Unable to access Delta Sharing tables with a Python client

You must ensure that your client IP is whitelisted in the Azure firewall.

Written by John.Lourdu

Last published at: February 24th, 2023

Problem

Delta Sharing is a platform independent open protocol that is used to securely share data with other organizations.

When using an open sharing model, recipients can access shared data in a read-only format using the delta-sharing Python library.

When trying to access a shared table using any Python client, you get an SSLCertVerificationError.

SSLCertVerificationError                  Traceback (most recent call last)
C:\ProgramData\Anaconda3\lib\site-packages\urllib3\connectionpool.py in urlopen(self, method, url, body, headers, retries, redirect, assert_same_host, timeout, pool_timeout, release_conn, chunked, body_pos, **response_kw)
    669             # Make the request on the httplib connection object.
--> 670             httplib_response = self._make_request(
    671                 conn,
C:\ProgramData\Anaconda3\lib\site-packages\urllib3\connectionpool.py in _make_request(self, conn, method, url, timeout, chunked, **httplib_request_kw)
    380         try:
--> 381             self._validate_conn(conn)
    382         except (SocketTimeout, BaseSSLError) as e:
C:\ProgramData\Anaconda3\lib\site-packages\urllib3\connectionpool.py in _validate_conn(self, conn)
    975         if not getattr(conn, "sock", None):  # AppEngine might not have  `.sock`
--> 976             conn.connect()
C:\ProgramData\Anaconda3\lib\site-packages\urllib3\connection.py in connect(self)
    360
--> 361         self.sock = ssl_wrap_socket(
    362             sock=conn,
C:\ProgramData\Anaconda3\lib\site-packages\urllib3\util\ssl_.py in ssl_wrap_socket(sock, keyfile, certfile, cert_reqs, ca_certs, server_hostname, ssl_version, ciphers, ssl_context, ca_cert_dir, key_password, ca_cert_data)
    376         if HAS_SNI and server_hostname is not None:
--> 377             return context.wrap_socket(sock, server_hostname=server_hostname)
C:\ProgramData\Anaconda3\lib\ssl.py in wrap_socket(self, sock, server_side, do_handshake_on_connect, suppress_ragged_eofs, server_hostname, session)
    499         # ctx._wrap_socket()
--> 500         return self.sslsocket_class._create(
    501             sock=sock,
C:\ProgramData\Anaconda3\lib\ssl.py in _create(cls, sock, server_side, do_handshake_on_connect, suppress_ragged_eofs, server_hostname, context, session)
   1039                         raise ValueError("do_handshake_on_connect should not be specified for non-blocking sockets")
-> 1040                     self.do_handshake()
   1041             except (OSError, ValueError):

Cause

The client IP address is not whitelisted in the storage account firewall.

Solution

If firewall is enabled on the storage account, ensure that client IP address is whitelisted in the firewall.

  1. Sign in to the Azure Portal.

  2. Expand the left sidebar menu and click Storage accounts. to display a list of your storage accounts. If the portal menu isn't visible, click the menu button to toggle it on.

  3. Click the name of the storage account you want to edit.

  4. Click Networking under the Security + networking header.

  5. Make sure Firewalls and virtual networks is selected.

  6. Select Enabled from selected virtual networks and IP addresses.
    Azure Firewalls and virtual networks configuration panel.

  7. Under Firewall ensure that a check mark appears next to Add your client IP address.
    Enter client IP address to whitelist in the firewall.

  8. Enter your client IP address in the Address range field.

  9. Select Save to apply your changes.

  10. Wait two minutes to ensure the changes have propagated.

You should now be able to access the Delta Sharing tables with your local Python client.