diff --git a/doc/user_guide/user_guide.md b/doc/user_guide/user_guide.md index ce38a96d..62b40772 100644 --- a/doc/user_guide/user_guide.md +++ b/doc/user_guide/user_guide.md @@ -101,17 +101,19 @@ deployment script below with the desired version. (see GitHub Releases --bucketfs-port \ --bucketfs-user \ --bucketfs-password \ - --bucketfs_use-https \ + --bucketfs-use-https \ --bucket \ --path-in-bucket \ --language-alias \ --version \ - --ssl_cert_path \ - --use_ssl_cert_validation + --ssl-cert-path \ + --use-ssl-cert-validation \ + --no-use-ssl-cert-valiation ``` - -The ssl_cert_path is optional if your cert is in an atypical path. The use_ssl_cert_validation is True by default. -Use caution if you want to turn this of as it potentially lowers security of you Exasol Database. +The `--ssl-cert-path` is optional if your cert is in an atypical path. The option `--use-ssl-cert-validation` +is the default, you can disable it with `--no-use-ssl-cert-validation`. +Use caution if you want to turn certificate validation off as it potentially lowers the security of your +Database connection. #### Customized Installation In this installation, you can install the desired or customized language @@ -198,7 +200,7 @@ python -m exasol_transformers_extension.deploy scripts --db-user \ --db-pass \ --schema \ - --language-alias \ + --language-alias ``` ## Store Models in BucketFS diff --git a/exasol_transformers_extension/deployment/deployment_utils.py b/exasol_transformers_extension/deployment/deployment_utils.py index f5df47d6..035fefd0 100644 --- a/exasol_transformers_extension/deployment/deployment_utils.py +++ b/exasol_transformers_extension/deployment/deployment_utils.py @@ -4,6 +4,7 @@ import requests import tempfile import subprocess +import ssl from pathlib import Path from getpass import getpass from contextlib import contextmanager @@ -51,6 +52,18 @@ def _concatenate_slc_parts(tmp_dir): return slc_final_path +def set_websocket_ssl_options(use_ssl_cert_validation: bool, ssl_cert_path: str): + websocket_sslopt = { + "cert_reqs": ssl.CERT_REQUIRED, + } + if not use_ssl_cert_validation: + websocket_sslopt["cert_reqs"] = ssl.CERT_NONE + + if ssl_cert_path is not None: + websocket_sslopt["ca_certs"] = ssl_cert_path + return websocket_sslopt + + @contextmanager def get_container_file_from_github_release(version): with tempfile.TemporaryDirectory() as tmp_dir: diff --git a/exasol_transformers_extension/deployment/language_container_deployer.py b/exasol_transformers_extension/deployment/language_container_deployer.py index 9891a853..8f6c6263 100644 --- a/exasol_transformers_extension/deployment/language_container_deployer.py +++ b/exasol_transformers_extension/deployment/language_container_deployer.py @@ -5,7 +5,7 @@ import logging from exasol_transformers_extension.utils.bucketfs_operations import \ create_bucketfs_location -import ssl +from exasol_transformers_extension.deployment.deployment_utils import set_websocket_ssl_options logger = logging.getLogger(__name__) @@ -94,14 +94,7 @@ def run(cls, bucketfs_name: str, bucketfs_host: str, bucketfs_port: int, dsn: str, db_user: str, db_password: str, language_alias: str, ssl_cert_path: str = None, use_ssl_cert_validation: bool = True): - websocket_sslopt = { - "cert_reqs": ssl.CERT_REQUIRED, - } - if not use_ssl_cert_validation: - websocket_sslopt["cert_reqs"] = ssl.CERT_NONE - - if ssl_cert_path is not None: - websocket_sslopt["ca_certs"] = ssl_cert_path + websocket_sslopt = set_websocket_ssl_options(use_ssl_cert_validation, ssl_cert_path) pyexasol_conn = pyexasol.connect( dsn=dsn, diff --git a/exasol_transformers_extension/deployment/language_container_deployer_cli.py b/exasol_transformers_extension/deployment/language_container_deployer_cli.py index 201939f7..b8500828 100644 --- a/exasol_transformers_extension/deployment/language_container_deployer_cli.py +++ b/exasol_transformers_extension/deployment/language_container_deployer_cli.py @@ -10,7 +10,7 @@ @click.option('--bucketfs-name', type=str, required=True) @click.option('--bucketfs-host', type=str, required=True) @click.option('--bucketfs-port', type=int, required=True) -@click.option('--bucketfs_use-https', type=bool, default=False) +@click.option('--bucketfs-use-https', type=bool, default=False) @click.option('--bucketfs-user', type=str, required=True, default="w") @click.option('--bucketfs-password', prompt='bucketFS password', hide_input=True, default=lambda: os.environ.get( @@ -26,8 +26,8 @@ default=lambda: os.environ.get( utils.DB_PASSWORD_ENVIRONMENT_VARIABLE, "")) @click.option('--language-alias', type=str, default="PYTHON3_TE") -@click.option('--ssl_cert_path', type=str, default="") -@click.option('--use_ssl_cert_validation', type=bool, default=True) +@click.option('--ssl-cert-path', type=str, default="") +@click.option('--use-ssl-cert-validation/--no-use-ssl-cert-validation', type=bool, default=True) def language_container_deployer_main( bucketfs_name: str, bucketfs_host: str, diff --git a/exasol_transformers_extension/deployment/scripts_deployer.py b/exasol_transformers_extension/deployment/scripts_deployer.py index 264d103c..b8557781 100644 --- a/exasol_transformers_extension/deployment/scripts_deployer.py +++ b/exasol_transformers_extension/deployment/scripts_deployer.py @@ -5,7 +5,6 @@ logger = logging.getLogger(__name__) -import ssl class ScriptsDeployer: def __init__(self, language_alias: str, schema: str, @@ -49,14 +48,7 @@ def deploy_scripts(self) -> None: def run(cls, dsn: str, user: str, password: str, schema: str, language_alias: str, ssl_cert_path: str, use_ssl_cert_validation: bool = True): - websocket_sslopt = { - "cert_reqs": ssl.CERT_REQUIRED, - } - if not use_ssl_cert_validation: - websocket_sslopt["cert_reqs"] = ssl.CERT_NONE - - if ssl_cert_path is not None: - websocket_sslopt["ca_certs"] = ssl_cert_path + websocket_sslopt = utils.set_websocket_ssl_options(use_ssl_cert_validation, ssl_cert_path) pyexasol_conn = pyexasol.connect( dsn=dsn, diff --git a/exasol_transformers_extension/deployment/scripts_deployer_cli.py b/exasol_transformers_extension/deployment/scripts_deployer_cli.py index f251ad7e..34250598 100644 --- a/exasol_transformers_extension/deployment/scripts_deployer_cli.py +++ b/exasol_transformers_extension/deployment/scripts_deployer_cli.py @@ -13,8 +13,8 @@ utils.DB_PASSWORD_ENVIRONMENT_VARIABLE, "")) @click.option('--schema', type=str, required=True) @click.option('--language-alias', type=str, default="PYTHON3_TE") -@click.option('--ssl_cert_path', type=str, default="") -@click.option('--use_ssl_cert_validation', type=bool, default=True) +@click.option('--ssl-cert-path', type=str, default="") +@click.option('--use-ssl-cert-validation/--no-use-ssl-cert-validation', type=bool, default=True) def scripts_deployer_main( dsn: str, db_user: str, db_pass: str, schema: str, language_alias: str, ssl_cert_path: str, use_ssl_cert_validation: bool): diff --git a/exasol_transformers_extension/upload_model.py b/exasol_transformers_extension/upload_model.py index 11e673d3..f6f6f27a 100644 --- a/exasol_transformers_extension/upload_model.py +++ b/exasol_transformers_extension/upload_model.py @@ -14,7 +14,7 @@ @click.option('--bucketfs-name', type=str, required=True) @click.option('--bucketfs-host', type=str, required=True) @click.option('--bucketfs-port', type=int, required=True) -@click.option('--bucketfs_use-https', type=bool, default=False) +@click.option('--bucketfs-use-https', type=bool, default=False) @click.option('--bucketfs-user', type=str, required=True, default="w") @click.option('--bucketfs-password', prompt='bucketFS