Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

using MySQL autoReconnect=true configuration results in unhandled access denied errors #144

Open
steve-thousand opened this issue Dec 22, 2022 · 1 comment
Open

using MySQL autoReconnect=true configuration results in unhandled access denied errors #144

steve-thousand opened this issue Dec 22, 2022 · 1 comment
Labels
bug Something isn't working

Comments

@steve-thousand
Copy link

Took some time tracking down the root cause, but I was getting com.mysql.cj.exceptions.CJException: Access denied for user while using the secrets manager MySQL driver for MySQL driver 8.0.31. This is a problem because the error handling for the AWSSecretsManagerMySQLDriver expects a SQLException but the CJException is not a SQLException subclass, so these credential issues were not being automatically handled by the driver.

I found that the cause was using the autoReconnect=true JDBC parameter. When using this parameter, the MySQL driver ends up taking a separate code from autoReconnect=false:

java.sql.SQLNonTransientConnectionException: Could not create connection to database server. Attempted reconnect 3 times. Giving up.
	at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:110)
	at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:97)
	at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:89)
	at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:63)
	at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:73)
	at com.mysql.cj.jdbc.ConnectionImpl.connectWithRetries(ConnectionImpl.java:898)
	at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:823)
	at com.mysql.cj.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:448)
	at com.mysql.cj.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:241)
	at com.mysql.cj.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:198)
...
Caused by: com.mysql.cj.exceptions.CJException: Access denied for user 'test_user1671740990998'@'172.17.0.1' (using password: YES)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
	at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:61)
	at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:105)
	at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:151)
	at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:129)
	at com.mysql.cj.protocol.a.NativeProtocol.checkErrorMessage(NativeProtocol.java:848)
	at com.mysql.cj.protocol.a.NativeProtocol.checkErrorMessage(NativeProtocol.java:770)
	at com.mysql.cj.protocol.a.NativeProtocol.checkErrorMessage(NativeProtocol.java:738)
	at com.mysql.cj.protocol.a.NativeProtocol.checkErrorMessage(NativeProtocol.java:155)
	at com.mysql.cj.protocol.a.NativeAuthenticationProvider.proceedHandshakeWithPluggableAuthentication(NativeAuthenticationProvider.java:472)
	at com.mysql.cj.protocol.a.NativeAuthenticationProvider.connect(NativeAuthenticationProvider.java:212)
	at com.mysql.cj.protocol.a.NativeProtocol.connect(NativeProtocol.java:1433)
	at com.mysql.cj.NativeSession.connect(NativeSession.java:133)
	at com.mysql.cj.jdbc.ConnectionImpl.connectWithRetries(ConnectionImpl.java:842)
	... 82 more

When autoReconnect=false, the com.mysql.cj.jdbc.ConnectionImpl.createNewIO method calls com.mysql.cj.jdbc.ConnectionImpl.connectOneTryOnly instead of com.mysql.cj.jdbc.ConnectionImpl.connectWithRetries. The com.mysql.cj.jdbc.ConnectionImpl.connectWithRetries method ends up throwing a SQLNonTransientConnectionException containing a CJException with a vendorCode equal to the expected error code 1045.

So, the immediate fix I've found is to just not use autoReconnect=true, turns out its usage is not recommended by MySQL anyway. But it seems like others have found the error detection to be problematic and the error handling here could be improved to unwrap exceptions and check for CJExceptions as well as SQLExceptions
@steve-thousand steve-thousand added the bug Something isn't working label Dec 22, 2022
@jbct
Copy link

jbct commented Jan 9, 2023

Thanks for the bug report, steve-thousand. We'll track this for a future update.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jbct @steve-thousand