I am currently working on integrating IAM DB authentication with my database. Details are as follows:
- Database: AWS RDS Postgres
- Database Mapping: Jooq
- Interface: R2DBC SPI
We maintain a connection pool of 20 connections in our java application. The token provided by AWS STS to be used to authenticate in IAM DB authentication lasts for 15 minutes. The ideal way of handling the updated password would be to update the connection pool configuration's password. But R2DBC pool doesn't provide an API to update the password. The workaround that I implemented for this is to wrap the connection pool object into another class, and schedule another thread that closes the current connection pool and updates the field with another connection pool every 15 minutes.
The problem with this is that I am noticing a lot of active connections to my Db instance (much more than 20). I suspect that the connections in the previous connection pools aren't being closed and are pending and the default keep-alive time is way too high.
The cold looks something like this
this.connectionPool.close().doOnSuccess(pool -> {
// some logging and metric collection here
this.connectionPool = new ConnectionPool(newUpdatedConfiguration);
}).doOnError(err -> {
// some logging and metric collection here
this.connectionPool = new ConnectionPool(newUpdatedConfiguration);
}).subscribe()
My initial guess was that the close() call doesn't essentially close the connection pool entirely. I am a little confused between the close() call and the dispose() call. Please let me know if my confusion has some direction in it.
Other than that, my next thought was that abruptly closing the connection pool might not be the most ideal way of doing things. I should ideally wait for all the connections in the connection pool to first get idle and then close it. Is that the correct thing to do or will it contribute a lot to the latency of replacing the connection pool? Is there a way to do that, Wait for all the connections to become idle?
