github actions 中 azure cosmos db 模拟器的 Python ssl 问题

问题描述 投票:0回答:1

我正在尝试对用 Python 编写的 azure 函数进行单元测试。 我有一个进行一些设置的 python 文件(制作 cosmos db 数据库和容器),并且我有一个 github actions yaml 文件来拉取 docker 容器,然后运行脚本。

错误: 由于某种原因,我在运行 Python 脚本时遇到错误: azure.core.exceptions.ServiceRequestError:[SSL:CERTIFICATE_VERIFY_FAILED]证书验证失败:自签名证书(_ssl.c:1006)

我已经尝试安装由 docker 容器提供的 CA 证书。我认为这工作正常,但错误仍然存在。

yaml 文件:

jobs:
  test:
    runs-on: ubuntu-latest

    steps:  
    - name: Checkout repository
      uses: actions/checkout@v3

    - name: Start Cosmos DB Emulator
      run: docker run --detach --publish 8081:8081 --publish 1234:1234 mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator:latest
    
    - name: pause
      run : sleep 120
    
    - name : emulator certificate
      run : |
        retry_count=0
        max_retry_count=10
        until sudo curl --insecure --silent --fail --show-error "https://localhost:8081/_explorer/emulator.pem" --output "/usr/local/share/ca-certificates/cosmos-db-emulator.crt"; do
          if [ $retry_count -eq $max_retry_count ]; then
            echo "Failed to download certificate after $retry_count attempts."
            exit 1
          fi
          echo "Failed to download certificate. Retrying in 5 seconds..."
          sleep 5
          retry_count=$((retry_count+1))
        done
        sudo update-ca-certificates
        sudo ls /etc/ssl/certs | grep emulator

    - name: Set up Python
      uses: actions/setup-python@v4
      with:
        python-version: '3.11'

    - name: Cache dependencies
      uses: actions/cache@v3
      with:
        path: ~/.cache/pip
        key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
        restore-keys: |
          ${{ runner.os }}-pip-

    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -r requirements.txt

    - name: Set up Azure Functions Core Tools
      run: |
        wget -q https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb
        sudo dpkg -i packages-microsoft-prod.deb
        sudo apt-get update
        sudo apt-get install azure-functions-core-tools-4

    - name: Log in with Azure
      uses: azure/login@v1
      with:
          creds: '${{ secrets.AZURE_CREDENTIALS }}'

    - name: Start Azurite
      run: |
        docker run -d -p 10000:10000 -p 10001:10001 -p 10002:10002 mcr.microsoft.com/azure-storage/azurite

    - name: Wait for Azurite to start
      run: sleep 5

    - name: Get Emulator Connection String
      id: get-connection-string
      run: |
        AZURE_STORAGE_CONNECTION_STRING="AccountEndpoint=https://localhost:8081/;AccountKey=C2y6yDjf5/R+ob0N8A7Cgv30VR2Vo3Fl+QUFOzQYzRPgAzF1jAd+pQ==;"
        echo "AZURE_STORAGE_CONNECTION_STRING=${AZURE_STORAGE_CONNECTION_STRING}" >> $GITHUB_ENV
  
    - name: Setup test environment in Python
      run : python Tests/setup.py

    - name: Run tests
      run: |
        python -m unittest discover Tests

Python 脚本

urllib3.disable_warnings()
        print(DEFAULT_CA_BUNDLE_PATH)
        connection_string : str = os.getenv("COSMOS_DB_CONNECTION_STRING")
        database_client_string : str = os.getenv("COSMOS_DB_CLIENT")
        container_client_string : str = os.getenv("COSMOS_DB_CONTAINER_MEASUREMENTS")

        cosmos_client : CosmosClient = CosmosClient.from_connection_string(
            conn_str=connection_string
        )
        cosmos_client.create_database(
            id=database_client_string,
            offer_throughput=400
        )
        database_client : DatabaseProxy = cosmos_client.get_database_client(database_client_string)

        database_client.create_container(
            id=container_client_string,
            partition_key=PartitionKey(path="/path")
        )

证书安装步骤的输出

Updating certificates in /etc/ssl/certs...
rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
/etc/ssl/certs/adoptium/cacerts successfully populated.
Updating Mono key store
Mono Certificate Store Sync - version 6.12.0.200
Populate Mono certificate store from a concatenated list of certificates.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.

Importing into legacy system store:
I already trust 146, your new list has 147
Certificate added: CN=localhost
1 new root certificates were added to your trust store.
Import process completed.

Importing into BTLS system store:
I already trust 146, your new list has 147
Certificate added: CN=localhost
1 new root certificates were added to your trust store.
Import process completed.
Done
done.
cosmos-db-emulator.pem

我的想法 我认为问题出现在我用 Python 脚本创建数据库的部分。一旦我评论这些行,错误就不会显示。但我确实需要它:)

问题 为什么我的解决方案不起作用?我可以采取什么措施来解决该问题?

python azure-functions github-actions azure-cosmosdb
1个回答
0
投票

经过几天的困惑,我终于成功了:

jobs:
  test:
    runs-on: ubuntu-latest

    steps:  
    - name: Checkout repository
      uses: actions/checkout@v3

    - name: Start Cosmos DB Emulator
      run: docker run --detach --publish 8081:8081 --publish 1234:1234 mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator:vnext-preview --protocol https
    
    - name: pause
      run : sleep 120

    - name: Set environment variables
      run: |
        echo "EMULATOR_HOST=localhost" >> $GITHUB_ENV
        echo "EMULATOR_PORT=8081" >> $GITHUB_ENV
        echo "EMULATOR_CERT_PATH=/tmp/cosmos_emulator.cert" >> $GITHUB_ENV

    - name: Fetch Emulator Certificate
      run: |
        openssl s_client -connect ${EMULATOR_HOST}:${EMULATOR_PORT} </dev/null | \
        sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $EMULATOR_CERT_PATH

    - name: Install Certificate as a Trusted CA
      run: |
        sudo cp $EMULATOR_CERT_PATH /usr/local/share/ca-certificates/emulator_cert.crt
        sudo update-ca-certificates
  
    - name: Verify CA Installation
      run: |
        openssl s_client -connect ${EMULATOR_HOST}:${EMULATOR_PORT} -CAfile /etc/ssl/certs/ca-certificates.crt

    - name: Set up Python
      uses: actions/setup-python@v4
      with:
        python-version: '3.11'  # Adjust to your required Python version

    - name: Cache dependencies
      uses: actions/cache@v3
      with:
        path: ~/.cache/pip
        key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
        restore-keys: |
          ${{ runner.os }}-pip-

    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -r requirements.txt

    - name: Set up Azure Functions Core Tools
      run: |
        wget -q https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb
        sudo dpkg -i packages-microsoft-prod.deb
        sudo apt-get update
        sudo apt-get install azure-functions-core-tools-4

    - name: Log in with Azure
      uses: azure/login@v1
      with:
          creds: '${{ secrets.AZURE_CREDENTIALS }}'

    - name: Start Azurite
      run: |
        docker run -d -p 10000:10000 -p 10001:10001 -p 10002:10002 mcr.microsoft.com/azure-storage/azurite

    - name: Wait for Azurite to start
      run: sleep 5
  
    - name: Setup test environment in Python
      run : python Tests/setup.py

    - name: Run tests
      run: |
        python -m unittest discover Tests
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.