Skip to content

Commit

Permalink
fix: retry connection once in pgproxy to support credential rotations…
Browse files Browse the repository at this point in the history
… in the DSN function (#3495)

Supports use cases where we fetch credentials from a secrets manager
where they are rotated regularly
  • Loading branch information
jvmakine authored Nov 25, 2024
1 parent 8b8d8ee commit c5e653b
Showing 1 changed file with 14 additions and 9 deletions.
23 changes: 14 additions & 9 deletions internal/pgproxy/pgproxy.go
Original file line number Diff line number Diff line change
Expand Up @@ -93,16 +93,16 @@ func HandleConnection(ctx context.Context, conn net.Conn, connectionFn DSNConstr
logger.Debugf("startup message: %+v", startup)
logger.Debugf("backend connected: %s", conn.RemoteAddr())

dsn, err := connectionFn(ctx, startup.Parameters)
frontend, err := connectFrontend(ctx, connectionFn, startup)
if err != nil {
handleBackendError(ctx, backend, err)
return
}
// try again, in case there was a credential rotation
logger.Warnf("failed to connect frontend: %s, trying again", err)

frontend, err := connectFrontend(ctx, dsn)
if err != nil {
handleBackendError(ctx, backend, err)
return
frontend, err = connectFrontend(ctx, connectionFn, startup)
if err != nil {
handleBackendError(ctx, backend, err)
return
}
}
logger.Debugf("frontend connected")

Expand Down Expand Up @@ -171,7 +171,12 @@ func connectBackend(ctx context.Context, conn net.Conn) (*pgproto3.Backend, *pgp
}
}

func connectFrontend(ctx context.Context, dsn string) (*pgproto3.Frontend, error) {
func connectFrontend(ctx context.Context, connectionFn DSNConstructor, startup *pgproto3.StartupMessage) (*pgproto3.Frontend, error) {
dsn, err := connectionFn(ctx, startup.Parameters)
if err != nil {
return nil, fmt.Errorf("failed to construct dsn: %w", err)
}

conn, err := pgconn.Connect(ctx, dsn)
if err != nil {
return nil, fmt.Errorf("failed to connect to backend: %w", err)
Expand Down

0 comments on commit c5e653b

Please sign in to comment.