-
Notifications
You must be signed in to change notification settings - Fork 25
Added Support for providing configuration option for supplying password function #157
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Hello, @bhosale thank you so much for your efforts in supporting this. I believe we could utilize Additionally, could you please write a test case for this change? |
PTAL @JohnNiang @mobidick1969 |
Thanks @jchrys for reviewing and providing feedback on the pull request. I have added couple of unit test cases. As I understand the connection is established each time an SQL statement is executed, if we use just |
Establishing a connection involves multiple round-trip operations, which is why many of our users choose to pool connections using r2dbc-pool or similar solutions (and we highly recommend it). I understand your point. I believe it would be more suitable to expose |
Agree, I am also using pool.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a nit
src/main/java/io/asyncer/r2dbc/mysql/MySqlConnectionFactoryProvider.java
Outdated
Show resolved
Hide resolved
src/main/java/io/asyncer/r2dbc/mysql/MySqlConnectionFactory.java
Outdated
Show resolved
Hide resolved
src/main/java/io/asyncer/r2dbc/mysql/MySqlConnectionFactory.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bhosale Thanks a lot!
…rd function (#157) Motivation: Currently r2dbc-mysql does not support IAM based Authentication for authenticating with AWS Aurora RDS database. The way IAM based authentication works is requesting token from AWS RDS for that hostname and username (which is same as AWS IAM Role name). These tokens are valid for 15 minutes, cannot reuse same token after 15 minutes. By adding configuration option for supplying password function, whenever a new connection is made then password is retrieved using supplier function each time. Modification: Modified `MySqlConnectionFactoryProvider` - Added new configurable option. `Option<Publisher<String>> PASSWORD_SUPPLIER = Option.valueOf("passwordSupplier");` Modified `MySqlConnectionConfiguration` - Added the new configuration for Password Supplier function. `Publisher<String> passwordSupplier;` Modified `MySqlConnectionFactory` - Retrieves Password Supplier function from configuration, and then retrieves password each time connection factory is created. Result: Users can provide a supplier function using `PASSWORD_SUPPLIER` option. This function will be used for retrieving password/token each time. ``` public ConnectionFactory writeConnectionFactory(final RdsTokenGenerator rdsTokenGenerator) { return ConnectionFactories.get(ConnectionFactoryOptions.builder() .option(ConnectionFactoryOptions.DRIVER, "mysql") .option(ConnectionFactoryOptions.HOST, "Hostname of AWS Aurora DB instance") .option(ConnectionFactoryOptions.PORT, 3306) .option(ConnectionFactoryOptions.USER, "IAM ROLE Having access to RDS") .option(MySqlConnectionFactoryProvider.PASSWORD_SUPPLIER, rdsTokenGenerator. generateAuthenticationToken()) .build()); } ``` Example of `RdsTokenGenerator` ``` public class RdsTokenGenerator { public Mono<String> generateAuthenticationToken() { return Mono.fromCallable(() -> RdsUtilities.builder() .credentialsProvider(DefaultCredentialsProvider.create()) .region(Region.US_EAST_1) .build(); .generateAuthenticationToken((builder) -> builder .hostname(hostname) .port(port) .username(user) )) .flatMap(token -> LOGGER.info("Retrieved token from RdsUtilities") .then(Mono.just(token))) .subscribeOn(Schedulers.boundedElastic()); } } ```
…rd function (#157) Motivation: Currently r2dbc-mysql does not support IAM based Authentication for authenticating with AWS Aurora RDS database. The way IAM based authentication works is requesting token from AWS RDS for that hostname and username (which is same as AWS IAM Role name). These tokens are valid for 15 minutes, cannot reuse same token after 15 minutes. By adding configuration option for supplying password function, whenever a new connection is made then password is retrieved using supplier function each time. Modification: Modified `MySqlConnectionFactoryProvider` - Added new configurable option. `Option<Publisher<String>> PASSWORD_SUPPLIER = Option.valueOf("passwordSupplier");` Modified `MySqlConnectionConfiguration` - Added the new configuration for Password Supplier function. `Publisher<String> passwordSupplier;` Modified `MySqlConnectionFactory` - Retrieves Password Supplier function from configuration, and then retrieves password each time connection factory is created. Result: