sqlproxy: improve authentication throttle error #117552
Assignees
Labels
C-enhancement
Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)
T-serverless
Comments
jeffswenson
added
C-enhancement
craig bot
pushed a commit
that referenced
this issue
Jan 10, 2024
117505: roachtest: assign adminui ports dynamically for virtual clusters r=srosenberg,renatolabs a=DarrylWong This was originally removed in #115599 due to #114097 merging, but adminui was reverted in #117141 and mistakenly did not revert the special case for virtual clusters. We unskip the multitenant/distsql tests as well. Release note: None Fixes: #117150 Fixes: #117149 Epic: None 117545: rpc: rm rangefeed RPC stream window special case r=erikgrinaker,miretskiy a=pav-kv The rangefeed stream window size tuning was introduced to mitigate OOM in rangefeeds caused by the excessive number of streams (one per `Range`). Since we now use mux rangefeeds (which multiplexes all the rangefeed traffic into a single stream), this setting is no longer needed, so this commit removes it. Part of #108992 Release note (ops change): `COCKROACH_RANGEFEED_RPC_INITIAL_WINDOW_SIZE` env variable has been removed, and rangefeed connection now uses the same window size as other RPC connections. 117554: sqlproxyccl: improve authentication throttle error r=JeffSwenson a=JeffSwenson The sql proxy will throttle connection attempts if a (client IP, tenant cluster) pair has too many authentication failures. The error is usually caused by a misconfigured password in a connection pool. This change replaces the "connection attempt throttled" error message with "too many failed authentication attempts". There is a hint that includes this message but not all drivers are configured to log hints. Fixes #117552 Co-authored-by: DarrylWong <[email protected]> Co-authored-by: Pavel Kalinnikov <[email protected]> Co-authored-by: Jeff <[email protected]>
jeffswenson
added a commit
that referenced
this issue
Jan 17, 2024
The sql proxy will throttle connection attempts if a (client IP, tenant cluster) pair has too many authentication failures. The error is usually caused by a misconfigured password in a connection pool. This change replaces the "connection attempt throttled" error message with "too many failed authentication attempts". There is a hint that includes this message but not all drivers are configured to log hints. Fixes #117552
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The sql proxy returns an error with the text "connection attempt throttled" if a particular (client IP, tenant cluster) pair has failed password authentication. There is a hint that specifies the error is likely related to password authentication but not all drivers log the hint. A common source of support escalations is users see this in their logs and don't realize their application's connection string is misconfigured
Jira issue: CRDB-35244
The text was updated successfully, but these errors were encountered: