Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Profiling Job failing with error: ImportError: urllib3 v2.0 only supports OpenSSL 1.1.1+, currently the 'ssl' module is compiled with OpenSSL 1.0.2k-fips 26 Jan 2017. See: https://github.com/urllib3/urllib3/issues/2168 #506

Closed
dlpzx opened this issue Jun 7, 2023 · 1 comment · Fixed by #513
Closed

Profiling Job failing with error: ImportError: urllib3 v2.0 only supports OpenSSL 1.1.1+, currently the 'ssl' module is compiled with OpenSSL 1.0.2k-fips 26 Jan 2017. See: https://github.com/urllib3/urllib3/issues/2168 #506

dlpzx opened this issue Jun 7, 2023 · 1 comment · Fixed by #513
Assignees
@noah-paige
Labels
priority: high type: bug Something isn't working

Comments

@dlpzx
Copy link
Contributor

dlpzx commented Jun 7, 2023

Describe the bug

When running a profiling job in a table, we get the following error:
ImportError: urllib3 v2.0 only supports OpenSSL 1.1.1+, currently the 'ssl' module is compiled with OpenSSL 1.0.2k-fips 26 Jan 2017. See: urllib3/urllib3#2168

How to Reproduce

*P.S. Please do not attach files as it's considered a security risk. Add code snippets directly in the message body as much as possible.*

Expected behavior

No response

Your project

No response

Screenshots

No response

OS

n/a

Python version

3.8

AWS data.all version

1.5.4

Additional context

No response
@dlpzx dlpzx mentioned this issue Jun 7, 2023
Merged
@dlpzx dlpzx added type: bug Something isn't working priority: medium status: not-picked-yet At the moment we have not picked this item. Anyone can pick it up labels Jun 7, 2023
dlpzx added a commit that referenced this issue Jun 9, 2023
@dlpzx @gmuslia
feat: limit dataset role permissions (#497)
ddc4360 
### Feature or Bugfix
- Refactoring

### Detail
The resulting IAM policy can:
- list all buckets
- read and write objects to the dataset Bucket which is encrypted
- read S3 access points in the dataset Bucket
- putLogs in dataset Glue crawler log group
- read dataset Glue database, read and write tables in the dataset Glue
database. This is not strictly necessary as in data.all permission to
data is handled using Lake Formation. But restricting the IAM-based data
permissions we ensure that any Glue resource that is not protected using
Lake Formation is not accessible by this role
- WIP - read objects to the `/profiling/code` prefix in the environment
bucket
- WIP - read and write objects to the
`/profiling/code/results/datasetUri/` prefix in the environment bucket

IMPORTANT: I found a bug related to profiling jobs that prevented me to
test the profiling jobs. A separate
[issue](#506) has been
opened for it. For this reason the profiling permissions are a work in
progress and might require changes. e.g. additional KMS permissions.

It cannot:
- read or write to any other S3 Bucket
- use any KMS key different from the dataset KMS key
- read or write any other Glue database/tables

In addition, the Glue crawler and the profiling Job of the dataset have
been modified to always use the dataset role and not the PivotRole to
break down the "super permissions" of the pivot role and distribute
responsibilities. As a result, the dataset role can be assumed:
- by the pivotRole -> used whenever users are assuming the role from
data.all UI
- by Glue -> to run Glue profiling jobs and Glue crawler

### Relates
- #461 

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Co-authored-by: Gezim Musliaj <102723839+gmuslia@users.noreply.github.com>
@noah-paige noah-paige self-assigned this Jun 12, 2023
@noah-paige noah-paige mentioned this issue Jun 12, 2023
Merged
@noah-paige noah-paige linked a pull request Jun 12, 2023 that will close this issue
fix: urllib3 dependencies for glue profiling job #513
Merged
noah-paige added a commit that referenced this issue Jun 13, 2023
@noah-paige
fix: urllib3 dependencies for glue profiling job (#513)
7bf56b9 
### Feature or Bugfix
- Bugfix

### Detail
- Add urllib3 supported version for Glue Profiling Job

### Relates
- [#506 ]

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
@dlpzx dlpzx mentioned this issue Jul 3, 2023
Closed
@noah-paige noah-paige added status: in-review This issue has been implemented and is currently in review and waiting for next release and removed status: not-picked-yet At the moment we have not picked this item. Anyone can pick it up labels Jul 7, 2023
@noah-paige
Copy link
Contributor

Closing this issue as above error fixed in v1.6 - to track additional bug fixes necessary in #533

@noah-paige noah-paige removed the status: in-review This issue has been implemented and is currently in review and waiting for next release label Jul 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@noah-paige noah-paige

Labels
priority: high type: bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: urllib3 dependencies for glue profiling job data-dot-all/dataall
2 participants
@noah-paige @dlpzx