Skip to content

fix: unwrap nested exceptions when checking for login exceptions #1111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
aaron-congo merged 1 commit into from
Sep 6, 2024
Merged

fix: unwrap nested exceptions when checking for login exceptions #1111

aaron-congo merged 1 commit into from
Sep 6, 2024

Conversation

@aaron-congo
Copy link
Contributor

@aaron-congo aaron-congo commented Sep 5, 2024
edited
Loading

Summary

fix: unwrap nested exceptions when checking for login exceptions

Description

  • fixes The AwsSecretsManagerConnectionPlugin.java still use old password from AWS DB secret after rotatation #1081
    • when the secrets manager secret is rotated, the MySQL driver throws a nested exception where the outer exception does not indicate a login exception but the inner exception does. Prior to these changes, our driver incorrectly concluded that this was not a login exception and threw the exception. With these changes, our driver recognizes it as a login exception and re-fetches the rotated secret, allowing the connection to be retrieved.
  • note that this fix was made in the old aws mysql driver repo but has not been ported over yet (see here)

Additional Reviewers

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions
Copy link

github-actions bot commented Sep 5, 2024
edited
Loading

Qodana Community for JVM

It seems all right 👌

No new problems were found according to the checks applied

💡 Qodana analysis was run in the pull request mode: only the changed files were checked

View the detailed Qodana report

To be able to view the detailed Qodana report, you can either:

  1. Register at Qodana Cloud and configure the action
  2. Use GitHub Code Scanning with Qodana
  3. Host Qodana report at GitHub Pages
  4. Inspect and use qodana.sarif.json (see the Qodana SARIF format for details)

To get *.log files or any other Qodana artifacts, run the action with upload-result option set to true,
so that the action will upload the files as the job artifacts:

      - name: 'Qodana Scan'
        uses: JetBrains/[email protected]
        with:
          upload-result: true
Contact Qodana team

Contact us at [email protected]

aaronchung-bitquill
aaronchung-bitquill reviewed Sep 5, 2024
View reviewed changes
wrapper/src/main/java/software/amazon/jdbc/exceptions/AbstractPgExceptionHandler.java
}

if (isLoginException(sqlState)) {
return true;
Copy link
Contributor

@aaronchung-bitquill aaronchung-bitquill Sep 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Super tiny nitpick:
I think the above could be simplified like this. Not sure if its less readable now though due to the longer condition.

      if (exception instanceof SQLException 
          && isLoginException(((SQLException) exception).getSQLState())) {
        return true;
      }

What do you think?

Copy link
Contributor Author

@aaron-congo aaron-congo Sep 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I wasn't sure which of these two was preferable, I'm fine with either one

Copy link
Contributor

@aaronchung-bitquill aaronchung-bitquill Sep 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, same here. Im fine with either one.
I'll slap an approval on it :P

@aaron-congo aaron-congo merged commit 28204bc into main Sep 6, 2024
@aaron-congo aaron-congo deleted the issue-1081 branch September 6, 2024 16:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sergiyvamz sergiyvamz sergiyvamz approved these changes

@aaronchung-bitquill aaronchung-bitquill aaronchung-bitquill approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

The AwsSecretsManagerConnectionPlugin.java still use old password from AWS DB secret after rotatation

3 participants

@aaron-congo @sergiyvamz @aaronchung-bitquill