Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RS Connector requiring a valid aws identity to connect to Redshift, when that shouldn't be required #244

Open
bpatchin1 opened this issue Nov 12, 2024 · 3 comments
Open

RS Connector requiring a valid aws identity to connect to Redshift, when that shouldn't be required #244

bpatchin1 opened this issue Nov 12, 2024 · 3 comments

Comments

@bpatchin1
Copy link

Driver version

2.0.0

Redshift version

PostgreSQL 8.0.2 on i686-pc-linux-gnu, compiled by GCC gcc (GCC) 3.4.2 20041017 (Red Hat 3.4.2-6.fc3), Redshift 1.0.76832

Client Operating System

macos ventura 13.6 (22G120)

Python version

Python 3.12.4

Table schema

n/a

Problem description

redshift_connector is trying to grab a valid aws identity when just doing a simple connect to Redshift. This is causing issues for us as we have users that do not have a valid aws identity, that need to connect to Redshift. Importantly, they are able to connect to Redshift using various SQL clients, the same behavior should be expected with Redshift connector.

Python Driver trace logs

would prefer to not post this

Reproduction code

def get_redshift_connection_robotic():
try:
conn = redshift_connector.connect(
iam=True,
ssl=True,
host='',
port=5439,
database='',
cluster_identifier='',
region='us-east-1',
partner_sp_id='',
idp_host='',
credentials_provider='PingCredentialsProvider',
user='',
password=''
)
conn.autocommit = True
cursor = conn.cursor()
cursor.execute('SELECT 1;')
print(cursor.fetchall())
except Exception as error:
logging.error("Error connecting to Redshift:", exc_info=True)

if name == "main":
get_redshift_connection_robotic()
@Brooke-white
Copy link
Contributor

Hey @bpatchin1 , Thanks for reaching out. Can you expand on what is meant by a "simple connect to Redshift" and "valid aws identity"? In the associated code snippit I see IAM authentication is enabled and use of the Ping Credentials Provider.

Are you just looking to do username/password authentication? If so, please check our "Basic Example" in the README.

If you do want to use Ping Credentials Provider and IAM authentication, please share the stack trace you are seeing upon attempting connection to assist my investigation.

@bpatchin1
Copy link
Author

Hi @Brooke-white , sure! What I am trying to do is to connect to Redshift using iam and ping, but it looks like Redshift connector is trying to establish an aws session, which shouldn't be required to just connect to Redshift. For example, I can connect to Redshift using ping and IAM using a SQL client, where, to my knowledge, no AWS session is actually set up.

I am guessing why redshift connector is needing an aws session is becausing connector is running a getclustercredentials in the background, but this should be able to be avoided I would hope.

For the stack trace, see attached:

stack_trace.txt

@bpatchin1
Copy link
Author

Hi @Brooke-white , I got it working! The issue was that I had previously set credentials in ~/.aws/credentials and ~/.aws/config.

Is there a way that we can have redshift_connect ignore these when connecting?

We had to remove those 2 files to get it to work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Brooke-white @bpatchin1