A pool that creates connections from dynamically changing settings

[coderfromhere]

Hi, I stumbled upon a case where this is required in secure environments that exchange tokens during a short period of time. For instance, RDS allows AWS IAM tokens to be used as Postgres passwords that would last for 15 minutes.
With Python I could achieve that with a creator method that would take all but password credentials from OS env vars, and the password would be received from AWS API call:

This creation function will be passed to the underlying connection pool and will be used to create all new database connections.

Is there a way to relatively easily encode this behaviour for hasql-pool?

[nikita-volkov]

I don't think "hasql-pool" will fit your case. Consider explicitly controlling your connections with the "resource-pool" package. You can use the source code of "hasql-pool" as a reference.

Just out of curiosity, is the new token only required for the new connections or you have to reset the already established ones as well?

[coderfromhere]

Thanks for the hint. The strategy that I have at hand uses new tokens for newly established connections only.

[nikita-volkov]

Okay then definitely go with "resource-pool".

[nikita-volkov]

@avanov suggests to implement this now, since after the move away from resource-pool it seems possible. I'll give it some thought.

I'm a bit preoccupied now and may forget, so feel free to ping me if I don't come back to this issue within a couple of weeks.

In the meantime can you guys describe what API you have in mind for this?

[avanov]

Nikita, both accounts belong to me, the one above is workplace-related.

Regarding the API, the simplest could be acquire requiring IO Connection.Settings instead of just Connection.Settings, where IO (or MonadIO) is a means to obtain the password part of the settings. Secure AWS RDS instances use timed tokens as passwords and obtaining them requires a side-effectful action. You can see how the tokens are generated with amazonka here.

[nikita-volkov]

Thanks. It's implemented in 0.7.2 now.