Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Blocking SSLContext call when using azure-servicebus #37246

Closed
sveinse opened this issue Sep 7, 2024 · 19 comments
Closed

Blocking SSLContext call when using azure-servicebus #37246

sveinse opened this issue Sep 7, 2024 · 19 comments
Assignees
@kashifkhan @swathipil @l0lawrence
Labels
Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. issue-addressed Workflow: The Azure SDK team believes it to be addressed and ready to close. Messaging Messaging crew question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Service Bus

Comments

@sveinse
Copy link

sveinse commented Sep 7, 2024

  • Package Name: azure-servicebus
  • Package Version: 7.11.1 and main
  • Operating System: Linux
  • Python Version: 3.11.5

Describe the bug
When using azure.servicebus.aio.ServiceBusClient() blocking calls to SSLContext .load_verify_locations() are made. Async libraries should not contain any blocking operations.

The call is made here:

azure-sdk-for-python/sdk/servicebus/azure-servicebus/azure/servicebus/_pyamqp/aio/_transport_async.py

Line 198 in 5ae05fc

context.load_verify_locations(ca_certs)
and here:

azure-sdk-for-python/sdk/servicebus/azure-servicebus/azure/servicebus/_pyamqp/aio/_transport_async.py

Line 232 in 5ae05fc

ctx.load_verify_locations(cafile=certifi.where())

To Reproduce

from azure.servicebus.aio import ServiceBusClient
client = ServiceBusClient.from_connection_string(...)
async with client:
    receiver = client.get_subscription_receiver(,,,)
    async with receiver:
        ...   # ^^ Observe that load_verify_locations() have been called

Expected behavior
Async libraries should avoid making blocking calls. The blocking operations should be called using executors or threads.

Additional context
For reference, this issue was discovered here: custom-components/zaptec#116 . Home Assistant have a detector which warns about blocking operations.
@github-actions github-actions bot added Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Service Bus labels Sep 7, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 7, 2024

Thank you for your feedback. Tagging and routing to the team member best able to assist.

@sveinse sveinse mentioned this issue Sep 7, 2024
Closed
@kashifkhan kashifkhan added the Messaging Messaging crew label Sep 9, 2024
@kashifkhan
Copy link
Member

Thank you for the feedback @sveinse . We will investigate and get back to you asap.

This was referenced Sep 30, 2024
Closed
Merged
@kashifkhan kashifkhan added the issue-addressed Workflow: The Azure SDK team believes it to be addressed and ready to close. label Oct 1, 2024
@github-actions github-actions bot removed the needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team label Oct 1, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 1, 2024

Hi @sveinse. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.

@kashifkhan
Copy link
Member

@sveinse we have addressed the issue and the next version of servicebus and eventhub will have the fix.

@sveinse
Copy link
Author

sveinse commented Oct 1, 2024

Hi @kashifkhan Thank you for looking at the issue.

Which of the two solutions will move forward? It seems this #37655 is the preferred solution.

Please be advised that moving the blocking call to the constructor does not resolve the issue. It is completely ordinary to dynamically create a ServiceBusClient while async is running. If that's the case, then the same issue of doing blocking calls within async will prevail.

/unresolve

@github-actions github-actions bot added needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team and removed issue-addressed Workflow: The Azure SDK team believes it to be addressed and ready to close. labels Oct 1, 2024
@graingert
Copy link
Contributor

I think it would be better to allow users to pass in a configured SSLContext then they can choose to build it in a thread if required

@kashifkhan
Copy link
Member

@sveinse this change was inspired from sslproto in asyncio https://github.com/python/cpython/blob/7e7223e18f58ec48fb36a68fb75b5c5b7a45042a/Lib/asyncio/sslproto.py#L295.

Wouldn't that cause the same warning to bubble up as well?

@kashifkhan
Copy link
Member

@graingert that particular feature would be part of the python amqp library and not the servicebus client.

@sveinse
Copy link
Author

sveinse commented Oct 1, 2024
edited
Loading

@kashifkhan I agree with @graingert, it would be better if the user may provide a SSLContext themselves.

@sveinse this change was inspired from sslproto in asyncio https://github.com/python/cpython/blob/7e7223e18f58ec48fb36a68fb75b5c5b7a45042a/Lib/asyncio/sslproto.py#L295.

Wouldn't that cause the same warning to bubble up as well?

It would, but this code allows for supplying a user-provided SSLContext. By having that capability, the user may setup a SSLContext with ThreadPoolExcutor themselves. This is not supported in the eventhub implementation, unfortunately. If that were the case, the use can opt-out of the blocking IO.

@sveinse
Copy link
Author

sveinse commented Oct 20, 2024

Any updates on this issue?

@kashifkhan
Copy link
Member

kashifkhan commented Oct 22, 2024
edited
Loading

@sveinse we will allow folks to pass in their own ssl context so things will look similar to how asyncio handles it.

@sveinse
Copy link
Author

sveinse commented Oct 28, 2024

@kashifkhan thank you. Is there a planned schedule for the fix? E.g. any estimate on when azure-servicebus will be released containing this fix? I'm trying to coordinate the release for other packages that depend on it. Thanks.

@swathipil
Copy link
Member

swathipil commented Nov 4, 2024
edited
Loading

Hi @sveinse - We've merged the fix to main and it will be going out in our upcoming release. We'll update this thread once it's released. Thanks!

@graingert
Copy link
Contributor

The code was merged here 839584c

@sveinse
Copy link
Author

sveinse commented Nov 4, 2024

..which is a part of PR #37702 . Thanks @swathipil, looking forward to the release (which allows a release in our end as well).

@swathipil
Copy link
Member

Hi @sveinse - The fix has been released in azure-servicebus 7.13.0. Thanks.

@swathipil swathipil added the issue-addressed Workflow: The Azure SDK team believes it to be addressed and ready to close. label Nov 12, 2024
@github-actions GitHub Actions
Copy link

Hi @sveinse. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.

@github-actions github-actions bot removed the needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team label Nov 12, 2024
@sveinse
Copy link
Author

sveinse commented Nov 24, 2024

I confirm that the the fix for this issue resolves the issue when providing a custom ssl_context. Thank you very much.

@graingert
Copy link
Contributor

Nice, you could also experiment with https://truststore.readthedocs.io/en/latest/ instead of certifi

I confirm that the the fix for this issue resolves the issue when providing a custom ssl_context. Thank you very much.

@github-actions github-actions bot locked and limited conversation to collaborators Feb 22, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@kashifkhan kashifkhan

@swathipil swathipil

@l0lawrence l0lawrence

Labels
Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. issue-addressed Workflow: The Azure SDK team believes it to be addressed and ready to close. Messaging Messaging crew question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Service Bus
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[ServiceBus] make async ssl load_verify_locations non-blocking swathipil/azure-sdk-for-python
5 participants
@kashifkhan @graingert @sveinse @swathipil @l0lawrence