Add option to use access token for authentication

Author: Abdelkarim Boujida

go.mod

@@ -10,6 +10,7 @@ require (
 	github.com/hashicorp/terraform-plugin-go v0.22.1
 	github.com/hashicorp/terraform-plugin-log v0.9.0
 	golang.org/x/net v0.24.0
+	golang.org/x/oauth2 v0.18.0
 )
 
 require (
@@ -83,7 +84,6 @@ require (
 	golang.org/x/crypto v0.22.0 // indirect
 	golang.org/x/exp v0.0.0-20230809150735-7b3493d9a819 // indirect
 	golang.org/x/mod v0.15.0 // indirect
-	golang.org/x/oauth2 v0.18.0 // indirect
 	golang.org/x/sys v0.19.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.5.0 // indirect

internal/provider/config.go

@@ -12,6 +12,7 @@ import (
 	"cloud.google.com/go/cloudsqlconn/postgres/pgxv4"
 	"github.com/hashicorp/terraform-plugin-log/tflog"
 	"golang.org/x/net/proxy"
+	"golang.org/x/oauth2"
 )
 
 type Config struct {
@@ -79,6 +80,11 @@ func (c *Config) registerDriver(ctx context.Context, cc *ConnectionConfig) error
 
 	options = append(options, cloudsqlconn.WithDefaultDialOptions(dialOptions...))
 
+	if cc.GoogleApiAccessToken.ValueString() != "" {
+		token := &oauth2.Token{AccessToken: cc.GoogleApiAccessToken.ValueString()}
+		options = append(options, cloudsqlconn.WithTokenSource(oauth2.StaticTokenSource(token)))
+	}
+
 	if !cc.Proxy.IsNull() {
 		options = append(options, cloudsqlconn.WithDialFunc(createDialer(cc.Proxy.ValueString(), ctx)))
 	}

internal/provider/provider.go

@@ -34,15 +34,16 @@ type CloudSqlPostgresqlProviderModel struct {
 }
 
 type ConnectionConfig struct {
-	ConnectionName types.String `tfsdk:"connection_name"`
-	Database       types.String `tfsdk:"database"`
-	Username       types.String `tfsdk:"username"`
-	Password       types.String `tfsdk:"password"`
-	Proxy          types.String `tfsdk:"proxy"`
-	PrivateIP      types.Bool   `tfsdk:"private_ip"`
-	PSC            types.Bool   `tfsdk:"psc"`
-	SslMode        types.String `tfsdk:"ssl_mode"`
-	// IAMAuthentication types.Bool   `tfsdk:"iam_authentication"` # Not supporting IAM authentication for now.
+	ConnectionName       types.String `tfsdk:"connection_name"`
+	Database             types.String `tfsdk:"database"`
+	Username             types.String `tfsdk:"username"`
+	Password             types.String `tfsdk:"password"`
+	Proxy                types.String `tfsdk:"proxy"`
+	PrivateIP            types.Bool   `tfsdk:"private_ip"`
+	PSC                  types.Bool   `tfsdk:"psc"`
+	SslMode              types.String `tfsdk:"ssl_mode"`
+	GoogleApiAccessToken types.String `tfsdk:"google_api_access_token"`
+	// IAMAuthentication types.Bool   `tfsdk:"iam_authentication"` # Not supporting IAM authentication on the database for now.
 }
 
 func (p *CloudSqlPostgresqlProvider) Metadata(ctx context.Context, req provider.MetadataRequest, resp *provider.MetadataResponse) {
@@ -177,6 +178,12 @@ func (p *CloudSqlPostgresqlProvider) Configure(ctx context.Context, req provider
 				"The provider cannot create the Cloud SQL Postgresql client as there is an unknown configuration value for the `ssl_mode`")
 		}
 
+		if connectionConfig.GoogleApiAccessToken.IsUnknown() {
+			resp.Diagnostics.AddAttributeError(connectionConfigsPath.AtName("google_api_access_token"),
+				"Unknown Cloud SQL Postgresql google api access token value",
+				"The provider cannot create the Cloud SQL Postgresql client as there is an unknown configuration value for `google_api_access_token`")
+		}
+
 		if resp.Diagnostics.HasError() {
 			return
 		}