N
Neon15mo ago
typical-coral

I have a new NeonDbError "password authentication failed for user 'xxxx'" error when using Pool

Previously, my code seemed to be working fine until I switched to creating the database client as a Pool. The neon connection string is created in CI and passed into the server environment automatically, and this is the first time I'm seeing this error. Is it known to be flakey/slow at creating connection strings that immediately start working? Or is there a difference between http vs websocket vs pool clients in Drizzle? I can provide more details on the setup and everything, but I wanted to ask here first
9 Replies
typical-coral
typical-coralOP15mo ago
gh-actions creates the neon branch + creates the connection string, then the server is deployed into a Cloudflare Pages worker which has been working well thus far. I am restarting all the jobs to see if it goes away on its own
xenial-black
xenial-black15mo ago
Hi Cole, sorry to hear about your troubles with connecting to new branches. New branches take about 1 sec to be operational. You can always use the API and check operations to make sure a branch is ready to be queried. Do you see -pooler in the new connection string by any chance?
typical-coral
typical-coralOP15mo ago
@raoufchebri - yes, the connection string that gets created in CI is like ***ep-square-dust-a41k8mau-pooler.us-east-1.aws.neon.tech/phosphor_db?sslmode=require This connection string does work for the initial migrations task (each branch performs migrations) My setup is kinda custom, but you can see how it is able to use that connection string for the initial drizzle migrations. 
Connect to Neon with ***ep-square-dust-a41k8mau-pooler.us-east-1.aws.neon.tech/phosphor_db?sslmode=require
Trying to connect to Neon... (1/10)
[945.49ms] wait-for-neon-db
Database exists
Starting migration...
{
  severity_local: "NOTICE",
  severity: "NOTICE",
  code: "42P06",
  message: "schema \"drizzle\" already exists, skipping",
  file: "schemacmds.c",
  line: "132",
  routine: "CreateSchemaCommand",
}
{
  severity_local: "NOTICE",
  severity: "NOTICE",
  code: "42P07",
  message: "relation \"__drizzle_migrations\" already exists, skipping",
  file: "parse_utilcmd.c",
  line: "207",
  routine: "transformCreateStmt",
}
Migration complete!
> build Server app for production...
Connect to Neon with ***ep-square-dust-a41k8mau-pooler.us-east-1.aws.neon.tech/phosphor_db?sslmode=require
Trying to connect to Neon... (1/10)
[945.49ms] wait-for-neon-db
Database exists
Starting migration...
{
  severity_local: "NOTICE",
  severity: "NOTICE",
  code: "42P06",
  message: "schema \"drizzle\" already exists, skipping",
  file: "schemacmds.c",
  line: "132",
  routine: "CreateSchemaCommand",
}
{
  severity_local: "NOTICE",
  severity: "NOTICE",
  code: "42P07",
  message: "relation \"__drizzle_migrations\" already exists, skipping",
  file: "parse_utilcmd.c",
  line: "207",
  routine: "transformCreateStmt",
}
Migration complete!
> build Server app for production...
Hmm, it looks like it might be connecting again, but I'm having a general issue where the @neon/serverless is not closing the Cloudflare worker. It seems that something is being left opened when I use the websocket client instead of http.
typical-coral
typical-coralOP15mo ago
Reading through https://github.com/drizzle-team/drizzle-orm/issues/619 and removing my usage of Pool, calling connect(), & making sure to close the client completely all seemed to solve my other issue. I will report back if I see the issue with password authentication again
GitHub
[BUG]: Running drizzle for Neon on Cloudflare Workers: A hanging Pr...
What version of drizzle-orm are you using? 0.26.00 What version of drizzle-kit are you using? 0.18.0 Describe the Bug I run wrangler dev, or wrangler dev --remote to run the application. When makin...
xenial-black
xenial-black15mo ago
Any chance your main branch is protected? You can check on the branches page
xenial-black
xenial-black15mo ago
This feature was released on July, 31, 2024. If you have existing CI scripts that create branches from protected branches, please be aware that passwords for Postgres roles on those newly created branches will now differ. If you depend on those passwords being the same, you'll need to make adjustments to get the correct connection details for those branches.