password', hide_input=True, default=lambda: os.environ.get( diff --git a/tests/integration_tests/with_db/deployment/test_language_container_deployer_cli.py b/tests/integration_tests/with_db/deployment/test_language_container_deployer_cli.py index 56e3942e..e2bfcec5 100644 --- a/tests/integration_tests/with_db/deployment/test_language_container_deployer_cli.py +++ b/tests/integration_tests/with_db/deployment/test_language_container_deployer_cli.py @@ -49,7 +49,7 @@ def call_language_definition_deployer_cli(dsn: str, "--bucketfs-name", bucketfs_params.name, "--bucketfs-host", parsed_url.hostname, "--bucketfs-port", parsed_url.port, - "--bucketfs_use-https", False, + "--bucketfs-use-https", False, "--bucketfs-user", bucketfs_config.username, "--bucketfs-password", bucketfs_config.password, "--bucket", bucketfs_params.bucket, @@ -58,8 +58,16 @@ def call_language_definition_deployer_cli(dsn: str, "--db-user", exasol_config.username, "--db-pass", exasol_config.password, "--language-alias", language_alias, - "--use_ssl_cert_validation", use_ssl_cert_validation + "--no-use-ssl-cert-validation" ] + if use_ssl_cert_validation: + args_list += [ + "--use-ssl-cert-validation" + ] + else: + args_list += [ + "--no-use-ssl-cert-validation" + ] if version is not None: args_list += [ "--version", version, @@ -194,3 +202,7 @@ def test_language_container_deployer_cli_with_check_cert( and result.exception.args[0].message in expected_exception_message \ and type(result.exception) == ExaConnectionFailedError +E AssertionError: assert (1 == 1 and 'Could not connect to Exasol: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1131)' in + 'Could not connect to Exasol: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1131)') +E + where 1 = .exit_code +E + and 'Could not connect to Exasol: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1131)' = ExaConnectionFailedError(ExaConnectionFailedError(...), 'Could not connect to Exasol: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1131)').message diff --git a/tests/integration_tests/with_db/deployment/test_scripts_deployer_cli.py b/tests/integration_tests/with_db/deployment/test_scripts_deployer_cli.py index 2249cae6..34ca0814 100644 --- a/tests/integration_tests/with_db/deployment/test_scripts_deployer_cli.py +++ b/tests/integration_tests/with_db/deployment/test_scripts_deployer_cli.py @@ -24,7 +24,7 @@ def test_scripts_deployer_cli(language_alias: str, "--db-pass", exasol_config.password, "--schema", schema_name, "--language-alias", language_alias, - "--use_ssl_cert_validation", False + "--no-use-ssl-cert-validation" ] runner = CliRunner() result = runner.invoke(deploy.main, args_list) @@ -47,7 +47,7 @@ def test_scripts_deployer_cli_with_encryption_verify(language_alias: str, "--db-pass", exasol_config.password, "--schema", schema_name, "--language-alias", language_alias, - "--use_ssl_cert_validation", True + "--use-ssl-cert-validation" ] expected_exception_message = 'Could not connect to Exasol: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify ' \ 'failed: self signed certificate in certificate chain (_ssl.c:1131)' diff --git a/tests/integration_tests/with_db/test_upload_model.py b/tests/integration_tests/with_db/test_upload_model.py index 354f44f2..fd07b0f6 100644 --- a/tests/integration_tests/with_db/test_upload_model.py +++ b/tests/integration_tests/with_db/test_upload_model.py @@ -45,7 +45,7 @@ def test_model_upload(setup_database, pyexasol_connection, download_sample_model "--bucketfs-name", bucketfs_params.name, "--bucketfs-host", host, "--bucketfs-port", port, - "--bucketfs_use-https", False, + "--bucketfs-use-https", False, "--bucketfs-user", bucketfs_config.username, "--bucketfs-password", bucketfs_config.password, "--bucket", bucketfs_params.bucket,