Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

issue #39: pass use_ssl, verify arguments to boto3 client constructor #40

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

issue #39: pass use_ssl, verify arguments to boto3 client constructor #40

wants to merge 2 commits into from

Conversation

chairmank
Copy link

@chairmank chairmank commented Aug 3, 2018

This commit addresses #39

  • Added use_ssl, verify arguments to the S3FS __init__ method,
    which assigns instance attributes with the same names
  • Pass these instance attributes to boto3.resource in the s3
    property method.
  • Pass these instance attributes to boto3.client in the client
    property method.

@@ -381,6 +392,8 @@ def s3(self):
aws_access_key_id=self.aws_access_key_id,
aws_secret_access_key=self.aws_secret_access_key,
aws_session_token=self.aws_session_token,
use_ssl=self.use_ssl,
verify=self.verify,

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The use_ssl and verify arguments need to be applied below as well, starting on line 410 (in the "client" method).

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oops! thanks for catching my silly oversight. fixed

This commit addresses #39

* Added `use_ssl`, `verify` arguments to the `S3FS` `__init__` method,
  which assigns instance attributes with the same names
* Pass these instance attributes to `boto3.resource` in the `s3`
  property method.
* Pass these instance attributes to `boto3.client` in the `client`
  property method.
The `use_ssl` parameter in the query string is interpreted as follows:

* `'use_ssl=1'` or omitting the parameter from the query string means
  `use_ssl=True`
* Any other value means `use_ssl=False`

The `verify` parameter in the query string is interpreted as follows:

* A non-empty value `'verify=path/to/cert/bundle.pem'` means
  `verify='path/to/cert/bundle.pem'`
* An empty value, `'verify='` means `verify=False`
* Omitting the parameter from the query string means `verify=None`,
  which tells `S3FS` to use the default CA cert bundle that is used by
  `botocore`
@chairmank
Copy link
Author

Any more changes requested? Sorry if I missed anything. I'm eager to make it right.

@amachanic
Copy link

@chairmank

This is workable as-is but I would still much prefer a consistent approach: 0 instead of empty string for false on verify.

Also, did you see my comment on the main thread regarding ignoring verify altogether if use_ssl is false? That seems to be how s3fs handles things; my environment has an issue with certificate verification and I don't get any error when I disable SSL in that library. Furthermore, boto throws a warning if the two options clash. It seems like they should/will always be set to false together, so why not make the whole thing a bit simpler for the end user?

In any case I hope we can wrap this up soon. I've vendored this PR for now in my project and I want to get that out of there as soon as possible.

@chairmank
Copy link
Author

This is workable as-is but I would still much prefer a consistent approach: 0 instead of empty string for false on verify.

@amachanic amachanic For the other parameters that are exclusively boolean, "1" means true and everything else means false. Your proposal for the verify parameter is similar, but slightly different. Do we want "0" to mean false and everything else (including "1") to be interpreted as a filename ? Do we want both "0" and "1" to be special values that map to booleans? Earlier, @willmcgugan commented

With regards to verify, I think it might be prudent to separate that in to two parameters. One for the boolean and one for the path to the certs.

and I think that this may be the right approach.

@chairmank
Copy link
Author

Also, did you see my comment on the main thread regarding ignoring verify altogether if use_ssl is false? That seems to be how s3fs handles things; my environment has an issue with certificate verification and I don't get any error when I disable SSL in that library. Furthermore, boto throws a warning if the two options clash.

Sorry that I missed that comment on the other thread.

I'm concerned that silently discarding the verify parameter when use_ssl is false could be confusing. Why not pass the parameter values straight through to S3FS (and then to boto), even if the combination is nonsensical? If boto warns when the two options clash, then the user will see the warning and decide what they really intended to do.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants