SSL for ExternalTaskWorker

edcapulong · May 18, 2022, 6:29am

Hi Team,

Good day, I would like to seek your help with regards to ExternalTaskWorkers not being able to access Camunda Service Task topics when SSL is enabled for Camunda.

I developed my ExternalTaskWorker using Python3 ExternalTask client, followed the instruction code below:

My ExternalTaskWorkers are working when SSL is disabled but not when SSL is enabled.

Maybe I’m missing some lines of configuration in my Python ExternalTask client?

Currently I’m using:

Distro - Platform Run 7.16

Thank you so much!

davidgs · May 19, 2022, 8:57pm

Hello!

Maybe you could post the relevant parts of the code you’re trying? Connecting over TLS will require using a proper TLS client, and often having a proper client cert available in order to verify the TLS connection.

I haven’t done this in Python, but I’ve done it in Golang and NodeJS so I know that it is possible to do, but it does require modifying the connection protocol.

Best Regards,
dg

edcapulong · May 20, 2022, 1:14am

Hi @davidgs !

Thank you so much for replying, sure…let me give you more information about the code.

About the python client I’m using, here is the github link to it:

However, I think the code lacks the part where we configure the connection protocol or the part where we place our input on the certificates that we are currently using. Here’s my code for the worker:

import logging
import os

from camunda.external_task.external_task import ExternalTask, TaskResult
from camunda.external_task.external_task_worker import ExternalTaskWorker

from sqlalchemy.orm import sessionmaker
from sqlalchemy import create_engine
from urllib.parse import quote, unquote_plus

from utilities.helpers import create_logger
from config import *
from models import *

logger_name = “wk-taskList”
logger = logging.getLogger(logger_name)

def handle_task(task: ExternalTask) → TaskResult:
“”"
This task handler you need to implement with your business logic.
After completion of business logic call either
task.complete() or task.failure() or task.bpmn_error()
to report status of task to Camunda
“”"
logger.debug(task)
conn_str_aml = (
f"postgresql+psycopg2://{SQL[‘AML’][‘USER’]}:%s"
f"@{SQL[‘AML’][‘HOSTNAME’]}:{SQL[‘AML’][‘PORT’]}"
f"/{SQL[‘AML’][‘DBNAME’]}"
)

conn_str_cmd = (
    f"postgresql+psycopg2://{SQL['CMD']['USER']}:%s"
    f"@{SQL['CMD']['HOSTNAME']}:{SQL['CMD']['PORT']}"
    f"/{SQL['CMD']['DBNAME']}"
)

try:
    engine_cmd = create_engine(conn_str_cmd % quote(SQL["CMD"]["PASS"]), echo=True)
    connection_cmd = engine_cmd.connect()
    Session_cmd = sessionmaker(engine_cmd)
    session_cmd = Session_cmd()

    // logic here

    session_cmd.close()
    connection_cmd.close()

    engine_aml = create_engine(conn_str_aml % quote(SQL["AML"]["PASS"]), echo=True)
    connection_aml = engine_aml.connect()
    Session_aml = sessionmaker(engine_aml)
    session_aml = Session_aml()

    // logic here

session_aml.close()
connection_aml.close()
return task.complete({"status": "success"})

if name == “main”:
create_logger(logger_name, “wk-taskList”)
logger.info(f"Camunda Worker with ID: {WORKER_ID} started")
ExternalTaskWorker(worker_id=WORKER_ID, base_url=ENGINE_LOCAL_BASE_URL, config=WORKER_CONFIG).subscribe(
WORKER_TOPIC, handle_task
)

on the last portion, I did call the class ExternalTaskWorker and placed the params for the constructor.

ExternalTaskWorker(worker_id=WORKER_ID, base_url=ENGINE_LOCAL_BASE_URL, config=WORKER_CONFIG).subscribe(
WORKER_TOPIC, handle_task
)

I tried changing the value of the ENGINE_LOCAL_BASE_URL variable as well to reflect my camunda https URL but it did not work, so that clarifies that changing the URL will not solve the problem but rather there needs to be more that I’m not familiar with, as you mentioned maybe specifying the protocol or there needs to be an area where we define the certs.

Thank you so much for responding and in advance for the help!

davidgs · May 20, 2022, 3:41pm

Ahh, I see the problem here (sorry I missed it the first time). You are attempting to use the Camunda Platform 7 python library to connect to Camunda Platform 8, which is never going to work.

I think if you read this documentation you will have a much better time!

Again, my apologies for not noticing sooner, but the Python ZeeBe client will be able to connect to your cloud instance.

Best Regards,
dg

edcapulong · May 22, 2022, 11:55pm

Hi @davidgs !

Thank you for your response, but in my case I’m trying to connect to a service task topic running on Camunda Platform Run 7.16

May I please know you’re assessment why it seems like I was connecting to Platform 8? Maybe we can find something there.

Thank you so much again!

yahia_k · July 12, 2023, 9:48am

Hi @edcapulong,
Thank you for raising the issue. I’m trying to do the same thing. Did you find a way to resolve the issue ?

Thank you

system · January 31, 2024, 10:16am