opentdf · jakedoublev · May 22, 2025 · May 21, 2025 · May 21, 2025 · May 21, 2025
@@ -144,16 +144,27 @@ The database configuration is used to define how the application connects to its
 
 Root level key `db`
 
-| Field          | Description                                   | Default     | Environment Variables |
-| -------------- | --------------------------------------------- | ----------- | --------------------- |
-| `host`         | The host address for the database.            | `localhost` | OPENTDF_DB_HOST       |
-| `port`         | The port number for the database.             | `5432`      | OPENTDF_DB_PORT       |
-| `database`     | The name of the database.                     | `opentdf`   | OPENTDF_DB_DATABASE   |
-| `user`         | The username for the database.                | `postgres`  | OPENTDF_DB_USER       |
-| `password`     | The password for the database.                | `changeme`  | OPENTDF_DB_PASSWORD   |
-| `sslmode`      | The ssl mode for the database                 | `prefer`    | OPENTDF_DB_SSLMODE    |
-| `schema`       | The schema for the database.                  | `opentdf`   | OPENTDF_DB_SCHEMA     |
-| `runMigration` | Whether to run the database migration or not. | `true`      | OPENTDF_DB_RUNMIGRATION |
+| Field                                  | Description                                      | Default     | Environment Variables                           |
+| -------------------------------------- | ------------------------------------------------ | ----------- | ----------------------------------              |
+| `host`                                 | The host address for the database.               | `localhost` | OPENTDF_DB_HOST                                 |
+| `port`                                 | The port number for the database.                | `5432`      | OPENTDF_DB_PORT                                 |
+| `database`                             | The name of the database.                        | `opentdf`   | OPENTDF_DB_DATABASE                             |
+| `user`                                 | The username for the database.                   | `postgres`  | OPENTDF_DB_USER                                 |
+| `password`                             | The password for the database.                   | `changeme`  | OPENTDF_DB_PASSWORD                             |
+| `sslmode`                              | The ssl mode for the database                    | `prefer`    | OPENTDF_DB_SSLMODE                              |
+| `schema`                               | The schema for the database.                     | `opentdf`   | OPENTDF_DB_SCHEMA                               |
+| `runMigration`                         | Whether to run the database migration or not.    | `true`      | OPENTDF_DB_RUNMIGRATION                         |
+| `connect_timeout_seconds`              | Connection timeout duration (seconds).           | `5`         | OPENTDF_DB_CONNECT_TIMEOUT_SECONDS              |
+| `pool`                                 | Pool configuration settings.                     |             |                                                 |
+| `pool.max_connection_count`            | Maximum number of connections per pool.          | `4`         | OPENTDF_DB_POOL_MAX_CONNECTION_COUNT            |
+| `pool.min_connection_count`            | Minimum number of connections per pool.          | `0`         | OPENTDF_DB_POOL_MIN_CONNECTION_COUNT            |
+| `pool.max_connection_lifetime_seconds` | Maximum seconds per connection lifetime.         | `3600`      | OPENTDF_DB_POOL_MAX_CONNECTION_LIFETIME_SECONDS |
+| `pool.min_idle_connections_count`      | Minimum number of idle connections per pool.     | `0`         | OPENTDF_DB_POOL_MIN_IDLE_CONNECTIONS_COUNT      |
