You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2022/06/16 20:35:14 UTC
[GitHub] [airflow] thelastmessiha opened a new issue, #24507: Using self signed CA certificate for SSL connection fails
thelastmessiha opened a new issue, #24507:
URL: https://github.com/apache/airflow/issues/24507
### Apache Airflow Provider(s)
tableau
### Versions of Apache Airflow Providers
apache-airflow-providers-tableau==3.0.0
### Apache Airflow version
2.2.5
### Operating System
Ubuntu 18.04.6 LTS (Bionic Beaver)
### Deployment
Composer
### Deployment details
_No response_
### What happened
I've placed a CA bundle in a pem file on a GCS bucket for Airflow to use in a Tableau Connection using the TableauOperator but I am getting an error in the log [1], however, when I run a BashCommand to test the CA cert using "openssl s_client -connect <tableau_server_name>:443 -CAfile /home/airflow/gcs/data/self_signed_ca.pem -showcerts" from an airflow worker, I get good output with no errors in that log.
[1]
HTTPSConnectionPool(host='<tableau_server_name>', port=443): Max retries exceeded with url: /api/2.4/serverInfo (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1131)')))
### What you think should happen instead
I believe that if openssl s_client -connect works with a self signed CA certificate, then so should the TableauOperator.
### How to reproduce
Use the TableauOperator with a connection to a Tableau Server that uses a self signed CA certificate.
### Anything else
It may also be work noting that my organization's Tableau instance doesn't allow non-ssl connections so I cannot bypass with {"verify":"False"}. My organization also does not want to use a public certificate, and I see that there is [self signed certificate guidance that aligns with my organization's stance from Tableau here](https://help.tableau.com/current/guides/everybody-install/en-gb/everybody_admin_config_ssl.htm). I'm not sure then if this is a bug, or if there some special way to allow the operator to respect/allow use of a self signed certificate, or if this should be a feature request for a code change that would allow use of self signed certificates.
### Are you willing to submit PR?
- [ ] Yes I am willing to submit a PR!
### Code of Conduct
- [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] potiuk closed issue #24507: TableauHook: Using self signed CA certificate for SSL connection fails
Posted by GitBox <gi...@apache.org>.
potiuk closed issue #24507: TableauHook: Using self signed CA certificate for SSL connection fails
URL: https://github.com/apache/airflow/issues/24507
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] Taragolis commented on issue #24507: TableauHook: Using self signed CA certificate for SSL connection fails
Posted by GitBox <gi...@apache.org>.
Taragolis commented on issue #24507:
URL: https://github.com/apache/airflow/issues/24507#issuecomment-1158606210
https://github.com/apache/airflow/blob/c36d94df09930abfb58856e1b8b6e059c7a44525/airflow/providers/tableau/hooks/tableau.py#L83-L91
Tableau Hook initially initialise Server object, after that add certificate and finally established connection.
With new version `tableauserverclient` establish connection on initialise Server object by default, so it tried connect without correct certificates options
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] Taragolis commented on issue #24507: TableauHook: Using self signed CA certificate for SSL connection fails
Posted by GitBox <gi...@apache.org>.
Taragolis commented on issue #24507:
URL: https://github.com/apache/airflow/issues/24507#issuecomment-1158157580
Just a curious question are you configure path to your certificate in [Tableau connection](https://airflow.apache.org/docs/apache-airflow-providers-tableau/stable/connections/tableau.html#configuring-the-connection)?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] Taragolis commented on issue #24507: TableauHook: Using self signed CA certificate for SSL connection fails
Posted by GitBox <gi...@apache.org>.
Taragolis commented on issue #24507:
URL: https://github.com/apache/airflow/issues/24507#issuecomment-1158261674
Which version of `tableauserverclient` are you use? Do you use [constraints](https://airflow.apache.org/docs/apache-airflow/stable/installation/installing-from-pypi.html#constraints-files) when installed providers for Airflow?
I think Tableau Provider incompatible with `tableauserverclient==0.19.0` (Yet?)
