amazon-redshift-python-driver icon indicating copy to clipboard operation
amazon-redshift-python-driver copied to clipboard
verified publisher icon aws

RS Connector requiring a valid aws identity to connect to Redshift, when that shouldn't be required

Open bpatchin1 opened this issue 1 year ago • 3 comments

Driver version

2.0.0

Redshift version

PostgreSQL 8.0.2 on i686-pc-linux-gnu, compiled by GCC gcc (GCC) 3.4.2 20041017 (Red Hat 3.4.2-6.fc3), Redshift 1.0.76832

Client Operating System

macos ventura 13.6 (22G120)

Python version

Python 3.12.4

Table schema

n/a

Problem description

redshift_connector is trying to grab a valid aws identity when just doing a simple connect to Redshift. This is causing issues for us as we have users that do not have a valid aws identity, that need to connect to Redshift. Importantly, they are able to connect to Redshift using various SQL clients, the same behavior should be expected with Redshift connector.

Python Driver trace logs

would prefer to not post this

Reproduction code

def get_redshift_connection_robotic(): try: conn = redshift_connector.connect( iam=True, ssl=True, host='', port=5439, database='', cluster_identifier='', region='us-east-1', partner_sp_id='', idp_host='', credentials_provider='PingCredentialsProvider', user='', password='' ) conn.autocommit = True cursor = conn.cursor() cursor.execute('SELECT 1;') print(cursor.fetchall()) except Exception as error: logging.error("Error connecting to Redshift:", exc_info=True)

if name == "main": get_redshift_connection_robotic()

bpatchin1 avatar Nov 12 '24 17:11 bpatchin1

Hey @bpatchin1 , Thanks for reaching out. Can you expand on what is meant by a "simple connect to Redshift" and "valid aws identity"? In the associated code snippit I see IAM authentication is enabled and use of the Ping Credentials Provider.

Are you just looking to do username/password authentication? If so, please check our "Basic Example" in the README.

If you do want to use Ping Credentials Provider and IAM authentication, please share the stack trace you are seeing upon attempting connection to assist my investigation.

Brooke-white avatar Nov 12 '24 17:11 Brooke-white

Hi @Brooke-white , sure! What I am trying to do is to connect to Redshift using iam and ping, but it looks like Redshift connector is trying to establish an aws session, which shouldn't be required to just connect to Redshift. For example, I can connect to Redshift using ping and IAM using a SQL client, where, to my knowledge, no AWS session is actually set up.

I am guessing why redshift connector is needing an aws session is becausing connector is running a getclustercredentials in the background, but this should be able to be avoided I would hope.

For the stack trace, see attached:

stack_trace.txt

bpatchin1 avatar Nov 12 '24 18:11 bpatchin1

Hi @Brooke-white , I got it working! The issue was that I had previously set credentials in ~/.aws/credentials and ~/.aws/config.

Is there a way that we can have redshift_connect ignore these when connecting?

We had to remove those 2 files to get it to work

bpatchin1 avatar Nov 13 '24 18:11 bpatchin1