+| `pool.max_connection_idle_seconds`     | Maximum seconds allowed for idle connection.     | `1800`      | OPENTDF_DB_POOL_MAX_CONNECTION_IDLE_SECONDS     |
+| `pool.health_check_period_seconds`     | Interval seconds per health check.               | `60`        | OPENTDF_DB_POOL_HEALTH_CHECK_PERIOD_SECONDS     |
+
+
+
 
 Example:
 
@@ -167,6 +178,14 @@ db:
   sslmode: require
   schema: opentdf
   runMigration: false
+  connect_timeout_seconds: 5
+  pool:
+    max_connection_count: 4
+    min_connection_count: 0
+    max_connection_lifetime_seconds: 3600
+    min_idle_connections_count: 0
+    max_connection_idle_seconds: 1800
+    health_check_period_seconds: 60
 ```
 
 ### Tracing Configuration

@@ -8,6 +8,15 @@ logger:
 #   port: 5432
 #   user: postgres
 #   password: changeme
+#   sslmode: prefer
+#   connect_timeout_seconds: 5
+#   pool:
+#     max_connection_count: 4
+#     min_connection_count: 0
+#     min_idle_connections_count: 0
+#     max_connection_lifetime_seconds: 3600
+#     max_connection_idle_seconds: 1800
+#     health_check_period_seconds: 60
 services:
   kas:
     keyring:

@@ -8,6 +8,15 @@ db:
 #   port: 5432
 #   user: postgres
 #   password: changeme
+#   sslmode: prefer
+#   connect_timeout_seconds: 5
+#   pool:
+#     max_connection_count: 4
+#     min_connection_count: 0
+#     min_idle_connections_count: 0
+#     max_connection_lifetime_seconds: 3600
+#     max_connection_idle_seconds: 1800
+#     health_check_period_seconds: 60
 # mode: all
 services:
   kas:

@@ -9,6 +9,7 @@ import (
 	"net"
 	"net/url"
 	"strconv"
+	"time"
 
 	sq "github.com/Masterminds/squirrel"
 	"github.com/jackc/pgx/v5"
@@ -66,18 +67,41 @@ type PgxIface interface {
 	CopyFrom(ctx context.Context, tableName pgx.Identifier, columnNames []string, rowSrc pgx.CopyFromSource) (int64, error)
 }
 
-type Config struct {
-	Host          string `mapstructure:"host" json:"host" default:"localhost"`
-	Port          int    `mapstructure:"port" json:"port" default:"5432"`
-	Database      string `mapstructure:"database" json:"database" default:"opentdf"`
-	User          string `mapstructure:"user" json:"user" default:"postgres"`
-	Password      string `mapstructure:"password" json:"password" default:"changeme"`
-	RunMigrations bool   `mapstructure:"runMigrations" json:"runMigrations" default:"true"`
-	SSLMode       string `mapstructure:"sslmode" json:"sslmode" default:"prefer"`
-	Schema        string `mapstructure:"schema" json:"schema" default:"opentdf"`
+// PoolConfig holds all connection pool related configuration
+type PoolConfig struct {
+	// Maximum amount of connections to keep in the pool.
+	MaxConns int32 `mapstructure:"max_connection_count" json:"maxConnectionsCount" default:"4"`
 
-	VerifyConnection bool      `mapstructure:"verifyConnection" json:"verifyConnection" default:"true"`
+	// Minimum amount of connections to keep in the pool.
+	MinConns int32 `mapstructure:"min_connection_count" json:"minConnectionsCount" default:"0"`
+
+	// Minimum amount of idle connections to keep in the pool.
+	MinIdleConns int32 `mapstructure:"min_idle_connections_count" json:"minIdleConnectionsCount" default:"0"`
+
+	// Maximum amount of time a connection may be reused, in seconds. Default: 3600 seconds (1 hour).
+	MaxConnLifetime int `mapstructure:"max_connection_lifetime_seconds" json:"maxConnectionLifetimeSeconds" default:"3600"`
+
+	// Maximum amount of time a connection may be idle before being closed, in seconds. Default: 1800 seconds (30 minutes).
+	MaxConnIdleTime int `mapstructure:"max_connection_idle_seconds" json:"maxConnectionIdleSeconds" default:"1800"`
+
+	// Period at which the pool will check the health of idle connections, in seconds. Default: 60 seconds (1 minute).
