[jira] [Updated] (PHOENIX-6414) Access to Phoenix from Python using SPNEGO

Josh Elser (Jira) Wed, 17 Mar 2021 14:30:07 -0700


     [ 
https://issues.apache.org/jira/browse/PHOENIX-6414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Josh Elser updated PHOENIX-6414:
--------------------------------
    Description: 
When connecting to Phoenix from Python using "SPNEGO" as the authentication 
mechanism an exception occurs:

{noformat}
import phoenixdb
import phoenixdb.cursor
database_url = 'http://myphoenixdb:8765/'
conn = phoenixdb.connect(database_url, autocommit=True, authentication="SPNEGO")
{noformat}

Causes this exception:

{noformat}
>>> conn = phoenixdb.connect(database_url, autocommit=True, 
>>> authentication="SPNEGO")
venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py:121: 
RuntimeWarning: Unexpected end-group tag: Not all data was converted
 if not err.ParseFromString(message.wrapped_message):
Traceback (most recent call last):
 File "<stdin>", line 1, in <module>
 File "venv/lib/python3.6/site-packages/phoenixdb/_init_.py", line 121, in 
connect
 return Connection(client, **kwargs)
 File "venv/lib/python3.6/site-packages/phoenixdb/connection.py", line 53, in 
_init_
 self.open()
 File "venv/lib/python3.6/site-packages/phoenixdb/connection.py", line 98, in 
open
 self._client.open_connection(self._id, info=self._phoenix_props)
 File "venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py", line 363, 
in open_connection
 response_data = self._apply(request)
 File "venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py", line 215, 
in _apply
 parse_error_protobuf(response_body)
 File "venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py", line 128, 
in parse_error_protobuf
 raise_sql_error(err.error_code, err.sql_state, err.error_message)
 File "venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py", line 96, 
in raise_sql_error
 raise errors.InternalError(message, code, sqlstate)
phoenixdb.errors.InternalError: ('', 0, '', None)
{noformat}

This problem is caused by the authentication mechanism because phoenixdb is 
using Kerberos 5 instead of SPNEGO.

To resolve the issue we have patched the package applying the idea behind the 
"Explicit Mechanism" described in [https://pypi.org/project/requests-gssapi/] 
when the authentication is SPNEGO. The attached file has the patch applied.

If you want, I can create a branch and pull request this change.

  was:
When connecting to Phoenix from Python using "SPNEGO" as the authentication 
mechanism an exception occurs:

{{import phoenixdb}}
{{ import phoenixdb.cursor}}
{{ database_url = 'http://myphoenixdb:8765/'}}
{{ conn = phoenixdb.connect(database_url, autocommit=True, 
authentication="SPNEGO")}}

Causes this exception:

{{>>> conn = phoenixdb.connect(database_url, autocommit=True, 
authentication="SPNEGO")}}
{{venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py:121: 
RuntimeWarning: Unexpected end-group tag: Not all data was converted}}
{{ if not err.ParseFromString(message.wrapped_message):}}
{{Traceback (most recent call last):}}
{{ File "<stdin>", line 1, in <module>}}
{{ File "venv/lib/python3.6/site-packages/phoenixdb/__init__.py", line 121, in 
connect}}
{{ return Connection(client, **kwargs)}}
{{ File "venv/lib/python3.6/site-packages/phoenixdb/connection.py", line 53, in 
__init__}}
{{ self.open()}}
{{ File "venv/lib/python3.6/site-packages/phoenixdb/connection.py", line 98, in 
open}}
{{ self._client.open_connection(self._id, info=self._phoenix_props)}}
{{ File "venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py", line 
363, in open_connection}}
{{ response_data = self._apply(request)}}
{{ File "venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py", line 
215, in _apply}}
{{ parse_error_protobuf(response_body)}}
{{ File "venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py", line 
128, in parse_error_protobuf}}
{{ raise_sql_error(err.error_code, err.sql_state, err.error_message)}}
{{ File "venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py", line 
96, in raise_sql_error}}
{{ raise errors.InternalError(message, code, sqlstate)}}
{{phoenixdb.errors.InternalError: ('', 0, '', None)}}

This problem is caused by the authentication mechanism because phoenixdb is 
using Kerberos 5 instead of SPNEGO.

To resolve the issue we have patched the package applying the idea behind the 
"Explicit Mechanism" described in [https://pypi.org/project/requests-gssapi/] 
when the authentication is SPNEGO. The attached file has the patch applied.

If you want, I can create a branch and pull request this change.


> Access to Phoenix from Python using SPNEGO
> ------------------------------------------
>
>                 Key: PHOENIX-6414
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-6414
>             Project: Phoenix
>          Issue Type: Bug
>          Components: queryserver
>    Affects Versions: 5.0.0
>            Reporter: Carlos García Montoro
>            Priority: Major
>              Labels: patch
>         Attachments: phoenixdb.patch
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> When connecting to Phoenix from Python using "SPNEGO" as the authentication 
> mechanism an exception occurs:
> {noformat}
> import phoenixdb
> import phoenixdb.cursor
> database_url = 'http://myphoenixdb:8765/'
> conn = phoenixdb.connect(database_url, autocommit=True, 
> authentication="SPNEGO")
> {noformat}
> Causes this exception:
> {noformat}
> >>> conn = phoenixdb.connect(database_url, autocommit=True, 
> >>> authentication="SPNEGO")
> venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py:121: 
> RuntimeWarning: Unexpected end-group tag: Not all data was converted
>  if not err.ParseFromString(message.wrapped_message):
> Traceback (most recent call last):
>  File "<stdin>", line 1, in <module>
>  File "venv/lib/python3.6/site-packages/phoenixdb/_init_.py", line 121, in 
> connect
>  return Connection(client, **kwargs)
>  File "venv/lib/python3.6/site-packages/phoenixdb/connection.py", line 53, in 
> _init_
>  self.open()
>  File "venv/lib/python3.6/site-packages/phoenixdb/connection.py", line 98, in 
> open
>  self._client.open_connection(self._id, info=self._phoenix_props)
>  File "venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py", line 
> 363, in open_connection
>  response_data = self._apply(request)
>  File "venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py", line 
> 215, in _apply
>  parse_error_protobuf(response_body)
>  File "venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py", line 
> 128, in parse_error_protobuf
>  raise_sql_error(err.error_code, err.sql_state, err.error_message)
>  File "venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py", line 
> 96, in raise_sql_error
>  raise errors.InternalError(message, code, sqlstate)
> phoenixdb.errors.InternalError: ('', 0, '', None)
> {noformat}
> This problem is caused by the authentication mechanism because phoenixdb is 
> using Kerberos 5 instead of SPNEGO.
> To resolve the issue we have patched the package applying the idea behind the 
> "Explicit Mechanism" described in [https://pypi.org/project/requests-gssapi/] 
> when the authentication is SPNEGO. The attached file has the patch applied.
> If you want, I can create a branch and pull request this change.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (PHOENIX-6414) Access to Phoenix from Python using SPNEGO

Reply via email to