After a branch is created, the up-to-date connection string is returned in the output of the Create Branch GitHub Action.
After resetting a branch from its parent, you can get the connection details for the branch using the Neon CLI connection-string command.
Resetting a child branch from a protected parent branch currently restores Postgres role passwords on the child branch to those used on the protected parent branch. This issue will be addressed in an upcoming release. See reset from parent to understand how Neon's branch reset feature works.
This feature was released on July, 31, 2024. If you have existing CI scripts that create branches from protected branches, please be aware that passwords for Postgres roles on those newly created branches will now differ. If you depend on those passwords being the same, you'll need to make adjustments to get the correct connection details for those branches.
After a branch is created, the up-to-date connection string is returned in the output of the Create Branch GitHub Action.
After resetting a branch from its parent, you can get the connection details for the branch using the Neon CLI connection-string command.
Resetting a child branch from a protected parent branch currently restores Postgres role passwords on the child branch to those used on the protected parent branch. This issue will be addressed in an upcoming release. See reset from parent to understand how Neon's branch reset feature works.
https://neon.tech/docs/guides/protected-branches#new-passwords-generated-for-postgres-roles-on-child-branches
Neon
Protected branches - Neon Docs
Neon's protected branches feature implements a series of protections Protected branches cannot be deleted. Protected branches cannot be reset. Projects with protected branches cannot be deleted. Compu...
xenial-black
xenial-black15mo ago
Are you also using password as secret and manually construct the connection string? or pulling connection string directly from the API call response?
typical-coral
typical-coralOP15mo ago
I was pulling the full connection string from the API call. I will have to see if it comes up again
xenial-black
xenial-black15mo ago
has the problem disappeared? It works again? Mmm, if you're pulling the connection string with the password then it's strange that you cannot access. One explanation is the operation is taking a little longer to execute. Therefore you might to check that the database is operation via the API: 
curl --request GET \
     --url https://console.neon.tech/api/v2/projects/MY_PROJECT_ID/endpoints \
     --header 'accept: application/json'
curl --request GET \
     --url https://console.neon.tech/api/v2/projects/MY_PROJECT_ID/endpoints \
     --header 'accept: application/json'
Example output: 
{
  "endpoints": [
    {
      "host": "ep-little-smoke-851426.us-east-2.aws.neon.tech",
      "creation_source": "console",
      "suspend_timeout_seconds": 10800,
      "provisioner": "k8s-pod",
      "id": "ep-little-smoke-851426",
      "project_id": "shiny-wind-028834",
      "branch_id": "br-aged-salad-637688",
      "autoscaling_limit_min_cu": 1,
      "autoscaling_limit_max_cu": 1,
      "region_id": "aws-us-east-2",
      "type": "read_write",
      "current_state": "idle",
      "settings": {
        "pg_settings": {}
      },
      "pooler_enabled": false,
      "pooler_mode": "transaction",
      "disabled": false,
      "passwordless_access": true,
      "last_active": "2022-11-23T17:00:00Z",
      "created_at": "2022-11-23T17:42:25Z",
      "updated_at": "2022-11-30T18:25:21Z",
      "proxy_host": "us-east-2.aws.neon.tech"
    },
    {
      "host": "ep-steep-bush-777093.us-east-2.aws.neon.tech",
      "creation_source": "console",
      "suspend_timeout_seconds": 10800,
      "provisioner": "k8s-pod",
      "id": "ep-steep-bush-777093",
      "project_id": "shiny-wind-028834",
      "branch_id": "br-raspy-hill-832856",
      "autoscaling_limit_min_cu": 1,
