How to ensure Hikari connections are spawn with latest credentials?

Question

I am using IAM credentials for my Spring DataSource to connect to Database. IAM credentials expire in 15 minutes. So the spring.datasource.hikari.maxLifeTime is set to 14 minutes.

However, the service runs properly for only 15 minutes. After that I see "org.postgresql.util.PSQLException: FATAL: PAM authentication failed for user... error.

I suspect this issue is due to the Hikari connections running with outdated credentials.

However, I don't understand why the new Hikari connections, which are created after existing connection timeouts, are not loading the new IAM credentials.

Here is my Datasource:

@Configuration
public class DatabaseConfiguration {

    @Value("${database.url:null}")
    private String dataBaseURL;

    @Value("${database.username:null}")
    private String username;

    @Bean
    @Profile("postgres")
    public DataSource getDataSource() {
        DataSourceBuilder dataSourceBuilder = DataSourceBuilder.create();
        dataSourceBuilder.url(dataBaseURL);
        dataSourceBuilder.username(username);

//        extracting IAM credentials by calling IAM Token generator.
        dataSourceBuilder.password(RdsIamHikariDataSource.getPassword(dataBaseURL, username));
        return dataSourceBuilder.build();
    }
}

Answer 1

Doing a google on the classname leads to this blog post . Assuming you are attempting to follow that (and haven't got it to work). Do the following.

Add the following to your application.properties .

spring.datasource.url=<your-url>
spring.datasource.username=<your-iam-role>
spring.datasource.type=package.of.your.RdsIamHikariDataSource

In your java config remove your DatabaseConfiguration , Spring Boot auto configuration will now take care of creating the proper datasource.