HikariCP icon indicating copy to clipboard operation
HikariCP copied to clipboard

Published 20 hours ago verified publisher icon brettwooldridge

Rotate password only when exception is thrown

Open salerak opened this issue 4 years ago • 2 comments

Environment

HikariCP version: 2.7.9
JDK version     : 1.8.0_172
Database        : AWS PostgreSQL RDS
Driver version  : x.x.x

⚠️ Please verify that your issue still occurs on the latest version of HikariCP before reporting.

Have you searched the CLOSED issues already? How about checking stackoverflow?

We currently use AWS RDS with Secret Manager for password rotation with Spring Boot 2.x.x. I've seen https://github.com/brettwooldridge/HikariCP/issues/1350 and https://github.com/brettwooldridge/HikariCP/issues/1363.

In my situation, we are able to initially create a datasource and successfully start the application. However upon rotating the password the database would fail as expected and would give an error such as

2019-09-17 23:28:25,169 [HikariPool-1 connection adder] ERROR org.postgresql.Driver - Connection error: org.postgresql.util.PSQLException: FATAL: password authentication failed for user "application_user_clone" at org.postgresql.Driver$ConnectThread.getResult(Driver.java:401) at org.postgresql.Driver.connect(Driver.java:259) at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:117) at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:123) at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:365) at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:194) at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:460) at com.zaxxer.hikari.pool.HikariPool.access$100(HikariPool.java:71) at com.zaxxer.hikari.pool.HikariPool$PoolEntryCreator.call(HikariPool.java:699) at com.zaxxer.hikari.pool.HikariPool$PoolEntryCreator.call(HikariPool.java:685) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)

Is there any way I can try to catch this error in my application that is using HikariCP so that password rotation will only happen when this error happens, because according to the stack trace it thrown by a thread that HikariCP bubbles up.

Thanks

salerak avatar Sep 19 '19 14:09 salerak

@salerak Did you figure out a solution ? I am running into exact same issue

bagavp avatar Aug 17 '21 08:08 bagavp

@bagavp My team decided to not do password rotation at the moment and to try and find alternatives . I was never able to get a solution for this problem still hoping @brettwooldridge can give some information if a feature to allow password rotation is in the works.

salerak avatar Dec 05 '21 13:12 salerak

Hi, i have the same issue like that and still can not catch the PSQLException. Can you share the alternative solution or how to catch that exception? Many thanks !

QuocBaoBuiNguyen avatar Nov 10 '23 08:11 QuocBaoBuiNguyen

You might create your own DataSource implementation that wraps or subclasses the target implementation and implements the getConnection to catch the relevant exception. Then you can point HikariCP at your DataSource class.

HikariCP is unlikely to ever support your use case directly.

lfbayer avatar Nov 16 '23 16:11 lfbayer