add support to get and set db credentials in an atomic operation #2189
+159
−17
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Foulest
added a commit
to Foulest/HikariCP
that referenced
this pull request
May 5, 2024
- Pulled changes from brettwooldridge#2189 brettwooldridge#2180 brettwooldridge#2157 brettwooldridge#2149 brettwooldridge#2147 brettwooldridge#2133 brettwooldridge#2068 brettwooldridge#2065 brettwooldridge#2038 brettwooldridge#2035 brettwooldridge#2031 brettwooldridge#2010 (aside from code found in removed test functions)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request attempts to address points raised in #1442 (comment), #2011 (comment), and #1196 (comment) about rotating both username and password atomically.
Currently, you can call the setUsername and setPassword methods on the MBean or subclass the HikariDataSource to dynamically fetch credentials. Either way this is done presents a (tiny) window where the credentials used to connect may be in flux. In the case of updating via the MBean, a new connection may be created in between the call to setUsername and setPassword. And when subclassing the data source to dynamically provide username and password, the credentials may have changed between PoolBase's call to getUsername and getPassword.
To close these windows, I have introduced a new Credentials pojo that is essentially an immutable pair of username and password and replaced the HikariConfig's username and password fields with an AtomicReference to a Credential. It should be noted that even with these changes, you are still able to individually get and set the username and password, however if you need things to be atomic you should make use of the new API in HikariConfig, getCredentials and setCredentials. PoolBase now makes use of the getCredentials to atomically get the pair. Additionally, there is an extra method on the HikariConfigMXBean to atomically set the pair.