trino-python-client icon indicating copy to clipboard operation
trino-python-client copied to clipboard
verified publisher icon trinodb

HTTP SSL Verification flag not passed to SpooledSegment class which fails HTTP requests

Open JustinObanor opened this issue 1 year ago • 1 comments

Expected behavior

SSL Verification flag set to False when initialising a connection to Trino is used in HTTP requests for spooled segments.

Actual behavior

SSL Verification flag set to False when initialising a connection to Trino is not passed to HTTP requests for spooled segments and therefore fails with HTTP SSL errors

Steps To Reproduce

Configure Trino spooling manager properties

[trino@trino-0 /]$ cat /etc/trino/spooling-manager.properties
spooling-manager.name=filesystem
fs.gcs.enabled=true
fs.location=gs://xyz-base-trino-1/spooling-segments/product

Configure Trino to use Spooling

[trino@trino-0 /]$ cat /etc/trino/config.properties
...TRUNCATED...
protocol.spooling.enabled=true
protocol.spooling.shared-secret-key=<secret-key>
protocol.spooling.retrieval-mode=COORDINATOR_STORAGE_REDIRECT

Initialise a connection to Trino

from trino.dbapi import connect
from xyzplatform.sql import xyzTrinoAuth
import logging
import warnings
import requests

logging.basicConfig()
logging.getLogger().setLevel(logging.DEBUG)

session = requests.Session()
session.verify = False

conn = connect(
    http_scheme="https",
    host="trino.trino",
    port=443,
    catalog="hive",
    schema="tpcds_europe_west1_1000",
    verify=False,
    auth=xyzTrinoAuth(),
    encoding="json+zstd",
    http_session=session,
)

Make a request

warnings.filterwarnings(
    "ignore", message=f"Unverified HTTPS request is being made to host https"
    )

cur = conn.cursor()
cur.execute("SELECT * FROM hive.tpcds_europe_west1_1000.date_dim")
rows = cur.fetchall()

With a debug session, we see Verify is False, which is correct Image

But right before we make a request to send_spooling_segment, Verify is True, which wasn't expected Image

Log output

STORAGE mode

ERROR:trino.client:Failed to acknowledge spooling request for segment SpooledSegment(metadata={'segmentSize': 151242, 'uncompressedSize': 1261742, 'rowsCount': 7514, 'expiresAt': '2025-03-29T02:30:56.641', 'rowOffset': 65535}): HTTPSConnectionPool(host='trino.trino-product-primary', port=443): Max retries exceeded with url: /v1/spooled/ack/BknNfrjG9rI6GsNoAlSOKB9yZ6zxt-SyPySruC9HMHI= (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1006)')))

COORDINATOR_STORAGE_REDIRECT mode

INFO:trino.client:failed after 3 attempts
Traceback (most recent call last):
  File "/opt/conda/envs/python3/lib/python3.11/site-packages/trino/client.py", line 1222, in __next__
    return next(self._rows)
           ^^^^^^^^^^^^^^^^
StopIteration
....TRUNCATED....
  File "/opt/conda/envs/python3/lib/python3.11/site-packages/trino/client.py", line 1226, in __next__
    self._load_next_segment()
  File "/opt/conda/envs/python3/lib/python3.11/site-packages/trino/client.py", line 1239, in _load_next_segment
    self._rows = iter(self._decoder.decode(self._current_segment.segment))
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/conda/envs/python3/lib/python3.11/site-packages/trino/client.py", line 1254, in decode
    return self._decoder.decode(spooled_data.data, spooled_data.metadata)
                                ^^^^^^^^^^^^^^^^^
  File "/opt/conda/envs/python3/lib/python3.11/site-packages/trino/client.py", line 1134, in data
    http_response = self._send_spooling_request(self.uri)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/conda/envs/python3/lib/python3.11/site-packages/trino/client.py", line 1168, in _send_spooling_request
    return self._request._get(uri, headers=headers_with_single_value, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
....TRUNCATED....
  File "/opt/conda/envs/python3/lib/python3.11/site-packages/requests/adapters.py", line 698, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='trino.trino-product-primary', port=443): Max retries exceeded with url: /v1/spooled/download/8lBbwpZIUaXfOYFoXbcdCR9yZ6zxt-SyPySruC9HMHI= (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1006)')))

Operating System

PRETTY_NAME="Ubuntu 22.04.5 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.5 LTS (Jammy Jellyfish)"

Trino Python client version

0.333.0

Trino Server version

472

Python version

Python 3.11.11

Are you willing to submit PR?

  • [x] Yes I am willing to submit a PR!

JustinObanor avatar Mar 28 '25 15:03 JustinObanor

I've submitted a PR for this: https://github.com/trinodb/trino-python-client/pull/546

JustinObanor avatar Apr 09 '25 11:04 JustinObanor

PR is merged.

hashhar avatar Aug 14 '25 15:08 hashhar