**0.18.0** - `use_server_version=False`
https://github.com/tableau/server-client-python/blob/b3ca20e6765c7cff2d5b095e880dc2b2a811d825/tableauserverclient/server/server.py#L57
**0.19.0** - `use_server_version=False`
https://github.com/tableau/server-client-python/blob/1eeaca8709f548b73d7306a1251322c784e656c8/tableauserverclient/server/server.py#L58
So it open connect before Hook assign certificates
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] thelastmessiha commented on issue #24507: TableauHook: Using self signed CA certificate for SSL connection fails
Posted by GitBox <gi...@apache.org>.
thelastmessiha commented on issue #24507:
URL: https://github.com/apache/airflow/issues/24507#issuecomment-1158457125
> Which version of `tableauserverclient` are you use? Do you use [constraints](https://airflow.apache.org/docs/apache-airflow/stable/installation/installing-from-pypi.html#constraints-files) when installed providers for Airflow?
>
> I think Tableau Provider incompatible with `tableauserverclient==0.19.0` (Yet?)
>
> **0.18.0** - `use_server_version=False` https://github.com/tableau/server-client-python/blob/b3ca20e6765c7cff2d5b095e880dc2b2a811d825/tableauserverclient/server/server.py#L57
>
> **0.19.0** - `use_server_version=False` https://github.com/tableau/server-client-python/blob/1eeaca8709f548b73d7306a1251322c784e656c8/tableauserverclient/server/server.py#L58
>
> So it open connect before Hook assign certificates
I am using GCP Composer image version composer-1.18.12-airflow-2.2.5 and then installed PyPi package apache-airflow-providers-tableau==3.0.0, which I believe includes tableauserverclient but I am not sure which version. How can I check?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] thelastmessiha commented on issue #24507: TableauHook: Using self signed CA certificate for SSL connection fails
Posted by GitBox <gi...@apache.org>.
thelastmessiha commented on issue #24507:
URL: https://github.com/apache/airflow/issues/24507#issuecomment-1158160632
> Just a curious question are you configure path to your certificate in [Tableau connection](https://airflow.apache.org/docs/apache-airflow-providers-tableau/stable/connections/tableau.html#configuring-the-connection)?
Yes, I have tried various combinations including both of the below:
{"verify": "/home/airflow/gcs/data/self_signed_ca.pem"}
{"cert": "/home/airflow/gcs/data/self_signed_ca.pem"}
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] thelastmessiha commented on issue #24507: TableauHook: Using self signed CA certificate for SSL connection fails
Posted by GitBox <gi...@apache.org>.
thelastmessiha commented on issue #24507:
URL: https://github.com/apache/airflow/issues/24507#issuecomment-1159245674
> https://github.com/apache/airflow/blob/c36d94df09930abfb58856e1b8b6e059c7a44525/airflow/providers/tableau/hooks/tableau.py#L83-L91
>
> Tableau Hook initially initialise Server object, after that add certificate and finally established connection.
>
> With new version `tableauserverclient` establish connection on initialise Server object by default, so it tried connect without correct certificates options
Yes, thank you, that seems to have been the problem. When I use the tableauserverclient==0.18.0 I do get past the certificate error, but instead see a parse error/page not found error as shown below. Any ideas what this issue is regarding?
