search

aio-libs / aiopg

aiopg is a library for accessing a PostgreSQL database from the asyncio
http://aiopg.readthedocs.io
BSD 2-Clause "Simplified" License
1.39k stars 159 forks source link

Allow just-in-time compution of credentials for new connections in a pool #903

Open moretea opened 11 months ago

moretea commented 11 months ago

Is your feature request related to a problem?

I'd like to use procastinate in my Django project, mainly because of it's awesome name ;).

I'm deploying my application on AWS, and would like to enable automatic secrets management for the RDS database that I'm using there. This implies that the database credentials can (and will) be rotated out, and that one should fetch fresh database credentials that have the newly applied password.

Currently, it is not possible to implement this using an aiopg pool; as far as I can see, new connections to the database are made here:

https://github.com/aio-libs/aiopg/blob/7b01833100b83f65ba64a5ba877eabc369242b8b/aiopg/pool.py#L336-L343

Describe the solution you'd like

Would aiopg be open to add an additional callback to provide a way to override the values in self._dsn and self._conn_kwargs?

I have noticed that a callback exists that is invoked after a connection is made: https://github.com/aio-libs/aiopg/blob/7b01833100b83f65ba64a5ba877eabc369242b8b/aiopg/pool.py#L345-L346

I would propose to implement this using the following code, and add the callback to the constructor of the pool, like is done for on_connect.

                if self._before_connect is not None:
                    conn_dsn, conn_kwargs = await self._before_connect(self._dsn, self._conn_kwargs)
                else:
                    conn_dsn = self._dsn
                    conn_kwargs = self._conn_kwargs
                conn = await connect(
                    conn_dsn,
                    timeout=self._timeout,
                    enable_json=self._enable_json,
                    enable_hstore=self._enable_hstore,
                    enable_uuid=self._enable_uuid,
                    echo=self._echo,
                    **conn_kwargs,
                )
                if self._on_connect is not None:
                    await self._on_connect(conn)

I'm not an expert on python async programming, but would be willing to implement this, if you think this has a chance of being merged.

Describe alternatives you've considered

I have disabled password rotation for now, so I am not blocked.

I looked at the synchronous pathways in procrastinate. I'm able to subclass a connector, and override the function which creates a database connection. I'd rather not do that with the Pool class, the _fill_free_pool function does way more than just establishing a connection.

Al alternative could be to extract the following lines into a def _create_connection(dsn, timeout, enable_json, ....), and to subclass the Pool, and override this helper function. Please correct me if I'm wrong, but after browsing through the source code, I have the feeling that this project prefers composition over using inheritance. https://github.com/aio-libs/aiopg/blob/7b01833100b83f65ba64a5ba877eabc369242b8b/aiopg/pool.py#L336-L344

Additional context

No response

Code of Conduct