Get a fresh database password for every new connection to postgres

CDCgov · May 23, 2024 · 01899f2 · 01899f2
1 parent bd229ac
commit 01899f2
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 10 deletions.
diff --git a/shared/src/main/java/gov/hhs/cdc/trustedintermediary/external/HikariConnectionPool.java b/shared/src/main/java/gov/hhs/cdc/trustedintermediary/external/HikariConnectionPool.java
@@ -47,16 +47,17 @@ static HikariConfig constructHikariConfig() {
 
         HikariConfig config = new HikariDataSource();
 
-        try {
-            String maxLife = ApplicationContext.getProperty("DB_MAX_LIFETIME");
-            if (maxLife != null && !maxLife.isEmpty()) {
-                config.setMaxLifetime(Long.parseLong(maxLife));
-            }
-        } catch (NumberFormatException e) {
-            LOGGER.logInfo("Using Hikari default DB Max Lifetime");
-        }
+        //        try {
+        //            String maxLife = ApplicationContext.getProperty("DB_MAX_LIFETIME");
+        //            if (maxLife != null && !maxLife.isEmpty()) {
+        //                config.setMaxLifetime(Long.parseLong(maxLife));
+        //            }
+        //        } catch (NumberFormatException e) {
+        //            LOGGER.logInfo("Using Hikari default DB Max Lifetime");
+        //        }
 
-        config.setDataSourceClassName("org.postgresql.ds.PGSimpleDataSource");
+        config.setDataSourceClassName(
+                "gov.hhs.cdc.trustedintermediary.external.PasswordChangingPostgresDataSource");
         config.addDataSourceProperty("user", user);
         config.addDataSourceProperty("password", pass);
         config.addDataSourceProperty("serverName", serverName);

diff --git a/...ain/java/gov/hhs/cdc/trustedintermediary/external/PasswordChangingPostgresDataSource.java b/...ain/java/gov/hhs/cdc/trustedintermediary/external/PasswordChangingPostgresDataSource.java
@@ -0,0 +1,36 @@
+package gov.hhs.cdc.trustedintermediary.external;
+
+import gov.hhs.cdc.trustedintermediary.context.ApplicationContext;
+import gov.hhs.cdc.trustedintermediary.wrappers.Logger;
+import gov.hhs.cdc.trustedintermediary.wrappers.database.DatabaseCredentialsProvider;
+import java.sql.Connection;
+import java.sql.SQLException;
+import org.postgresql.ds.PGSimpleDataSource;
+
+public class PasswordChangingPostgresDataSource extends PGSimpleDataSource {
+    @Override
+    public Connection getConnection() throws SQLException {
+        ApplicationContext.getImplementation(Logger.class)
+                .logInfo("Establishing new connection to the database");
+
+        var latestPassword =
+                ApplicationContext.getImplementation(DatabaseCredentialsProvider.class)
+                        .getPassword();
+        this.setPassword(latestPassword);
+
+        return super.getConnection();
+    }
+
+    @Override
+    public Connection getConnection(String username, String password) throws SQLException {
+        ApplicationContext.getImplementation(Logger.class)
+                .logInfo("Establishing new connection to the database with a username");
+
+        var latestPassword =
+                ApplicationContext.getImplementation(DatabaseCredentialsProvider.class)
+                        .getPassword();
+        this.setPassword(latestPassword);
+
+        return super.getConnection(username, latestPassword);
+    }
+}
diff --git a/...java/gov/hhs/cdc/trustedintermediary/external/azure/AzureDatabaseCredentialsProvider.java b/...java/gov/hhs/cdc/trustedintermediary/external/azure/AzureDatabaseCredentialsProvider.java
@@ -26,7 +26,7 @@ public String getPassword() {
 
         // this method is at least called during bootstrapping, so we can't use @Inject
         ApplicationContext.getImplementation(Logger.class)
-                .logInfo("Fetching credentials from Azure");
+                .logInfo("Fetching database credentials from Azure");
 
         return new DefaultAzureCredentialBuilder()
                 .build()