After 15 mins once my application is started, getting Access Denied to user <> : Using password YES
Connector JAR used: org.mariadb:r2dbc-mariadb:1.1.2
I understand this is an open feature request: https://github.com/mariadb-corporation/mariadb-connector-r2dbc/issues/31
But we already have reactive apps running in on-prem using R2DBC for database calls. Now the ask is to move to AWS and use RDS aurora mysql cluster to connect to database using mariadb client jars. For JDBC this isn't a problem because it is supported in mariadb-java-client but not supported for r2dbc-mariadb.
So I ended up writing custom code to make this work.
The following bean takes care of generating database password:
@Bean
public String databasePassword(RdsUtilities rdsUtilities, GenerateAuthenticationTokenRequest tokenRequest) {
return rdsUtilities.generateAuthenticationToken(tokenRequest);
}
The generated password is injected into the following bean :
@Bean(name = "mariadbConnectionConfiguration")
public MariadbConnectionConfiguration mariadbConnectionConfigurationLvdi(String databasePassword) {
File file = new File(this.getClass().getClassLoader().getResource("aws-rds/global-bundle.pem").getFile());
return MariadbConnectionConfiguration.builder()
.host(hostname)
.port(port)
.username(username)
.password(databasePassword)
.database(database)
.serverSslCert(file.getAbsolutePath())
.sslMode(SslMode.VERIFY_CA)
.build();
}
Using webidentity token, this password is generated and this works fine for 15 mins post application is started. Post that, ending up with errors stating "Access denied for user <> (Using password: YES)"
From what I understand, credentials aren't rotated in this code.
- Once application is started and connections are pooled, why does it still try to authenticate ?
- Should I write some custom code to refresh password every 15 mins? Is that a good idea? This means I need to dispose the entire pool and recreate new connections resulting in ongoing transactions getting dropped.
Please advise.
