asyncpg does not work with "sslmode" query param when called from SQLAlchemy

asyncpg version: 0.22
PostgreSQL version: 12.3
Do you use a PostgreSQL SaaS? If so, which? Can you reproduce the issue with a local PostgreSQL install?: I use DigitalOcean and was able to also reproduce it locally
Python version: 3.8.9
Platform: Linux
Do you use pgbouncer?: No
Did you install asyncpg with pip?: Yes
If you built asyncpg locally, which version of Cython did you use?: -
Can the issue be reproduced under both asyncio and uvloop?: N/D

First, congratulation to the people of MagicStack for this great library.

When using DigitalOcean default environment DATABASE URL to set the database string on my app I got the following error:

  File "/usr/local/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 599, in __connect
    connection = pool._invoke_creator(self)
  File "/usr/local/lib/python3.8/site-packages/sqlalchemy/engine/create.py", line 578, in connect
    return dialect.connect(*cargs, **cparams)
  File "/usr/local/lib/python3.8/site-packages/sqlalchemy/engine/default.py", line 558, in connect
    return self.dbapi.connect(*cargs, **cparams)
  File "/usr/local/lib/python3.8/site-packages/sqlalchemy/dialects/postgresql/asyncpg.py", line 747, in connect
    await_only(self.asyncpg.connect(*arg, **kw)),
TypeError: connect() got an unexpected keyword argument 'sslmode'

In my app, since I use psycopg2 to do some “management tasks”, I also need to do something like that:

if ssl_enabled and driver == "asyncpg":
    base_url += "?ssl=require"
elif ssl_enabled and driver == "psycopg2":
    base_url += "?sslmode=require"

Shouldn’t asyncpg use the more standard sslmode= query param instead of the ssl=?

Issue Analytics

State:
Created 2 years ago
Reactions:2
Comments:14 (3 by maintainers)

Top GitHub Comments

1reaction

evindunncommented, Feb 26, 2022

Here’s how I finally got it to work (https://github.com/sqlalchemy/sqlalchemy/discussions/5975):

from ssl import create_default_context, Purpose as SSLPurpose

ssl_context = create_default_context(
    SSLPurpose.CLIENT_AUTH,
    cafile="docker-compose.d/cockroach-certs/ca.crt"
)
ssl_context.load_cert_chain(
    "docker-compose.d/cockroach-certs/client.root.crt",
    keyfile="docker-compose.d/cockroach-certs/client.root.key"
)
ssl_context.check_hostname = True

_engine = create_async_engine(
    "cockroachdb+asyncpg://root@localhost:26257/mydb",
    echo=True,
    connect_args={"ssl": ssl_context}
)

Equivalent to sslmode=verify-full&sslcert=..&sslkey=..&sslrootcert=.. per https://magicstack.github.io/asyncpg/current/api/index.html

0reactions

karolzlotcommented, Feb 27, 2022

Another solution is here: https://github.com/cossacklabs/acra/blob/e8ca8203dfe92566762cb1638667a62c204e4263/tests/test.py#L228

Top Results From Across the Web

API Reference — asyncpg Documentation

The name of the database to connect to. If not specified, the value parsed from the dsn argument is used, or the value...

SQLAlchemy verify SSL connection - python - Stack Overflow

Calling engine.connect() returns a sqlalchemy.engine.base.Connection instance that has a connection property for which the docstring says:.

PostgreSQL - SQLAlchemy 1.4 Documentation

When SQLAlchemy issues a single INSERT statement, to fulfill the contract of having ... Server-side cursor support is available for the psycopg2, asyncpg...

Build a Simple CRUD Python App with CockroachDB and ...

Build a Simple CRUD Python App with CockroachDB and SQLAlchemy ... The connection string is pre-populated with your username, password, cluster name, ...

Engine and Connection - GINO 1.1.0b2 documentation

On the outer side, SQLAlchemy queries can be executed directly on the engine or ... which only sets the default strategy to gino...