[2022-06-17, 14:34:50 PDT] {taskinstance.py:1776} ERROR - Task failed with exception
Traceback (most recent call last):
File "/opt/python3.8/lib/python3.8/site-packages/tableauserverclient/server/endpoint/endpoint.py", line 88, in _check_status
raise ServerResponseError.from_response(server_response.content, self.parent_srv.namespace)
File "/opt/python3.8/lib/python3.8/site-packages/tableauserverclient/server/endpoint/exceptions.py", line 17, in from_response
parsed_response = ET.fromstring(resp)
File "/opt/python3.8/lib/python3.8/xml/etree/ElementTree.py", line 1320, in XML
parser.feed(text)
xml.etree.ElementTree.ParseError: mismatched tag: line 31, column 79
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/python3.8/lib/python3.8/site-packages/airflow/providers/tableau/operators/tableau.py", line 105, in execute
with TableauHook(self.site_id, self.tableau_conn_id) as tableau_hook:
File "/opt/python3.8/lib/python3.8/site-packages/airflow/providers/tableau/hooks/tableau.py", line 90, in __init__
self.server.use_server_version()
File "/opt/python3.8/lib/python3.8/site-packages/tableauserverclient/server/server.py", line 132, in use_server_version
self.version = self._determine_highest_version()
File "/opt/python3.8/lib/python3.8/site-packages/tableauserverclient/server/server.py", line 122, in _determine_highest_version
version = self.server_info.get().rest_api_version
File "/opt/python3.8/lib/python3.8/site-packages/tableauserverclient/server/endpoint/endpoint.py", line 177, in wrapper
return func(self, *args, **kwargs)
File "/opt/python3.8/lib/python3.8/site-packages/tableauserverclient/server/endpoint/server_info_endpoint.py", line 22, in get
server_response = self.get_unauthenticated_request(self.baseurl)
File "/opt/python3.8/lib/python3.8/site-packages/tableauserverclient/server/endpoint/endpoint.py", line 100, in get_unauthenticated_request
return self._make_request(self.parent_srv.session.get, url)
File "/opt/python3.8/lib/python3.8/site-packages/tableauserverclient/server/endpoint/endpoint.py", line 71, in _make_request
self._check_status(server_response)
File "/opt/python3.8/lib/python3.8/site-packages/tableauserverclient/server/endpoint/endpoint.py", line 94, in _check_status
raise NonXMLResponseError(server_response.content)
tableauserverclient.server.endpoint.exceptions.NonXMLResponseError: b'<!DOCTYPE html><html><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title>Page Not Found</title><style>html {\n height: 100%;\n width: 100%;\n}\nbody {\n position: absolute;\n width: 100%;\n margin: 0;\n top: 20%;\n font-family: Verdana, Geneva, sans-serif;\n text-align: center;\n color: #4E4E4E;\n}\n\nh1 {\n font-size: 32px;\n margin-bottom: 22px;\n}\n\nh1, h3 {\n font-weight: normal;\n}\n\nh3 {\n font-size: 19px;\n}\n\n#requestIdContainer {\n font-size: 19px;\n display: none;\n}</style><script src="/embeddedErrorPage.js?2021_2_135_ojn970zaane"></script></head></html><body><h1>The page you were looking for could not be found.</h1><h3>Check the URL for errors.</h3><p id="requestIdContainer"><span>Request ID</span> <span id="requestId"></span></p></body>'
[2022-06-17, 14:34:51 PDT] {taskinstance.py:1279} INFO - Marking task as UP_FOR_RETRY. dag_id=poc_refresh_tableau_objects, task_id=refresh_tableau_workbook, execution_date=20220617T213429, start_date=20220617T213441, end_date=20220617T213451
[2022-06-17, 14:34:51 PDT] {standard_task_runner.py:93} ERROR - Failed to execute job 87403 for task refresh_tableau_workbook (b'<!DOCTYPE html><html><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title>Page Not Found</title><style>html {\n height: 100%;\n width: 100%;\n}\nbody {\n position: absolute;\n width: 100%;\n margin: 0;\n top: 20%;\n font-family: Verdana, Geneva, sans-serif;\n text-align: center;\n color: #4E4E4E;\n}\n\nh1 {\n font-size: 32px;\n margin-bottom: 22px;\n}\n\nh1, h3 {\n font-weight: normal;\n}\n\nh3 {\n font-size: 19px;\n}\n\n#requestIdContainer {\n font-size: 19px;\n display: none;\n}</style><script src="/embeddedErrorPage.js?2021_2_135_ojn970zaane"></script></head></html><body><h1>The page you were looking for could not be found.</h1><h3>Check the URL for errors.</h3><p id="requestIdContainer"><span>Request ID</span> <span id="requestId"></span></p></body>'; 6496)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org