      "autoscaling_limit_max_cu": 1,
      "region_id": "aws-us-east-2",
      "type": "read_write",
      "current_state": "idle",
      "settings": {
        "pg_settings": {}
      },
      "pooler_enabled": false,
      "pooler_mode": "transaction",
      "disabled": false,
      "passwordless_access": true,
      "last_active": "2022-11-30T17:00:00Z",
      "created_at": "2022-11-30T17:36:57Z",
      "updated_at": "2022-11-30T18:42:58Z",
      "proxy_host": "us-east-2.aws.neon.tech"
    },
    {
      "host": "ep-soft-violet-752733.us-east-2.aws.neon.tech",
      "creation_source": "console",
      "suspend_timeout_seconds": 10800,
      "provisioner": "k8s-pod",
      "id": "ep-soft-violet-752733",
      "project_id": "shiny-wind-028834",
      "branch_id": "br-sweet-breeze-497520",
      "autoscaling_limit_min_cu": 1,
      "autoscaling_limit_max_cu": 1,
      "region_id": "aws-us-east-2",
      "type": "read_write",
      "current_state": "idle",
      "settings": {
        "pg_settings": {}
      },
      "pooler_enabled": false,
      "pooler_mode": "transaction",
      "disabled": false,
      "passwordless_access": true,
      "last_active": "2022-11-30T19:00:00Z",
      "created_at": "2022-11-30T19:09:48Z",
      "updated_at": "2022-11-30T19:14:51Z",
      "proxy_host": "us-east-2.aws.neon.tech"
    }
  ]
}
{
  "endpoints": [
    {
      "host": "ep-little-smoke-851426.us-east-2.aws.neon.tech",
      "creation_source": "console",
      "suspend_timeout_seconds": 10800,
      "provisioner": "k8s-pod",
      "id": "ep-little-smoke-851426",
      "project_id": "shiny-wind-028834",
      "branch_id": "br-aged-salad-637688",
      "autoscaling_limit_min_cu": 1,
      "autoscaling_limit_max_cu": 1,
      "region_id": "aws-us-east-2",
      "type": "read_write",
      "current_state": "idle",
      "settings": {
        "pg_settings": {}
      },
      "pooler_enabled": false,
      "pooler_mode": "transaction",
      "disabled": false,
      "passwordless_access": true,
      "last_active": "2022-11-23T17:00:00Z",
      "created_at": "2022-11-23T17:42:25Z",
      "updated_at": "2022-11-30T18:25:21Z",
      "proxy_host": "us-east-2.aws.neon.tech"
    },
    {
      "host": "ep-steep-bush-777093.us-east-2.aws.neon.tech",
      "creation_source": "console",
      "suspend_timeout_seconds": 10800,
      "provisioner": "k8s-pod",
      "id": "ep-steep-bush-777093",
      "project_id": "shiny-wind-028834",
      "branch_id": "br-raspy-hill-832856",
      "autoscaling_limit_min_cu": 1,
      "autoscaling_limit_max_cu": 1,
      "region_id": "aws-us-east-2",
      "type": "read_write",
      "current_state": "idle",
      "settings": {
        "pg_settings": {}
      },
      "pooler_enabled": false,
      "pooler_mode": "transaction",
      "disabled": false,
      "passwordless_access": true,
      "last_active": "2022-11-30T17:00:00Z",
      "created_at": "2022-11-30T17:36:57Z",
      "updated_at": "2022-11-30T18:42:58Z",
      "proxy_host": "us-east-2.aws.neon.tech"
    },
    {
      "host": "ep-soft-violet-752733.us-east-2.aws.neon.tech",
      "creation_source": "console",
      "suspend_timeout_seconds": 10800,
      "provisioner": "k8s-pod",
      "id": "ep-soft-violet-752733",
      "project_id": "shiny-wind-028834",
      "branch_id": "br-sweet-breeze-497520",
      "autoscaling_limit_min_cu": 1,
      "autoscaling_limit_max_cu": 1,
      "region_id": "aws-us-east-2",
      "type": "read_write",
      "current_state": "idle",
      "settings": {
        "pg_settings": {}
      },
      "pooler_enabled": false,
      "pooler_mode": "transaction",
      "disabled": false,
      "passwordless_access": true,
      "last_active": "2022-11-30T19:00:00Z",
      "created_at": "2022-11-30T19:09:48Z",
      "updated_at": "2022-11-30T19:14:51Z",
      "proxy_host": "us-east-2.aws.neon.tech"
    }
  ]
}
And you check current_state object

Did you find this page helpful?