs().get(ipType);
+      if (preferredIp != null) {
+        break;
+      }
+    }
+    if (preferredIp == null) {
+      throw new IllegalArgumentException(
+          String.format(
+              "[%s] Cloud SQL instance  does not have any IP addresses matching preferences (%s)",
+              instanceName.getConnectionName(),
+              config.getIpTypes().stream().map(IpType::toString).collect(Collectors.joining(","))));
+    }
+
+    return new ConnectionMetadata(
+        preferredIp,
+        sslData.getKeyManagerFactory(),
+        sslData.getTrustManagerFactory(),
+        sslData.getSslContext());
+  }
 }

core/src/main/java/com/google/cloud/sql/core/ConnectionInfoCache.java

@@ -0,0 +1,36 @@
+/*
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.cloud.sql.core;
+
+/** ConnectionInfoCache is the contract for a caching strategy for ConnectionInfo. */
+interface ConnectionInfoCache {
+
+  /**
+   * Returns metadata needed to create a connection to the instance.
+   *
+   * @return returns ConnectionMetadata containing the preferred IP and SSL connection data.
+   * @throws IllegalArgumentException If the instance has no IP addresses matching the provided
+   *     preferences.
+   */
+  ConnectionMetadata getConnectionMetadata(long timeoutMs);
+
+  void forceRefresh();
+
+  void refreshIfExpired();
+
+  void close();
+}

core/src/main/java/com/google/cloud/sql/core/ConnectionInfoRepository.java

@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -30,4 +30,10 @@ ListenableFuture<ConnectionInfo> getConnectionInfo(
       AuthType authType,
       ListeningScheduledExecutorService executor,
       ListenableFuture<KeyPair> keyPair);
+
+  ConnectionInfo getConnectionInfoSync(
+      CloudSqlInstanceName instanceName,
+      AccessTokenSupplier accessTokenSupplier,
+      AuthType authType,
+      KeyPair keyPair);
 }