Users can provide a supplier function using `PASSWORD_SUPPLIER` option. This function will be used for retrieving password/token each time. ``` public ConnectionFactory writeConnectionFactory(final RdsTokenGenerator rdsTokenGenerator) { return ConnectionFactories.get(ConnectionFactoryOptions.builder() .option(ConnectionFactoryOptions.DRIVER, "mysql") .option(ConnectionFactoryOptions.HOST, "Hostname of AWS Aurora DB instance") .option(ConnectionFactoryOptions.PORT, 3306) .option(ConnectionFactoryOptions.USER, "IAM ROLE Having access to RDS") .option(MySqlConnectionFactoryProvider.PASSWORD_SUPPLIER, rdsTokenGenerator. generateAuthenticationToken()) .build()); } ``` Example of `RdsTokenGenerator` ``` public class RdsTokenGenerator { public Mono<String> generateAuthenticationToken() { return Mono.fromCallable(() -> RdsUtilities.builder() .credentialsProvider(DefaultCredentialsProvider.create()) .region(Region.US_EAST_1) .build(); .generateAuthenticationToken((builder) -> builder .hostname(hostname) .port(port) .username(user) )) .flatMap(token -> LOGGER.info("Retrieved token from RdsUtilities") .then(Mono.just(token))) .subscribeOn(Schedulers.boundedElastic()); } } ```
…rd function (#157) Motivation: Currently r2dbc-mysql does not support IAM based Authentication for authenticating with AWS Aurora RDS database. The way IAM based authentication works is requesting token from AWS RDS for that hostname and username (which is same as AWS IAM Role name). These tokens are valid for 15 minutes, cannot reuse same token after 15 minutes. By adding configuration option for supplying password function, whenever a new connection is made then password is retrieved using supplier function each time. Modification: Modified `MySqlConnectionFactoryProvider` - Added new configurable option. `Option<Publisher<String>> PASSWORD_SUPPLIER = Option.valueOf("passwordSupplier");` Modified `MySqlConnectionConfiguration` - Added the new configuration for Password Supplier function. `Publisher<String> passwordSupplier;` Modified `MySqlConnectionFactory` - Retrieves Password Supplier function from configuration, and then retrieves password each time connection factory is created. Result: Users can provide a supplier function using `PASSWORD_SUPPLIER` option. This function will be used for retrieving password/token each time. ``` public ConnectionFactory writeConnectionFactory(final RdsTokenGenerator rdsTokenGenerator) { return ConnectionFactories.get(ConnectionFactoryOptions.builder() .option(ConnectionFactoryOptions.DRIVER, "mysql") .option(ConnectionFactoryOptions.HOST, "Hostname of AWS Aurora DB instance") .option(ConnectionFactoryOptions.PORT, 3306) .option(ConnectionFactoryOptions.USER, "IAM ROLE Having access to RDS") .option(MySqlConnectionFactoryProvider.PASSWORD_SUPPLIER, rdsTokenGenerator. generateAuthenticationToken()) .build()); } ``` Example of `RdsTokenGenerator` ``` public class RdsTokenGenerator { public Mono<String> generateAuthenticationToken() { return Mono.fromCallable(() -> RdsUtilities.builder() .credentialsProvider(DefaultCredentialsProvider.create()) .region(Region.US_EAST_1) .build(); .generateAuthenticationToken((builder) -> builder .hostname(hostname) .port(port) .username(user) )) .flatMap(token -> LOGGER.info("Retrieved token from RdsUtilities") .then(Mono.just(token))) .subscribeOn(Schedulers.boundedElastic()); } } ```
Motivation:
Currently r2dbc-mysql does not support IAM based Authentication for authenticating with AWS Aurora RDS database. The way IAM based authentication works is requesting token from AWS RDS for that hostname and username (which is same as AWS IAM Role name). These tokens are valid for 15 minutes, cannot reuse same token after 15 minutes.
By adding configuration option for supplying password function, whenever a new connection is made then password is retrieved using supplier function each time.
Modification:
Modified
MySqlConnectionFactoryProvider
- Added new configurable option.Option<Supplier<Mono<String>>> PASSWORD_SUPPLIER = Option.valueOf("passwordSupplier");
Modified
MySqlConnectionConfiguration
- Added the new configuration for Password Supplier function.Supplier<Mono<String>> passwordSupplier;
Modified
MySqlConnectionFactory
- Retrieves Password Supplier function from configuration, and then retrieves password each time connection factory is created.Result:
Users can provide a supplier function using
PASSWORD_SUPPLIER
option. This function will be used for retrieving password/token each time.Example of
RdsTokenGenerator