feat: Implement the instances-metadata flag from Proxy v1.

Fixes #1259

Author: hessjcg

cmd/root.go

@@ -35,6 +35,7 @@ import (
 
 	"contrib.go.opencensus.io/exporter/prometheus"
 	"contrib.go.opencensus.io/exporter/stackdriver"
+	"cloud.google.com/go/compute/metadata"
 	"github.com/GoogleCloudPlatform/cloud-sql-proxy/v2/cloudsql"
 	"github.com/GoogleCloudPlatform/cloud-sql-proxy/v2/internal/healthcheck"
 	"github.com/GoogleCloudPlatform/cloud-sql-proxy/v2/internal/log"
@@ -598,6 +599,11 @@ status code.`)
 		`If set, the Proxy will skip any instances that are invalid/unreachable (
 only applicable to Unix sockets)`)
 
+	localFlags.StringVar(&c.conf.InstancesMetadata, "instances-metadata", "",
+		`If provided, it is treated as a path to a metadata value which
+contains a comma-separated list of instance connection names.
+Only supported when running on Google Compute Engine.`)
+
 	// Global and per instance flags
 	localFlags.StringVarP(&c.conf.Addr, "address", "a", "127.0.0.1",
 		"(*) Address to bind Cloud SQL instance listeners.")
@@ -644,6 +650,15 @@ func loadConfig(c *Command, args []string, opts []Option) error {
 		o(c)
 	}
 
+	// If instances-metadata is set, fetch instances from GCE metadata.
+	if c.conf.InstancesMetadata != "" {
+		mArgs, err := instanceFromMetadata(c.conf.InstancesMetadata)
+		if err != nil {
+			return err
+		}
+		args = append(args, mArgs...)
+	}
+
 	// Handle logger separately from config
 	if c.conf.StructuredLogs {
 		c.logger = log.NewStructuredLogger(c.conf.Quiet)
@@ -1270,3 +1285,22 @@ func startHTTPServer(ctx context.Context, l cloudsql.Logger, addr string, mux *h
 		l.Errorf("failed to shutdown HTTP server: %v\n", err)
 	}
 }
+
+func instanceFromMetadata(path string) ([]string, error) {
+	if !metadata.OnGCE() {
+		return nil, newBadCommandError("instances-metadata unsupported outside of Google Compute Engine")
+	}
+	val, err := metadata.Get(path)
+	if err != nil {
+		return nil, fmt.Errorf("failed to fetch metadata from %q: %v", path, err)
+	}
+
+	var args []string
+	for _, inst := range strings.Split(val, ",") {
+		inst = strings.TrimSpace(inst)
+		if inst != "" {
+			args = append(args, inst)
+		}
+	}
+	return args, nil
+}

internal/proxy/proxy.go

@@ -208,6 +208,10 @@ type Config struct {
 	// of a request context, e.g., Cloud Run.
 	LazyRefresh bool
 
+	// InstancesMetadata is the GCE metadata path to a value that contains a
+	// comma-separated list of instance connection names.
+	InstancesMetadata string
+
 	// Instances are configuration for individual instances. Instance
 	// configuration takes precedence over global configuration.
 	Instances []InstanceConnConfig

migration-guide.md

@@ -77,6 +77,16 @@ vs
 ./cloud-sql-proxy --unix-socket /cloudsql <INSTANCE_CONNECTION_NAME>
 ```
 
+### Automatic instance discovery from metadata
+
+```shell
+# v1
+./cloud_sql_proxy -dir /cloudsql -instances_metadata=instance/attributes/cloud-sql-instances
+
+# v2
+./cloud-sql-proxy --unix-socket /cloudsql --instances-metadata instance/attributes/cloud-sql-instances
+```
+
 ### Listen on multiple TCP sockets with incrementing ports
 
 ```shell
@@ -155,7 +165,7 @@ The following table lists in alphabetical order v1 flags and their v2 version.
 | fuse_tmp                    | fuse-temp-dir               |                                                                                      |
 | health_check_port           | http-port                   |  Use --http-address=0.0.0.0 when using a health check in Kubernetes                  |
 | host                        | sqladmin-api-endpoint       |                                                                                      |
-| instances_metadata          | 🤔                          | [Feature Request](https://github.com/GoogleCloudPlatform/cloudsql-proxy/issues/1259) |
+| instances_metadata          | instances-metadata          |                                                                                      |
 | ip_address_types            | private-ip                  | Defaults to public. To connect to a private IP, you must add the --private-ip flag   |
 | log_debug_stdout            | ❌                          | v2 logs to stdout, errors to stderr by default                                       |
 | max_connections             | max-connections             |                                                                                      |