Merge pull request GoogleCloudPlatform#3008 from jasonvigil/fix-sqlin…

…stance-periodics

fix: Fix SQLInstance authorizednetworks periodic

pkg/controller/direct/sql/sqlinstance_defaults.go

@@ -15,6 +15,8 @@
 package sql
 
 import (
+	"strings"
+
 	krm "github.com/GoogleCloudPlatform/k8s-config-connector/apis/sql/v1beta1"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct"
 	api "google.golang.org/api/sqladmin/v1beta4"
@@ -60,9 +62,30 @@ func ApplySQLInstanceGCPDefaults(in *krm.SQLInstance, out *api.DatabaseInstance,
 	if in.Spec.Settings.IpConfiguration == nil {
 		// GCP default IpConfiguration.
 		out.Settings.IpConfiguration = &api.IpConfiguration{
-			Ipv4Enabled:  true,
-			ServerCaMode: "GOOGLE_MANAGED_INTERNAL_CA",
-			SslMode:      "ALLOW_UNENCRYPTED_AND_ENCRYPTED",
+			Ipv4Enabled: true,
+			SslMode:     "ALLOW_UNENCRYPTED_AND_ENCRYPTED",
+		}
+	}
+	if in.Spec.Settings.IpConfiguration != nil {
+		if in.Spec.Settings.IpConfiguration.Ipv4Enabled == nil {
+			// GCP default IpConfiguration.Ipv4Enabled is true.
+			out.Settings.IpConfiguration.Ipv4Enabled = true
+		}
+		if in.Spec.Settings.IpConfiguration.SslMode == nil {
+			if out.Settings.IpConfiguration.RequireSsl {
+				if strings.HasPrefix(out.DatabaseVersion, "MYSQL") || strings.HasPrefix(out.DatabaseVersion, "POSTGRES") {
+					// If RequireSsl is true, and db version is MySQL or Postgres,
+					// GCP default SslMode is TRUSTED_CLIENT_CERTIFICATE_REQUIRED.
+					out.Settings.IpConfiguration.SslMode = "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
+				} else {
+					// Otherwise, if RequireSsl is true and db version is SQLSERVER,
+					// GCP default SslMode is ENCRYPTED_ONLY.
+					out.Settings.IpConfiguration.SslMode = "ENCRYPTED_ONLY"
+				}
+			} else {
+				// If RequireSsl is false, GCP default IpConfiguration.SslMode is ALLOW_UNENCRYPTED_AND_ENCRYPTED.
+				out.Settings.IpConfiguration.SslMode = "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
+			}
 		}
 	}
 	if in.Spec.Settings.PricingPlan == nil {

pkg/controller/direct/sql/sqlinstance_equality.go

@@ -16,6 +16,7 @@ package sql
 
 import (
 	"reflect"
+	"sort"
 
 	api "google.golang.org/api/sqladmin/v1beta4"
 )
@@ -477,10 +478,22 @@ func IpConfigurationsMatch(desired *api.IpConfiguration, actual *api.IpConfigura
 	return true
 }
 
+// AclEntriesByName implements sort.Interface for []*api.AclEntry based on the Name field.
+type AclEntriesByName []*api.AclEntry
+
+func (a AclEntriesByName) Len() int           { return len(a) }
+func (a AclEntriesByName) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+func (a AclEntriesByName) Less(i, j int) bool { return a[i].Name < a[j].Name }
+
 func AclEntryListsMatch(desired []*api.AclEntry, actual []*api.AclEntry) bool {
 	if len(desired) != len(actual) {
 		return false
 	}
+	// We mustiterate over the AclEntry lists in sorted order,
+	// so that the comparison is deterministic.
+	sort.Sort(AclEntriesByName(desired))
+	sort.Sort(AclEntriesByName(actual))
+	// Compare the AclEntry lists.
 	for i := 0; i < len(desired); i++ {
 		if !AclEntriesMatch(desired[i], actual[i]) {
 			return false

pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-activationpolicy-direct/_http.log

