Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A pool that creates connections from dynamically changing settings #11

Closed
coderfromhere opened this issue Jul 14, 2020 · 6 comments
Closed

A pool that creates connections from dynamically changing settings #11

coderfromhere opened this issue Jul 14, 2020 · 6 comments

Comments

@coderfromhere
Copy link

coderfromhere commented Jul 14, 2020
edited
Loading

Hi, I stumbled upon a case where this is required in secure environments that exchange tokens during a short period of time. For instance, RDS allows AWS IAM tokens to be used as Postgres passwords that would last for 15 minutes.
With Python I could achieve that with a creator method that would take all but password credentials from OS env vars, and the password would be received from AWS API call:

This creation function will be passed to the underlying connection pool and will be used to create all new database connections.

Is there a way to relatively easily encode this behaviour for hasql-pool?
@coderfromhere coderfromhere changed the title A pool that creates connections from dynamically-changing settings A pool that creates connections from dynamically changing settings Jul 14, 2020
@nikita-volkov
Copy link
Owner

I don't think "hasql-pool" will fit your case. Consider explicitly controlling your connections with the "resource-pool" package. You can use the source code of "hasql-pool" as a reference.

Just out of curiosity, is the new token only required for the new connections or you have to reset the already established ones as well?

@coderfromhere
Copy link
Author

coderfromhere commented Jul 14, 2020
edited
Loading

Thanks for the hint. The strategy that I have at hand uses new tokens for newly established connections only.

@nikita-volkov
Copy link
Owner

Okay then definitely go with "resource-pool".

@steve-chavez steve-chavez mentioned this issue Jan 13, 2022
Closed
@avanov avanov mentioned this issue Jun 12, 2022
Closed
@nikita-volkov nikita-volkov reopened this Jun 13, 2022
@nikita-volkov
Copy link
Owner

@avanov suggests to implement this now, since after the move away from resource-pool it seems possible. I'll give it some thought.

I'm a bit preoccupied now and may forget, so feel free to ping me if I don't come back to this issue within a couple of weeks.

In the meantime can you guys describe what API you have in mind for this?

@avanov
Copy link

avanov commented Jun 14, 2022
edited
Loading

Nikita, both accounts belong to me, the one above is workplace-related.

Regarding the API, the simplest could be acquire requiring IO Connection.Settings instead of just Connection.Settings, where IO (or MonadIO) is a means to obtain the password part of the settings. Secure AWS RDS instances use timed tokens as passwords and obtaining them requires a side-effectful action. You can see how the tokens are generated with amazonka here.

nikita-volkov added a commit that referenced this issue Jun 14, 2022
@nikita-volkov
Add support for dynamic connection configuration
84c1b8c 
See #11.
@nikita-volkov
Copy link
Owner

Thanks. It's implemented in 0.7.2 now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@avanov @nikita-volkov @coderfromhere