Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to connect to mysql using ssl #554

Closed
mshober opened this issue Feb 7, 2021 · 3 comments
Closed

Unable to connect to mysql using ssl #554

mshober opened this issue Feb 7, 2021 · 3 comments
Assignees
@kukushking
Labels
bug Something isn't working help wanted Extra attention is needed minor release Will be addressed in the next minor release ready to release

Comments

@mshober
Copy link

mshober commented Feb 7, 2021

I discovered that connections to mysql fail when using a database user that requires ssl, even if the connection info in Glue specifies that ssl is required and supplies a relevant certificate.

The expected behavior would be for wrangler to pass any ssl properties from the Glue connection to pymsql when establishing the connection, but that does not appear to be happening.

To Reproduce (Using environment from cloudformation)

# Connect using master user which by default doesn't require ssl
con = wr.mysql.connect("aws-data-wrangler-mysql")
assert con.ssl is False

# Require SSL and attempt to reconnect
con.cursor().execute("ALTER USER 'test'@'%' REQUIRE SSL")
con = wr.mysql.connect("aws-data-wrangler-mysql")  # fails

Error Output:

pymysql.err.OperationalError: (1045, "Access denied for user 'test'@'<ip-address>' (using password: YES)")

awswrangler: 2.4.0
@mshober mshober added the bug Something isn't working label Feb 7, 2021
@igorborgest igorborgest added the help wanted Extra attention is needed label Feb 8, 2021
@kukushking
Copy link
Contributor

I raised a PR with PyMySQL to support passing the CA cert via cadata (I'd hate it if the library I was using was creating temp files with downloaded certs). Once it's merged, should be an easy fix to fetch the cert from Glue and pass it over to MySQL.

@kukushking kukushking mentioned this issue Apr 26, 2021
Merged
@kukushking kukushking self-assigned this May 6, 2021
@kukushking
Copy link
Contributor

@mshober Hi Matt, FYI the fix was merged and should be included in next release. Meanwhile, you can test it by installing development version of the wrangler:

pip uninstall awswrangler -y
pip install git+https://github.com/awslabs/aws-data-wrangler.git@main

@kukushking kukushking added minor release Will be addressed in the next minor release ready to release labels May 10, 2021
@jaidisido
Copy link
Contributor

Now covered in 2.8.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kukushking kukushking

Labels
bug Something isn't working help wanted Extra attention is needed minor release Will be addressed in the next minor release ready to release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@igorborgest @kukushking @jaidisido @mshober