Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Deprecate Usage of `sslComonName` in Endpoint Creation
See original GitHub issueThe Problem
Currently when creating a service client, an sslCommonName attribute may be used for endpoint construction in unique cases. The format of sslCommonName is typically {region}.{service}.{dnsSuffix}, as opposed to the more common {service}.{region}.{dnsSuffix}. This usage originated from a time where Python versions (<2.7) didn’t supply an SSL module, requiring specific certificate formats.
Now that the library only support Python 3.7+, we’ll be deprecating the usage of sslCommonName to standardize Boto3 with all other AWS SDKs. This will also resolve long running issues of services such as SQS and GuardDuty being incompatible with certain VPC endpoint configurations.
Required Actions
In the immediate term, we will start raising a deprecation warning when sslCommonName is used. This is to alert customers of the upcoming change and provide time to make any required changes.
For most users, this will not require any changes. The URL will automatically update when the next minor version (1.29.0) is released, and clients will continue to operate the same. For any users with strict network rules, explicitly allow listing domains, you will need to add support for {service}.{region}.{dnsSuffix} as demonstrated below:
Old Format: https://us-west-2.sqs.amazonaws.com New Format: https://sqs.us-west-2.amazonaws.com
Warning Mitigation Strategy
- If you wish to ensure that your application does not use
sslCommonNamenow or test the impending deprecation, we have created a new environment variableBOTO_DISABLE_COMMONNAME. Setting this totruewill suppress the warning and convert to the newhostnameformat. - If you are concerned about this change causing disruptions, you can pin your version of
botocoreto<1.29.0until you are ready to migrate. - If you are only concerned about silencing the warning in your logs, use
warnings.filterwarningswhen instantiating a new service client.
import warnings
warnings.filterwarnings('ignore', category=FutureWarning, module='botocore.client')
Other Information
Endpoint Docs: https://docs.aws.amazon.com/general/latest/gr/rande.html Related Issues: https://github.com/boto/botocore/issues/2376, https://github.com/boto/boto3/issues/1900, https://github.com/boto/boto3/issues/3311, https://github.com/boto/botocore/issues/2683
Issue Analytics
- State:
- Created a year ago
- Reactions:9
- Comments:26 (12 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
After conferring with the team,
BOTO_DISABLE_COMMNAMEwill no longer be needed to suppress the deprecation warning for the NEXT minor version1.29.0. That will be released in the near future. I’ve updated the issue accordingly.Resolving now that we’ve had botocore 1.29.x out for a couple weeks. Please feel free to let us know if you encounter any issues but the migration should be complete at this point.