@@ -46,7 +46,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",
@@ -406,7 +405,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",

pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-auditconfig-direct/_http.log

@@ -186,7 +186,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",
@@ -590,7 +589,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",

pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-authorizednetworks-direct/_http.log

@@ -52,7 +52,9 @@ User-Agent: kcc/controller-manager
           "name": "all",
           "value": "0.0.0.0/0"
         }
-      ]
+      ],
+      "ipv4Enabled": true,
+      "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",
     "locationPreference": {
@@ -409,7 +411,9 @@ User-Agent: kcc/controller-manager
           "name": "my-network",
           "value": "1.2.3.0/24"
         }
-      ]
+      ],
+      "ipv4Enabled": true,
+      "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",
     "locationPreference": {

pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-backupconfiguration-binarylog-direct/_http.log

@@ -59,7 +59,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",
@@ -604,7 +603,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",

pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-backupconfiguration-pitr-direct/_http.log

@@ -59,7 +59,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",
@@ -428,7 +427,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",

pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-clone-minimal-direct/_http.log

@@ -51,7 +51,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",

pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-connectorenforcement-direct/_http.log

@@ -46,7 +46,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",
@@ -406,7 +405,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",

pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-databaseflags-direct/_http.log

@@ -52,7 +52,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",
@@ -434,7 +433,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",

pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-datacacheconfig-direct/_http.log

@@ -49,7 +49,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",
@@ -595,7 +594,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE_PLUS",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",

pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-deletionprotection-direct/_http.log

@@ -47,7 +47,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",
@@ -408,7 +407,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",

pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-denymaintenanceperiod-direct/_http.log

@@ -53,7 +53,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",
@@ -434,7 +433,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",

pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-encryptionkey-direct/_http.log

@@ -1074,7 +1074,8 @@ User-Agent: kcc/controller-manager
     "ipConfiguration": {
       "ipv4Enabled": false,
       "privateNetwork": "projects/${projectId}/global/networks/computenetwork-${uniqueId}",
-      "requireSsl": true
+      "requireSsl": true,
+      "sslMode": "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
     },
     "kind": "sql#settings",
     "locationPreference": {
@@ -1505,7 +1506,8 @@ User-Agent: kcc/controller-manager
     "ipConfiguration": {
       "ipv4Enabled": false,
       "privateNetwork": "projects/${projectId}/global/networks/computenetwork-${uniqueId}",
-      "requireSsl": true
+      "requireSsl": true,
+      "sslMode": "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
     },
     "kind": "sql#settings",
     "locationPreference": {

pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-insightsconfig-direct/_http.log

@@ -53,7 +53,6 @@ User-Agent: kcc/controller-manager
     },
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",
@@ -428,7 +427,6 @@ User-Agent: kcc/controller-manager
     },
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",

pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-locationpreference-direct/_http.log

@@ -46,7 +46,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",
@@ -392,7 +391,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",

pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-maintenancewindow-direct/_http.log

@@ -46,7 +46,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",
@@ -424,7 +423,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",

pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-multithreading-direct/_http.log

@@ -50,7 +50,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",
@@ -485,7 +484,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",

pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-mysql-direct/_http.log

@@ -47,7 +47,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",
@@ -584,7 +583,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",

pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-mysql-minimal-direct/_http.log

@@ -46,7 +46,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",
@@ -810,7 +809,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",

pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-passwordvalidationpolicy-direct/_http.log

@@ -46,7 +46,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",
@@ -415,7 +414,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",

pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-postgres-minimal-direct/_http.log

@@ -46,7 +46,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",
@@ -576,7 +575,6 @@ User-Agent: kcc/controller-manager
     "edition": "ENTERPRISE",
     "ipConfiguration": {
       "ipv4Enabled": true,
-      "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA",
       "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     },
     "kind": "sql#settings",