search

GoogleCloudPlatform / cloud-sql-python-connector

A Python library for connecting securely to your Cloud SQL instances.
Apache License 2.0
286 stars 68 forks source link

Recover gracefully from sleep #941

Open enocom opened 11 months ago

enocom commented 11 months ago

Feature Description

When a Connector is running on a machine that goes to sleep for more than 1 hour, when the machine awakes, it will have an expired certificate. Given how TLS 1.3 works, the Connector will not see a failed handshake and will force users to restart the process to fix the problem.

Instead, we should check if the certificate retrieved from the cache is invalid. If it is, we should block on a force refresh attempt until we get a refresh cert.

See https://github.com/GoogleCloudPlatform/cloud-sql-proxy/issues/1788 and https://github.com/GoogleCloudPlatform/cloud-sql-go-connector/pull/686 for details.

This should be ported to AlloyDB Python as well.

jackwotherspoon commented 6 months ago

This is a comment to make sure proper debug logs are added around valid cert check: