Closed coderfromhere closed 2 years ago
nikita-volkov
commented
4 years ago I don't think "hasql-pool" will fit your case. Consider explicitly controlling your connections with the "resource-pool" package. You can use the source code of "hasql-pool" as a reference.
Just out of curiosity, is the new token only required for the new connections or you have to reset the already established ones as well?
coderfromhere
commented
4 years ago Thanks for the hint. The strategy that I have at hand uses new tokens for newly established connections only.
nikita-volkov
commented
4 years ago Okay then definitely go with "resource-pool".
nikita-volkov
commented
2 years ago @avanov suggests to implement this now, since after the move away from resource-pool it seems possible. I'll give it some thought.
I'm a bit preoccupied now and may forget, so feel free to ping me if I don't come back to this issue within a couple of weeks.
In the meantime can you guys describe what API you have in mind for this?
avanov
commented
2 years ago Nikita, both accounts belong to me, the one above is workplace-related.
Regarding the API, the simplest could be acquire requiring IO Connection.Settings instead of just Connection.Settings, where IO (or MonadIO) is a means to obtain the password part of the settings. Secure AWS RDS instances use timed tokens as passwords and obtaining them requires a side-effectful action. You can see how the tokens are generated with amazonka here.
nikita-volkov
commented
2 years ago Thanks. It's implemented in 0.7.2 now.
Hi, I stumbled upon a case where this is required in secure environments that exchange tokens during a short period of time. For instance, RDS allows AWS IAM tokens to be used as Postgres passwords that would last for 15 minutes. With Python I could achieve that with a
creatormethod that would take all but password credentials from OS env vars, and the password would be received from AWS API call:Is there a way to relatively easily encode this behaviour for hasql-pool?