search

Azure / azure-sdk-for-python

This repository is for active development of the Azure SDK for Python. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/python/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-python.
MIT License
4.44k stars 2.75k forks source link

CosmosDB proxy seems not working #34079

Open brunman-mikhail opened 7 months ago

brunman-mikhail commented 7 months ago

Describe the bug The CosmosDB client class provided with the proxy argument seems to ignore it while trying to connect to the CosmosDB resource and uses internet and public IP.

To Reproduce Steps to reproduce the behavior:

  1. I have a CosmosDB resource deployed in Azure. Also there is an AKS cluster deployed. The CosmosDB Networking configuration has the Service Endpoint enabled and the AKS Subnet added to the allowed: image
  2. I can list of the DBs of the CosmosDB resource with a query from a container in AKS using SDK : image List acquired, pod has internal IP from the allowed Subnet CIDR.
  3. I have a Point-to-Site VPN enabled to the Virtual Network where the AKS Subnet exists. There is a proxy pod (with image scbunn/squid:latest) deployed in AKS listening for port 3128 that I can connect through the VPN from my local host: image
  4. I created a python venv on my local host, installed the SDK packages for CosmosDB: image
  5. I tried to connect to the CosmosDB resource via the proxy but I got an error that my local host public IP was not authorized to access the resource: image

Code used:

from azure.cosmos import exceptions, CosmosClient, PartitionKey, documents, ProxyConfiguration
import os
URL = 'https://***.documents.azure.com:443'
KEY = '***'
proxy=ProxyConfiguration()
proxy.Host='10.1.0.29'
proxy.Port=3128
client = CosmosClient(URL, credential=KEY, proxy_config=proxy, connection_timeout=5)

Expected behavior The request should be successful or a proxy-related error can happen but not an error related to using my public IP for accessing the resource while proxy is specified.

Screenshots See above

Additional context I tried using the documents.ConnectionPolicy() as proposed here:

connection_policy = documents.ConnectionPolicy()
connection_policy.ProxyConfiguration = documents.ProxyConfiguration()
connection_policy.ProxyConfiguration.Host = 'http://10.1.0.29'
connection_policy.ProxyConfiguration.Port = 3128
client = CosmosClient(URL, credential=KEY, connection_timeout=5, connection_policy=connection_policy)

but result was the same.

I also tried increasing the verbosity by running the code

import logging
logger = logging.getLogger('azure.cosmos')
logger.setLevel(logging.INFO)
logging.basicConfig()

but that didn't provide any additional insight why proxy is not used.

github-actions[bot] commented 7 months ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AbhinavTrips @bambriz @pjohari-ms @simorenoh.

l0lawrence commented 7 months ago

Hi @brunman-mikhail thanks for the feedback, we will investigate and get back to you asap.

brunman-mikhail commented 6 months ago

Hello @l0lawrence , thank you for taking this one. FYI, a colleague of mine managed to use the proxy to connect to the CosmosDB resource through the VPN using the Java SDK. So I'd say that most probably the proxy works more-or-less fine and our problem is in the Python SDK indeed.