search

aws / aws-secretsmanager-jdbc

The AWS Secrets Manager JDBC Library enables Java developers to easily connect to SQL databases using secrets stored in AWS Secrets Manager.
Apache License 2.0
161 stars 77 forks source link

unwrap exception cause to find nested authentication error #114

Closed ankit-joinwal closed 1 year ago

ankit-joinwal commented 2 years ago

Issue #, if available: https://github.com/aws/aws-secretsmanager-jdbc/issues/113

Description of changes: While attempting to connect with database, sometimes the actual exception containing vendor code (1045) that denotes authentication failure is nested in outer exceptions. An example of such case is shown below:

caused by java.sql.SQLTransientConnectionException: ServiceDB - Connection is not available, request timed out after 5000ms.
…g.jooq.impl.ProviderEnabledConnection.prepareStatement(ProviderEnabledConnection.java:109)
…g.jooq.impl.SettingsEnabledConnection.prepareStatement(SettingsEnabledConnection.java:73)
              org.jooq.impl.AbstractResultQuery.prepare(AbstractResultQuery.java:274)
                    org.jooq.impl.AbstractQuery.execute(AbstractQuery.java:338)
                org.jooq.impl.AbstractResultQuery.fetch(AbstractResultQuery.java:354)
            org.jooq.impl.AbstractResultQuery.fetchInto(AbstractResultQuery.java:1550)
                     org.jooq.impl.SelectImpl.fetchInto(SelectImpl.java:3746)
jdk.internal.reflect.GeneratedMethodAccessor219.invoke(Unknown Source)
         graphql.execution.ExecutionStrategy.fetchField(ExecutionStrategy.java:279)
…aphql.execution.ExecutionStrategy.resolveFieldWithInfo(ExecutionStrategy.java:210)
       graphql.execution.AsyncExecutionStrategy.execute(AsyncExecutionStrategy.java:60)
           graphql.execution.Execution.executeOperation(Execution.java:159)
                    graphql.execution.Execution.execute(Execution.java:105)
                                graphql.GraphQL.execute(GraphQL.java:613)
                graphql.GraphQL.parseValidateAndExecute(GraphQL.java:538)
                           graphql.GraphQL.executeAsync(GraphQL.java:502)
jdk.internal.reflect.GeneratedMethodAccessor218.invoke(Unknown Source)
caused by java.sql.SQLNonTransientConnectionException: Communications link failure with primary. No active connection found for master. 
….failover.AbstractMastersListener.throwFailoverMessage(AbstractMastersListener.java:559)
…er.impl.MastersReplicasListener.checkInitialConnection(MastersReplicasListener.java:350)
…over.impl.MastersReplicasListener.initializeConnection(MastersReplicasListener.java:179)
…rg.mariadb.jdbc.internal.failover.FailoverProxy.<init>(FailoverProxy.java:120)
     org.mariadb.jdbc.internal.util.Utils.retrieveProxy(Utils.java:608)
       org.mariadb.jdbc.MariaDbConnection.newConnection(MariaDbConnection.java:150)
                        org.mariadb.jdbc.Driver.connect(Driver.java:89)
caused by java.sql.SQLNonTransientConnectionException: Could not connect to HostAddress{host='xxxxxx.us-west-2.rds.amazonaws.com', port=3306}. (conn=538090) Access denied for user 'xxxxxx'@'xxxxxx' (using password: YES)Current charset is UTF-8. If password has been set using other charset, consider using option 'passwordCharacterEncoding'
…ernal.util.exceptions.ExceptionFactory.createException(ExceptionFactory.java:73)
….jdbc.internal.util.exceptions.ExceptionFactory.create(ExceptionFactory.java:185)
…jdbc.internal.protocol.AbstractConnectProtocol.connect(AbstractConnectProtocol.java:500)
org.mariadb.jdbc.internal.protocol.AuroraProtocol.loop(AuroraProtocol.java:170)
…failover.impl.AuroraListener.reconnectFailedConnection(AuroraListener.java:213)
…over.impl.MastersReplicasListener.initializeConnection(MastersReplicasListener.java:176)
…rg.mariadb.jdbc.internal.failover.FailoverProxy.<init>(FailoverProxy.java:120)
     org.mariadb.jdbc.internal.util.Utils.retrieveProxy(Utils.java:608)
       org.mariadb.jdbc.MariaDbConnection.newConnection(MariaDbConnection.java:150)
                        org.mariadb.jdbc.Driver.connect(Driver.java:89)
caused by java.sql.SQLInvalidAuthorizationSpecException: (conn=538090) Access denied for user 'xxxx'@'xxxx' (using password: YES)Current charset is UTF-8. If password has been set using other charset, consider using option 'passwordCharacterEncoding'
…ernal.util.exceptions.ExceptionFactory.createException(ExceptionFactory.java:66)
….jdbc.internal.util.exceptions.ExceptionFactory.create(ExceptionFactory.java:189)
…protocol.AbstractConnectProtocol.authenticationHandler(AbstractConnectProtocol.java:769)
…rnal.protocol.AbstractConnectProtocol.createConnection(AbstractConnectProtocol.java:555)
…jdbc.internal.protocol.AbstractConnectProtocol.connect(AbstractConnectProtocol.java:498)
org.mariadb.jdbc.internal.protocol.AuroraProtocol.loop(AuroraProtocol.java:170)
…failover.impl.AuroraListener.reconnectFailedConnection(AuroraListener.java:213)
…over.impl.MastersReplicasListener.initializeConnection(MastersReplicasListener.java:176)
…rg.mariadb.jdbc.internal.failover.FailoverProxy.<init>(FailoverProxy.java:120)
     org.mariadb.jdbc.internal.util.Utils.retrieveProxy(Utils.java:608)
       org.mariadb.jdbc.MariaDbConnection.newConnection(MariaDbConnection.java:150)
                        org.mariadb.jdbc.Driver.connect(Driver.java:89)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

ankit-joinwal commented 2 years ago

Local build is failing due to Failed to execute goal org.jacoco:jacoco-maven-plugin:0.8.8:check (default-check) on project aws-secretsmanager-jdbc: The parameters 'rules' for goal org.jacoco:jacoco-maven-plugin:0.8.8:check are missing or invalid -> [Help 1]

Will check the build on PR if it fails there too, then the solution would be to specify code coverage rules like below 

<execution>
  <id>default-check</id>
  <phase>verify</phase>
  <goals>
    <goal>check</goal>
  </goals>
  <configuration>
    <rules>
      <rule>
        <element>PACKAGE</element>
        <limits>
          <limit>
            <counter>LINE</counter>
            <value>COVEREDRATIO</value>
            <minimum>0.6</minimum>
          </limit>
        </limits>
      </rule>
    </rules>
  </configuration>
</execution>
ankit-joinwal commented 2 years ago

@umangnarwal Thanks for the suggestion. But i think there can be cases like this where SQLExceptions can be wrapped in non-SQL exceptions.

ankit-joinwal commented 2 years ago

@willtong1234 , @simonmarty , @jpeddicord hoping to get review on this.

danmancuso commented 1 year ago

Resolved with #136