From 5a6806d0cca7c9504bfb021f8f891f6484f91210 Mon Sep 17 00:00:00 2001 From: Andreas Motl Date: Sun, 16 Feb 2025 20:39:11 +0100 Subject: [PATCH 1/4] Use versioningit's git-archive method, to support zip archive installs https://versioningit.readthedocs.io/en/stable/configuration.html#git-archive --- .gitattributes | 1 + pyproject.toml | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000..6df9afa6 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +pyproject.toml export-subst diff --git a/pyproject.toml b/pyproject.toml index 4625cf19..d85dcf6f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -252,8 +252,9 @@ non_interactive = true # enable_recursive_aliases = true [tool.versioningit.vcs] -method = "git" +method = "git-archive" default-tag = "0.0.0" +describe-subst = "$Format:%(describe:tags)$" # =================== # Tasks configuration From b3cb7076c2335a9b47b67a9f7498739b1ef5c3b9 Mon Sep 17 00:00:00 2001 From: Andreas Motl Date: Sun, 16 Feb 2025 20:47:01 +0100 Subject: [PATCH 2/4] Add `sqlalchemy.__version__` attribute --- pyproject.toml | 1 + src/sqlalchemy_cratedb/__init__.py | 15 +++++++++++++++ 2 files changed, 16 insertions(+) diff --git a/pyproject.toml b/pyproject.toml index d85dcf6f..3f6dc4d7 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -84,6 +84,7 @@ dependencies = [ "backports.zoneinfo<1; python_version<'3.9'", "crate>=2,<3", "geojson<4,>=2.5", + "importlib-metadata; python_version<'3.8'", "importlib-resources; python_version<'3.9'", "sqlalchemy<2.1,>=1", "verlib2<0.3", diff --git a/src/sqlalchemy_cratedb/__init__.py b/src/sqlalchemy_cratedb/__init__.py index 41cbf381..502816be 100644 --- a/src/sqlalchemy_cratedb/__init__.py +++ b/src/sqlalchemy_cratedb/__init__.py @@ -52,7 +52,22 @@ monkeypatch_add_exec_driver_sql() +try: + from importlib.metadata import PackageNotFoundError, version +except (ImportError, ModuleNotFoundError): # pragma:nocover + from importlib_metadata import ( # type: ignore[assignment,no-redef,unused-ignore] + PackageNotFoundError, + version, + ) + +try: + __version__ = version("sqlalchemy-cratedb") +except PackageNotFoundError: # pragma: no cover + __version__ = "unknown" + + __all__ = [ + __version__, dialect, FloatVector, Geopoint, From 9726b1185119975e12a52ed6b515a0fe8ad76cb2 Mon Sep 17 00:00:00 2001 From: Andreas Motl Date: Sun, 16 Feb 2025 12:38:11 +0100 Subject: [PATCH 3/4] Add canonical PostgreSQL client parameter `sslmode` This implements `sslmode=prefer` to connect to SSL-enabled CrateDB instances without verifying the host name. --- CHANGES.md | 5 +++++ src/sqlalchemy_cratedb/dialect.py | 6 +++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index 2fba45ed..ca5ee5b9 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,6 +1,11 @@ # Changelog ## Unreleased +- Added canonical [PostgreSQL client parameter `sslmode`], implementing + `sslmode=prefer` to connect to SSL-enabled CrateDB instances without + verifying the host name. + +[PostgreSQL client parameter `sslmode`]: https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-PROTECTION ## 2025/01/30 0.41.0 - Dependencies: Updated to `crate-2.0.0`, which uses `orjson` for JSON marshalling diff --git a/src/sqlalchemy_cratedb/dialect.py b/src/sqlalchemy_cratedb/dialect.py index 90102a78..dec68852 100644 --- a/src/sqlalchemy_cratedb/dialect.py +++ b/src/sqlalchemy_cratedb/dialect.py @@ -228,8 +228,12 @@ def connect(self, host=None, port=None, *args, **kwargs): servers = to_list(server) if servers: use_ssl = asbool(kwargs.pop("ssl", False)) - if use_ssl: + # TODO: Switch to the canonical default `sslmode=prefer` later. + sslmode = kwargs.pop("sslmode", "disable") + if use_ssl or sslmode in ["allow", "prefer", "require", "verify-ca", "verify-full"]: servers = ["https://" + server for server in servers] + if sslmode == "require": + kwargs["verify_ssl_cert"] = False return self.dbapi.connect(servers=servers, **kwargs) return self.dbapi.connect(**kwargs) From 20623afe68fa11ac3715e68403d95bf03c4143d8 Mon Sep 17 00:00:00 2001 From: Andreas Motl Date: Sun, 16 Feb 2025 21:19:10 +0100 Subject: [PATCH 4/4] Connectivity: Connect using SSL by default --- CHANGES.md | 3 ++- src/sqlalchemy_cratedb/dialect.py | 5 ++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index ca5ee5b9..4d7eb7fa 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,9 +1,10 @@ # Changelog ## Unreleased -- Added canonical [PostgreSQL client parameter `sslmode`], implementing +- SSL: Added canonical [PostgreSQL client parameter `sslmode`], implementing `sslmode=prefer` to connect to SSL-enabled CrateDB instances without verifying the host name. +- SSL: Connect using SSL by default [PostgreSQL client parameter `sslmode`]: https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-PROTECTION diff --git a/src/sqlalchemy_cratedb/dialect.py b/src/sqlalchemy_cratedb/dialect.py index dec68852..bfc77a57 100644 --- a/src/sqlalchemy_cratedb/dialect.py +++ b/src/sqlalchemy_cratedb/dialect.py @@ -227,9 +227,8 @@ def connect(self, host=None, port=None, *args, **kwargs): server = kwargs.pop("servers") servers = to_list(server) if servers: - use_ssl = asbool(kwargs.pop("ssl", False)) - # TODO: Switch to the canonical default `sslmode=prefer` later. - sslmode = kwargs.pop("sslmode", "disable") + use_ssl = asbool(kwargs.pop("ssl", True)) + sslmode = kwargs.pop("sslmode", "prefer") if use_ssl or sslmode in ["allow", "prefer", "require", "verify-ca", "verify-full"]: servers = ["https://" + server for server in servers] if sslmode == "require":