+	HealthCheckPeriod int `mapstructure:"health_check_period_seconds" json:"healthCheckPeriodSeconds" default:"60"`
+}
+
+type Config struct {
+	Host           string     `mapstructure:"host" json:"host" default:"localhost"`
+	Port           int        `mapstructure:"port" json:"port" default:"5432"`
+	Database       string     `mapstructure:"database" json:"database" default:"opentdf"`
+	User           string     `mapstructure:"user" json:"user" default:"postgres"`
+	Password       string     `mapstructure:"password" json:"password" default:"changeme"`
+	SSLMode        string     `mapstructure:"sslmode" json:"sslmode" default:"prefer"`
+	Schema         string     `mapstructure:"schema" json:"schema" default:"opentdf"`
+	ConnectTimeout int        `mapstructure:"connect_timeout_seconds" json:"connectTimeoutSeconds" default:"5"`
+	Pool           PoolConfig `mapstructure:"pool" json:"pool"`
+
+	RunMigrations    bool      `mapstructure:"runMigrations" json:"runMigrations" default:"true"`
 	MigrationsFS     *embed.FS `mapstructure:"-"`
+	VerifyConnection bool      `mapstructure:"verifyConnection" json:"verifyConnection" default:"true"`
 }
 
 func (c Config) LogValue() slog.Value {
@@ -89,6 +113,14 @@ func (c Config) LogValue() slog.Value {
 		slog.String("password", "[REDACTED]"),
 		slog.String("sslmode", c.SSLMode),
 		slog.String("schema", c.Schema),
+		slog.Int("connect_timeout_seconds", c.ConnectTimeout),
+		slog.Group("pool",
+			slog.Int("max_connection_count", int(c.Pool.MaxConns)),
+			slog.Int("min_connection_count", int(c.Pool.MinConns)),
+			slog.Int("max_connection_lifetime_seconds", c.Pool.MaxConnLifetime),
+			slog.Int("max_connection_idle_seconds", c.Pool.MaxConnIdleTime),
+			slog.Int("health_check_period_seconds", c.Pool.HealthCheckPeriod),
+		),
 		slog.Bool("runMigrations", c.RunMigrations),
 		slog.Bool("verifyConnection", c.VerifyConnection),
 	)
@@ -204,6 +236,23 @@ func (c Config) buildConfig() (*pgxpool.Config, error) {
 		return nil, fmt.Errorf("failed to parse pgx config: %w", err)
 	}
 
+	// Apply connection and pool configurations
+	if c.Pool.MaxConns > 0 {
+		parsed.MaxConns = c.Pool.MaxConns
+	}
+	if c.Pool.MinConns > 0 {
+		parsed.MinConns = c.Pool.MinConns
+	}
+	if c.Pool.MinIdleConns > 0 {
+		parsed.MinIdleConns = c.Pool.MinConns
+	}
+	if c.ConnectTimeout > 0 {
+		parsed.ConnConfig.ConnectTimeout = time.Duration(c.ConnectTimeout) * time.Second
+	}
+	parsed.MaxConnLifetime = time.Duration(c.Pool.MaxConnLifetime) * time.Second
+	parsed.MaxConnIdleTime = time.Duration(c.Pool.MaxConnIdleTime) * time.Second
+	parsed.HealthCheckPeriod = time.Duration(c.Pool.HealthCheckPeriod) * time.Second
+
 	// Configure the search_path schema immediately on connection opening
 	parsed.AfterConnect = func(ctx context.Context, conn *pgx.Conn) error {
 		_, err := conn.Exec(ctx, "SET search_path TO "+c.Schema)

@@ -7,7 +7,7 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func Test_BuildConfig(t *testing.T) {
+func Test_BuildConfig_ConnString(t *testing.T) {
 	tests := []struct {
 		config *Config
 		want   string
@@ -43,6 +43,26 @@ func Test_BuildConfig(t *testing.T) {
 			},
 			want: "postgres://postgres:k%21jBwK%40%24gn%40M%21ikpHo8SZ8@localhost:5432/opentdf?sslmode=prefer",
 		},
+		// Pool config should not pollute connection string
+		{
+			config: &Config{
+				Host:     "myhost",
+				Port:     1234,
+				Database: "mydb",
+				User:     "myuser",
+				Password: "mypassword",
+				SSLMode:  "require",
+				Pool: PoolConfig{
+					MinConns:          1,
+					MaxConns:          10,
+					MinIdleConns:      60,
+					MaxConnLifetime:   3600,
+					MaxConnIdleTime:   1800,
+					HealthCheckPeriod: 60,
+				},
+			},
+			want: "postgres://myuser:mypassword@myhost:1234/mydb?sslmode=require",
+		},
 	}
 
 	for _, test := range tests {