Skip to content

Connection proprties are not passed to underlying driver by AWSSecretsManagerDriver #278

New issue
New issue
Open
Open
Connection proprties are not passed to underlying driver by AWSSecretsManagerDriver#278
Labels
bugSomething isn't working
@roytmana

Description

@roytmana
roytmana
opened on Jul 11, 2025

Describe the bug
in AWSSecretsManagerDriver properties that are supposed to be passed to wrapped's driver connect(url, properties); are missing. the issue is in

Properties updatedInfo = new Properties(info); (see code snippet below)

This creates hierarchical (nested) properties that must be iterated using Properties.stringPropertyNames() but I would say most of the drivers including Microsoft SQL Server won't do it they'll use inherited Map methods and will miss all the originally configured (nested) properties

I suspect it was not AWSSecretsManagerDriver developers intention to create nested properties but to create a copy of properties and then set password and overwrite user. but that is not what new Properties(info); does

we would greatly appreciate if it could be fixed ASAP - we need to pass some extra properties to MS SQL driver

    private Connection connectWithSecret(String unwrappedUrl, Properties info, String credentialsSecretId)
            throws SQLException, InterruptedException {
        int retryCount = 0;
        while (retryCount++ <= MAX_RETRY) {
            String secretString = secretCache.getSecretString(credentialsSecretId);
            Properties updatedInfo = new Properties(info);
            try {
                JsonNode jsonObject = mapper.readTree(secretString);
                updatedInfo.setProperty("user", jsonObject.get("username").asText());
                updatedInfo.setProperty("password", jsonObject.get("password").asText());
            } catch (IOException e) {
                // Most likely to occur in the event that the data is not JSON.
                // Or the secret's username and/or password fields have been
                // removed entirely. Either scenario is most often a user error.
                throw new RuntimeException(INVALID_SECRET_STRING_JSON);
            }

            try {
                return getWrappedDriver().connect(unwrappedUrl, updatedInfo);
            } catch (Exception e) {
                if (isExceptionDueToAuthenticationError(e)) {
                    boolean refreshSuccess = this.secretCache.refreshNow(credentialsSecretId);
                    if (!refreshSuccess) {
                        throw(e);
                    }
                }
                else {
                    throw(e);
                }
            }
        }

        // Max retries reached
        throw new SQLException("Connect failed to authenticate: reached max connection retries");
    }

To Reproduce
Steps to reproduce the behavior:

Expected behavior
A description of what you expected to happen.

Environment:
Details about your environment (OS, Java version, AWS SDK version...)

Additional context
Add any other context about the problem here.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions